none
Win7 + UAC: How to Gain Temporary Write Access to Files in "Program Files" RRS feed

  • Question

  • My application suite reads/writes files that live under "Program Files\myCompany."  These files are shared globally so that any user has read/execute access.  Of course this scheme works fine in XP but fails miserably in Vista/W7 with UAC enabled.  In order to minimize the amount of software churn and customer angst by redesigning my software to store shared files in another location, is there a way programmatically to temporarily disable the redirection of write requests to a protected directory and file?

    Thanks

    dmm

     

    Monday, April 19, 2010 2:12 PM

Answers

  • Hello,

    >Is there a way to do this and still have full RWE access to the files in "program files\myCompany" directory?

    We can change the permission of the folder to allow standard user to create and modify the file in that directory, however, we need administrator token to change the permission. One way to achieve this is when installing the application(usually installer will gain the admin token to create file in Program files folder), we set the permission of that folder to allow standard user write to that folder. It is not easy to do this. The simplest way to share files(settings) among different users is to save the file into ProgramData(C:\ProgramData) folder.

    Thanks,
    Rong-Chun Zhang


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    Welcome to the All-In-One Code Framework! If you have any feedback, please tell us.
    • Marked as answer by dmm3 Wednesday, April 21, 2010 1:15 PM
    • Unmarked as answer by dmm3 Wednesday, April 21, 2010 3:30 PM
    • Marked as answer by Rong-Chun Zhang Thursday, April 22, 2010 3:41 AM
    Wednesday, April 21, 2010 9:42 AM

All replies

  • Hello 

    >How to Gain Temporary Write Access to Files in "Program Files"

    We need the run the application under administrator token(Right click the executable and select Run as Administrator).

    >is there a way programmatically to temporarily disable the redirection of write requests to a protected directory and file?

    We need to add the new manifest for UAC(requestedExecutionLevel), if the manifest is specified in the application's manifest, the redirection for legacy application is disabled. In this case, we can set the requestedExecutionLevel to requireAdministrator to ask user to provide the administrator token for the application.

    More information
    http://msdn.microsoft.com/en-us/library/bb756929.aspx

    Thanks,
    Rong-Chun Zhang


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    Welcome to the All-In-One Code Framework! If you have any feedback, please tell us.
    Tuesday, April 20, 2010 11:48 AM
  • Hi Rong-Chun Zhang

    My application must run without the elevation prompt occurring.  Is there a way to do this and still have full RWE access to the files in "program files\myCompany" directory?

    Thanks

    dmm

     

     

    Tuesday, April 20, 2010 1:17 PM
  • Hello,

    >Is there a way to do this and still have full RWE access to the files in "program files\myCompany" directory?

    We can change the permission of the folder to allow standard user to create and modify the file in that directory, however, we need administrator token to change the permission. One way to achieve this is when installing the application(usually installer will gain the admin token to create file in Program files folder), we set the permission of that folder to allow standard user write to that folder. It is not easy to do this. The simplest way to share files(settings) among different users is to save the file into ProgramData(C:\ProgramData) folder.

    Thanks,
    Rong-Chun Zhang


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    Welcome to the All-In-One Code Framework! If you have any feedback, please tell us.
    • Marked as answer by dmm3 Wednesday, April 21, 2010 1:15 PM
    • Unmarked as answer by dmm3 Wednesday, April 21, 2010 3:30 PM
    • Marked as answer by Rong-Chun Zhang Thursday, April 22, 2010 3:41 AM
    Wednesday, April 21, 2010 9:42 AM
  • Hi Rong-Chun Zhang

    After some reflection and experimentation, the CommonAppDataFolder (e.g. C:\ProgramData) is not available for write access for a standard user without Administrator intervention (see Phil Wilson's thread at http://social.msdn.microsoft.com/forums/en-us/winformssetup/thread/260ddf0f-5502-4f41-a2bc-5c6247fbd1d2).

    So what's the point of favoring "C:\ProgramData\mycompany\dataFiles" over "C:\ProgramFiles\mycompany\dataFiles"?  Either way, an elevated prompt is required should a user app attempt to write to a data file.

    Is there any location in the file system that is accessible to all by default without explicitly changing permissions?

    Thanks

    dmm

     

     

    Wednesday, April 21, 2010 3:30 PM
  • Hi Rong-Chun Zhang

    After further experimentation on a clean Win7 box, it appears that your assertion is correct: "The simplest way to share files(settings) among different users is to save the file into ProgramData(C:\ProgramData) folder."  As a standard user, I was able to create directories and write to files in "C:\ProgramData\mycompany\dataFiles" without the adminstrator elevation requirement.  I think that the thread that is mentioned in my previous reply is fairly old, applies to vista and is no longer germane to our discussion.

    Thanks

    dmm

     

    • Marked as answer by dmm3 Wednesday, April 21, 2010 4:54 PM
    • Unmarked as answer by Rong-Chun Zhang Thursday, April 22, 2010 3:42 AM
    Wednesday, April 21, 2010 4:54 PM