0

When logged in as a user with administrative privileges, do apps automatically have the right to write to their own Program Files directory?

I'm persisting some data to the app directory and it's obviously not an issue in development because the app directory isn't under Program Files, but I just want to make sure I'm not going to run into any problems when I distribute the app. And the app will only be run by users with admin privileges.

BVernon
  • 3,205
  • 5
  • 28
  • 64

2 Answers2

2

Most anti-virus programs will throw a fit if they see any updates under the program files directory.

You'd be better off writing your data to a folder under the AppData folder

Brad Bruce
  • 7,638
  • 3
  • 39
  • 60
  • As I understand it that folder is user specific but this should be for all users. But what about the CommonApplicationData folder? Would that require them to "Run as Administrator"? – BVernon Jul 03 '13 at 00:28
  • In that case, it should go in a folder under ProgramData. – Brad Bruce Jul 03 '13 at 00:37
  • Right, CommonApplicationData is actually the enumeration that's used to return that folder. Are you aware if the app has to be Run as Administrator when writing to that folder though? – BVernon Jul 03 '13 at 00:42
  • Where the value points, depends on the OS you are using. By default, admin rights are required when updating (but not reading) files in this folder. You can grant additional permissions if necessary. If you are trying to get logo certified, this will be cause for failure. – Brad Bruce Jul 03 '13 at 00:52
  • Not trying to get certified, but if I were what would be the 'proper' way to store a data file such that it's application specific and can be written to by the application? Would I necessarily have to use Isolated Storage? – BVernon Jul 03 '13 at 01:05
  • Everything that I've read says that it would have to be stored in the user's data folder. If you aren't worried about certification, using the AppData folder and setting the permissions is what I've run across. – Brad Bruce Jul 03 '13 at 01:15
1

No. Even a user who has administrative permissions by default runs in an non-elevated context. The user explicitly has to elevate in order to get permissions to write to that location.

You probably don't want to force the user to elevate just to save some data on behalf of that user. You probably also don't want to allow other users on the same machine to modify that data globally, nor do you want to disclose that data to other users.

AppData is the right spot for this sort of thing and has been for more than 10 years.

Billy ONeal
  • 104,103
  • 58
  • 317
  • 552