4

I know that user accounts in Windows 7 are limited by default, so a program cannot just write anywhere on the system (as it was possible in Win XP).

But I thought that it would be possible that e.g. a c# app is allowed to write inside it's own exe-directory or it's subfolders at least (not everything is 'user settings' or should be written to "MyDocuments"...).

So currently my c# app throws an UnauthorizedAccessException when trying to write inside the exe dir.

Is there anything you can do in c# code to allow writing inside the exe dir?

Wim Coenen
  • 66,094
  • 13
  • 157
  • 251
fritz
  • 43
  • 1
  • 3
  • 1
    Is the executable in the program files directory? In Windows 7 you are not allowed to read/write to files under Program Files. – Rody Apr 11 '10 at 10:30
  • @Rody: Of course you are allowed to *read* files in `Program Files`... – Heinzi Apr 11 '10 at 10:36
  • 1
    Why do you need to do this? Users are denied access for good reason - and in most cases, what you're trying to accomplish is probably catered for by using a different storage location. What data are you storing/changing that you want to write to the program folder? – Dan Puzey Apr 11 '10 at 10:49
  • @Heinzi: You're right, I ment write only. Read access is ofcourse allowed even if running under a less privileged account. – Rody Apr 11 '10 at 10:59
  • You haven't been able to write to the programs folder or the root of C: with a user-level logon since Windows 2000, which was released in 1999. – David-W-Fenton Apr 27 '10 at 03:28

4 Answers4

5

No, if the user your application is running under doesn't have permissions to write to this folder you cannot write to it. When installing your application (probably through an MSI) you could grant the necessary rights.

You could also provide a manifest file with your application.

Darin Dimitrov
  • 1,023,142
  • 271
  • 3,287
  • 2,928
  • 1
    You *could* do this, but I'd wager you *shouldn't*. Denying access to that folder is done for a reason; it's very likely that there is a more sensibly recommended solution to fritz's problem. – Dan Puzey Apr 11 '10 at 10:48
  • Thanks, i could solve the problem by granting the correct rights in my setup tool. In innosetup this can be done by: [Dirs] Name: {app}; Permissions: everyone-modify; – fritz Apr 11 '10 at 12:10
  • 1
    @fritz: Note, though, that this opens a security hole, since every "normal" user can now replace your exe with something else, something evil. – Heinzi Apr 11 '10 at 12:35
  • @Dan: We have to use this in our organization as well. We have hundreds of PCs and thousands of employees with no PC login. Our SysAdmin has created an account called 'Public' that has no rights to common Special Folders (ApplicationData, CommonApplicationData, LocalApplicationData, ProgramFiles). Some data (like settings & log files) should not be written to the Desktop or MyDocuments. In cases like this, I have modified my apps with the Installer to let them write to specific folders. –  Mar 24 '11 at 19:50
4

Is there anything you can do in c# code to allow writing inside the exe dir?

Yes, but this code (that changes the permissions) would need to be executed with admin permission, so you're back at the start.

In my opinion, the correct way would be to set up appropriate write permissions to a directory below C:\ProgramData (actually: Environment.GetFolderPath(Environment.SpecialFolder.CommonApplicationData)) in a custom action during the installation of your software.

Heinzi
  • 167,459
  • 57
  • 363
  • 519
  • You don't need to take any action to gain Write permissions under ProgramData – H H Apr 11 '10 at 10:48
  • @Henk: It's a bit more complicated: Yes, every (non-admin) user can create folders and files in ProgramData, but, by default, other (non-admin) users cannot modify these files, so I guess that's not what fritz needs. – Heinzi Apr 11 '10 at 12:40
  • @Heinzi: i am in the same scenario what you have said above. i need other (non-admin) users to modify these files, can you guide me to give permission to files while accessing through the c# – Kumaran T Oct 14 '11 at 05:12
  • @KumaranT: Here's how to create a custom action: http://msdn.microsoft.com/en-us/library/d9k65z2d.aspx, and here is a SO question that shows how to set directory permissions (ACLs) in C#: http://stackoverflow.com/q/507124/87698. – Heinzi Oct 15 '11 at 09:25
1

Yes.

Install the program in a location where user's have write/modify rights.

(Of course this opens you to those same users modifying your program.)

Richard
  • 106,783
  • 21
  • 203
  • 265
-2

Yes, you should make sure you're program runs with admin privileges.

You can do this manually by rightclicking on the exec and click "Run as Administrator" or you can demand from code that the program runs with admin privileges.

WindowsPrincipal pricipal = new WindowsPrincipal(WindowsIdentity.GetCurrent());
bool hasAdministrativeRight = pricipal.IsInRole(WindowsBuiltInRole.Administrator);
if (!hasAdministrativeRight)
{
   RunElevated(Application.ExecutablePath);
   Environment.Exit(0);
}

private static void RunElevated(string fileName)
{
    ProcessStartInfo processInfo = new ProcessStartInfo();
    processInfo.Verb = "runas";
processInfo.FileName = fileName;
    try
    {
        Process.Start(processInfo);
    }
    catch (Win32Exception)
    {
        MessageBox.Show("Program needs administrator rights");
    }
}
Henri
  • 5,065
  • 23
  • 24