Install for all users and data access

Question

What\'s the best way to modify my installer application to install my exe and several data files into a location that all users can access? I want any XP/Vista/Win7 user to

Answer 1

If users should be able to modify their own copy of the data, I would indeed user the Roaming data folder, unless the files are big, which is not good for roaming: Whenever the app is started, check if the files exist in user's roaming folder. If not, create the initial copy for that user from a common read-only copy in the program's directory.

OTOH, if users need to modify a common copy, then create a data subdirectory in the program's directory and modify its security descriptors to give Write access to the Users group. Here's some native code to do so. This code should of course be executed from the installer since it requires admin privileges.

EDIT: Oops! I just realize that I got code from this former SO question.

#include 

BOOL CreateDirectoryWithUserFullControlACL(LPCTSTR lpPath) 
{
  // Create directory
  if (!CreateDirectory(lpPath,NULL))
    return FALSE;

  // Open directory object
  HANDLE hDir = CreateFile(lpPath,READ_CONTROL|WRITE_DAC,0,NULL,OPEN_EXISTING,FILE_FLAG_BACKUP_SEMANTICS,NULL);
  if (hDir == INVALID_HANDLE_VALUE)
    return FALSE;

  // Get current security info for the directory
  ACL* pOldDACL;
  SECURITY_DESCRIPTOR* pSD = NULL;
  GetSecurityInfo(hDir, SE_FILE_OBJECT , DACL_SECURITY_INFORMATION,NULL, NULL, &pOldDACL, NULL, (void**)&pSD);

  // Create SID for Users
  PSID pSid = NULL;
  SID_IDENTIFIER_AUTHORITY authNt = SECURITY_NT_AUTHORITY;
  AllocateAndInitializeSid(&authNt,2,SECURITY_BUILTIN_DOMAIN_RID,DOMAIN_ALIAS_RID_USERS,0,0,0,0,0,0,&pSid);

  // Create Full Access descriptor for Users
  EXPLICIT_ACCESS ea={0};
  ea.grfAccessMode = GRANT_ACCESS;
  ea.grfAccessPermissions = GENERIC_ALL;
  ea.grfInheritance = CONTAINER_INHERIT_ACE|OBJECT_INHERIT_ACE;
  ea.Trustee.TrusteeType = TRUSTEE_IS_GROUP;
  ea.Trustee.TrusteeForm = TRUSTEE_IS_SID;
  ea.Trustee.ptstrName = (LPTSTR)pSid;

  // Add Users' full access descriptor to the current permissions list of the directory
  ACL* pNewDACL = 0;
  DWORD err = SetEntriesInAcl(1,&ea,pOldDACL,&pNewDACL);
  if (pNewDACL!=NULL)
    SetSecurityInfo(hDir,SE_FILE_OBJECT,DACL_SECURITY_INFORMATION,NULL, NULL, pNewDACL, NULL);

  // Clean up resources
  FreeSid(pSid);
  LocalFree(pNewDACL);
  LocalFree(pSD);
  LocalFree(pOldDACL);
  CloseHandle(hDir);

  return TRUE;
}