Guest Family Tree Mike Posted October 24, 2008 Posted October 24, 2008 For in-house tools, the approach of writing to the program files folder is fine. Here are a few ways that it can be problematic if the code goes out of your team, such as to a customer: 1. Vista - Must run with elevated permissions to access program files folder. 2. 64 bit OS - Virtualization pottentially renames the folder, so you better not assume it is c:\program files. 3. XP - Most organizations don't allow users admin priveledge, and the admin people will not change the permissions on the program files folder. 4. Since this is a service, you are asking a lot from the IT department if this is not run under "local service" account. On top of that, asking that the local service account be given such broad permission, is not good. I hate to ask, but does this other cavelier developer think that the checkbox for "allow desktop interaction" is just fine and dandy for everyone to do? "Tom" wrote: <span style="color:blue"> > I don't know if this is the best group to ask this in, but then again, I > don't know where to ask it either. So please be gentle ... > > Anyway, my group has written several .NET Windows services over the past > year. Now typically, these services get installed in the program files > directory, and they almost always have configuration files that they > read/write from. > > My argument is that any files that are read from/written to must go into the > application data directory (e.g. - XP: docs & settingsall usersapplication > dataour company). Another guy on our team just changes the permissions of > our directory under program files so that everybody can write to that > directory when our product is installed. > > I keep telling him this is a bad idea, and that Microsoft made the > application directory specifically for this reason, but he always comes back > with that it's just a directory, and as far as security goes, it's just as > secure as writing to this application data directory, and then I don't > really have a good response to him. > > So ... > > What is the actual benefit to using the application data directory, and why > should we use it? > > Thanks. > > </span> Quote
Guest Tom Posted October 25, 2008 Posted October 25, 2008 Right now, our customers don't really care what we do, it's really just an in house argument. Thanks for pointing out the issues, but where is the best place to store these configuration files? Now it sounds like the application data directory and the programs files directory is not the best place to go. Thanks again. "Family Tree Mike" <FamilyTreeMike@discussions.microsoft.com> wrote in message news:4101F21F-CE95-4E47-9207-592A334AFB07@microsoft.com...<span style="color:blue"> > For in-house tools, the approach of writing to the program files folder is > fine. Here are a few ways that it can be problematic if the code goes out > of > your team, such as to a customer: > > 1. Vista - Must run with elevated permissions to access program files > folder. > 2. 64 bit OS - Virtualization pottentially renames the folder, so you > better > not assume it is c:program files. > 3. XP - Most organizations don't allow users admin priveledge, and the > admin > people will not change the permissions on the program files folder. > 4. Since this is a service, you are asking a lot from the IT department if > this is not run under "local service" account. On top of that, asking > that > the local service account be given such broad permission, is not good. > > I hate to ask, but does this other cavelier developer think that the > checkbox for "allow desktop interaction" is just fine and dandy for > everyone > to do? > > > "Tom" wrote: ><span style="color:green"> >> I don't know if this is the best group to ask this in, but then again, I >> don't know where to ask it either. So please be gentle ... >> >> Anyway, my group has written several .NET Windows services over the past >> year. Now typically, these services get installed in the program files >> directory, and they almost always have configuration files that they >> read/write from. >> >> My argument is that any files that are read from/written to must go into >> the >> application data directory (e.g. - XP: docs & settingsall >> usersapplication >> dataour company). Another guy on our team just changes the permissions >> of >> our directory under program files so that everybody can write to that >> directory when our product is installed. >> >> I keep telling him this is a bad idea, and that Microsoft made the >> application directory specifically for this reason, but he always comes >> back >> with that it's just a directory, and as far as security goes, it's just >> as >> secure as writing to this application data directory, and then I don't >> really have a good response to him. >> >> So ... >> >> What is the actual benefit to using the application data directory, and >> why >> should we use it? >> >> Thanks. >> >> </span></span> Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.