Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Where to put a application data file shared by all users in XP & NT

Posted on 2004-10-31
15
Medium Priority
?
294 Views
Last Modified: 2010-04-05
Hi, I have a prog that needs to read & write to a file that is shared by *all* users of a PC (no matter how lowly their rights). It needs to support win 9.x, NT (inc. XP). In XP is the best place to put it in:
C:\Documents and Settings\All Users\Application Data\...etc ?
and is this path supported by NT 4 etc or would I need to put it somewhere else to guarantee free read/write access by everyone?
Thanks alot
P
0
Comment
Question by:Pandora
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 5
  • 2
  • +2
15 Comments
 
LVL 7

Expert Comment

by:sftweng
ID: 12460162
If the size is not prohibitive, you might use TRegistryIniFile.
0
 
LVL 7

Expert Comment

by:sftweng
ID: 12460235
I don't have a Windows 9x machine around any more but I don't recall the existence of C:\Documents and Settings\All Users\Application Data\... prior to NT.

Is there any reason not to use the folder (directory) in which the application resides?
0
 
LVL 11

Expert Comment

by:calinutz
ID: 12460962
There would be a problem only if there is a problem with the rights to access the files on either station. So if you have read/write rights on both machines and your file do not exceed 4GB in size you can place your file on either of the machines.
You only have to share it (file sharing) with full rigths for everyone.
The best way would be to place it in a "normal" folder like c:\MyFolder and share it. So you wouldn't have to worry about changes in your users configuration.
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
LVL 7

Expert Comment

by:sftweng
ID: 12460974
calinutz, as I read the question, this issue is access on the same PC by different users, not network access. Of course, setting file access privileges is essential.
0
 
LVL 1

Author Comment

by:Pandora
ID: 12461433
Exactly sftweng, its multiple users/accounts on a single machine having read/write access to the same file - Originally we had the file in the program files dir with the application, but non power users in XP cannot (via the app) write to this file due to security. I have tried adding the 'everyone' account as an ACE to the ACL for the file but this seems to make no difference (I think I read somewhere that there is a system ACL that protects the contents of the program files dir from non-power users and this I think takes precedence over any explicit setting of the ACL). Really what I'm asking is what does everybody else do - where's the standard place to put a shared file in NT/XP?! I'm not to fussed about win 9.x as I can just treat this separately if need be, I just want to put the file somewhere out of the way but somewhere everyone can read/write to it.
Thanks
P
0
 
LVL 7

Expert Comment

by:sftweng
ID: 12461641
If you're not concerned about 9x, then probably ...\All Users\Application Data\<yourapp> would be the best place.
0
 
LVL 7

Expert Comment

by:sftweng
ID: 12461657
Of course, if you REALLY want it to be visible, put it in ...\All Users\Desktop
0
 
LVL 1

Author Comment

by:Pandora
ID: 12462657
Ok - thx. I want it tucked away from the users but accessible by the app. But is this path
...\All Users\Application Data\<yourapp>
 supported in other versions of NT as well as XP ie NT 4, Server, 2000? And will it definately give access to all?
Thx
P
0
 
LVL 17

Expert Comment

by:Wim ten Brink
ID: 12462974
It might just be easier to dump your data in a folder relative from the root folder. C:\YourFolder for example. This would be accessible by all users, unless you change the security settings for this folder. In general, it is even better to store it in C:\YourCompanyName\YourProductName in case you create multiple applications that need to share data. The contents of folders accessible from the root are often unprotected, thus open for every user. (Yeah, a flaw in the Windows security...)
0
 
LVL 2

Expert Comment

by:LSORRELLS
ID: 12467720
You need to create a folder and share it with full control to all users of the computer.  This will not be an issue with Win 9X user.  It's better to create a folder off the root of a hard drive rather than try and place it in a defalut windows user folder as different Flavors handle it differently and you would have to adjust alter your program accordingly.  And the security issues relating to sharing it will limited to that folder which is more platable to security folk.
0
 
LVL 1

Author Comment

by:Pandora
ID: 12599774
*Moderator, please read! *

Hi all, sorry for the delay getting back to you...now then. Hmm. I'm very sorry, but at the risk of being booed out of the forum, I'm not going to accept any of the above as an answer, sorry! I appreciate everyones help but after some investigation and experimentation, I've decided that the actual answer I was looking for was really that my question was wrong! To explain:
I think its bad practice to use well known bugs in commercial software; bugs have a habit of getting fixed & to rely on them could be disastrous, especially if you have an app thats rolled out to many users. In Windows in this day & age, I don't think its really on to ignore windows conventions & install to anywhere other than the designated directories unless theres a reason to do so; programs should go in the program files directory etc - this is kinda what the user expects and is used to. So really this question was all about security and the answer I think I should have got was, put them in the program files directory and ensure that you change the permissions on the files. This is what I have now done, but I found all the NT security stuff a bit tricky at first so I could have done with a few pointers here; which for 500 pts would have been fair I think. Btw, for anyone experiencing similar problems to me - I used Madshis MadSecurity to manipulate the ACL for a given file/directory and added the 'everyone' ACE (see www.madshi.net) to allow unlimited access (I found deallocating the ACL didnt do the job but adding this ACE if it wasn't present did). Obviously u have to have Administrator permissions to be able to do this, so I added code to test for this in the prog/installation too with warnings etc that files couldnt be shared with limited users unless an Admin ran it etc. That said, I have just discovered an added complication; it seems extended file security is only available on NTFS drives, not FAT32 so I'm adding some conditional testing for this too otherwise if you're testing if an ACE is present, on FAT32 the answer will be no but access will still be unlimited (I think - yet to test!). So anyway, I'll get back to you...Don't really know what to do with points but would like the Q to stay in PAQ for others jumping this hurdle? Praps Madshi could have em, or would that cause a riot?! If anything I guess LSORRELLS came closest, but a bit scant for 500? This is what I went for anyway, just a simple let everyone have full access fn

//This is the full read/write access type constant for the ACE
PATH_FULL_ACCESS:cardinal=2032127;

Function File_SetEveryoneFullAccessRights(APath:string; IsDACL:boolean=true):boolean;
begin
//Because a file can't have child folders or files, set with inheritance off
result:=Path_SetEveryoneFullAccessRights(APath, false, false, IsDACL);
end;

//just the same call but supplied for function name consistency
Function Folder_SetEveryoneFullAccessRights(APath:string; IsChildFilesInheritPermissions:boolean=true; IsChildFoldersInheritPermissions:boolean=true; IsDACL:boolean=true):boolean;
begin
result:=Path_SetEveryoneFullAccessRights(APath, IsChildFilesInheritPermissions, IsChildFoldersInheritPermissions, IsDACL);
end;

both using the private & a bit messy fn:

//Madshis acl stuff to allow access for all to the
//specified registry keys for NT etc
Function Path_SetEveryoneFullAccessRights(APath:string; IsChildFilesInheritPermissions:boolean=true; IsChildFoldersInheritPermissions:boolean=true; IsDACL:boolean=true):boolean;
var
AACL     :IAcl;//an access control list
ANewAce,
AAce     :IAce; //an access control entry (within the ACL)
NewFlags :TAceFlags;
begin
Result:=true;
try
   AACL:=Path_GetACL(APath,IsDACL); //Nb Dont change system ACL .SACL
   //If no ACL is assigned ie its deallocated then may need to create one
   If Assigned(AACL) then
      If AACL.IsAllocated then
         begin
         AAce:=AACL.FindItem(Everyone); //Ie Everyone is the full access account
         NewFlags:=[];
         //Set the inheritance flags for files & folders
         If IsChildFilesInheritPermissions then
            NewFlags:=[afObjectInherit];
         If IsChildFoldersInheritPermissions then
            NewFlags:=NewFlags+[afContainerInherit];
         //Have changed this to add the 'everyone' account rather than deallocating the entire ACL as this seems a bit safer
         If (not assigned(AAce)) or (not AAce.IsValid) then //ie if Everyone is not found (NB AAce is still assigned but its not 'valid' and AAce.account.name will ="")
            begin
            ANewAce:=NewAce(Everyone,PATH_FULL_ACCESS,atAllowed,NewFlags);
            AACL.AddItem(ANewAce); //was AACL.Deallocate; //Ie if no ACL is set then access is available to everyone, if blank ACL no access to anyone
            end
            else
            //If the account already exists then update it to the full access, full allowed
            If (AAce.Access<>PATH_FULL_ACCESS) or (not (AAce.type_=atAllowed)) or (AAce.flags<>NewFlags) then
               begin
               AAce.Access:=PATH_FULL_ACCESS;
               AAce.type_:=atAllowed;
               //ie objectinherit=files inherit, containerinherit=folders inherit
               //so this would not apply to files
               AAce.flags:=NewFlags;
               end;
         If AACL.IsDirty then
            AACL.flush;//ie flush any changes that haven't been made yet
         end;
   except
   result:=false;
   end;
end;

0
 
LVL 7

Expert Comment

by:sftweng
ID: 12601352
Two hours and 35 minutes after you asked the question in the second response to the question, I asked:

"Is there any reason not to use the folder (directory) in which the application resides?".

You have responded:

"So really this question was all about security and the answer I think I should have got was, put them in the program files directory and ensure that you change the permissions on the files."

Seems damned obvious to me that I gave you the answer that you needed. Giving the right permissions was just a little too obvious for me to state it explicitly. Like asking someone whether the computer is plugged in when asked why it's not working. But I stated it anyway in my answer at 11:02.

I suggest you take more care in framing your question in the future if you believe that you asked the wrong question. It's not easy reading minds on this medium.
0
 
LVL 1

Author Comment

by:Pandora
ID: 12602698
Sorry to ruffle your feathers Sftweng - I think it was pretty clear that I was experiencing problems using the folder in which the application resides, which is why I asked the question in the first place. And I agree when you say, 'it is pretty hard reading minds on this medium', which is why if the 'obvious' solution of changing permissions was so patently obvious to *you*, it may have been helpful to me if you'd mentioned this and more specifically how to do it. Instead, when I qualified the problem in response to your comment you replied with the 'solution':

if you're not concerned about 9x, then probably ...\All Users\Application Data\<yourapp> would be the best place.

If instead you'd said, keep 'em where they are, set permissions & this is how you do it (oh & watch out for FAT32); the points would be yours and I would pass them over very happily.
0
 
LVL 2

Accepted Solution

by:
LSORRELLS earned 2000 total points
ID: 12606582
I think we all need to relax and let Pandora keep his/her points.  I agree with one very important principal that has been alluded to.  Frequently we try and answer the question when what we really need to do is listen to the question and then try and find a solution to the problem.  They are very frequently not the same thing.  We can pat ourselves on the back for having answered a question correctly and send someone out there with a structural or other problem still in place which our answers have not addressed.  Granted we weren't asked to, but we are supposed to help and sometimes that involves ignoring the actually question posed.
0
 
LVL 1

Author Comment

by:Pandora
ID: 12608184
Thank you LSorrells, and yes thank you all for your time I do not mean to seem ungrateful I just wanted information that helped me to be available to others. Thanks all, P
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction The parallel port is a very commonly known port, it was widely used to connect a printer to the PC, if you look at the back of your computer, for those who don't have newer computers, there will be a port with 25 pins and a small print…
In my programming career I have only very rarely run into situations where operator overloading would be of any use in my work.  Normally those situations involved math with either overly large numbers (hundreds of thousands of digits or accuracy re…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
In response to a need for security and privacy, and to continue fostering an environment members can turn to for support, solutions, and education, Experts Exchange has created anonymous question capabilities. This new feature is available to our Pr…
Suggested Courses

609 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question