Developer documentation for UAC Rules

I am having trouble locating information on what all the rules are for developers and where they can save/update application config data.  We have old apps that conflict with UAC because they write to registry, write to C:\Program Files\ and write to C:\.  Since I asked developers to stop writing to these areas, they are looking for guidance and what all the rules are on where CONFIG files can be saved without violating the UAC requirements (or needing escalated rights for the apps to work).

Can anyone direct me to that info if it is available?
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

If an old version does it, look at the archived Microsoft website (I am giving you the archived one, because the linked help file ithey talk about is only available in the archive.

Rules remain pretty much the same. The help file talks about known folders. Excerpt:
All per-computer settings should be created during installation under the HKEY_LOCAL_MACHINE (HKLM) registry hive. The registry path should be of the form:


These settings can be modified or new Known Folder directories created after installation, but these will require privilege elevation under UAP. Per-user settings should be created when an application is first run, or recreated if they do not currently exist in the registry (for example, if a new user logs into a system and runs the application).

Per-user configurations should be stored under the HKEY_CURRENT_USER (HKCU) registry hive. The registry path should be of the form:


Applications can add or modify Known Folders information in the registry at any time.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Shaun VermaakTechnical SpecialistCommented:
Some guidelines that defined a LUABug

"Fire and forget":  The application invokes the operation, doesn't check the result, but doesn't depend on the operation having succeeded in order to continue working correctly.  This is not a LUA bug.

"Gracefully degrade":  The application invokes the operation, checks whether it succeeded, and handles failure in an appropriate way.  This is not a LUA bug.

"True LUA bug":  The application invokes the operation, assumes it succeeded, and depends on the operation having succeeded in order to continue working correctly.  A variation on this is that the app checks whether the operation succeeded, but handles the failure inappropriately, such as by displaying an error message and falling over dead.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows OS

From novice to tech pro — start learning today.