I've scrubbed the NGs and think I understand the "where to
install it" rules imposed by Vista. I'm posting this to see
"if what I heard is what was said".

Currently we install everything into a "MyAPP" folder. The
users have the option to put it where ever they want but the
default is "C:\"
In the MyAPP folder is all EXE, DLL, ICO, INI, etc. files
and several sub-folders for App.Data, BackUp,
Replication.LogFiles, etc.

In keeping with the rules Vista wants me to live by I should
create two MyAPP folders

Under CSIDL_PROGRAM_FILES the MyAPP.folder will contain ONLY
the EXE, DLL, and ICO files that are currently placed in
C:\MyAPP. These will NEVER be written to except by the
SB.Installs

Under CSIDL_COMMON_DOCUMENTS the MyAPP.folder will contain
all of the rest of the files and the sub-folders from
C:\MyAPP. These may be written to and will be accessable
there without any hassle and not infringe on Vista's view of
the world.

File names are specified in the Dictionary as
!FIL:FileName_Label and assigned when the app opens. All I
should have to do is modify the FIL:FileName_Label value to
begin with the value of CSIDL_COMMON_DOCUMENTS, and the
_.ini files will also have to be directed away from the
App.Folder.

Is this true? Thanks!
Guy

Hi Guy
I'm not sure about CSIDL_COMMON_DOCUMENTS, but you may want to consider
CSIDL_COMMON_APPDATA which is the 'All Users' application data folder; you
will need to grant access rights to the folder but that is easy with the
cacls.exe tool.
Cheers
Randy

Hi Randy -

Thanks for the reply.
I debated about that some & decided that access control is
not really necessary. We currently place everything in the
C:\MyAPP folder, be default, and haven't had any problems
with the wrong folks getting in there.

I saw a note from Friedrich in one of the NG's indicating
they have settled on using CSIDL_COMMON_DOCUMENTS, and if
it's OK for him it sure works for me (G)

My greater concern is to be sure there are no configuration
or security changes required on the user's machine.

See ya later
Guy

> I'm not sure about CSIDL_COMMON_DOCUMENTS, but you may want to consider
> CSIDL_COMMON_APPDATA which is the 'All Users' application data folder; you
> will need to grant access rights to the folder but that is easy with the
> cacls.exe tool.

I use CSIDL_COMMON_APPDATA when the program is the only entity that needs
access to the data stored there, otherwise I use the
CSIDL_COMMON_DOCUMENTS.

That way requires no special changes to the permissions on the users system
and everything works within a Vista default install guidelines.


I think that the other factor one has to consider is who is going to be
doing the installing.

If it is business software (where the install will be performed by an
Administrator or authorized with an "Over the shoulder" elevated access of
an Administrator), then perhaps you can get away with needing to change
permissions for folders.

If your software is something that an "average" user could download and
install, then it needs to use designated data areas without requiring
Administrator permissions.


Just my $.02

;-)

Charles

--
-------------------------------------------------------------------------------------------------------
Charles Edmonds

www.clarionproseries.com - "Serious imaging tools for Clarion Developers"
www.ezround.com - "Round Corner HTML tables with matching Banners, Buttons
and Forms!"
www.lansrad.com - "Intelligent Solutions for Universal Problems"
www.fotokiss.com - "World's Best Auction Photo Editor"
-------------------------------------------------------------------------------------------------------

Hi Charles -
Thanks for the input.
In most cases our software is installed by an "average"
user, and that may be generous (G), so we view having to
deal with permissions, etc. to be avoided.

I debated about using CSIDL_COMMON_APPDATA and decided
against it because I believe it would restrict a user from
making any changes to files, file names, etc. in the even of
evergency. I'd like to think the program is the only one
that needs to access the data, but my experience with
Murphy's Law tells me not to rely on it.

I don't have a Vista.machine running so I'm trying to put
the pieces together based on other's experiences and
comments.

Thanks again
Guy

> In most cases our software is installed by an "average"
> user, and that may be generous (G), so we view having to
> deal with permissions, etc. to be avoided.

Sometimes "less is more".

No need to complicate things if you don't have to.


> I debated about using CSIDL_COMMON_APPDATA and decided
> against it because I believe it would restrict a user from
> making any changes to files, file names, etc. in the even of
> evergency. I'd like to think the program is the only one
> that needs to access the data, but my experience with
> Murphy's Law tells me not to rely on it.

In general this is correct. The app would own the data.

Of course an Administrator would still be able to get to it with no
problems at all.


Charles


--
-------------------------------------------------------------------------------------------------------
Charles Edmonds

www.clarionproseries.com - "Serious imaging tools for Clarion Developers"
www.ezround.com - "Round Corner HTML tables with matching Banners, Buttons
and Forms!"
www.lansrad.com - "Intelligent Solutions for Universal Problems"
www.fotokiss.com - "World's Best Auction Photo Editor"
-------------------------------------------------------------------------------------------------------

"the app would own the data"
How, unless it's running under a system account ???
Otherwise, the app runs under the credentials of the user account that
invoked it.

Jane

> "the app would own the data"
> How, unless it's running under a system account ???
> Otherwise, the app runs under the credentials of the user account that
> invoked it.

Yes it depends on if the app is running as a service process or not.

If it is (as a system account), then it can see the data regardless of
location.

Otherwise it is by the user account.

In PageSnip - I do both.

The service process runs as a system account (which is cool as it allows
the built-in webserver to serve shared content to a browser on a different
machine even if no one is logged in).

Then the desktop app runs as the user account and makes use of the stored
shared data (owned by the system account) and the user's personal data.

;-)


Charles


--
-------------------------------------------------------------------------------------------------------
Charles Edmonds

www.clarionproseries.com - "Serious imaging tools for Clarion Developers"
www.ezround.com - "Round Corner HTML tables with matching Banners, Buttons
and Forms!"
www.lansrad.com - "Intelligent Solutions for Universal Problems"
www.fotokiss.com - "World's Best Auction Photo Editor"
-------------------------------------------------------------------------------------------------------

I can see that in the situation you describe, Charles, where you have a
service process running.

Your comment to Guy seemed much more general, however,and I think wouldn't
apply to a large number of apps:
"In general this is correct. The app would own the data."

Jane

Hi Charles -

Since I don't have a Vista.machine, let me ask what may be a
dumb question.
I think CSIDL_COMMON_DOCUMENTS is virtually unrestricted.
This means the "average, no special priveledges" user may do
anything he/she wants to do with files contained there in.
CSIDL_COMMON_APPDATA is restricted, meaning the "average, no
special priveledges" user can NOT do ANYTHING to the files,
only the/an application is allowed to do anything with the
files.

If this is the case, I think my processing to create,
update, and/or delete data will perform as expected in
either location. The application may also delete a file.
In other words, the application has TOTAL rights to the
files and/or the data in either location.

My "average, no special priveledges" user will NOT be able
to change a file name or delete a file, or copy a file into
or out of the folder if I use CSIDL_COMMON_APPDATA except
when using the application software, unless the user has
Administrator.Rights.
Is this correct?

Would that user be able to use the TopSpeed.DataBase.Scanner
(TOPSCAN.EXE) to change the data in a file?
Obviously this would/should only be brought about by a bug
in the application ,and yes, I've had to resort to that on
once or twice (BG).

My reason for leaning toward CSIDL_COMMON_DOCUMENTS has
stemmed for a comment I saw from Friedrich that they lean
that way, coupled with a "deep fear" of finding myself, and
more importantly my user, in "Vista.hell" through my own
well intentioned efforts.
I guess the REAL answer is to get a Vista.machine going and
do some testing.

Thanks for the input, you time and comments are appreciated,
as are Jane's.
Guy
PS - In our case, the application is "plain vanilla". There
is no service-stuff, no background-processing, etc., what is
running is visible in the task.bar and looking at the active
window will tell you what's active. Obviously, there may be
multiple threads and the Frame.Menu option Window will show
them to you, but that is as exotic as we get.
- - - - - -

Hi Charles,
It is very easy during an install to invoke the csidl.exe program and set
the access for the folder. In our case we assign access rights to the
AuthenticatedUsers group. This provides some level of security for the data
files which is part of the 'intent' of the Vista OS design. I suppose
though that in the end it really depends on your application and how much
protection you want to provide to the data and the application itself.
Cheers
Randy

Thanks for the info Randy!

Take care,

Charles

--
-------------------------------------------------------------------------------------------------------
Charles Edmonds

www.clarionproseries.com - "Serious imaging tools for Clarion Developers"
www.ezround.com - "Round Corner HTML tables with matching Banners, Buttons
and Forms!"
www.lansrad.com - "Intelligent Solutions for Universal Problems"
www.fotokiss.com - "World's Best Auction Photo Editor"
-------------------------------------------------------------------------------------------------------

Hi Charles
oops, I meant CACLS.EXE, sorry for any confusion.
Randy

Charles,

And you can set access permissions (folder and registry) directly from the
SetupBuilder installer! It's a built-in function in SetupBuilder 6.5.

Friedrich

--
Friedrich Linder
Lindersoft
www.lindersoft.com
+1.954.252.3910

"point. click. ship" - that's SetupBuilder 6.5
Create Windows Vista ready installations in minutes

-- Official Comodo Code Signing and SSL Certificate Partner

> oops, I meant CACLS.EXE, sorry for any confusion.

No problem - I figured a typo as you'd called it right in your other post.

;-)

Charles


--
-------------------------------------------------------------------------------------------------------
Charles Edmonds

www.clarionproseries.com - "Serious imaging tools for Clarion Developers"
www.ezround.com - "Round Corner HTML tables with matching Banners, Buttons
and Forms!"
www.lansrad.com - "Intelligent Solutions for Universal Problems"
www.fotokiss.com - "World's Best Auction Photo Editor"
-------------------------------------------------------------------------------------------------------

> And you can set access permissions (folder and registry) directly from the
> SetupBuilder installer! It's a built-in function in SetupBuilder 6.5.

I knew that<g>.

Of course that is how I do it because I am a lazy programmer and I let
Friedrich do all the hard stuff like that for me<VBG>.


Charles


--
-------------------------------------------------------------------------------------------------------
Charles Edmonds

www.clarionproseries.com - "Serious imaging tools for Clarion Developers"
www.ezround.com - "Round Corner HTML tables with matching Banners, Buttons
and Forms!"
www.lansrad.com - "Intelligent Solutions for Universal Problems"
www.fotokiss.com - "World's Best Auction Photo Editor"
-------------------------------------------------------------------------------------------------------

<G> I knew you knew that :)

Friedrich

I didn't know that you knew that he knew that! <gdar>

Randy Rogers

<BG> :)

Friedrich