Configuration files and UAC

[Top_Dev_User]

I just received R&R Report Works 12.5.01 and noticed that it places its configuration files in the ProgramFiles folder. This means that only users with administrative rights can perform any operation that changes those configuration files.____In our software, we placed all the config files under the C:PROGRAMDATA folder. the ProgramData folder is read only for non-admin users, but we create a folder under ProgramData and give logged in users Read/Write/Execute access to our folder and all works well without needing Admin login.____For example, the config files for our SRWIN.exe program file are located in C:PROGRAMDATASRWIN. SRWIN.EXE itself is located in Program Files (or Program Files(x86) as required by UAC. Works like a charm.____Any plans to update R&R to place its config files in a location that does not require Admin login to access/change them???____

[cstrasser]

As with the code signing, we^ll evaluate it. We don^t want to break any functionality that people have come to rely on.__

[Top_Dev_User]

>We don^t want to break any functionality that people have come to rely on. >____Actually, it is the Report Writer itself you want people to rely on, not any outdated configuration that is not UAC compliant. We had to make major changes to the functionality of our programs to comply with UAC, but the choice was to make the changes or loose business to competing products that were UAC compliant. Easy choice when you look at it that way...

[Top_Dev_User]

Here is some info from the Visual dBase website on complying with UAC. We used this info to get our products to be FULLY UAC compliant. You and your users may find it helpful. ____I recently received a question from a customer asking where is the best__place to install data files for his dBASE Plus application (which he is __upgrading to follow UAC rules).____On XP, his data files were installed under his application^s subfolder under __the Program Files folder.____In answering his question I came up with the following overview which may be__helpful to many of you:____----------____Single User Application__==========================__The simplest case is an application for use by a single user using data__belonging to the user and for use only by the user.__In this case, the data files can be installed under the user^s private __folder tree.______Multi-user Application for use by Standard Users__==================================__If your application is intended to be run by users with standard user__rights, and your program is multi-user, then the program^s shared data files__should be installed to a folder that standard users have read and write__access to and is NOT under a single user^s private folder tree.____By default, no such folder exists on UAC enabled versions of Windows.____Your installer must create a folder for this, either your own custom__folder (or folder tree) off of the drive^s root folder, or a subfolder under __the ProgramData folder tree.____Creating a custom folder off of the root folder is often the simplest __solution as it automatically allows any standard (authenticated) users read __and write access to your custom folder and files and any subfolders.____Creating a subfolder under the ProgramData folder tree can be more __complicated as the default __permissions on folders under ProgramData are set to ReadOnly for standard __users. Therefore you will have to modify the default permissions to allow __standard users Read and Write access to your data files. This can be done __either during application installation or after installation.____In many instances it may be easiest to have your application installer set __the needed permissions.____(Inno Setup scripts, for example, have an optional Permissions setting in __the Dirs section which__allows you to specify permissions for any of the default Windows user __groups )____Alternatively, after completing the installation, the machine or domain __Administrator may configure user and/or user group permissions to ensure __standard users Read/Write access to the data folder or folder tree.____There are several ways to configure this on a Windows network.____ - Each user can be added to the security settings for the folder and__given the needed permissions to access the folder.____ - A user group can be created with the required permissions and then__ each user that needs access can be added to the group____Windows .BAT files, Windows Scripting Host, or Windows PowerShell may be __used to automate user group creation.____Windows XP, Vista, and 7, have the NET command which can be used to Add__Local User Groups and Local Users to a computer. However, if you need to__Add Domain level Groups and Domain Users you must use utilities on Windows__Server versions which are different from the Windows client versions.______Application for use by Administrators__==========================__If your application is intended to be run only by users with Administrator__rights and it already keeps its data files in a subfolder under the Program __Files folder,__you may choose to keep the data files there.__However, you will need to install a manifest file for plusrun.exe that has __the requireAdministrator setting instead of the asInvoker setting.__(Note that dBASE Plus 2.70.x installs manifest files with asInvoker __settings).____Alternatively, you can choose to install the data folder into a custom __folder off of the root folder or under the ProgramData folder to be more in keeping __with the spirit of UAC. If you choose to use a folder under ProgramData you __will have to ensure Administrators have sufficient rights to the data folder for your __application as described above for standard users.______Authenticated Users__===================__Windows has a built-in users group called Authenticated Users.__By default, there are no members of this group and you cannot add users__to this group. However, any user who successfully logs into the local __machine or to the domain the machine is part of is automatically added to this group (and remains a __member while they are logged in).____Therefore, when setting permissions on your application^s data folder you __can often simply specify the permissions granted to members of the Authenticated Users group __in order to restrict access to appropriate users.____If you need to further restrict access to a subset of authenticated users __you may have to set folder permissions for specific users or custom user groups after __installation as described above.______----------____For further information about UAC and user rights on Windows:____ http://technet.microsoft.com/en-us/library/cc709628(WS.10).aspx______For automating adding local users to local user groups using Windows __PowerShell:____ http://blogs.technet.com/b/heyscriptingguy/archive/2010/11/25/use-powershell-to-add-local-users-to-local-groups.aspx______Intro to User Group Policy Management:__ http://technet.microsoft.com/en-us/library/hh147307(WS.10).aspx______- Marty -____Martin Kay__dataBased Intelligence, Inc.__

[Top_Dev_User]

Has there been any movement on this? Your customers will migrate to other report writers that are UAC compliant if you do not upgrade to handle UAC. With each new release of Windows, UAC becomes more and more invasive. Even the WinXP updates are forcing UAC onto XP users.____UAC is the future and the future is here now. There are only two product paths available under Windows, 1)Comply with UAC or 2)Die. __==========================__>>We don^t want to break any functionality that people have come to rely on. >__>__>Actually, it is the Report Writer product itself you want people to __>rely on, not any outdated configuration that is not UAC __>compliant. We had to make major changes to the __>functionality of our programs to comply with UAC, but the __>choice was to make the changes or loose business to __>competing products that were UAC compliant. Easy choice __>when you look at it that way... __================================__

[Eugeniaomife]

When LivewarePub released R&R Infinity version I think they meant just that; no new versions for the infinite future. They tempted users by telling them if they upgraded to this version they would not have to pay for future upgrades. It speaks for itself!____Personally, I don^t think Liveware have any intention on further developing this product. And as has been said, once Windows UAC gets a hold on the majority of computers worldwide, R&R will meet its demise. This is a real shame as it once was such a good product.

[Top_Dev_User]

And the most frustrating thing about this is that complying FULLY with UAC would only require about 2 hours of work, and all but 30 minutes of that would be spent testing the fix.____The ONLY thing they have to do to meet UAC standards is to move their temporary files that are used during report generation to a safe location. They could build their own folder off the root or place a folder under PROGRAMDATA and give authenticated users Read/Write permissions on that folder. 30 minutes, ALL DONE! That is the frustrating part.____In a previous post they remarked that they "did not want to break any functionaliry that users have come to rely on". The user is not even aware of those temporary files and has no direct interaction with them.____Maybe if enough of us call and write, we could get some movement on this???____-O. D.-__

[cstrasser]

I^m not sure I understand. The files that the report generates during production *are* written to the %TEMP% and %TEMP%serialno Folder:____Sort Files (.SOR)__Dictionary (dic?.TMP and dic?.DBF)__FlexLink indexes (.RRX, IDX)____as well as others.____The only files we deal with in the Program Files folder are the licensing (.LIC) and the various data dictionary / librarian tables and text files we use to parse / transport data. UAC pops up during report modifications / saving because DD and RL are at work cataloging the information.____We^re working on it. We need to code sign all the DLLs, MSI, EXEs, OCXs, CABs, etc. and then create a new installation script with InstallShield, test it on a clean system and make sure everything behaves as before.

[Top_Dev_User]

>The only files we deal with in the Program Files folder are __>the LICENSING (.LIC) and the various DATA DICTIONARY / __>LIBRARIAN TABLE and TEXT FILES we use to PARSE / TRANSPORT __>DATA. UAC pops up during report modifications / saving __>because DD and RL are at work cataloging the information. __>____There is your problem (in all caps). Except during installation, you cannot write ANYTHING in Program Files for ANY reason at ANY time. Attempting to save a single byte of data in Program Files (or any folder under it) immediately triggers Administrator Level Elevation. Your installer can place files in Program Files (all install programs require Administrator Level Access). NO other program or application can write ANYTHING under Program Files EVER. Not today, not tomorrow, not EVER.____You have to build your own folders to hold ALL your temporary files. EVERY SINGLE ONE. NO EXCEPTIONS. (Placing your LIC files in your own folder means that R&R can update the license without requiring Administrator (IT Department) involvement. ____Once you do that, then R&R Report Writer will be fully UAC compliant and can be run by restricted users without any Elevation flags coming up.____We build some folders off of the root of "C:". Other apps of ours place the temp and "working" folders under a folder we build under "ProgramData". We give all logged in users access to our private folder under "ProgramData" and all works well. ____Surely you noticed that unlike "Program Files", "ProgramData" has NO spaces in it. 16 bit apps cannot handle folder/file names containing spaces. That^s why they made "ProgramData" a single "no space" folder name. Even 16 bit apps can be made to work under UAC without Administrator Elevation.____NOTE: "ProgramData" always exists under Vista and Win7. It does not exist by default under XP. Our installer checks for the existence of the "ProgramData" folder off the root of "C:" and builds it if the folder is not there. Now our temporary data is located in the exact same place in XP, Vista and Windows 7. (Also Win8 when it is released).____We look at one location and ONLY one location on XP/VISTA/WIN7 for our temporary files. "C:ProgramDataAcmeApps", where "Acme" is replaced by our own company name WITH NO SPACES in the name. Now our 16 bit, 32 bit and 64 bit apps ALL work just fine under UAC without EVER requesting Administrator Elevation. ____It^s just that easy.__

[Top_Dev_User]

Any movement on this CRUCIAL issue? Have you been able to schedule in 2 hours (30 minutes of programming and 1.5 hours of testing) to move ALL your TEXT and DATA files out of C:PROGRAM FILES? This is all that is left to make R&R 100% UAC compliant...____-O. D. W.-__