We created an installer (Nullsoft Install System v2.46) that installs the application, plus some (nested) data directories, which include (text) data files that are read/write accessed from the installed application.
Everything works fine on WinXP: The application loads, and the files can be read/written from the data directories nested under the install directory.
However, installing on Win7/64, the data directories created as a part of the installation are read-only. Thus, the application loads the data files, but fails to overwrite them (since they reside in a read-only data directory under the install directory).
Yes, since this is Win7-64bit, the data directories happen to reside in:
C:\Program Files (x86)\MyApp\MyDataDir0
I understand that Win7 is more strict in its installation policy than previous WinOSes (for security reasons).
QUESTION: What mechanism should we use to ensure these data directories are read/write, and that the (text) data files within them are also read/write, during an install?
These data files are not user-specific, they imply data required for the program to run. (Without them, the program is useless.) Logically, they are "program system" files, although we could rationalize that they represent "extensible data sets" used by the program (so they must be read/write).
For simplicity and consistency we would really rather address this with the installer, and not change dir/file permissions from within the program. We would prefer that this data exists where the application is installed, and not in some C:/Users/Default/. or C:/ProgramData/MyApp/. directory.
Is our "read/write" interest in data-dirs-under-app-install-dir against the Win7 policy? (Are we supposed to not install them there?)
If you rely on writing to %ProgramFiles%, your program is basically broken on every version of WinNT, you just failed to test as non-admin!
If you want to allow everyone write access to a file or folder, use the Access Control plugin. You give up a little bit of security by doing this. To reduce the risk, make sure the data files are stored in a sub directory, (%ProgramFiles%\MyApp\Data or something like that) and don't grant normal users write access to folders with .exe or .dll's.
What you really should do is to copy the files from %ProgramFiles% to %AppData% when your program first runs, this way each user gets their own settings and there are no security issues.