Where Should Data go in Vista?

In part 1 of my two-part Advisor article on Windows Vista (http://advisor.com/doc/18897), I discussed some of the recommended places writable files should go in Vista. (To refresh your memory, your program files folder is most likely read-only even for administrators, so you can't store anything that needs to be updated there, such as your application's tables, INI files, etc.) However, I've recently changed where I store some writable data to a Data subdirectory of the program folder. The reason: I need a consistent location to look for global (that is, not user-specific) data. If the user installs the app on a server, I can't use a location like {CommonAppData} because that's on the user's hard drive. I need a location I can always count on regardless of whether the app's on a local or network drive.

"Wait a minute," you're probably thinking. "That's (1) bad practice and (2) not allowed." Although I agree it's not an ideal location, it's not a completely bad practice. The reason for the program folder being read-only is to prevent malware from attacking your EXE and DLL files. Putting only data files into a Data subdirectory doesn't open any security holes because no executables go there.

As for not being allowed, that's true by default. However, you can easily change permissions on the folder when your installer creates it. In Inno Setup, simply create your directory like this:

[Dirs]
Name: "{app}\Data"; Permissions: everyone-modify

This gives all users the ability to write to the folder.

I don't store much in Data, certainly not the data files my application uses. The main thing stored there is an INI file that contains a setting specifying the location of the data files. When the user starts the app for the first time, a dialog prompts them for the data file location and writes the response to the INI file (which it can do because the INI file is in the writable Data folder). Our app looks in a consistent writable location for the INI file, making the code easy.