It’s 2013, stop trying to write to the Program Files folder already

Type To Learn

Type to Learn’s login screen

My daughter asked if I could install Type to Learn 4, an app that she uses at school.  It provides a fun way to learn typing skills. If a school buys the app, they can provide student accounts and the student can download and install the app at home.

She, of course, had not told me any of this.  I went to the web site for Type To Learn and saw that there were two versions.  A School Login Portal, and the home version.  So I clicked on the home version which took me to Amazon.

No middle ground

The first thing I saw was the 2.5 out 5 star rating.  That’s not a good sign.  It was an inverse bell curve, people either loved it or hated it.  When you see numbers like that, you read the 1 star reviews to see what went wrong.

I zeroed in on the comment posted here.  That user had determined that Type To Learn was trying to write data back to a data file located in it ‘s program folder (C:\program files (x86)\sunburst). That’s not a good thing.

 Unless you had admin rights, that’s going to fail.  Starting with Windows Vista, standard users can’t write to any folders in the Program Files or Program Files (x86) space.  Just not allowed.  You can write to those folders if you have admin rights.  

My kids don’t have admin rights on the home PC’s.  They don’t need them and keeps the PC running smoothly.  Under normal usage, only setup applications should be writing to Program Files.

There is also the multiple user situation. If you are writing to one location and you have multiple user accounts on the machine, the you need to make sure that your saved data is multiuser friendly.

As it turned out, we didn’t need to buy the app from Amazon, we could just download the app from the School Login Portal.  But we still would have the same problem the data being written back to Program Files (x86).

Where are you supposed to put your application data?  For desktop applications, you have two choices.  Shared data goes into a folder under %PROGRAMDATA%, which usually maps to a hidden root folder name ‘ProgramData“.

User specific data should go into  %APPDATA% or %LOCALAPPDATA%.  Under Windows 8.1, APPDATA maps to something like c:\users\username\appdata\roaming.  This is used for data shared across multiple machines. LOCALAPPDATA maps to c:\users\username\appdata\local and is where you would store user data for that machine.

So we have an app writing to the verboten Program Files folder.  We can’t change that behavior, but we can allow it to work for a non-admin user without disabling all of the security.  We just need to everyone full access to that folder.

I like to do stuff like that from the command line. When messing around with access rights, I want to be explicit with what I am setting.  That’s just the way I roll.  With that, our tool is the trusty Icacls command.

Icacls is used for setting user and group access to a folder.  It does more than that, but if you don’t have an IT background. the rest of what it does will make your eyes bleed.  I mean the /verify parameter is documented to “Finds all files with ACLs that are not canonical or have lengths inconsistent with ACE (access control entry) counts.”.  You don’t need to know what that means, trust me.

Here’s what you need to know:

Run cmd.exe as administrator.  With Windows 8/8.1, this is easy.  From the Metro screen (Yes, I know. I still call it Metro), just type “cmd” and right click on “Command Prompt” and select “Run as administrator.  It should look like this:

Run as adminitratpr

When that cmd window opens up, CD into “c:\program files (x86)“. That will save you from having to type “c:\program files (x86)” over and over again.

[Edit]
A cricket player from Eastern Europe sent in the following tip:

An even easier way to launch an admin cmd prompt is Win+X then A. It’s the newest keyboard shortcut forever burned into my memory.

Now run

icacls sunburst

Sunburst is the company that makes or sells Type To Learn, all of the files are in that folder.  You should see the following:

That tells us that the TrustedInstaller (i.e. setup programs) and admins have full rights to that folder, every one else has read access

Now run

icacls sunburst /grant Everyone:(OI)(CI)F

In human speak, that means give (/grant) everyone full access (F) to the sunburst folder and all of the files ((OI)) in that folder and all of the folders ((CI)) in the sunburst folder. Then run “icacls sunburst” again to verify that the change took effect.  It should look like this

You should see that everone has full rights to that folder. Now you can run Type To Learn as  standard user.

One thought on “It’s 2013, stop trying to write to the Program Files folder already”

Comments are closed.