域兼容性:应该将共享数据写入何处? [英] Domain compatibility: where should shared data be written?
问题描述
我们编写的应用程序在XP中可以很好地运行,但是可能存在向Vista和Windows 7迁移的严重问题,这可能是由于写入用户数据的原因.
We've written an application that works fairly well in XP, but is having serious migration issues to Vista and Windows 7, probably due to where user data is being written.
用例是这样的: 单个用户需要登录到计算机并使用它来获取数据.主管用户需要能够直视单个用户的肩膀,并验证他们是否在正确地执行其工作.这些主管还需要检查系统日志,以确保系统运行正常.
The use case is this: Individual users need to log in to the machine and use it to acquire data. Supervisor users need to be able to look over the shoulder of individual users and verify that they're performing their jobs properly. These supervisors also need to check system logs to make sure that the system is performing properly.
我们在XP中完成这些任务的方式是直接写入C:\驱动器上的文件夹.也许这是一个坏习惯,也许不是,但是基本上系统的所有用户都需要能够以共享数据的形式访问此数据.在该程序的某些安装中,IT情况根本不安全,只有一个用户使用计算机,然后每个人分别登录到我们的程序.在该程序的其他安装中,IT人员胜任,并且对不同用户具有不同的登录名,但是每个用户仍然可以访问C:并且每个用户仍可以根据需要检查其他用户.
The way that we accomplished these tasks in XP was to write to a folder on the C:\ drive directly. Maybe that's bad practice, maybe it isn't, but basically all users of the system needed to be able to access this data as shared data. In some installations of the program, the IT situation was just not secure at all, and there was a single user for the computer, and then each individual logged in to our program separately. In other installations of the program, the IT staff is competent and has different logins for different users, but each user can still access C: and each user can still check other users as necessary.
在Vista/Windows 7中,所有更改.如果IT员工将一切锁定在单个用户手中,那么这些用户仍然需要共享此公共数据,并且仅允许将特定于应用程序的配置参数和用户列表写入应用程序的目录中.如果系统位于具有域的位置,则该用户没有本地管理员权限,甚至安装也可能是一个问题.
In Vista/Windows 7, that all changes. If the IT staff locks everything down to individual users, these users still need to share this common data, and writing application-specific configuration parameters and user lists to the directory of the application is just not allowed. If the system is in a location with a domain, then the user does not have local admin rights, and even installation could be a problem.
解决方案是让安装程序创建每个用户都可以写入的目录,然后将所有特定于用户的数据放入该目录中吗?如果是这样,是否有可能使安装程序以这种方式运行(即使必须授予管理员权限)?还是有办法使Vista/7以更加自由的XP方式运行?
Is the solution to this to have the installer make a directory that every user can write to, and then put all user-specific data in that directory? If so, is it possible to have an installer behave that way (even if it has to be given admin rights)? Or is there a way to make Vista/7 behave in the more liberal XP fashion?
推荐答案
最具权威性的资源是数据和设置管理" .阅读此书可了解Windows上存在的各种特殊文件夹的原理,以及如何选择要写入哪个文件夹
The most definitive resource is the "Data and Settings Management in the Application Specification for each windows version in MSDN. Read this to see the rationale behind the various special folders that exist on Windows, and how to choose which one to write data to.
接下来,您的应用程序需要使用 SHGetSpecialFolderLocation API检索到特殊位置的路径.
Next, your application would need to use the SHGetSpecialFolderLocation API to retrieve the paths to the special location.
大多数likley可以满足您需要的文件夹-由一个用户写入,由管理员读取,该文件夹将为CSIDL_APPDATA-在Windows 6.X上,该文件夹对应于C:\ProgramData\
The folder that most likley serves your needs - being written to by one user, read by administrators, would be CSIDL_APPDATA - which, on Windows 6.X, corresponds to C:\ProgramData\
默认情况下,在此位置创建的文件夹的权限由管理员和所有者(即创建该文件夹的用户)完全控制,并且仅具有对Users组成员的只读访问权限.
By default the rights on folders created in this location are full control for administrators and owners (i.e. the user that created it) and read only access to members of the Users group.
完全独立的练习正在编写修改目录上的访问控制列表(ACL)所需的代码.如果您选择的位置的默认权限不足以满足您的目的,那么这将是必要的.
A completely seperate excercise is writing the code necessary to modify Access Control Lists (ACLs) on Directories. One that will be necessary if the defaults rights on your chosen location arn't sufficient for your purposes.
这篇关于域兼容性:应该将共享数据写入何处?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
