• 10
• 12
• 12
• 14
• 15

# default install folder for windows game

This topic is 975 days old which is more than the 365 day threshold we allow for new replies. Please post a new topic.

## Recommended Posts

whats a good default install folder for a windows game?

i'm about to post beta 21 of Caveman with skinned meshes. But i noticed that in Inno setup, i'm installing to \program files(x86)\caveman.

i've had one user with issues caused by a corrupt UAC file and use of the program files directory.

Also, skyrim modding guides recommend moving steam out of the program file folder due to UAC issues, protected folders, having to run as admin, etc.

So installing to protected folders can cause issues.

So whats a good default non-protected folder to install under?

##### Share on other sites

I'm using NSIS, not InnoSetup, but I install to:

InstallDir "\$LOCALAPPDATA\TotAW"


Which works out to "C:\Users\gdunbar\AppData\Local\TotAW" on Windows 7. I believe when I researched that this was "the right place" to put an application such that it could be installed and run by a non-admin user, but I don't have that research handy. Seems to work well enough.

Good luck!

Geoff

##### Share on other sites
Skyrim modding guides recommend moving steam because Skyrim mods need to be in the executable's folder, and since most modding tools will need to edit/copy/move these files around, the game should be in a non-protected folder.

Note that you could just as easily leave steam in program files and then set up a symbolic link to store Skyrim in a non-protected location, pointing the mod tools at said non-protected location. (Honestly, the game itself should check the documents or app data folders for mods instead of forcing the game's folder, but here we are)

In general though, Program Files is the correct location. You should not be writing anything to this folder outside of an installer or patcher (both of which should request elevation from the user). Game data that the game wants to update/modify like settings should go in the app data folder. And it's up in the air as to whether to store save games in app data or the documents folder - some like the documents folder because it's easier for the user to find for when they want to back up data or mess around with the saves. And you could argue a game's save is similar to a Word document, being a "document" the game creates at the wishes of the user. Edited by SmkViper

##### Share on other sites

Well, Steam is bad, and if I was developing an operating system Id have banned them. Although they install to program files, they modify the file permissions and give "Full Control" to the local "Users" group. This means that nearly any old piece of non-trusted code can go and change stuff in their, for example replacing a games executable or DLL files with malicious versions.

You really want to install to program files by default, and require elevation to a trusted user for both installation and updates, and never load executable files (exe's, dll's, Java jar's, etc.) from any non-trusted location. This way no other untrusted piece of code can infect your program.

I suspect MS would really like to ban what Steam does and any other case of executables in generally writeable locations, but the size of that compatibility problem would cause a really big backlash. The new App's system is a lot more restrictive and would expect to see further phasing out of the legacy "desktop program" stuff.

##### Share on other sites

(multi user) application binaries should go into FOLDERID_ProgramFiles, application data should go into FOLDERID_ProgramData and user files (save games, settings, etc) should go into FOLDERID_LocalAppData.

so caveman.exe goes in ProgramFiles, all the meshes, textures, models, wavs, animations etc go in ProgramData, and savegames, and stuff that gets paged from disk like container content lists and explored local map bitmasks goes in LocalAppData  (IE  C:\users\current_user\appdata\local).

hmm... more work, and you can't find everything in one folder. but it gets you readonly binaries, shared data (probably irrelevant for caveman), and user data under the current_user folder for ease of backup purposes (i'd assume).

right now i put it all in a single caveman3 folder under programfiles.  i haven't had any issues with this on my PC even though programfiles is protected. but then again, i only have one account on the PC, the admin account, which is what i use all the time. so i suppose i'm always running as admin.

also i haven't moved steam or skyrim, and have encountered no issues on my PC - i'm trying to muck with the skyrim install as little as possible while modding.

however, installing under programfiles, corrupt UAC files apparently can lead to the dreaded BEX error:

http://www.gamedev.net/topic/660329-whats-this-error-message-mean/

and fixing it its pretty ugly. cant find the link right now, but it involves un-hiding hidden folders and files and regedit and hkeys - you get the idea.  way more than you want the user to have to go through to run your game.

so i was thinking, you could avoid this whole UAC issue by simply installing to an unprotected folder - IE somewhere other than program files. its a simple one line change in the Inno setup script.

OTOH, this means you're not doing it the MS way...

should i not worry about users with UAC issues?

You really want to install to program files by default, and require elevation to a trusted user for both installation and updates, and never load executable files (exe's, dll's, Java jar's, etc.) from any non-trusted location. This way no other untrusted piece of code can infect your program.

if by trusted you mean verisign, then i'm screwed, because i can't afford to verisign right now, so its all from "Unknown Publisher".

Edited by Norman Barrows

##### Share on other sites

should i not worry about users with UAC issues?

No - in the same way that you shouldn't worry about users who have deleted bits of their operating system or are overclocking with inadequate cooling.

If their computer is so messed up that the core security feature of Windows is broken, there is nothing you can do to "fix" or account for it.

You might as well be trying to account for cosmic rays hitting the memory chip or CPU and randomly swapping bits of your program while running

You really want to install to program files by default, and require elevation to a trusted user for both installation and updates, and never load executable files (exe's, dll's, Java jar's, etc.) from any non-trusted location. This way no other untrusted piece of code can infect your program.

if by trusted you mean verisign, then i'm screwed, because i can't afford to verisign right now, so its all from "Unknown Publisher".

There are several companies that can provide code signing certificates for varying amounts of money. VeriSign isn't the only one.

But yes, it's not free, and you will have to provide some personally identifying information - otherwise everyone would just sign their viruses and then where would we be?

##### Share on other sites

if by trusted you mean verisign, then i'm screwed, because i can't afford to verisign right now, so its all from "Unknown Publisher".

Actually, no I didn't, although that makes you "even more trusted" since a user will get less scary warning prompts from Window's and be happier to let it run/elevate. By "trusted" I meant "anywhere the user elevated a process, likely through UAC", such that it can write to ProgramFiles/etc., where as a normal program without that elevation can't write to those directories (and therefore cant mess with other software that installed itself securely). This also has the effect that users that can't elevate don't get to mess with modifying software that is for all users (imagine if I could go play with files in C:\Windows, MS Office etc. on a shared machine at work/school/etc. By installing to a place with access to the "Users" group you are letting me do that, but with default restrictions in program files I can't, I need to have admin rights / credentials to get past UAC).

I suppose with code signing you could implement a secure auto-update without elevation. Even without verisign/trust roots. Since if your bootstrap/updater securely installed to program files has a CA certificate you made or brought, then when it downloads the other files to "C:\Users\Untrusted\AppData\Writeable\" it could in theory fully verify them before letting them run. But Ive never seen that done, thats just some on the spot speculation. And I don't think you can do that outside of legacy desktop apps either, both CreateProcess and LoadLibrary API's you would want to actually then run/load your game files appear to be disallowed now.

Edited by SyncViews