Can any user access the %APPDATA% folder? Or can 开发者_StackOverflow社区only administrators read & access that directory? Also, do the permissions to access this directory differ over different Windows platforms from 2k to Windows 7?
You can see the permissions on %APPDATA% by using the icacls
tool at the command prompt. Here's what it looks like on my machine:
C:\Users\davidp>icacls %APPDATA%
C:\Users\davidp\AppData\Roaming NT AUTHORITY\SYSTEM:(I)(OI)(CI)(F)
BUILTIN\Administrators:(I)(OI)(CI)(F)
MACHINE09\davidp:(I)(OI)(CI)(F)
Successfully processed 1 files; Failed processing 0 files
What this means is that only I, administrators, and the system itself can see the folder. If you run this on a folder where other users can see it, you'll see something like this:
C:\Users\davidp>icacls c:\
c:\ BUILTIN\Administrators:(F)
BUILTIN\Administrators:(OI)(CI)(IO)(F)
NT AUTHORITY\SYSTEM:(F)
NT AUTHORITY\SYSTEM:(OI)(CI)(IO)(F)
BUILTIN\Users:(OI)(CI)(RX)
NT AUTHORITY\Authenticated Users:(OI)(CI)(IO)(M)
NT AUTHORITY\Authenticated Users:(AD)
Mandatory Label\High Mandatory Level:(OI)(NP)(IO)(NW)
Successfully processed 1 files; Failed processing 0 files
You can see that the BUILTIN\Users
group can see the c:\
folder (as you would expect).
EDIT
I'm not sure how far back the %APPDATA% variable itself goes back in Windows history. I recommend checking directly. On older systems the cacls
command was the predecessor to icacls
. Regardless, in Windows NT-based OSes there has always been a profile area visible only to the user and administrators.
%AppData% is a user-specific path. Yes, any user can access %appdata%, but it will go to a different directory for each user. Only an administrator can read the appdata of another user.
Do the effort of actually going to %appdata% on your machine, and looking at the path it gets converted into. Do you see what I mean?
精彩评论