Special windows variables
Jump to navigation
Jump to search
Some fragmented windows-related notes (mostly admin stuff)
Windows notes - health and statistics| Special windows variables · special windows folders Troubleshooting when windows spontaneously reboots Making your windows installation smaller something taking 100% CPU on windows TODO: Cleanup |
✎ This article/section is a stub — some half-sorted notes, not necessarily checked, not necessarily correct. Feel free to ignore, or tell me about it.
Environment variables
Program stuff
Program Files (%PROGRAMFILES%, and see also %PROGRAMFILES(X86)%)
- considered read-only for regular users (it's a system account that does actual installation(verify))
ProgramData (%PROGRAMDATA%, apparently also %SystemDrive%\ProgramData and %ALLUSERSPROFILE%)
- data that a program needs, yet which is not user-specific (it's not part of user profiles)
- might be writable to users in home installs
- but AD-style workstation setups (where software install is managed for you) might choose to lock this down
- that lockdown is often done in a way where only users that created a file can read back the same files, so even if you seem to be able to create files there, it won't let you do things like configurations shared between users
- so programs shouldn't count on sharing data here
- some programs may use this for install-time configurations stuff and afterwards treat it as read-only - but others do not
- something you would consider 'supporting data' might frankly be here or in Program files (in fact, Program Files might have more refined ACLs more aware of installers)
User profile stuff
%USERPROFILE%
- AppData (under %USERPROFILE%\AppData)
- data required by applications, like configuration, caches, etc.
- there is little keeping you from putting those elsewhere under userprofile, but it's generally here
- Split into Local, Roaming, and LocalLow (see below)
- %APPDATA% seems to expands to %USERPROFILE%\AppData\Roaming (has since Vista? Was it always to Roaming, though?)
- %LOCALAPPDATA% expands to %USERPROFILE%\AppData\Local (since when?)
- a few programs choose to install completely to AppData (typically \Local)
%HOMESHARE% (and the related %HOMEDRIVE% and %HOMEPATH% (which should always be directly appended?))
- HOMESHARE is comparable to USERPROFILE
- HOMESHARE is set later than USERPROFILE[1]
- isn't necessarily the same as %USERPROFILE%
- This can get messy to understand. For example, in one AD-managed setup I used,
- %HOMESHARE% points to a \\network path that contains all my files, and the contents of %USERPROFILE% are not synchronized
- %USERPROFILE% is a mostly-empty directory tree on the local disk (presumably because windows says this directory has to exist?)
- ...yet many (but not all) entires within that USERPROFILE are actually junctions to the path that HOMESHARE points to
- in a way that is very hard to explain to non-nerds. For example, DIR is a Documents that is local, a My Documents that is is a junction - and that explorer also shows as Documents (without the My)
- (note: you can see the presence of junctions e.g. using DIR /A, or mostly them with /AL)
Notes
- Roaming and Local only serve different function if Roaming is actually synchronized (or remote-mounted?)
- if no syncing (or remote-mounting?) is going on, Roaming is really just Local as well
- it's a good idea for programs to make this distinction just in case you do
- Roaming classically only did anything for people in Domain environments.
- Since Windows 8, windows might synchronize between different MS logins (verify)
- Local is for things that should not roam with the user, even if it could.
- e.g. most caches
- LocalLow - The idea of "Low integrity environments" is to make put stuff there that is easier to distrust -- or rather, makes it easier to set up rules/filters for that set of software, letting you restrict them to all but a few directories. This is mainly aimed at browsers, because they are a common attack vector.
- in practive, LocalLow may point to the same folder as Local, or may not.
- https://helgeklein.com/blog/internet-explorer-in-protected-mode-how-the-low-integrity-environment-gets-created/