I had a question recently from a colleague about the difference between AppData\Local and the AppData\LocalLow. So, onto the web and let’s fire up my favourite search engine. The very first hit for “difference between the Local and the LocalLow folders” was http://support.microsoft.com/kb/955555 . A portion of that states:
“Windows Vista introduces a new Application Data folder structure. Previously, user profiles did not logically sort data that was stored in the Application Data folder. Therefore, it was difficult to determine whether data belonged to the computer or the user. Windows Vista addresses this issue by creating a single AppData folder that contains three subfolders under the user profile: Roaming, Local, and LocalLow. Windows Vista uses the Local and LocalLow folders for application data that does not roam with the user. Usually, this data is specific to the computer or is too large to roam. The AppData\Local folder in Windows Vista is the same as the Documents and Settings\UserName\Local Settings\Application Data folder in Windows XP.”
Sounds a bit … light? mumbo-jumbo? AppData\Low, that makes sense, but it’s not quite what I remembered AppData\LocalLow standing for. A bit more digging confirmed what I thought: only allowing apps access to a “low” security area.
Read through http://msdn.microsoft.com/en-us/library/bb625963.aspx and in particular the
section “Mandatory label inheritance”:
“An example of an inheritable mandatory label is the low mandatory label on one of the folders created under every user profile: %USERPROFILE%\AppData\LocalLow. This folder is assigned a low mandatory label when the profile is initialized and intended as the top-level folder that is writeable by default by low-integrity applications.”
Great, some depth! Another reference; http://msdn.microsoft.com/en-us/library/bb625960.aspx also discusses running apps in “low integrity level”:
“Windows Vista has specific file and registry locations that are assigned low mandatory labels to allow low-integrity applications write access -
Registry: Low-integrity processes can write to and create subkeys under HKEY_CURRENT_USER\Software\AppDataLow
File system: Low-integrity processes can write and create subfolders under %USER PROFILE%\AppData\LocalLow”
Putting it all together, hopefully simple:
AppData\Local = files too big to roam or specific to that computer
AppData\LocalLow = an area for low integrity apps to write to, e.g. Internet Explorer add-ons.
targets down, patch out.