The difference between Local and LocalLow Folders

Posted by Wayne on February 23rd, 2009 filed in Vista General

I had a question recently from a colleague about the difference between AppData\Local and the AppData\LocalLow. So, onto the web and let’s fire up my favourite search engine. The very first hit for “difference between the Local and the LocalLow folders” was http://support.microsoft.com/kb/955555 . A portion of that states:

“Windows Vista introduces a new Application Data folder structure. Previously, user profiles did not logically sort data that was stored in the Application Data folder. Therefore, it was difficult to determine whether data belonged to the computer or the user. Windows Vista addresses this issue by creating a single AppData folder that contains three subfolders under the user profile: Roaming, Local, and LocalLow. Windows Vista uses the Local and LocalLow folders for application data that does not roam with the user. Usually, this data is specific to the computer or is too large to roam. The AppData\Local folder in Windows Vista is the same as the Documents and Settings\UserName\Local Settings\Application Data folder in Windows XP.”

Sounds a bit … light? mumbo-jumbo? AppData\Low, that makes sense, but it’s not quite what I remembered AppData\LocalLow standing for. A bit more digging confirmed what I thought: only allowing apps access to a “low” security area.
Read through http://msdn.microsoft.com/en-us/library/bb625963.aspx and in particular the
section “Mandatory label inheritance”:
“An example of an inheritable mandatory label is the low mandatory label on one of the folders created under every user profile: %USERPROFILE%\AppData\LocalLow. This folder is assigned a low mandatory label when the profile is initialized and intended as the top-level folder that is writeable by default by low-integrity applications.”
Great, some depth! Another reference; http://msdn.microsoft.com/en-us/library/bb625960.aspx also discusses running apps in “low integrity level”:
“Windows Vista has specific file and registry locations that are assigned low mandatory labels to allow low-integrity applications write access -
Registry: Low-integrity processes can write to and create subkeys under HKEY_CURRENT_USER\Software\AppDataLow
File system: Low-integrity processes can write and create subfolders under %USER PROFILE%\AppData\LocalLow”

Putting it all together, hopefully simple:
AppData\Local = files too big to roam or specific to that computer
AppData\LocalLow = an area for low integrity apps to write to, e.g. Internet Explorer add-ons.

targets down, patch out.

Wayne


4 Responses to “The difference between Local and LocalLow Folders”

  1. Kang Yu Says:

    Wayne, thank you for the posting. Folder Redirection is killing me with some applications such Google Earth just won’t work if redirected. Your research points some path that I can try to resolve this issue. Thank you.

  2. Anthony Says:

    Is this possibly the cause/reason of the seemingly never ending “Application Data\” folder structure?

    My drive has this structure nested for what seems like an infinite length (I am not joking about the length):

    C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data

    What is doing that?

  3. Ian Boyd Says:

    Anthony: The folders you are seeing:

    - C:\Documents and Settings
    - c:\Users\All Users
    - C:\Users\Application Data

    are all hard links, present as a compatibility hack.

    Nobody should actually be looking for these folders, but some applications, or people, can’t help themselves. Rather than giving an error to those who are doing the wrong thing, Microsoft did one better, and created aliases for the correct locations.

    The parasitic case you’re seeing is where the hard link points to a folder that contains a hard link to the same thing.

  4. Vista backup woes « Pianofab's playground Says:

    [...] location — apparently at some point they decided to move the default location to the LocalLow [...]

Leave a Comment

  • Locations of visitors to this page