Legacy Programs in XP

In most cases, new software written for XP will run in non-privileged mode, and there may be new versions of old favourites. It's best to run these where possible.

In some cases, a new version may be unavailable or too expensive, and you need to run the old one.

Some older legacy programs simply will not run from a non-privileged account, such as DOS games which access video cards directly. You will need to run these from a privileged account - but resist the temptation to perform risky activity such as going online. Switch user to read email.

Other legacy programs may run OK, but have trouble writing files. Under Windows XP, each user has a separate folder for documents, program settings and other personal files. Under older versions such as Windows 95, programs tended to store data under \Program Files\programname\, since there were no real user accounts. Usually it is possible to navigate to the user's directory to store files such as documents or saved games, but if the program tries to store things like scores or user settings in \Program Files\ it will fail.

Using a program such as Filemon from Sysinternals, it is possible to see which files the program is trying to access, and explicitly allow it.

Changing Access Control Lists (ACLs)

Since Windows NT, the NTFS filesystem has included a sophisticated access control system, normally hidden from users. Sometimes, changing permissions on a file or folder is sufficient to let a legacy program run.

Unfortunately, in Windows XP, file permissions are not visible in the file properties menu unless you are logged on to a Windows network, which most home users will not be. However, permissions may be changed from the command line (DOS box), or using third-party programs.

The following image shows the original ACL for a file (the random data seed for the PuTTy SSH client):

ACLs

After running the change ACL command 

cacls \windows\putty.rnd /e /g users:w
to grant write access to all users, the display changes to:

ACLs

Sometimes you may need to change a whole directory tree. For instance, after installing "The Sims" (original edition), you can't save the game because the user data is kept in subfolders of the installation folder, and a limited user can only read it, not write to it.

While it's possible to individually enable user data and character data folders, it's probably easier to just let limited users write to everything: 

cacls "C:\Program Files\Maxis\The Sims" /e /t /g users:f
which grants full access to users to all the Sims' directories and files

The easy way:

In Vista, and in XP when logged on to a domain, the file permissions show under the Security tab of "File Properties":

Microsoft describes how to set file permissions here