I'm having an issue where I need my users to be able to run my application without administrator rights, but at the same time, I need NLog to be able to create it's log files, which it needs administrator rights to create them in the same folder the application is installed in.

I'm trying to create a directory under the application directory, named Logs, and give everyone-modify permissions with inno setup. I'm going to set up my NLog config to write to this new Logs folder instead of the application directory, so even when the application is run by non-administrators, NLog has sufficient privileges to create the logs.

My question is, is this the proper way to do this? I'm not very experienced with NLog or InnoSetup, so I'm not sure if there is something I'm missing, or if this will possibly create security problems?

I have my NLog config section set up like so

NLog

<nlog xmlns="http://www.nlog-project.org/schemas/NLog.xsd" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
  <targets>
    <target name="el" xsi:type="EventLog" log="ASI" layout="${message} ${exception:innerFormat=tostring:maxInnerExceptionLevel=10:format=tostring}" />
    <target name="fl" xsi:type="File" fileName="Logs\iDocClientLog.log" layout="${date}: ${message} ${exception:innerFormat=tostring:maxInnerExceptionLevel=10:format=tostring}" />
  </targets>
  <rules>
    <logger name="*" minlevel="Debug" writeTo="el,fl" />
  </rules>
</nlog>

And my InnoSetup installer script Dirs section is like this

InnoSetup

[Dirs]
Name: "{app}\Logs"; Permissions: everyone-modify