[Tutor] Python3 install windows 10

Eryk Sun eryksun at gmail.com
Tue Nov 3 18:51:26 EST 2020 

On 11/2/20, Mats Wichmann <mats at wichmann.us> wrote:
> On 11/2/20 3:50 PM, Paul Simon wrote:
>> I have been having trouble installing python 3.9.  I already have 2.7
>> installed and running.  Python 2.7 is installed in a directory under c:\
>> but 3.9 is installed in an odd location under AppData?
>
> That's the default location (AppData/Local/Programs/Python*) if you
> select a user install, which I think is the default checkbox setting in
> the installer; if you "install for all users" it goes to the root
> directory

The following are the default installation paths used for version 3.x:

per-user interpreter:
    %LocalAppData%\Programs\Python\Python3<x>[-32]

per-machine interpreter:
    %ProgramFiles%\Python3<x>
or
    %ProgramFiles(x86)%\Python3<x>-32

per-user launcher:
    %LocalAppData%\Programs\Python\Launcher

per-machine launcher:
    %SystemRoot%

"<x>" is the minor version number, and "[-32]" means that "-32" is
appended to the name for a 32-bit installation. For example:
"Python39-32".

The installation path of the interpreter can be configured. Some
people install for all users in the root directory, but I recommend
against this in general, especially if the interpreter will ever run
as an administrator. Scripts that need administrator access should be
executed by an interpreter that's installed in a secure location, such
as %ProgramFiles%.

Directories created in the root directory inherit file security that
allows code running with authenticated credentials (i.e. any normal
logon session) to modify them. This means that unprivileged malware
can infect the installation. Subsequently if the interpreter is run as
an administrator, it can infect the entire machine. This applies
equally to a per-user installation. Programs installed per-user are
low-hanging fruit that's ripe for the picking.

A qualified exception for 'per-user' (unprivileged) installation, if
one is careful about using virtual environments, is the app
distribution of Python from the Microsoft Store. UWP apps are
installed into "%ProgramFiles%\WindowsApps", a directory that's even
more secure than %ProgramFiles%. If you need to run a script as an
administrator, just create a virtual environment and harden the
security on the directory to protect it from unprivileged malware. Set
a [H]igh integrity level that's inheritable, e.g. `icacls.exe
"path\to\env" /setintegritylevel (CI)(OI)H`. This sets a no-write-up
rule in the mandatory access-control label of all files and
directories in the tree, so code that's running at a lower integrity
level (medium is the standard level) is denied data and metadata write
access.

More information about the Tutor mailing list