> Specifying %LOCALAPPDATA% should be sufficient, though 
> %USERPROFILE% (e.g. C:\Users\Steve) would also be okay.

The command using %USERPROFILE% was for XP (NT 5.1), since the %LOCALAPPDATA% environment variable was added in Vista (NT 6.0).

> %ProgramData% is not writable by limited users, but we 
> don't want the global .ini to be editable by non-admin 
> users. That said, even admins aren't supposed to go 
> editing stuff in %ProgramData%, as I understand it.

    C:\>icacls "%ProgramData%"
    C:\ProgramData NT AUTHORITY\SYSTEM:(OI)(CI)(F)
                   BUILTIN\Administrators:(OI)(CI)(F)
                   CREATOR OWNER:(OI)(CI)(IO)(F)
                   BUILTIN\Users:(OI)(CI)(RX)
                   BUILTIN\Users:(CI)(WD,AD,WEA,WA)

All users have the right to create files and directories here (i.e. (CI)(WD,AD,WEA,WA)), and by "CREATOR OWNER" they have full control of the files they create. So obviously if a system account or administrator creates the .ini, then non-admin users won't be able to edit it.

> I think having "alongside the EXE or in %LOCALAPPDATA%" is fine.

Editing an .ini in %SystemRoot% feels a bit weird, like something out of NT 4 in the 1990s. Really it belongs in %ProgramData%, not that there's anything wrong with checking for it alongside the executable as well. I just think it wouldn't hurt to check in both locations.