Reply To: Windows Vista, UAC, & Keystroke Recording

Product Compare Forums Multi-Edit FAQ Windows Vista, UAC, & Keystroke Recording Reply To: Windows Vista, UAC, & Keystroke Recording

#700
deleyd
Participant

Here is some preliminary information on
Windows Vista File Virtualization
"What this feature does is this: It detects any write access to a file by a user that doesn’t have rights to write to this file. It then makes a copy of the file in the user’s virtual store and happily allows the user to write to the file in the virtualized directory where the user has full rights.

"If the user turns off User Access Control (UAC) or virtualization, the application not only breaks because it still can’t write to the protected folders, it also doesn’t see the virtualized files any more so data entered by the user appears to be gone." Edit 05/25/2008: I don’t think this 2nd ¶ is correct. With UAC off I can write to files under Program Files\…, at least with my Administrator account. Haven’t tried it with a Standard User account, and I’m not going to waste time trying it just to see what happens. I’ve already wasted way too much time trying to get Vista to work. Not going to waste anymore time on that.

[url:u1claldm]http://doughennig.blogspot.com/2007/05/has-file-been-virtualized.html[/url:u1claldm]

[code:u1claldm]Virtual Store folder location:
C:\Users\{username}\AppData\Local\VirtualStore\Program Files\[/code:u1claldm]

File and Registry Virtualization Explained

As described in this chapter’s "Control User Account Control" section, Vista’s UAC feature is designed to prevent changes to operating system folders like Program Files, as well as protected areas of the Registry. It a program wasn’t designed with UAC in mind, it won’t request elevation to administrator-level access, and its attempt to, say, write to its own application folder in Program Files will fail.

Microsoft had to come up with a compromise that would allow some of these older programs to work.

That compromise is virtualization, a system that redirects older (legacy, as Microsoft puts it) applications to special, protected areas of your hard disk and Registry. So, if a program with an auto-update feature tries to write tiles to C:\Program Files\Acme Update\newversion.dll, Windows will instead send it to C:\Users\(your_username)\AppData\Local\VirtualStore\Program Files\Acme Update\newversion.dll.

Likewise, if a program tries to make a change to the Registry, in the HKEY_LOCAL_MACHINE\Software\Acme key, the change will be made instead to the HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\Software\Acme key.

By default, your Program Files and Windows folders, and most of their sub folders, are protected, as well as almost all of the HKEY_ LOCAL_ MACHINE\ Software branch in the Registry. UAC does not protect a user’s own folder C:\Users\lyour_username)\, nor does it lock our changes to the HKEY_CURRENT_USER\Software branch of the Registry.

To turn virtualization off, set the User Account Control: Virtualizes file and registry write failures to per-user locations option in the Local Security Policy editor to Disabled. But keep in mind that turning off virtualization won’t, in itself, permit older applications to write in these protected areas; instead, it will cause more of your older programs to stop functioning, since Windows will no longer give them a safe place to play.

To see which of your running programs are subject to virtualization, right-click an empty area of your taskbar and select Task Manager. Choose the Processes tab, and then go to View -> Select Columns. Turn on the Virtualization column, and then click OK. Now, in the Processes list, you’ll see that some programs-particularly the older ones-have virtualization set to Enabled, as do explorer.exe and iexplore.exe (because of the danger of addons). UAC-aware programs will have virtualization set to Disabled, and programs already running as the administrator will have it set to Not Allowed.

, by David A. Karp. pg. 486

EDIT: Apparently Vista Home Premium doesn’t have a Local Security Policy Editor and does not allow you to install the LocalSecurityPolicy snapin in the MMC.

Here’s the registry location where you can change such features in Home Premium:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System