Click here to Skip to main content
15,867,453 members
Articles / Programming Languages / C#

Windows Vista File and Registry Virtualization

Rate me:
Please Sign up or sign in to vote.
4.29/5 (6 votes)
20 Mar 2010CPL3 min read 23.5K   3   2
See in action how Windows Vista and higher versions (where UAC is enabled) virtualizes file and registry access.

Enabling UAC (User Access Control) feature in Windows Vista, Administrator users in Windows Vista, by default, don't have administrative privileges. Every Windows process has two security tokens associated with it, one with normal user privileges and one with admin privileges. With applications that require administrative privileges, the user can elevate the application to run with Administrator rights. And that process is called Elevation.

As you expect, it’s the least-privilege principle well-recognized for security pros and people who use Linux.

User can elevate an application either by clicking “Run as Administrator” from the context menu of the application icon, or even by editing the Compatibility tab in the properties of the application file.
Also, while an application is running, it can ask the user to provide administrative permission to complete a specific operation (a good example is switching to the All Users mode in Task Manager).

Compatibility Options

Windows Vista keeps track of the compatibility options edited for an application by adding a compatibility flag to the registry at HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers.

Try changing any of the compatibility options for an application and see how Windows tracks that.

Because of the UAC feature of Windows Vista, it doesn't allow users to access some folders like Program Files and Windows folder. Also it doesn't allow them to access the registry without administrative permission.

But, there’re lots of applications that write lots of data to the Program Files folder for instance. And Windows Vista must keep them away from doing these operations without administrative permission - you can imagine the amount of applications that require administrative privileges-. So to handle this dilemma, Windows Vista has a new technique called Virtualization.

When a program tries to write to the Program Files folder for instance, Windows Vista redirects it to a special virtual store so that the application can read/write data without generating errors (because of course it doesn't have the permission).

As we would see in the next example, Windows Vista uses this technique with registry too.

For folders, Virtualization is called File Virtualization. For registry, it’s called Registry Virtualization.

File Virtualization

To see virtualization in action, let’s try this example:

C#
string programFiles =
    Environment.GetFolderPath
        (Environment.SpecialFolder.ProgramFiles);
string appDir = Path.Combine(programFiles, "MyApplication");

if (Directory.Exists(appDir) == false)
    Directory.CreateDirectory(appDir);

string file = Path.Combine(appDir, "SampleFile.txt");

File.WriteAllText(file, "Hello, World!");

When you run the example, it doesn't write to C:\Program Files\MyApplication. Instead, it writes to the Program Files virtual store in C:\Users\AppData\Local\VirtualStore\Program Files\MyApplication.

Note that if you are running your Visual Studio instance in elevated mode and run your application, it gets the elevated mode from Visual Studio. So you need to run it manually from its icon.

Try changing the application so it writes to Windows folder. And check the virtual store folder.

Registry Virtualization

Virtualization is not only done with folders but also with registry entries. If the application tries to write to the registry key Software in HKEY_LOCAL_MACHINE hive, it is redirected to the HKEY_CURRENT_USER hive. Instead of writing to HKLM\Software\{Manufacturer}, it writes to the registry Virtual Store HKCU\Software\Classes\VirtualStore\MACHINE\SOFTWARE\{Manufacturer}.

File and registry virtualization is available only for 32-bit applications. This feature is not available for 64-bit applications on Windows Vista.

Don't use virtualization as a feature of your application. It is better to fix your application than to write to Program Files folder and the HKLM hive without elevated user privileges. Redirection is only a temporary means to fix broken applications.

Posted in File System Tagged: .NET, CodeProject, CSharp, UAC, Virtualization, Windows, Windows Vista

License

This article, along with any associated source code and files, is licensed under The Common Public License Version 1.0 (CPL)


Written By
Technical Lead
Egypt Egypt
Mohammad Elsheimy is a developer, trainer, and technical writer currently hired by one of the leading fintech companies in Middle East, as a technical lead.

Mohammad is a MCP, MCTS, MCPD, MCSA, MCSE, and MCT expertized in Microsoft technologies, data management, analytics, Azure and DevOps solutions. He is also a Project Management Professional (PMP) and a Quranic Readings college (Al-Azhar) graduate specialized in Quranic readings, Islamic legislation, and the Arabic language.

Mohammad was born in Egypt. He loves his machine and his code more than anything else!

Currently, Mohammad runs two blogs: "Just Like [a] Magic" (http://JustLikeAMagic.com) and "مع الدوت نت" (http://WithdDotNet.net), both dedicated for programming and Microsoft technologies.

You can reach Mohammad at elsheimy[at]live[dot]com

Comments and Discussions

 
GeneralImages are missing Pin
#realJSOP19-Mar-10 1:58
mve#realJSOP19-Mar-10 1:58 
GeneralRe: Images are missing Pin
Mohammad Elsheimy20-Mar-10 6:03
Mohammad Elsheimy20-Mar-10 6:03 
???
Regards,
Mohammad Elsheimy

---------------------------
Just Like a Magic
http://JustLikeAMagic.Wordpress.com

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Praise Praise    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.