Thursday, August 03, 2006

UAC Resources

The following are some UAC resouces I found helpful.

My last four posts used these resources freely.

UAC Data Virtualization

Windows Vista includes file and registry virtualization technology for applications that are not UAC compliant and that have historically required an administrator's access token to run correctly. Virtualization ensures that even applications that are not UAC compliant will be compatible with Windows Vista. When a non-UAC-compliant administrative application attempts to write to a protected directory, such as Program Files, UAC gives the application its own virtualized view of the resource it is attempting to change, using a copy-on-write strategy. The virtualized copy is maintained under the user's profile. As a result, a separate copy of the virtualized file is created for each user that runs the non-compliant application.

For example, if an application attempts to write to “C:\program files\appname\settings.ini” and the user doesn’t have permissions to write to that directory, the write will get redirected to “C:\Users\username\AppData\Local\VirtualStore\Program Files\appname\.” A write to "
HKLM\Software\AppName" will get redirected to "
HKCU\Software\Classes\VirtualStore\Machine\Software\AppName".

Virtualization is enabled by default in Windows Vista. Virtualization does not apply to applications that are elevated and run with a full administrative access token. Virtualization is disabled for an application if a program includes an application manifest with a requested execution level attribute.

Although virtualization allows the overwhelming majority of pre-Windows Vista applications to run, it is a short-term fix and not a long-term solution. Application developers should modify their applications to be compliant with the Windows Vista Logo program as soon as possible, rather than relying on file, folder, and registry virtualization.