How Vista determines to move a file to VirtualStore?

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Hello all,

I had read and understood (i guess) about the new security restrictions in
Vista. But I could not figure out the reason why and how Vista decides to
move a file to virtual store!

Here is my actual problem:

I am using Windows Vista Home Basic edition for installing a product. This
is done using an administrator (not the hidden Administrator) previlaged
account. The installer of the product writes files to [C:\Program Files\Foo]
folder and to [C:\ProgramData\Foo] and no problem arises.

In [C:\ProgramData\Foo] it creates a blank license file named
[FooLicense.dat] and the installation routine ends normally.

There was no redirection to virtualstore till now and it was checked
manually by inspecting the [C:\Users\Admin\AppData\Local\VirtualStore] folder.

During the next step which follows immediately after the finish of setup,
the licensing manager starts and gets the license details from user and
appends the [FooLicense.dat] file in [C:\ProgramData\Foo]. At this point, a
new file with same name is getting created in VirtualStore with update
license content, leaving the old blank license file intact.

Due to this even though the application is licensed, the app sees the
situation as unlicensed and does not run as it still refers to the file at
[C:\ProgramData\Foo] and does not know about the virtualstore.

My doubt is why Vista moved the [FooLicense.dat] ONLY during the 2nd
instance to virtualstore? Or what made it to move? Had if the
[C:\ProgramData\Foo] is restricted, the first instance of creating should
also be redirected, which did not happen.

If we know the reason, we can correct it in our code and make sure that it
does not move to VirtualStore and our program can run successfully.

Any help?

Thanks,
Narayanan

PS: The screen dump of the command "Net user":

Quote:
Microsoft Windows [Version 6.0.6000]
Copyright (c) 2006 Microsoft Corporation. All rights reserved.

C:\Users\Admin>net user

User accounts for \\ADMIN-PC

-------------------------------------------------------------------------------
Admin Administrator Guest
The command completed successfully.


C:\Users\Admin>net user admin
User name Admin
Full Name
Comment
User's comment
Country code 000 (System Default)
Account active Yes
Account expires Never

Password last set 6/8/2007 5:09:37 PM
Password expires Never
Password changeable 6/8/2007 5:09:37 PM
Password required No
User may change password Yes

Workstations allowed All
Logon script
User profile
Home directory
Last logon 6/12/2007 10:54:29 PM

Logon hours allowed All

Local Group Memberships *Administrators
Global Group memberships *None
The command completed successfully.


Unquote:
 
File virtualization is enabled by default for all User level accounts, but
somehow isn't always true for administrator accounts.

When you first install the application, the setup was elevated to
administrative priviledes (so that the setup can write to C:\\Program Files).
After installation, when the application is executed, it is done without
admin privilege, thus any writes to C:\\Program Files from this point of time
will be done in the virtualstore.

There are 2 solutions to this problem
1) Run the application with virtualization enabled always. to do this,
execute the application for the first time, then open the Task Manager.
Select the application in the Process tab, right click and check on
'Virtualization' (a tick will be shown if Virtualization is enabled) from
then on, all read and writes will be forwarded to the virtual store.

2) Run the application with admin level access always. In this way, the
application will have direct access to C:\Program Files. To make it easier,
the application can be configured to run as administrator by default without
needing you to right click and select the 'Run as Administrator'. Simply go
to the properties window of the application, on the 'Compatibility' tab,
check 'Run this as administrator'.

Narayanan said:
Hello all,

I had read and understood (i guess) about the new security restrictions in
Vista. But I could not figure out the reason why and how Vista decides to
move a file to virtual store!

Here is my actual problem:

I am using Windows Vista Home Basic edition for installing a product. This
is done using an administrator (not the hidden Administrator) previlaged
account. The installer of the product writes files to [C:\Program Files\Foo]
folder and to [C:\ProgramData\Foo] and no problem arises.

In [C:\ProgramData\Foo] it creates a blank license file named
[FooLicense.dat] and the installation routine ends normally.

There was no redirection to virtualstore till now and it was checked
manually by inspecting the [C:\Users\Admin\AppData\Local\VirtualStore] folder.

During the next step which follows immediately after the finish of setup,
the licensing manager starts and gets the license details from user and
appends the [FooLicense.dat] file in [C:\ProgramData\Foo]. At this point, a
new file with same name is getting created in VirtualStore with update
license content, leaving the old blank license file intact.

Due to this even though the application is licensed, the app sees the
situation as unlicensed and does not run as it still refers to the file at
[C:\ProgramData\Foo] and does not know about the virtualstore.

My doubt is why Vista moved the [FooLicense.dat] ONLY during the 2nd
instance to virtualstore? Or what made it to move? Had if the
[C:\ProgramData\Foo] is restricted, the first instance of creating should
also be redirected, which did not happen.

If we know the reason, we can correct it in our code and make sure that it
does not move to VirtualStore and our program can run successfully.

Any help?

Thanks,
Narayanan

PS: The screen dump of the command "Net user":

Quote:
Microsoft Windows [Version 6.0.6000]
Copyright (c) 2006 Microsoft Corporation. All rights reserved.

C:\Users\Admin>net user

User accounts for \\ADMIN-PC

-------------------------------------------------------------------------------
Admin Administrator Guest
The command completed successfully.


C:\Users\Admin>net user admin
User name Admin
Full Name
Comment
User's comment
Country code 000 (System Default)
Account active Yes
Account expires Never

Password last set 6/8/2007 5:09:37 PM
Password expires Never
Password changeable 6/8/2007 5:09:37 PM
Password required No
User may change password Yes

Workstations allowed All
Logon script
User profile
Home directory
Last logon 6/12/2007 10:54:29 PM

Logon hours allowed All

Local Group Memberships *Administrators
Global Group memberships *None
The command completed successfully.


Unquote:
Click to expand...
 
Thanks kuan wai.

Your second answer was tried by us and all went smooth. But there is a
glitch. The licensing can be done for our product in two ways. In first way,
the licence manager can be launched (by right-click "run as admin") and get
the license info and patch the license file. This way works fine as per your
second suggesstion.

In the second way of licensing, the user can request license over email and
will receive the license info as a file. This file can be placed in any
local drive and double clicked to launch the license manager. In this
method, the double click launches license manager in normal mode and not in
"Administrator mode". If I can make the license manager to run in
"Administrator mode" once the associated file is double clicked, my problem
will be solved. But how to run the license manager in admin mode in this way?

Any clues? Your time and effort towards this problems are highly
appreciated...

Thanks,
Narayanan

kuan wai said:
File virtualization is enabled by default for all User level accounts, but
somehow isn't always true for administrator accounts.

When you first install the application, the setup was elevated to
administrative priviledes (so that the setup can write to C:\\Program Files).
After installation, when the application is executed, it is done without
admin privilege, thus any writes to C:\\Program Files from this point of time
will be done in the virtualstore.

There are 2 solutions to this problem
1) Run the application with virtualization enabled always. to do this,
execute the application for the first time, then open the Task Manager.
Select the application in the Process tab, right click and check on
'Virtualization' (a tick will be shown if Virtualization is enabled) from
then on, all read and writes will be forwarded to the virtual store.

2) Run the application with admin level access always. In this way, the
application will have direct access to C:\Program Files. To make it easier,
the application can be configured to run as administrator by default without
needing you to right click and select the 'Run as Administrator'. Simply go
to the properties window of the application, on the 'Compatibility' tab,
check 'Run this as administrator'.

Narayanan said:
Hello all,

I had read and understood (i guess) about the new security restrictions in
Vista. But I could not figure out the reason why and how Vista decides to
move a file to virtual store!

Here is my actual problem:

I am using Windows Vista Home Basic edition for installing a product. This
is done using an administrator (not the hidden Administrator) previlaged
account. The installer of the product writes files to [C:\Program Files\Foo]
folder and to [C:\ProgramData\Foo] and no problem arises.

In [C:\ProgramData\Foo] it creates a blank license file named
[FooLicense.dat] and the installation routine ends normally.

There was no redirection to virtualstore till now and it was checked
manually by inspecting the [C:\Users\Admin\AppData\Local\VirtualStore] folder.

During the next step which follows immediately after the finish of setup,
the licensing manager starts and gets the license details from user and
appends the [FooLicense.dat] file in [C:\ProgramData\Foo]. At this point, a
new file with same name is getting created in VirtualStore with update
license content, leaving the old blank license file intact.

Due to this even though the application is licensed, the app sees the
situation as unlicensed and does not run as it still refers to the file at
[C:\ProgramData\Foo] and does not know about the virtualstore.

My doubt is why Vista moved the [FooLicense.dat] ONLY during the 2nd
instance to virtualstore? Or what made it to move? Had if the
[C:\ProgramData\Foo] is restricted, the first instance of creating should
also be redirected, which did not happen.

If we know the reason, we can correct it in our code and make sure that it
does not move to VirtualStore and our program can run successfully.

Any help?

Thanks,
Narayanan

PS: The screen dump of the command "Net user":

Quote:
Microsoft Windows [Version 6.0.6000]
Copyright (c) 2006 Microsoft Corporation. All rights reserved.

C:\Users\Admin>net user

User accounts for \\ADMIN-PC

-------------------------------------------------------------------------------
Admin Administrator Guest
The command completed successfully.


C:\Users\Admin>net user admin
User name Admin
Full Name
Comment
User's comment
Country code 000 (System Default)
Account active Yes
Account expires Never

Password last set 6/8/2007 5:09:37 PM
Password expires Never
Password changeable 6/8/2007 5:09:37 PM
Password required No
User may change password Yes

Workstations allowed All
Logon script
User profile
Home directory
Last logon 6/12/2007 10:54:29 PM

Logon hours allowed All

Local Group Memberships *Administrators
Global Group memberships *None
The command completed successfully.


Unquote:
Click to expand...
Click to expand...
 
the simplest way is to set the application to runas administrator always.
this can be done through the the 'Compatibility' tab on the properties window
of the application.

Microsoft has published an article regarding UAC (w/ file & registry
virtualization) for developers. It includes the rather comprehensive guide on
how file and registry virtualization is performed. It is recomended to browse
through it and maybe you can improve on the application compatibility with
Vista. running applications with administrative priviledge is not the best
solution.

Narayanan said:
Thanks kuan wai.

Your second answer was tried by us and all went smooth. But there is a
glitch. The licensing can be done for our product in two ways. In first way,
the licence manager can be launched (by right-click "run as admin") and get
the license info and patch the license file. This way works fine as per your
second suggesstion.

In the second way of licensing, the user can request license over email and
will receive the license info as a file. This file can be placed in any
local drive and double clicked to launch the license manager. In this
method, the double click launches license manager in normal mode and not in
"Administrator mode". If I can make the license manager to run in
"Administrator mode" once the associated file is double clicked, my problem
will be solved. But how to run the license manager in admin mode in this way?

Any clues? Your time and effort towards this problems are highly
appreciated...

Thanks,
Narayanan

kuan wai said:
File virtualization is enabled by default for all User level accounts, but
somehow isn't always true for administrator accounts.

When you first install the application, the setup was elevated to
administrative priviledes (so that the setup can write to C:\\Program Files).
After installation, when the application is executed, it is done without
admin privilege, thus any writes to C:\\Program Files from this point of time
will be done in the virtualstore.

There are 2 solutions to this problem
1) Run the application with virtualization enabled always. to do this,
execute the application for the first time, then open the Task Manager.
Select the application in the Process tab, right click and check on
'Virtualization' (a tick will be shown if Virtualization is enabled) from
then on, all read and writes will be forwarded to the virtual store.

2) Run the application with admin level access always. In this way, the
application will have direct access to C:\Program Files. To make it easier,
the application can be configured to run as administrator by default without
needing you to right click and select the 'Run as Administrator'. Simply go
to the properties window of the application, on the 'Compatibility' tab,
check 'Run this as administrator'.

Narayanan said:
Hello all,

I had read and understood (i guess) about the new security restrictions in
Vista. But I could not figure out the reason why and how Vista decides to
move a file to virtual store!

Here is my actual problem:

I am using Windows Vista Home Basic edition for installing a product. This
is done using an administrator (not the hidden Administrator) previlaged
account. The installer of the product writes files to [C:\Program Files\Foo]
folder and to [C:\ProgramData\Foo] and no problem arises.

In [C:\ProgramData\Foo] it creates a blank license file named
[FooLicense.dat] and the installation routine ends normally.

There was no redirection to virtualstore till now and it was checked
manually by inspecting the [C:\Users\Admin\AppData\Local\VirtualStore] folder.

During the next step which follows immediately after the finish of setup,
the licensing manager starts and gets the license details from user and
appends the [FooLicense.dat] file in [C:\ProgramData\Foo]. At this point, a
new file with same name is getting created in VirtualStore with update
license content, leaving the old blank license file intact.

Due to this even though the application is licensed, the app sees the
situation as unlicensed and does not run as it still refers to the file at
[C:\ProgramData\Foo] and does not know about the virtualstore.

My doubt is why Vista moved the [FooLicense.dat] ONLY during the 2nd
instance to virtualstore? Or what made it to move? Had if the
[C:\ProgramData\Foo] is restricted, the first instance of creating should
also be redirected, which did not happen.

If we know the reason, we can correct it in our code and make sure that it
does not move to VirtualStore and our program can run successfully.

Any help?

Thanks,
Narayanan

PS: The screen dump of the command "Net user":

Quote:
Microsoft Windows [Version 6.0.6000]
Copyright (c) 2006 Microsoft Corporation. All rights reserved.

C:\Users\Admin>net user

User accounts for \\ADMIN-PC

-------------------------------------------------------------------------------
Admin Administrator Guest
The command completed successfully.


C:\Users\Admin>net user admin
User name Admin
Full Name
Comment
User's comment
Country code 000 (System Default)
Account active Yes
Account expires Never

Password last set 6/8/2007 5:09:37 PM
Password expires Never
Password changeable 6/8/2007 5:09:37 PM
Password required No
User may change password Yes

Workstations allowed All
Logon script
User profile
Home directory
Last logon 6/12/2007 10:54:29 PM

Logon hours allowed All

Local Group Memberships *Administrators
Global Group memberships *None
The command completed successfully.


Unquote:
Click to expand...
Click to expand...
Click to expand...
 
Back
Top