none
Vista's new data re-direction/virtualization breaks my app. Help

    Question

  • Now that Vista no longer lets you write files to the "Program Files" directory (after the initial install) my app doesnt work correctly.  The Vista security design feature  (aka the newly introduced MS redirecting driver) now takes the files that were going to the the "Program Files\ myApp\"  directory and redirects them the users local profile into a "Virtual Store" directory.   I completely understand the MS necessity to do this to help maintain security\integrity. 

    Per the link below, it discusses how applications run as a standard user, even if your logged on as the administrator running the app.  The articles states you can "mark" certain applications as needing the full administrator token when running - evidently you do this in the application compatibility database somehow? Can anyone tell me how? 

    Can anyone direct me as to what "common courses of action" developers and software engineers are taking to make legacy app's that are used to writing log files or other data to the "Program Files" directory now work in Vista's user centric environment? 

    I hate to think that all applications will have to start writing more data to the users profile, making it even more bloated that it currently is.

    For more info on Vistas new data redirection/virtualization, User Account Control (UAC), and  the Application Information Service (AIS)  go to 

    http://www.microsoft.com/technet/technetmag/issues/2006/05/FirstLook/

    Wednesday, September 13, 2006 9:32 PM

Answers

  • Hello Webadmin,

    You can use a manifest to instruct the app to always run as an administrator. The good news is you can build this into your app or the manifest can be placed in the folder with the .exe. Simply follow the naming convention yourapp.exe.manifest when creating your manifest file. The manifest isn’t really more than a simple XML file, so you can use any XML text editor or notepad to create the manifest.

    Below is an example:
    NOTE: this is only a sample so it will need to be customized before it will work for you, but it should give you some ideas.

    <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
       <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
              <assemblyIdentity version="1.0.0.0"
                    processorArchitecture="x86"
                    name="PutYourAppNameHere"
                    type="win32"/>

     <description>Description of your application</description>

     <!-- Identify the application security requirements. -->
     <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
      <security>
       <requestedPrivileges>
        <requestedExecutionLevel
         level="requireAdministrator"
         uiAccess="false"/>
       </requestedPrivileges>
      </security>
     </trustInfo>
    </assembly>

    More on how to use a manifest can be seen here:
    http://windowssdk.msdn.microsoft.com/en-us/library/ms742884.aspx
    http://forums.microsoft.com/MSDN/ShowPost.aspx?PostID=463884&SiteID=1

    Thanks,
    Louis Shanks

    Microsoft AppCompat
     

    Wednesday, September 27, 2006 9:05 PM

All replies

  • You can right-click your executable and go to properties. Then on the compatibility tab, you can check the box under Privilege Level to run this program as an administrator.

    The doc below has guidance on UAC for developers:

    http://download.microsoft.com/download/5/6/a/56a0ed11-e073-42f9-932b-38acd478f46d/WindowsVistaUACDevReqs.doc

    Hope this helps.

    Monday, September 25, 2006 7:26 PM
  • I'm sorry, I should have been more specific.  The application gets deployed to several thousand users.  In some environments it is literally pushed down, and in other environments the user downloads it and installs themselves.  So how can I push down and .exe application (yes I know...we are working on an MSI version) so that when it runs, it will always run in "administrator privilidedges".

    I will review the reference you mentioned, anyother comments?  Will we have to go around all users desktops and right click it to go into administrator privildges?  What can I do to keep this a zero touch install without MS SMS?

    Thanks

    Monday, September 25, 2006 9:54 PM
  • Hello Webadmin,

    You can use a manifest to instruct the app to always run as an administrator. The good news is you can build this into your app or the manifest can be placed in the folder with the .exe. Simply follow the naming convention yourapp.exe.manifest when creating your manifest file. The manifest isn’t really more than a simple XML file, so you can use any XML text editor or notepad to create the manifest.

    Below is an example:
    NOTE: this is only a sample so it will need to be customized before it will work for you, but it should give you some ideas.

    <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
       <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
              <assemblyIdentity version="1.0.0.0"
                    processorArchitecture="x86"
                    name="PutYourAppNameHere"
                    type="win32"/>

     <description>Description of your application</description>

     <!-- Identify the application security requirements. -->
     <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
      <security>
       <requestedPrivileges>
        <requestedExecutionLevel
         level="requireAdministrator"
         uiAccess="false"/>
       </requestedPrivileges>
      </security>
     </trustInfo>
    </assembly>

    More on how to use a manifest can be seen here:
    http://windowssdk.msdn.microsoft.com/en-us/library/ms742884.aspx
    http://forums.microsoft.com/MSDN/ShowPost.aspx?PostID=463884&SiteID=1

    Thanks,
    Louis Shanks

    Microsoft AppCompat
     

    Wednesday, September 27, 2006 9:05 PM
  • That seems to work fine and well, but I'd seriously like to plug actually embedding your manifest into your exe as described in the Best Practices document.

    http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnlong/html/accprotvista.asp

     

    Tuesday, October 10, 2006 7:19 PM
  • Hi,

    I have some files in my application which are being virtualized in Vista even though they are not being written to or modified.  They are Visual FoxPro class library files with an extension of .vcx.  They are virtualized because of the underlying way that MS Visual Foxpro 8.0 opens the files when a class is used.  My application is deployed on thousands of clients.  I want to disable virtualization for my application to eliminate the problem.  The application runs properly without virtualization enabled. 

    Unfortunately, I cannot embed an application manifest file into my VFP executable.  When I do embed the application manifest file using mt.exe, the executable is no longer recognized as a valid VFP executable.  I can include an external manifest file in the folder with the executable and if I do this and set the requestedExecutionLevel to "requireAdministrator", then the program runs fine and the files are not virtualized.  If I set the requestedExecutionLevel to "asInvoker", the library files are still virtualized even though the document, WindowsVistaUACDevReqs.doc, says that this should disable virtualization.  My application has been cleaned and should be able to run under the Standard User Account.  I hate to require Administrative Privaledges when they are not necessary.

    Please help.

    Thanks.

    Florence 

    Wednesday, February 28, 2007 10:13 PM
  •  

    My application uses ShellLink.dll function IPersistFile Save() to copy (lnk) files to "Program Files" folder. The function fails to copy the files to the virtual store in Vista. Does anyone know what is going on? Thanks!

     

     

    Shaz


    Wednesday, May 23, 2007 6:36 PM
  •  muhammad shahzad wrote:
     

    My application uses ShellLink.dll function IPersistFile Save() to copy (lnk) files to "Program Files" folder. The function fails to copy the files to the virtual store in Vista. Does anyone know what is going on? Thanks

     

    Files with "executable" extensions don't get virtualised. I can't find a definitive list of what those extensions are, but I suspect that .lnk is one of them.

     

    Thursday, May 24, 2007 10:58 AM
  • This stuff about virtualization is quite interesting, but in certain applications it is quite annoying.

    An example that I cannot get rid of it is the use of Office’s document imaging printer driver.

    In order to keep certain important documents available on the internet, I do print them from the Internet Explorer on the Office Document Image Writer which is a virtual printer with two kinds of output: MS’s proprietary format MDI or TIFF – both of them on a file.

    If you pre-configure the writer for a certain directory, Vista virtualizes the whole path starting on the Internet Temporary Folder. After the printing process ends, the file remains on the virtualized folder, which is not easily accessible from explorer or other programs.

    Does anyone have a clue on how to solve this?

    PS: I’m using Office 2007 and all security patches…

    Friday, July 27, 2007 8:47 PM