A Possible Virtualization Problem

Previous page
Table of content
Next page

Seeing Virtualization in Standard Versus Administrative Users

By now, we've covered enough about virtualization to give it a really good run through its paces, so I think you'll find this upcoming section a useful demonstration of how it works. In this demonstration, I'll have you create a file named "testfile.txt" in both the Program Files directory and the VirtualStore directory. But I'll have you put different text in the two files so that we can differentiate them. Then we'll ask show.exe to show us c:\program files\ testfile.txt under varying conditions: as a user, as an administrator, with a manifest, without one, and so on. Here are the steps to making this demonstration work:

  1. Log onto Vista as an administrator, but be sure to use an account that gets a split token-one that works in Administrator Approval Mode. (So by default the account actually named Administrator wouldn't work.)

  2. Open a command prompt, but not an elevated one; just click Start image from book All Programs image from book Accessories image from book Command Prompt.

  3. If your system doesn't currently have a c:\mystuff directory, then create one from the command prompt by typing md c:\mystuff.

  4. Change your default directory to c:\mystuff by typing cd mystuff.

  5. Copy the program show.exe to c:\mystuff, if it's not there already. If you haven't downloaded show.exe yet, it's at http://www.minasi.com/vista/show.exe.

  6. Set your folder options so that you can see hidden files, and so that Windows does not hide file extensions. Also, check the box next to "Display the full path in the title bar (Classic folders only)."

  7. Open up an Explorer window and navigate to c:\users\yourusername\AppData\ Local\VirtualStore. This is why you needed to see hidden files, as AppData is a hidden folder.

  8. In VirtualStore, create a folder named "Program Files." Spell it exactly the same way that Windows does, including the space between the two words.

  9. In VirtualStore\Program File, use Notepad to create a file named "testfile.txt." In the file, place the text "Hello from the virtual store!" Save the file and close Notepad.

  10. Open up an elevated command prompt.

  11. In that, type these lines:

     cd \mystuff copy con "c:\program files\testfile.txt" Welcome from Program Files!

  12. After pressing Enter after the "Welcome from Program Files!" line, press the F6 function key. You'll get the response 1 file(s) copied.

  13. From the elevated command prompt, type show “c:\program files\testfile.txt” and press Enter. You will see the message "Hello from Program Files!" That means that the request to read c:\program files\testfile.txt was not virtualized because you ran the program with your administrator token.

  14. Now move to the nonelevated command prompt and run the show command again. This time you'll see "Welcome from the virtual store!" because you ran show.exe with a standard user token.

  15. Next, let's see what a manifest does to virtualization. If you haven't done it yet, grab my sample manifest at http://www.minasi.com/vista/simple.exe.manifest. It's a small text file; save it to c:\mystuff. Then edit simple.exe.manifest with Notepad and change the line

     level="requireAdministrator"    to level="asInvoker"

    and be absolutely sure to type that with the capitalization as you see it here, with the capital "I" in the middle of "asInvoker." We're doing this because this manifest will not trigger the Consent UI, but it is clearly a Vista-aware manifest and should cause Vista not to use file and Registry virtualization.

  16. Rename simple.exe.manifest to show.exe.manifest. Remember, in order for an external manifest to affect a program, the manifest's name must be the program file's name with ".manifest" on the end.

  17. Working from the nonelevated command prompt, once more type show “c:\program files\testfile.txt” and press Enter. You should see "Hello from Program Files" because the manifest's presence should tell Vista not to virtualize.

Warning 

If you don't, and instead see the VirtualStore, then don't panic; it seems that this was a bit flaky even in RC2. But embedded manifests seem to always work, so you can always go that route. You can also do what we did in the last chapter, where you create a new folder and copy both show.exe and show.exe.manifest into that folder. "Introducing" both files to a folder together seems to make Vista notice a manifest whereas adding one later doesn't.

So we see that if you've got an application that you don't want Vista to virtualize with, then just create a manifest for that app. Or, better yet, embed it in the EXE and from that point on wherever you put the application, Vista won't virtualize.



Previous page
Table of content
Next page
Administering Windows Vista Security. The Big Surprises
Administering Windows Vista Security: The Big Surprises
ISBN: 0470108320
EAN: 2147483647
Year: 2004
Pages: 101
Authors: Mark Minasi, Byron Hynes
BUY ON AMAZON
SQL Tips & Techniques (Miscellaneous)
Making Sense of Change Management: A Complete Guide to the Models, Tools and Techniques of Organizational Change
Mastering Delphi 7
Lean Six Sigma for Service : How to Use Lean Speed and Six Sigma Quality to Improve Services and Transactions
HTI+ Home Technology Integrator & CEDIA Installer I All-In-One Exam Guide
Python Programming for the Absolute Beginner, 3rd Edition
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy