Controlling Virtualization

Tracking Virtualization

As I've mentioned a couple of times already, Microsoft's stance on file and Registry virtualization is that it is just a patch, a bit of baling wire and bubble gum that Vista has because it unfortunately needs it, and that virtualization should be very clearly seen as a short-term patch rather than a long-term feature.

Given that, it would be nice to be able to find out after some time just how important file and Registry virtualization is to my network and my users. Fortunately, Vista offers some logging information, if not as much as we might like.

The first way that we can retrospectively determine the importance of file and Registry virtualization is simply to examine the \Users\username\AppData\Local\VirtualStore folder and the HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\ SOFTWARE key in the Registry. As developers store their application information in keys that sit inside keys bearing their company names, finding a folder named "JoeBlowSoft\myoldapp" would immediately tell you that one of your users clearly uses some application named "myoldapp" from a firm named "JoeBlowSoft." You can then contact the vendor to see if there's a new version and, if not, then you've got a five-year warning that come the next version of Windows, this application may no longer work.

Besides looking in the virtual folders and Registry keys, you can discover who needs virtualization with a log file. The Event Viewer includes a log dedicated to file virtualization. You can find it like so:

1. Open up the Event Viewer.

2. Under "Event Viewer (local)" in the left-hand pane, open up "Applications and Services logs."

3. Inside that, open the Microsoft folder.

4. Inside that, open the Windows folder.

5. Inside that, open the UAC-FileVirtualization folder.

Inside there, you will see events, typically event ID 4000-one for every case where file virtualization has occurred. There is not, for some reason, a similar log for the Registry, but you can glean some useful information from these events about those apps that need file virtualization. Figure 3.2. shows one such event.

Figure 3.2: A typical file virtualization event

Notice that it's a pretty simple, clean event, but it might be more useful. Clicking the Details tab offers some more valuable data, as you see in Figure 3.3.

Figure 3.3: Details of the file virtualization event

Aha! Not only do we find out what file must be virtualized, but we also discover what application required it. Now, add the existence of these useful events to the new ease of telling the Event Viewer to generate some action based on a particular event, and I could imagine a not-too-difficult-to-construct tool that built a database of "troubled" apps automatically.