Application maifests and UAC

Posted: 05-14-2007, 08:36 AM
Hi!

Tell me if I got this right!

If an application has an application manifest for Vista then folder and
registry vistualization is automatically turned off, and the application will
fail silently if elevation isn't requested in that manifest.

If an application doesn't have a manifest, virtualization features are
activated and the application will succeed regardless of elevation or no
elevation.

Are there exceptions from this behaviour?

/H
--
/Hasse

Application maifests and UAC


Responses to "Application maifests and UAC"

Jimmy Brush
Guest
Posts: n/a
 
Re: Application maifests and UAC
Posted: 05-14-2007, 01:21 PM
Hello,

You have the gist of it, although there are (of course) some
exceptions.

- 64-bit applications are never virtualized in this way

- Only certain folders and registry keys are protected by
virtualisation (%SYSTEMROOT%,
%PROGRAMDATA%,%PROGRAMFILES%\(Subdirectories,
HKEY_LOCAL_MACHINE\SOFTWARE [with some exceptions])

- Binary files (.exe, .dll, .sys) are NOT virtualised

- Only programs running in the context of an interactive user are
virtualised, this excludes non-interactive processes (such as
services) as well as kernel-mode code and code running under
impersonation

Other than that, if a program runs that has a manifest specifying a
regquestedExecutionLevel, that program will NOT be affected by
virtualisation, and it will fail if it attempts to access a
folder/file to which it has no access.

Otherwise, if the program has no manifest, and it attempts to write to
a virtualisation-protected file or regisitry key and it is denied
access, *AND* a program running with admin privileges would have been
able to perform that write, then the file/key is virtualised to the
application and the action succeeds.

MORE INFO

http://msdn2.microsoft.com/en-us/library/aa905330.aspx

http://download.microsoft.com/downlo.../top10wave.exe


--
- JB
Microsoft MVP - Windows Shell

On Mon, 14 May 2007 01:36:01 -0700, Hasse
<Hasse@discussions.microsoft.com> wrote:
>Hi!
>
>Tell me if I got this right!
>
>If an application has an application manifest for Vista then folder and
>registry vistualization is automatically turned off, and the application will
>fail silently if elevation isn't requested in that manifest.
>
>If an application doesn't have a manifest, virtualization features are
>activated and the application will succeed regardless of elevation or no
>elevation.
>
>Are there exceptions from this behaviour?
>
>/H
Hasse
Guest
Posts: n/a
 
Re: Application maifests and UAC
Posted: 05-14-2007, 01:46 PM
Thanks for the very informative reply Jimmy! then I got it right as I
thought. You gave me much more details on the exceptopns though. I have been
trying to replicate this behaviour unsuccessfully, and maybe you can explain
why it fails?

created a BATCH file that basically copies a textfile to a "forbidden"
location, c:\Program Files. this BATCH file is converted to an EXE file. Then
I tried to run is as a standard user but it fails. run as an administrator
either by right-clicking OR adding a side-by-side manifest it works, after an
elevation prompt in the later case. textfiles aren't one of the exceptions
you mentioned. I also did a similar test with the exact same result where an
existing file was updated instead of created.

What is causing this failure for the non manifested "application"? since it
can successfully run as admin?

kindly,
Hasse
--
/Hasse


"Jimmy Brush" wrote:
> Hello,
>
> You have the gist of it, although there are (of course) some
> exceptions.
>
> - 64-bit applications are never virtualized in this way
>
> - Only certain folders and registry keys are protected by
> virtualisation (%SYSTEMROOT%,
> %PROGRAMDATA%,%PROGRAMFILES%\(Subdirectories,
> HKEY_LOCAL_MACHINE\SOFTWARE [with some exceptions])
>
> - Binary files (.exe, .dll, .sys) are NOT virtualised
>
> - Only programs running in the context of an interactive user are
> virtualised, this excludes non-interactive processes (such as
> services) as well as kernel-mode code and code running under
> impersonation
>
> Other than that, if a program runs that has a manifest specifying a
> regquestedExecutionLevel, that program will NOT be affected by
> virtualisation, and it will fail if it attempts to access a
> folder/file to which it has no access.
>
> Otherwise, if the program has no manifest, and it attempts to write to
> a virtualisation-protected file or regisitry key and it is denied
> access, *AND* a program running with admin privileges would have been
> able to perform that write, then the file/key is virtualised to the
> application and the action succeeds.
>
> MORE INFO
>
> http://msdn2.microsoft.com/en-us/library/aa905330.aspx
>
> http://download.microsoft.com/downlo.../top10wave.exe
>
>
> --
> - JB
> Microsoft MVP - Windows Shell
>
> On Mon, 14 May 2007 01:36:01 -0700, Hasse
> <Hasse@discussions.microsoft.com> wrote:
>
> >Hi!
> >
> >Tell me if I got this right!
> >
> >If an application has an application manifest for Vista then folder and
> >registry vistualization is automatically turned off, and the application will
> >fail silently if elevation isn't requested in that manifest.
> >
> >If an application doesn't have a manifest, virtualization features are
> >activated and the application will succeed regardless of elevation or no
> >elevation.
> >
> >Are there exceptions from this behaviour?
> >
> >/H
>
 
LinkBack Thread Tools Display Modes
 


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On
Forum Jump


Similar Threads
Thread Thread Starter Forum Replies Last Post
Help needed! Application window size changes when porting application from XP to EXP Avi Rot Windows XP Embedded 5 10-29-2004 06:18 PM
this application cannot run PIPO Windows XP Games 2 05-31-2004 07:40 PM
this application has failed to start because the application configuration is in Zach Windows XP Messenger 0 04-13-2004 11:19 PM
Application Mark Duncan Windows XP Help & Support 1 10-25-2003 10:38 AM
cannot run dos application Richard Corbeil Windows XP Setup 0 10-05-2003 09:28 PM