The Virtual Store Folder

Many legacy applications write data (such as configuration information) to areas that are ordinarily inaccessible to standard accounts . This behavior presented few problems in Windows XP because most users ran with administrative privileges. In Windows 7 (as in Windows Vista), the User Account Control (UAC) feature means that all users, even those with administrator accounts, run with a standard user token in ordinary operation . To prevent

That's because in all of these junctions, the Everyone group has a Deny access control entry (ACE) preventing users from listing folder contents . This Deny ACE might seem drastic, but it's Windows' way of telling you to keep your hands off the compatibility infrastructure.

In every case, there's a proper path to the folder you're really looking for; you just need to unlearn the Windows XP structure.

The Deny ACE does not prevent you from deleting a junction, but you should never perform such a deletion unless you absolutely know what you are doing. Although a junction looks like an ordinary shortcut in Windows Explorer, it's not what it appears to be. Deleting a shortcut deletes a pointer, leaving the pointee unchanged . Deleting a junction has the same effect as deleting the location to which it points . Trust us: you don't want to discover this the hard way.

compatibility problems, UAC redirects problematic file and registry writes (and subsequent reads) to per-user virtualized locations . (For more details about UAC, see "Preventing Unsafe Actions with User Account Control" on page 531 .)

So, for example, if an application, running in your security context, attempts to write to a location within %ProgramFiles%, the write will be redirected to a comparable location within %LocalAppData%\VirtualStore . When the application subsequently reads what it has written, the read request is redirected to the same virtualized location . As far as the application is concerned, everything is perfectly normal, and the operating system has prevented standard-user access to the %ProgramFiles% folder.

If you open a folder in which a virtualized write has occurred, a Compatibility Files link will appear on the Windows Explorer toolbar, as in this example from a program that insisted on writing a configuration file to the Windows folder:

Note

If you disable UAC, file and registry virtualization are disabled as well . If you log on using an account in the Administrators group with UAC disabled, any program you run can write directly to locations in the file system and the registry that would otherwise be protected by UAC.

Clicking Compatibility Files will take you to the VirtualStore location where the data is actually written .

A similar form of virtualization protects sensitive areas of the registry. Programmatic access to HKLM\Software is redirected to HKLM\Software\Classes\VirtualStore .

Note the following about virtualization:

• Virtualization does not affect administrative access to files or registry keys .

• Virtualization does not affect 64-bit processes.

• Virtualized data does not move with roaming profiles .

• Virtualization is provided for the sake of compatibility with current legacy programs; Microsoft does not promise to include it with future versions of Windows .

Was this article helpful?

0 0
Digital Cancers

Digital Cancers

Get All The Support And Guidance You Need To Be A Success At Protecting Your PC. This Book Is One Of The Most Valuable Resources In The World When It Comes To The Damaging Facts About Computer Viruses.

Get My Free Ebook


Responses

  • aurelio giordano
    What is the virtualstore folder?
    8 years ago
  • regolo bergamaschi
    How to view in explorer virtual store windows 7?
    7 years ago
  • brian
    How to disable creating folder in virtual store in rdp?
    6 years ago
  • annemari
    Which folders in virtualstore?
    6 years ago

Post a comment