FZ UAC

From FileZilla Wiki
Jump to navigationJump to search

Author's note: If you find errors (especially if you are native English speaker), you are allowed to correct them anytime. Also, I don't claim to be a Vista/7 expert, therefore if there are wrong statements or conclusions, by all means, correct them. It will help to improve this document. Use the Edit links at the right.

User Account Control, filesystem virtualization and its impact on Filezilla

General explanation

Microsoft introduced the User Account Control (UAC) in Windows Vista, which is also present in Windows 7. Among other components it also contains a feature called filesystem virtualization. Essentially it remaps reads/writes for certain files to other paths. The most important protected path we have to deal with is Program Files.

Let's assume the protected path is C:\Program Files.

Older versions of FileZilla and other programs not explicitly Vista-aware lack a so called manifest. A manifest basically tells Windows how aware the program is about the recent Windows versions. And it tells Windows about the privileges the application requires.

A program without manifest is run in the context of a standard user (NOT the currently logged on user). Filesystem virtualization is applied to such a program.

If the program is installed in C:\Program Files\Program, and tries to write a file into its directory, the file will not go into that directory, but into another, in this case C:\Users\<username>\AppData\Local\VirtualStore\Program Files\Program.

This is totally transparent to the older program and the user.

The problem starts if you want to access this file with a Vista-aware program, such as FileZilla. As FileZilla includes a manifest, it doesn't use the VirtualStore, but the real paths. It will of course not be able to find your file there.

Example

You have a HTML editor which is from pre-Vista era, called WebEd.

WebEd is installed in C:\Program Files\WebEd and saves the pages into C:\Program Files\WebEd\publish.

Your Windows user account is named foo and you're using the English language version.

The recent Filezilla version is installed for FTP transfers.


You fire up WebEd and create your page, consisting of an index.html and a few images. You're satisfied with your work and save it. Now you want to transfer it to the server. Launching Filezilla, navigating to the 'publish' directory, you find it empty. What has just happened?


In the moment WebEd tried to save the file to C:\Program Files\WebEd\publish, the request was caught and redirected by the UAC.

Your files have instead been saved to C:\Users\foo\AppData\Local\VirtualStore\Program Files\WebEd\publish.


You can of course transfer the files from this directory.

What problems could arise?

Filesystem virtualization is applied to pre-Vista programs without a proper manifest that are started in non-administrator mode. Following is a list of possible problems that could arise now or later:

The older application is updated and the new version includes a manifest

In this case (as with Filezilla) the program suddenly won't use filesystem virtualization anymore. This will leave the user totally confused about where his files have gone.

UAC is disabled

Power users do this to restore the old XP behavior. All pre-Vista programs are affected! They could 'lose' saved files, configuration files and data stored directly into previously protected parts (and thus redirected to the VirtualStore).


Programs are started as administrator

Pre-Vista applications started as administrator will not have filesystem virtualization applied and seem to 'lose' any data saved into protected paths and redirected to the VirtualStore by the same application started in non-administrator mode.

What can I do to solve this?

1. Use the latest, Vista/7-aware versions of your applications wherever possible.

2. Don't save your data into protected directories. Redirect your app to save into an unprotected path.

  Example: Create a directory C:\publish and save your webpage there.

3. Disable UAC. This is not recommended as it effectively turns off the advanced security mechanisms implemented in Vista/7.

4. Don't use Vista. ;)

 Generally, look into the C:\Users\<yourusername>\AppData\Local\VirtualStore directory. You will find all redirected data there.