FZ UAC: Difference between revisions
No edit summary |
m (Reverted edits by DeborahCook (talk) to last revision by CodeSquid) |
||
(142 intermediate revisions by more than 100 users not shown) | |||
Line 1: | Line 1: | ||
'''Author note: If you find errors (especially if you are native English speaker), you are allowed to correct them anytime. Also, I don't claim to be a Vista expert, if there are wrong statements or conclusions, by all means, correct | '''Author's note: If you find errors (especially if you are native English speaker), you are allowed to correct them anytime. Also, I don't claim to be a Vista/7 expert, therefore if there are wrong statements or conclusions, by all means, correct them. It will help to improve this document. Use the Edit links at the right.''' | ||
=User Account Control, filesystem virtualization and its impact on Filezilla= | =User Account Control, filesystem virtualization and its impact on Filezilla= | ||
==General explanation== | ==General explanation== | ||
Microsoft introduced the User Account Control (UAC) in Windows Vista, | Microsoft introduced the User Account Control (UAC) in Windows Vista, which is also present in Windows 7. | ||
Among other components it also contains a feature called filesystem virtualization. Essentially it remaps reads/writes for certain files to other paths. The most important protected path we have to deal with is '''Program Files'''. | Among other components it also contains a feature called filesystem virtualization. Essentially it remaps reads/writes for certain files to other paths. The most important protected path we have to deal with is '''Program Files'''. | ||
Let's assume the protected path is ''C:\Program Files''. | Let's assume the protected path is ''C:\Program Files''. | ||
Older versions of | Older versions of FileZilla and other programs not explicitly Vista-aware lack a so called '''manifest'''. A manifest basically tells Windows how aware the program is about the recent Windows versions. And it tells Windows about the privileges the application requires. | ||
A program without manifest is run in the context of a standard user (NOT the currently logged on user). Filesystem virtualization is applied to such a program. | A program without manifest is run in the context of a standard user (NOT the currently logged on user). Filesystem virtualization is applied to such a program. | ||
If the program is installed in ''C:\Program Files\Program'', and tries to write a file into | If the program is installed in ''C:\Program Files\Program'', and tries to write a file into its directory, the file will not go into that directory, but into another, in this case ''C:\Users\<username>\AppData\Local\VirtualStore\Program Files\Program''. | ||
This is totally transparent to the older program and the user. | This is totally transparent to the older program and the user. | ||
The problem starts if you want to access this file with a Vista-aware program, such as FileZilla. As FileZilla includes a manifest, it doesn't use the VirtualStore, but the real paths. It will of course not be able to find your file there. | |||
The problem starts if you | |||
==Example== | ==Example== | ||
Line 37: | Line 35: | ||
In the moment WebEd tried to save the file to ''C:\Program Files\WebEd\publish'', the request was caught and redirected by the UAC. | In the moment WebEd tried to save the file to ''C:\Program Files\WebEd\publish'', the request was caught and redirected by the UAC. | ||
Your files have instead been saved to ''C:\Users\foo\AppData\VirtualStore\Program Files\WebEd\publish''. | Your files have instead been saved to ''C:\Users\foo\AppData\Local\VirtualStore\Program Files\WebEd\publish''. | ||
You can of course transfer the files from this directory. | You can of course transfer the files from this directory. | ||
==What problems could arise?== | ==What problems could arise?== | ||
Line 48: | Line 45: | ||
===The older application is updated and the new version includes a manifest=== | ===The older application is updated and the new version includes a manifest=== | ||
In this case (as with Filezilla) the program suddenly won't use filesystem virtualization anymore. This will leave the user totally confused about where his files have gone. | In this case (as with Filezilla) the program suddenly won't use filesystem virtualization anymore. This will leave the user totally confused about where his files have gone. | ||
===UAC is disabled=== | ===UAC is disabled=== | ||
Line 55: | Line 51: | ||
===Programs are started as administrator=== | ===Programs are started as administrator=== | ||
Pre-Vista applications started as administrator will not have filesystem virtualization applied and seem to 'lose' any data saved into protected paths and redirected to the VirtualStore. | Pre-Vista applications started as administrator will not have filesystem virtualization applied and seem to 'lose' any data saved into protected paths and redirected to the VirtualStore by the same application started in non-administrator mode. | ||
==What can I do to solve this?== | ==What can I do to solve this?== | ||
1. Use the latest, Vista-aware versions of your applications wherever possible. | 1. Use the latest, Vista/7-aware versions of your applications wherever possible. | ||
2. Don't save your data into protected directories. Redirect your app to save into an unprotected path. | 2. Don't save your data into protected directories. Redirect your app to save into an unprotected path. | ||
Example: Create a directory ''C:\publish'' and save your webpage there. | Example: Create a directory ''C:\publish'' and save your webpage there. | ||
3. Disable UAC. This is not recommended as it effectively turns off the advanced security mechanisms implemented in Vista | 3. Disable UAC. This is not recommended as it effectively turns off the advanced security mechanisms implemented in Vista/7. | ||
4. Don't use Vista. ;) | 4. Don't use Vista. ;) | ||
Generally, look into the ''C:\Users\<yourusername>\AppData\Local\VirtualStore'' directory. You will find all redirected data there. | Generally, look into the ''C:\Users\<yourusername>\AppData\Local\VirtualStore'' directory. You will find all redirected data there. |
Latest revision as of 07:25, 27 July 2012
Author's note: If you find errors (especially if you are native English speaker), you are allowed to correct them anytime. Also, I don't claim to be a Vista/7 expert, therefore if there are wrong statements or conclusions, by all means, correct them. It will help to improve this document. Use the Edit links at the right.
User Account Control, filesystem virtualization and its impact on Filezilla
General explanation
Microsoft introduced the User Account Control (UAC) in Windows Vista, which is also present in Windows 7. Among other components it also contains a feature called filesystem virtualization. Essentially it remaps reads/writes for certain files to other paths. The most important protected path we have to deal with is Program Files.
Let's assume the protected path is C:\Program Files.
Older versions of FileZilla and other programs not explicitly Vista-aware lack a so called manifest. A manifest basically tells Windows how aware the program is about the recent Windows versions. And it tells Windows about the privileges the application requires.
A program without manifest is run in the context of a standard user (NOT the currently logged on user). Filesystem virtualization is applied to such a program.
If the program is installed in C:\Program Files\Program, and tries to write a file into its directory, the file will not go into that directory, but into another, in this case C:\Users\<username>\AppData\Local\VirtualStore\Program Files\Program.
This is totally transparent to the older program and the user.
The problem starts if you want to access this file with a Vista-aware program, such as FileZilla. As FileZilla includes a manifest, it doesn't use the VirtualStore, but the real paths. It will of course not be able to find your file there.
Example
You have a HTML editor which is from pre-Vista era, called WebEd.
WebEd is installed in C:\Program Files\WebEd and saves the pages into C:\Program Files\WebEd\publish.
Your Windows user account is named foo and you're using the English language version.
The recent Filezilla version is installed for FTP transfers.
You fire up WebEd and create your page, consisting of an index.html and a few images. You're satisfied with your work and save it.
Now you want to transfer it to the server. Launching Filezilla, navigating to the 'publish' directory, you find it empty. What has just happened?
In the moment WebEd tried to save the file to C:\Program Files\WebEd\publish, the request was caught and redirected by the UAC.
Your files have instead been saved to C:\Users\foo\AppData\Local\VirtualStore\Program Files\WebEd\publish.
You can of course transfer the files from this directory.
What problems could arise?
Filesystem virtualization is applied to pre-Vista programs without a proper manifest that are started in non-administrator mode. Following is a list of possible problems that could arise now or later:
The older application is updated and the new version includes a manifest
In this case (as with Filezilla) the program suddenly won't use filesystem virtualization anymore. This will leave the user totally confused about where his files have gone.
UAC is disabled
Power users do this to restore the old XP behavior. All pre-Vista programs are affected! They could 'lose' saved files, configuration files and data stored directly into previously protected parts (and thus redirected to the VirtualStore).
Programs are started as administrator
Pre-Vista applications started as administrator will not have filesystem virtualization applied and seem to 'lose' any data saved into protected paths and redirected to the VirtualStore by the same application started in non-administrator mode.
What can I do to solve this?
1. Use the latest, Vista/7-aware versions of your applications wherever possible.
2. Don't save your data into protected directories. Redirect your app to save into an unprotected path.
Example: Create a directory C:\publish and save your webpage there.
3. Disable UAC. This is not recommended as it effectively turns off the advanced security mechanisms implemented in Vista/7.
4. Don't use Vista. ;)
Generally, look into the C:\Users\<yourusername>\AppData\Local\VirtualStore directory. You will find all redirected data there.