Re: Vista registry programming
- From: Joseph M. Newcomer <newcomer@xxxxxxxxxxxx>
- Date: Thu, 03 Apr 2008 14:57:43 -0500
I'm just guessing here, because I've finally stopped using VC6 (alas). But I think you
need to get a manifest resource attached to your executable that makes the appropriate
Vista-like noises (it's easy...you just go to the manifest section of the MSDN, and it
tells you everything you need to know...whoops, no, that's some alternative reality we
don't have access to...)
But if there's a Vista-aware manifest attached, then it won't virtualize. This means it
will use whatever the Registry protections are, instead of trying to pretend it is an
older app.
But exactly what has to appear there is a Deep Mystery.
Sorry, that's the best I can do right now.
joe
On Thu, 03 Apr 2008 11:53:42 +0100, Bob Moore <> wrote:
Oh, this just keeps on getting worse...Joseph M. Newcomer [MVP]
I produced a new application (using VC6, because its a
currently-shipping system even though its a new app). The app uses our
normal method of storing per-machine settings in HKLM,as you'd expect
for this system.
As luck would have it, I chose to test on a Vista machine with UAC
enabled. The root key of our registry tree had modified security to
allow us to write to it as per normal. All appeared to be OK.
After I'd run the application, I went to HKLM via regedit, only to
find our keys missing. Huh? This disagrees with Microsoft's stated
approach as per the Technet article. The fact that the app ran OK
seems to indicate that we're being virtualized _irrespective_ of the
registry security settings. Indeed, not only are the registry security
settings relaxed for our root key, but the account I ran the app under
was an admin account, as evidenced by the fact that I tried doing an
admin task, got an elevation dialog, but _wasn't_ asked for
credentials. So attempts to access HKLM _couldn't_ have been denied
on security grounds.
So I disabled UAC and ran the app again. Now the keys appeared in
regedit. QED. Looks to me like the Technet article is wrong (or is
making some assumption it isn't telling us about).
Now I'm thoroughly confused, and don't know what to do for the best.
Do we continue with our current strategy, but demand that target
systems must have UAC disabled? Seems draconian and some customers may
object. Abandon HKLM as a target for per-machine settings? Fine, but
we haven't budgeted for replacing that code, so our effort estimates
are now toast. Believe anything MS tells us ? Well that's worked real
well so far...
UAC. Such a victory.
Bob Moore
http://bobmoore.mvps.org/
email: newcomer@xxxxxxxxxxxx
Web: http://www.flounder.com
MVP Tips: http://www.flounder.com/mvp_tips.htm
.
- Prev by Date: Re: How to check CEdit input is number or not?
- Next by Date: Re: How to display png file in toolbar
- Previous by thread: Re: Vista registry programming
- Next by thread: Re: Vista registry programming
- Index(es):
Relevant Pages
|
