Windows Vista Shim Internals Basics: How Shims Work to Address Compatibility Issues (and What are the Ramifications?)

I want to talk a little bit today about shims, specifically addressing how they work to address compatibility issues, and what the security ramifications are when you use a shim to address a compatibility issue. Merriam Webster defines a shim as: “a thin often tapered piece of material (as wood, metal, or stone) used to…

47

Using the CorrectFilePaths Shim to Redirect Files on Windows Vista

The last time around, I suggested that you avoid using the acredir.dll shims – RedirectRegistry and RedirectFiles. As alternatives, I recommended VirtualRegistry and CorrectFilePaths. Of course, I have already gone into some details on how to use VirtualRegistry to achieve that, but I haven’t gone in to any details on CorrectFilePaths yet. And, unfortunately, the…

45

How to Determine if a User is a Member of the Administrators Group with UAC Enabled on Windows Vista

User Account Control (UAC) on Windows Vista changes the paradigm of being an administrator on a Microsoft Windows operating system. Rather than wielding full administrative privileges all of the time, the token is “split” and there are two of them. If you run an application normally, it is given the token that has fewer privileges…

36

Announcing the Application Compatibility Toolkit 5.0.2

We have released a new version of the Application Compatibility Toolkit 5.0. Internally we refer to it as the 5.0.2 release, although the actual version number isn’t 5.0.2, it’s 5.0.5428.1056. (I still haven’t fully grasped all of the inputs that drive the choice of version numbers.) Whatever you decide to call it, it’s our third…

31

Where Should I Write Program Data Instead of Program Files?

When I’m working to resolve compatibility issues, there are always multiple options to mitigate. The solution we prefer to use is to update the code. A common application code update is this: “my application used to write files to program files. It felt like as good a place to put it as any other. It…

27

What Percentage of Consumers Have UAC Enabled on Windows Vista?

From the “doesn’t just saying it make it true?” department: I was reading the March 2008 issue of Maximum PC (I love my Maximum PC), and while I like the real dirt and the attitude, I just don’t understand the extent of their hatred of UAC. Their Editor in Chief writes, “UAC is the worst…

27

Manifesting for Compatibility on Windows 7

Normally, I’m talking about how to fix applications here, but I want to digress and instead talk about how to help us fix things up in future versions of Windows for you. The most frequently used application fix is a version lie. We have to lie to applications that are doing the wrong thing (explicit…

27

Mapped Network Drives with UAC on Windows Vista

User Account Control on Windows Vista provides a convenience feature which allows you to elevate a process without leaving the current desktop. (For a discussion of why this is a convenience feature, rather than a security feature, see Mark Russinovich’s blog entry here: http://blogs.technet.com/markrussinovich/archive/2007/02/12/638372.aspx). Let’s explore this at a fairly high level. To simplify things,…

25

Configuring ADAM for SSL on Windows XP without a certificate server using makecert.exe

I frequently run into situations where I need to configure my laptop to support some technology, without having a lot of server resources to depend on. Most recently, I configured a local instance of ADAM to support SSL. While the information on how to configure this is available, it is scattered across multiple sources. I…

25

Announcing ACT 5.0.3 (a.k.a. ACT 5.0.5428.1080)

It seems like just yesterday I was posting about ACT 5.0.2 being released, but we just released ACT 5.0.3. Now, I’ve had a couple of people confused about the version numbers we talk about, and what they actually see. For, rather unfortunately, you didn’t see 5.0.2 anywhere in the last one, nor will you see…

22