You can’t change it, but you can hide it and add something that looks like it


Today we have another case of "Now you have two problems." The corporate customer already solved their problem halfway and needed help on the other half. The impossible half.

We want to change the Add or Remove Programs icon in the Windows XP control panel so it runs our custom install management program instead of running the one built into Windows. In other words, we want to change what happens when the user clicks the Add or Remove Programs icon. Is this possible?

What they specifically request isn't possible because the icon is provided by Add or Remove Programs itself, but you can easily get the same effect. This is why it's important to understand why somebody wants to do something even though they are asking how to do it. Once you understand why they're doing something, you can unwind the steps they've taken and come up with something that doesn't answer the specific question but still solves the bigger problem.

You can't redirect an icon but you can remove the existing icon and replace it with something else. Set a policy to remove the existing Add or Remove Programs icon from the control panel and then write your own control panel called Add or Remove Programs.

I'm not sure what happened next, but they acted as if I wrote, "Could you please repeat the question?"

Raymond, we need to replace the link in the Control Panel with a custom program that elevates the user's privileges so that they can manage the programs on the computer. Is there any registry key or setting that specifies how the control panel applet is launched that we could inject an EXE into? This EXE would just be a wrapper for launching the original CPL.

I'm assuming that the extra wrinkle of "And then we want to re-launch the original CPL" made them think their situation was somehow special, so that regular-grade advice wasn't good advice. They needed premium.

You can still follow the original suggestion. Remove the original CPL via policy and add your custom EXE (which then launches the original CPL after doing whatever it wants).

But no, that wasn't the problem. They simply missed the point entirely. They were so focused on looking for the sentence "Here is how you change what the icon launches" that they completely missed the point of the suggestion. They're looking for a solution to the specific problem instead of the bigger problem.

How do you configure the policy to launch our EXE instead of the CPL?

At this point I pulled out my bad analogy gun.

In your car there is an ignition switch. It is wired to the starter. You want to make the driver take a breathalyzer test before they can start the car.

Plan A (what you are proposing): Patch into the wire connecting the ignition switch to the starter so it goes through a breathalyzer. Unfortunately the wire is sheathed in kevlar and cannot be cut open. The designers of the wire did not include any hooks for breathalyzers.

Plan B (my suggestion): Remove the old ignition switch and install a new ignition switch that is connected to a breathalyzer. If the driver passes the breathalyzer test, then your ignition switch turns the original ignition switch. Notice that this method doesn't require you to bust open the kevlar sheathing that protects the wire between the old ignition switch and the starter.

All the driver sees is a keyhole. They stick the key in and turn the key. If you're really clever you make your new ignition switch's faceplate look just like the original so the driver can't tell the difference between the two methods (all they see is a keyhole, a breathalyzer, and if they pass, the car starts).

  • The existing CPL is the old ignition switch.
  • Your replacement program is the new ignition switch.
  • Deploying the Hide the Add or Remove Programs control panel policy is removing the old ignition switch.
  • The Add or Remove Programs icon is the keyhole.
  • The way Windows XP works, the keyhole leads to the old ignition switch.
  • Plan B: Use policy to remove the old ignition switch, and install new ignition switch (your replacement program). Use some paint to make the new keyhole look just like old keyhole. The person in driver's seat is none the wiser.

You know you're in trouble when I have to pull out my bad analogy gun.

Note: I don't know whether this trick will actually work, but it seemed a useful example of the principle of "Just because it has to look like something doesn't mean it has to be that something."

Comments (43)
  1. Anonymous says:

    Unfortunately this kind of thing happens all too often.  People just need to take a few steps back and look at the the problem they are trying to solve, to make sure they haven’t completely missed the bigger picture, and possibly an easier solution.

  2. Anonymous says:

    This Raymond’s example is exactly what I meant when I said "backward thinking":

    http://blogs.msdn.com/oldnewthing/archive/2007/10/16/5465592.aspx#5550229

  3. Anonymous says:

    I see this type of thing all the time with requirements gathering.  The "user", instead of talking in terms of the problems to be solved, talk in terms of the solution.  The "developer", ignorant of the real requirements goes off and implements (usually with much pain involved), the solution the "user" requested.

    In then end, what is delivered hardly works and doesn’t solve the real problem.

  4. Anonymous says:

    Whoa Igor, no need to shout.  I think you also missed the point of the article you linked.  (Maybe we all missed the point).  The point of the article was you have a problem that is constant (so replacing the wireless switch is not an option).  You have to work around it.  How do you go about it?  Do you do something simple or something complex?

    Raymond said you can do it the hard way (custom logon or controling GINA) or you can do it the easy way (delay the boot with a setting in boot.ini).  However, people went off on a tangent and asked why couldn’t the delayed boot feature be more complex.  I was debating against that on the grounds that making it more complex brings us back to the original problem of favoring the complex over the simple.

    Many apologies to Raymond and the readers here because this comment is way off topic.  I couldn’t help it after I followed Igor’s link to find he is shouting at me.

  5. Xepol says:

    Actually, it sounds like they have a much larger problem.

    They have enough security to protect them and it sounds like they are deliberately designing a security hole that anyone can use.  

    Ultimately, the solution is to just remove the security that protectes their network from users doing whatever they want.

    Since, clearly, this solution is not reasonable, neither is their original goal, as it has exactly the same result.  

    It sounds like someone needs to seriously sit down and revisit what they are trying to acomplish in the first place, perhaps going as far back as their security policies and procedures.

    As you say, understanding the problem is the most important step.  

  6. Anonymous says:

    Soooo not unfamiliar. :)

    As usual, one look worth a thousand words: http://people.bath.ac.uk/ccsjst/gifs/swing.jpg

  7. Anonymous says:

    I understand your pain, Raymond.  Lots of people deep dive into what they think they need to do instead of thinking about what they need.

    On the flip side, though, is when you ask people for advice on how to achieve something and having everyone tell you that your design is wrong.

    I’ve been in situations where a UI design has been vetted by the human factors engineers, the usability specialists, the information designers, and the customers.  Marketing, sales, QA, and tech support have all signed off.  Yet, when you try to implement it, a bunch of other developers will tell you it’s a bad design.

    You just can’t win.

  8. Anonymous says:

    I understand your pain, Raymond.  Lots of people deep dive into what they think they need to do instead of thinking about what they need.

    On the flip side, though, is when you ask people for advice on how to achieve something and having everyone tell you that your design is wrong.

    I’ve been in situations where a UI design has been vetted by the human factors engineers, the usability specialists, the information designers, and the customers.  Marketing, sales, QA, and tech support have all signed off.  Yet, when you try to implement it, a bunch of other developers will tell you it’s a bad design.

    You just can’t win.

  9. Anonymous says:

    Raymond: I’m not sure what happened next, but they acted as if I wrote, "Could you please repeat the question?"

    Oh, that made me laugh.  Contender for driest remark yet.  

    Sometimes people have a ‘solution’ in mind and just want someone to confirm it.  And it may have been the case in this situation that your proposed solution was nothing like what the questioner was imagining, so they just didn’t ‘listen’ or ‘see’ the answer that you provided.  This is the sort of thing that can make software development so frustrating when dealing with some people, yet so amusing when recalling these incidents later on.

  10. Anonymous says:

    Great post. Unfortunately it’s reminding me of too many situations in windows where the problem has split into many situations and fixing it at the root is the wrong way to go, as per your analogy.

     The example I’m thinking of has to do with checking if an application is updated before launching and install the updates silently. You either have to….

    1) replace the exe with your own and potentially break functionallity as well as the integrity of the install. (bad)

    2) replace every shortcut, file association, and any other way a user might accidentally bypass the system. (correct, but never works)

    or 3) something really advanced use like system  center enterprise blockbuster 2007 sysadmin edition.

  11. Anonymous says:

    Hey look, spyware authors get support here.

  12. Anonymous says:

    This brings back memories of the time I had to write a DLL to replace the screensaver tab in desktop properties – in VB6. Oh the fun! (Note: I have nothing against VB, it’s where I started out in earnest, but writing shell extensions in it is quite uncommon, and not exactly straightforward!).

    Regarding "taking a few steps back": People asking for help often tend to do it in the form of "How to I do X?" In response, I nearly always ask them "What are you trying to achieve?" first. As pointed out, people asking for help generally have a pre-conceived solution and are asking because they’re stuck. By asking what they’re actually trying to achieve it a) helps them take a step back and think "Does what I’m trying to do actually make sense?", and b) gives you the opportunity to suggest a better solution if you know of one.

  13. Anonymous says:

    Everything I read this post, I wonder, is it this easy to get your questions to actual Microsoft employees? I’ve never used support for programming.  Is this a special ‘high grade’ support option?  How do these questions ever make it to Raymond in the first place?

    [“I’ve never used support for programming.” Well that explains why you can’t imagine how these questions get to me. -Raymond]
  14. Anonymous says:

    And how do you actually add a new entry called “Add or Remove Programs” the start menu?

    [What a random question. It has nothing to do with the customer’s problem. -Raymond]
  15. Anonymous says:

    Well, given that the question was “how do the questions get to you?” and the answer was “I see that you don’t know the answer”, I can’t possibly imagine why anyone would ask a question unless they already know the answer.

    [Read the entire question. It’s strange when somebody says “I’ve never considered the possibility of X. How does it work?” How about considering the possibility of X? -Raymond]
  16. Anonymous says:

    After reading the first paragraph, I would’ve bet anything that this was going to be a "Imagine if this were so" or, maybe even a "when people ask for security holes as features" post. Boy was I wrong.

    [Read the entire question. It’s strange when somebody says "I’ve never considered the possibility of X. How does it work?" How about considering the possibility of X? -Raymond]

    Best. Quote. Ever.

  17. Anonymous says:

    Can you imagine the kinds of money some companies are paying to have dumb software engineers get to ask questions directly to Raymond or other MS core teams?

    We pay a huge amount of money for second-tier support (MS OS dev support employees), which we then use as a last resort.  If my boss were to see me ask such a series of dumb questions he might seriously reconsider my abilities as a software engineer.  It amazes me that people could pay much more, then use it in such a dumb fashion.

    Raymond, hopefully you charged all their remaining hours for that one!

  18. Anonymous says:

    It’s a mindset thing. And communicating via email (instead of telephone or face to face) poses a greater challenge for understanding each other. Many times I’ve felt that, when answering in a similar vein, i.e. brisk, technically correct like you did, then the person asking the question will read it but fail to grasp its meaning.

    In other words, if they would be able to understand such an answer as yours directly, then they wouldn’t need to ask that question in the first place. Not true in all cases, but often enough in my experience.

    I’ve had better success with a simpler style, let me give an example, answering for Raymond in his example:

    "Sorry but you can not change the icon. You can not replace it. You can not remove it. But, there is another way to achieve what you want to do."

    That’s it, if they really want to know about setting the policy stunt, they will come back to you with another email. And now you can write about the policies.

  19. Anonymous says:

    Unfortunately, this is a very typical user request — they know enough to be dangerous but not enough to know what to do.

    Here’s my bad analogy:

    The user knows the trigger is what make it work; he just doesn’t know that the barrel is where it will come out.

  20. Anonymous says:

    Nicholas said: “Whoa Igor, no need to shout”

    Well, I didn’t link to the shouting comment (5511405), but to the 5550229 (you see the number by pointing to the hash sign next to the post.

    As for shouting your comment was so full of “I know better than all of you” attitude (and yet you missed the most obvious solution of replacing the offending switch) that I just couldn’t resist.

    Finally, for me it is more straightforward to replace the switch because it is the cause of the problem.

    (takes out his analogy gun):

    If you break your leg you will have a problem walking because it will hurt like hell. If you start taking strong painkillers, the pain will go away and you will perhaps be able to walk but you will be seriously impaired (slow, clumsy, incapable of carrying weight) and your bone won’t heal properly. Taking painkillers doesn’t solve anything, it is a temporary workaround.

    Now, not only is editing several boot.ini files on different kiosks (perhaps even in remote locations) less convenient than replacing and configuring single switch, but also raises the question of accessibility to clients.

    If I as a customer need to wait 5 minutes for the damn kiosk to be usable, I will go elsewhere. What is adding delay to boot.ini actually solving? You are solving delay caused by the switch by adding more delay! That IS the backward thinking.

    [The fact that they asked the question at all means that making the switch faster wasn’t an option. (Maybe the link to the central office is slow.) -Raymond]
  21. Anonymous says:

    Henry Skoglund:

    "Sorry but you can not change the icon. You can not replace it. You can not remove it. But, there is another way to achieve what you want to do."

    With the exception of "you can not remove it" being just plain wrong advice, this sounds incredibly similar to Raymond’s suggestion:

    "You can’t redirect an icon but you can remove the existing icon and replace it with something else[…]"

    The suggestion of witholding the actual solution while hinting that another solution exists would typically have me scratching my head with the person I emailed, thinking "well why didn’t you just briefly tell me what it was instead of leaving me hanging?"

    Also, you have to put the situation into perspective: It’s fair to assume that this is an expensive Microsoft developer support situation where the meter is ticking and more contact with developers costs real dollars.

  22. Anonymous says:

    Does anyone else think this is a really odd request? It’s OK to question this customer’s ability to enunciate the problem, but not what the heck they are doing withe the solution?

    This is like:

    "Man these guys were dumb. They were trying to get together plutonium for their ‘device’, when plain enriched uranium would have been much easier and more cost-effective."

  23. Anonymous says:

    A not unfamiliar situation (less one of requirements analysis: Ask not "What does the user want, but why"), but also a specific example that ALSO shows (if the related missives are accurate) how the Great  Unwashed masses get in such a pickle at the hands of the Omniscient Support Desk.

    The first piece of advice offered suggests removing an icon and then replacing the ENTIRE CONTROL PANEL…..  no wonder the user was a little confused after this.

    In fact, their subsequent clarification suggests this confusion – they make it clearer that they want to change the behaviour of a single icon, not replace the entire Control Panel (which the original advice appears to suggest they should do).

    In other words "We just want to replace/change the behaviour of ONE icon, not the entire Control Panel"

    The Omniscient Support Person, programmed to think of users as "thick" doesn’t think to re-examine their original advice and spot the problem (IN the advice itself) but instead thinks they have a TRULY thick user on their hands, so increases the Patronising Level (I gave you the right answer the first time, thicko, just do as you’ve been told) in their subsequent advice and also, inadvertently, COMPOUNDS the confusion by seeming to REPEAT the advice that they never actually intended to give in the first place….

    Remove a CPL then replace it with an EXE……  um….  yet AGAIN, the advice appears to be….  disable/remove an APPLET and then proceed

  24. Anonymous says:

    You’e absolutely right about analysing what the customer NEEDS to do and offering up a solution for that, not necessarily for what the asked for.  That’s precisely how I made myself a highly sought after consultant – figuring out what the customer needs, not how to give them what they ask for.  It’s THE correct approach.

    The problem with that is, it takes  extra workonyour part to avoid ticking them off, or confusing the heck out of them and usually making them question why they’re paying you so much money.

    When you give the customer what he needs, but not what he expects, you should expect some confusion.  You answered the UNASKED question but didn’t answer the one they DID ask.  Had you prefaced your reply with, for example, "It seems you’re trying to accomplish A through procedure X – I suggest accomplishing A through procedure Y." And be absolutely clear just what you think A is.

    You pull out your bad analogy gun when you haven’t made yourself clear in the first place and worse, didn’t LISTEN when the customer said he didn’t understand you.  

    Ever have someone tell you "well it’s perfectly clear" when to you, it is anything but?   Yo – if aint clear to ME the customer, it AINT clear.  You got all clever and condescending but still didn’t answer the question they asked – and didn’t bother to mention that you’re DELIBERATELY not answering it.  

    Perhaps you’re very good at analysing the client’s needs from a technical standpoint.  You should consider putting the same effort and intelligence into understanding their OTHER needs as well.

    • means you need to work on understanding more than the client’s technical needs.  You need to work on your presentation and relationship skills.  
  25. Anonymous says:

    Raymond said: "The fact that they asked the question at all means that making the switch faster wasn’t an option."

    The fact that you got asked how to change "Add / Remove Programs" Control Panel icon functionality doesn’t mean that there isn’t better solution to their problem. You said it best yourself: "I’ve never considered the possibility of X. How does it work?" They don’t consider possibilities, they jump onto the first thought-train.

    /joke on

    During WWII Partisans were hiding from the Germans in a village house near the cornfield. One day, German patrol surprised them and they only had enough time to jump into a well behind the house. When patrol arrived they stopped next to the well and discussed loudly:

    Soldier #1: Where are those darn Partisans?

    Soldier #2: Maybe they are hiding in the cornfield?

    Soldier #1: Shall we throw a grenade into the well just in case?

    Partisan (from a well) : "Maybe they are hiding in the cornfield?"

    /joke off

    Raymond said: "(Maybe the link to the central office is slow.)"

    And maybe they are in the cornfield? :)

  26. Anonymous says:

    Thomas,

    Assuming that you meant instead how to add to the *Control Panel* (what the customer was requesting), the procedure for creating and installing control panel applets is documented in MSDN:

    http://msdn2.microsoft.com/en-us/library/bb776838.aspx

    Knowing the Control Panel API also lets you see it from the other side and talk to the default Add/Remove Programs applet from your wrapper. Presumably what Raymond’s customer would end up with is a simple proxy for the control panel API with a little bit of extra code to do the custom bits.

  27. Anonymous says:

    I’m impressed that you didn’t bring your legendary thermonuclear social skills to bear. After the third question I’d have been very tempted to inform them that I’d already answered their question twice and wasn’t interested in doing so a third time.

    Of course, my perspective might be a little different if it was my job…

  28. Anonymous says:

    Links from the Sharpside [10.30.07]

  29. Anonymous says:

    The customer’s third comment does not indicate a misunderstanding, as I read it.

    You acted as if they wrote, "please tell us what to do again", instead of *how* to configure the policy.

  30. Anonymous says:

    If I correctly understood some MSDN article, before Vista it was not possible to register "just some EXE" as a Control panel item?

    If that’s true, then it’s not surprising that they were confused — they have some already written EXE by them, but they actually needed a CPL to be able to put it there. That explains why they ask again — Raymond’s answers don’t fully solve their problem, and if they knew they needed a new CPL, they’d probably understand the answer.

  31. Anonymous says:

    Sounds like they’re trying to work around the limitation that the Vista ARP does not elevate based on the use of the Modify or Change buttons.

    Here’s to hoping this guy’s installation isn’t a commercially distributed product.

  32. Anonymous says:

    there should be a filter

    on blog posts

    that converts all posts with

    block caps to e e cummings

    style verse.

  33. Anonymous says:

    Igor, I owe you an apology.  I just learnt the hard way to never trust that the browser will render the hash part of the link at the top of the window (it usually does).

    That said, I don’t understand why you can’t accept the premise.  I’m going to generalize here.  There is situation X.  We are all debating between solution A vs. B vs. C.  But you have to insist that the real solution is to change situation X to situation Y, which has a clear solution.

    What makes the problem even worse is that Raymond himself replies to you and writes along the lines of "no, it truly is situation X, what do you do then?"  Yet, you still insist on situation Y.

  34. Anonymous says:

    Most important question this raises for me is – since MS is giving support to malware authors (where "malware" is a term that includes badly-behaved software that people might even pay to install), how do I detect if any malware has done something like this to my machine?

  35. Anonymous says:

    @Nicholas:

    Raymond said “maybe the link is slow”, not “the link is slow”. Others said “maybe they don’t have money”, and I say they most certainly do if they can afford Microsoft support on that level.

    As for the X versus Y — you misunderstood me.

    I am not insisting that my option is the only one. I am just arguing that it is the only real solution to the problem at hand. The other options are workarounds, not solutions.

    [As expensive as calling Microsoft might be, the hardware solution may be even more expensive. (Drilling new holes in the building to get an access point closer to the kiosks, convincing the main office to spring for a higher-speed link connecting the satellite office with the main offices in Chicago…) Or maybe they’re just exploring their options before deciding on a plan of action. -Raymond]
  36. Anonymous says:

    "how do I detect if any malware has done something like this to my machine?"

    Follow Raymond’s suggestion: check for "policy to remove the existing Add or Remove Programs icon from the control panel…"

    Using your logic, all of MSDN is providing support to malware authors. (I’m in a kind mood today, so no snide remarks about Windows from me)

    But this is only a problem if a non-Admin user can install/replace/masquerade Control Panel items. The fact that most people run as Admin is a different rant…

  37. Anonymous says:

    I’m a big fan of starting with, "No, not possible."  Then I’ll give them something that would do the trick once the crazy ideas are out of their heads (assuming they figure that out).  Nice analogy, BTW.  :D

  38. Anonymous says:

    Brilliant work Raymond. Excellent delivery!

    lb

  39. Anonymous says:

    @Kelli Zielinski:

    Funny that’s usually how I start, and boy have they been trying to get that out of my personality.

  40. Anonymous says:

    "Drilling new holes in the building to get an access point closer to the kiosks"

    Yeah, drilling holes is expensive these days, and wireless needs many holes for the signal to travel through :p

  41. BryanK says:

    Igor — the wireless doesn’t need the holes.  The Ethernet cable on the other end of the AP, however, does need them.  It’s rather difficult to get an AP that doesn’t wire itself into anything (even power).  ;-)

    (And no, a wireless repeater won’t work either — that makes the time-until-it’s-ready even longer (or at least, no shorter), because now you’re waiting for both the original AP and the repeater to come up.)

  42. Anonymous says:

    Brian, I know, I said that more as a joke.

    Frankly I don’t even understand why Raymond mentioned drilling holes and moving the switch — distance from the kiosks doesn’t matter if the switch itself is slow. Moving it wouldn’t make it work faster.

    I have a wireless switch in my home which takes approx. 10 seconds to boot and estabilish ADSL link after power loss. It cost me only 40€.

    But lets not go on with this or Raymond will be mad at me for so much offtopic.

    [Maybe the slowness is due to the distance between the access point and its upstream provider. Maybe the slowness is due to slow authentication with the domain controller. Maybe there is no money in the hardware budget for upgrades. Maybe the hardware is leased (not owned) and therefore cannot be upgraded. Maybe the company is obligated to use the lowest-cost bidder. Maybe they are also considering the hardware solution in parallel but are exploring all their options. Use your imagination. -Raymond]

Comments are closed.