Beyond Disabling UAC: Disable Virtual Store

by Jon 2/5/2008 7:22:00 AM

Something I like about Windows Server 2008 x64 is that it (finally) gives the user the benefit of a doubt when disabling the advanced security options in Internet Explorer. Now it automatically prompts me to install ActiveX controls, for instance, and when I download files from the Internet I no longer have to right-click the file, choose Properties, and "Unlock" before I can use them without security warnings (this being something I've been habitually doing on all file downloads since IE7 was released).

But all is not trusting. I was tinkering with the recent release of the the new OS when I noticed as I was saving stuff to my Program Files directory in a new subdirectory that the new subdirectory didn't exist. Namely, I downloaded Notepad2 and attempted to create a new directory at C:\Program Files (x86)\ called "Notepad2" where I would save the file, then open the directory up in Windows [File] Explorer to unlock and extract the .zip file. Lo and behold, my Internet Explorer "Save As..." dialogue box told me I was looking right at C:\Program Files (x86)\Notepad2, but Windows Explorer insisted that no Notepad2 directory exists in C:\Program Files (x86). Could it be a bug?

Directory virtualization, perhaps? Indeed, I've seen Microsoft do this more and more lately. I knew where to look: C:\Users\jdavis\ ... hmm that's right, Local Settings got moved to AppSettings\Local. VirtualStore? Yes! There it is! "Program Files (x86)", and in there, a "Notepad2" directory, all by itself.

I don't want this. I REALLY don't like this. Microsoft implemented this virtualization feature to work around insecure design bugs in software. Whose software, though? Theirs? Ours? Third parties?

I mean, come on, Microsoft, if you're going to virtualize the Program Files directory like this, go all the way with it and do it in Windows Explorer and the command prompt as well. Heck, do it at the kernel level so that any app running in user space sees this thing where it really is.

Or not. I don't like virtualized paths. It's an administrative nightmare. Let's disable this thing.

So, after turning off UAC from the User Accounts control panel, which I hadn't done yet to this point, I rebooted and still had this problem. Then I tried disabling Local Security Policy -> Security Settings -> Local Policies -> Security Options -> User Account Control: Virtualize file and registry write failures to per-user locations. I think this fixed it. I'll update this blog entry if I find otherwise.

I realize why Microsoft implemented this file path virtualization thing, but IMO it's a crutch and does NOT demonstrate good computing practices despite what some IT folks would proclaim. This is the kind of stuff that just makes computing all the more confusing and difficult to work with. While the intentions were valid, we don't need anymore unexpected twists and turns in our computing experiences.

Currently rated 4.7 by 11 people

  • Currently 4.727273/5 Stars.
  • 1
  • 2
  • 3
  • 4
  • 5

Tags: , , ,

Microsoft Windows

E-mail | Kick it! | DZone it! | del.icio.us
Permalink | Comments (1) | Post RSSRSS comment feed

Related posts

Comments

5/14/2008 11:47:39 PM

Bjorn

As a fairly Sr. IT person at a fairly large company, I was intially a fan of UAC. I figured it was a pain, but in the end was worth it. But, now after living with UAC and more specifically VirtualStore I am just suprised that such a poorly thought out, poorly implemented plan with an obvious "screw the customer, we know what is best" plan was ever shipped. It is beyond stupid.
Thanks for sharing this tidbit. Much appreciated.

Bjorn no

Add comment


(Will show your Gravatar icon)  

  Country flag





Live preview

10/7/2008 9:39:31 PM


 

Powered by BlogEngine.NET 1.2.0.0
Theme by Mads Kristensen

About the author

Jon Davis Jon Davis (aka "stimpy77") is a software and web developer by day and a software and web enthusiast (geek) by night. He was recently a senior web engineer for the enthusiast division of a major magazine publishing company for nearly two years. He has been a programmer, developer, and consultant for web and Windows software solutions professionally since 1997, with experience ranging from OS and hardware support to DHTML programming to IIS/ASP web apps to Java network programming to Visual Basic applications to C# desktop apps.
 
Software in all forms is also his sole hobby, whether playing PC games or tinkering with programming them. "I was playing Defender on the Commodore 64," he reminisces, "when I decided at the age of 12 or so that I want to be a computer programmer when I grow up."
 
Jon is currently engaged in a short-term ASP.NET contract and is available for hire for short-term or permanent work in Phoenix or via telecommute.
E-mail me Send mail

Calendar

<<  October 2008  >>
MoTuWeThFrSaSu
293012345
6789101112
13141516171819
20212223242526
272829303112
3456789

View posts in large calendar

Pages

    Recent posts

    Recent comments

    Archive

    Authors

    Tags

    Categories


    Blogroll

    Download OPML file OPML

    Disclaimer

    The opinions expressed herein are my own personal opinions and do not represent my employer's view in anyway.

    © Copyright 2008

    Sign in