UAC Virtualization and file syncronization

Discussion in 'other software & services' started by m00nbl00d, Mar 29, 2013.

Thread Status:
Not open for further replies.
  1. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    I'm having a doubt about why something is happening.

    But, first of all, some background information. My USB modem software was developed with the mind that the user runs as administrator, and therefore when this software was installed, it changed permissions to its folder under Program Files to allow full permissions to the groups Users and Everyone. I reset those permissions to reflect the parent (Program Files folder) permissions. This was done a couple years back, when I last reinstalled Windows 7.

    It was only yesterday :oops:, that I realized that some synchronization is happening.

    But, for you to understand what I'm trying to say, first one should say that when UAC is enabled, and a process that wants to write to Program Files, but can't do it, UAC will virtualize (redirect) the actions to the folder Virtual Store, which is placed in each user profile folder.

    To my surprise, I was checking some stuff at the program's folder at Program Files, and I accidently typed something in a configuration file and saved it, and was actually able to do it so. I was like "What the heck...". Then, it came to mind this could be related with the UAC virtualization procedure. So, I went to the VirtualStore folder and indeed the file was also there and with the change. I edited the file (within the VirtualStore folder), and the change reflected back in the "Program File\SoftwareFolder".

    This is the first time I notice this happening, for any application that UAC virtualizes changes to Program Files dir. So far, all changes affecting other programs only happen in the VirtualStore folder, but never reflect to Program Files.

    I still haven't delved much into it, as I still didn't have much time, but so far I couldn't find any relevant information about UAC virtualization + file synchronization. I'm wondering if anyone knows about some Microsoft technical documentation that mentions this kind of situation?


    Thanks!

    P.S: If for some reason, I wasn't clear enough, let me know and I'll try to explain using other words, if I can. :)
     
  2. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    I did some testing, and apparently, the same situation happens to other files (*.ini, *.json and maybe other kind of configuration file as well) belonging to other applications as well.

    Not sure why this file sinchronization is happening, though. Does anyone else experience the same?
     
  3. new2security

    new2security Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    492
    Interesting but disturbing find. I haven't suffered (yet) from the quirks you described but will keep my eyes open. After a new installation I use Accesschk to find any folders that possibly have been altered e.g. messed up ACL's.
     
  4. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    4,047
    Location:
    USA
    Are you 100% positive when you reset it that you applied that change to all child items?
     
  5. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    At first I thought this was only happening to the USB modem software configuration files (in the Program Files folder), but this seems to happen with any change done to configuration files (*.ini, *.json, etc) belonging to other programs as well. So, my initial suspicion this was just with the USB modem software was wrong.

    For instance, I can modify Chromium's *.json's files from within C:\Program Files\ChromiumFolder\, which then reflects in the VirtualStore folder as well (UAC virtualization).

    While this is a bit "disturbing", because for some reason this synchronization is happening, it must be said the this changes won't affect (I checked) the real Program Files dir, because if you access the C:\Program Files\ChromiumFolder\ using a different user account, the changes won't be seen.

    This situation happens because of UAC virtualization. I just wasn't aware that synchronization was involved in the UAC virtualization.

    As a test, if any one of you is running Chromium/Chrome (under Program Files), can you edit some *.json file (you should be able to find one in the PepperFlash folder), save the change and see if it successfully saves it? Then go to C:\Users\User\AppData\Local\VirtualStore and look for the folder/file related to Chrome/Chromium. Then edit it there as well, and you'll see the change will reflect back to the Program Files folder. (It's just a kind of a virtual change, not a real one, affecting all accounts.)

    -edit-

    This could happen because these applications have a manifest (file or embedded) telling Windows to do certain actions. For instance, if I try to change *.xml files in the Windows Media Player folder, I can't do it. But, I can change (due to UAC virtualization) other *.XMLs belonging to other apps.
     
Loading...
Thread Status:
Not open for further replies.