faxedhead

Update: I just found a Microsoft PPT file at the following location: http://download.microsoft.com/download/d/c...ows%20vista.ppt The 2nd last slide (UAC FAQ) says: What areas of the Registry and File system get redirected? – HKLM\Software, %SystemRoot%, %ProgramFiles% No mention of %ProgramData%.

According to all the literature, %ProgramFiles%, %ProgramData% and %SystemRoot% are virtualized for legacy processes. This means that if a legacy process attempts to perform a file operation in any of these locations that would normally be denied (e.g. if the ACL for the file/folder prevents it, such as if the process is running as a standard user), the virtualization subsystem in Vista will kick in, perform the operation in the user's Virtual Root and the process will think it succeeded. I can reproduce this behaviour with the %ProgramFiles% and %SystemRoot% directories, but NOT on the %ProgramData% directory. This directory does has a different ACL on it - it allows standard users write access (which is correct, since this contains the %AllUsersProfile%, where standard users should be able to write). So if you create a test folder under %ProgramData% and remove access to write to that folder for the currently logged in user, a normal (non-virtualized) process will receive "Access denied" when trying to write there. However if you then go to Task Manager and change the process to be virtualized, the write should then appear to succeed (with the operation being perform in the Virtual Root). However you still get "Access denied". I've tried this on multiple PCs running Vista Business x86. I also assume that virtualization applied to subdirectories under %ProgramData% as it does with %ProgramFiles%. This test to me shows that %ProgramData% is in fact not virtualized. Can anyone confirm?