我看到了几个问题,而这些问题恰恰相反;“我怎么说不能够做到虚拟化?” 这不是我的问题。 我想强迫申请使用虚拟网站enabled。
我的申请仅根据Windows XP进行罚款,但由于其组合写给其工作名录(“C:Program 文件(x86)”的子文件,它没有完全按照Windows 7开展工作。 如果我使用任务主管机构来转而使用美国航空和海运局的虚拟化,它就会节省其没收的罚款,但当然,它可以装上这种装饰。
I do not want to set it to run as administrator, as it does not need those privileges. I want to set it to run with UAC Virtualization enabled.
I 。 NTCurrentVersionAppCompatFlags。 就完整性而言,我也把它列入<代码>Wow6432Node,但两者都没有效力。
在某些假设情景中,档案系统已经虚拟化,因此,你问,在你的申请没有资格时,如何继续这样做? http://technet.microsoft.com/en-us/library/d835540%28WS.10%29.aspx”rel=“noreferer” MSDN:
虚拟化在以下情况下并不适用:
虚拟化不适用于升级和运行完全有行政出入的申请。
Virtualization supports only 32-bit applications. Non-elevated 64-bit applications simply receive an access denied message when they attempt to acquire a handle (a unique identifier) to a Windows object. Native Windows 64-bit applications are required to be compatible with UAC and to write data into the correct locations.
Virtualization is disabled for an application if the application includes an application manifest with a requested execution level attribute.
这一点可能已经太晚了,但我是你发现的启动联安会虚拟化的建议的提出者,我的职位上存在错误。 登记册的关键是:
HKLMSoftwareMicrosoftWindows NTCurrentVersionAppCompatFlagsLayers
HKCUSoftwareMicrosoftWindows NTCurrentVersionAppCompatFlagsLayers
(notice the "Layers" appended)
举例说:
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionAppCompatFlagsLayers]
"C:\Program Files (x86)\Some Company\someprogram.exe"="RUNASINVOKER"
指出多重参数必须与空间特性分开。
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionAppCompatFlagsLayers]
"C:\Program Files (x86)\Some Company\someprogram.exe"="WINXPSP3 RUNASINVOKER"
纽约总部
我对你因我的错误而失去公正时间表示真诚的担忧。
顺便说一句,请允许我表示,我不同意伊恩·博伊德的哨所。 某些地方不应给予每个人书面特权,例如这种特权,因为它打破了“整个系统书写应只授予特权主”的基本安全规则。 方案档案是一个全系统的地方,而不是一个用户。
当然,所有规则都有例外,但在目前情况下,人们可以想象一个恶意编造的配置文件,使方案成为一种任意的指挥,因为使用者可以操作。 在较轻的方面,人们可以想象另一个用户会“删除”,这样就会使情况失败。 在较重的方面,方案卷宗中的可诉人往往由行政当局管理,更早或更晚。 即便你不希望,不停的方案也常常是无所作为的迫害,这些迫害存在于方案档案中。 也许不停的程序将使用这种编织文件,如果它恶意地编造,可能会产生后果。
当然,你可以说,这种声音是用某种方式商定的。 在Win XP时代,我确实在方案档案中修改了某些NNTFS ACL,并且后来能够睡觉,但为什么在有这些工具时风险最小?
在UAC虚拟化工作的情况下,我发现一个没有很好地引述的情况:当Program 文件上的文件作为 仅限时。
也就是说,将文件<代码>C:Program files<whatever>config.ini标记为仅读。 当申请试图改变时,UAC虚拟化将退回一个的出处,否认了<>错误/指示”,而不是将其重新编为<%LOCALAPPDATA%VirtualStore<whatever>config.ini。
尽管我没有找到这种文件,但这种行为可能是通过设计进行的,因为它有一定意义。
解决办法很简单:确保申请修改的所有档案不只读(或仅仅不上所有档案,因为用户将无法改变这些档案)。
页: 1 只有署长才能修改网站byault<>>>上的登记钥匙或档案。
如果你运行Windows 2000,或Windows XP,或Windowsista,或Windows 7,或Windows 8,,解决办法是:
For example, if your program needs to modify files in:
C:Program FilesBlizzardWorld of Warcraft
接着,World of Warcraft。 事实上,这是Microsoft应用于World of Warcraft的一件事。 (下一年,它给予每个人完全控制,即无论谁是使用者,如何更新自己。)
如果您希望用户能够在某个地点修改档案:必须给予许可。 如果是标准 用户试图在Windows XP上操作WWWWWWWWWWWW,你会遇到同样的问题,需要采用同样的解决办法。
您的申请是:
C:Program Files (x86)Hyperion Propreferences.ini
那么,事实上,你希望将
So your:
Configuration.ini发放许可证不是一件坏事;它使你管理服务器。
There are two solutions:
C:ProgramDataContosoPreferences.ini and ACL it at install timeC:Program FilesContosoPreferences.ini and ACL it at install time如果你看看微软上诉委员会的指导:
一项共同应用守则更新是:用于向方案档案撰写档案的神秘申请。 它感到好像把它放在其他位置。 我的申请名称已经上了,而且由于我的用户是行政,它工作得当。 但现在我看到,这也许不会像我曾经认为的那样成为 stick事的场所,因为美国退休人员协会甚至拥有像用户一样的标准特权。 因此,我应当把我的档案放在什么地方?”
<>strong>FOLDERID_ProgramData
用户永远不想在探索者这里浏览,而此处改变的环境应当影响到机器上的每一用户。 缺省地点是安装视窗的系统支离破碎的ProgramData。 You'll 希望创建您的名录,并确定您在安装时间所需的《欧洲常规武装力量》。
因此,你有两个解决办法:
唯一的区别是调和。 http://strong>Program 文件夹指节目files。 你不想在这里储存数据。
有时,机器与Program 文件相形。 你不希望掌握你的形象。 这些数据载于ProgramData。
它不是一个安全问题。
有些人必须了解安全边界在哪里。
there are quite some good points in those other answers.
actually i have upvoted all of those.
so let s all combine them together and add some more aspect ...
the OP mentions some "legacy application from the old days".
so we can assume it is x86 (32bit) and also does not include any manifest (and in particular does not specify any "requestedExecutionLevel").
纽约总部
Roman R. has good points in his answer regarding x64 and manifest file:
https://stackoverflow.com/a/8853363/1468842
but all those conditions don t seem to apply in this case.
NovHak outlines some AppCompatFlags with RUNASIVOKER in his answer:
https://stackoverflow.com/a/25903006/1468842
Diego Queiroz adds intersting aspect regarding the read-only flag in his answer:
https://stackoverflow.com/a/42934048/1468842
Ian Boyd states that probably you don t even should go for that "virtualization", but instead set according ACL on those files of interest (such as "config.ini"):
https://stackoverflow.com/a/12940213/1468842
and here comes the addtional / new aspect:
one can set a policy to disable all virtualization - system-wide:
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionPoliciesSystem]
"EnableVirtualization"=dword:00000000
actually i m enforcing this policy on each and every system that i own.
because otherwise it will lead to confusing behaviour on multi-user environments.
where UserA applies some changes and everything goes fine.
but then UnserB does not get the changes done by UserA.
in case some old crappy software fails then it should "fail"!
and not claim that everything went "fine".
IMHO this "Virtualization" thing was the worst design decision by microsoft, ever.
这一制度或许是能够促成的,为什么虚拟化会给你带来影响?
纽约总部
<>>很可能是
requestedExecutionLevel)?EnableVirtualization to 0?RUNASIVOKER?纽约总部
in the end we are discussing how to get on old legacy application to run.
by using whatever workarounds and hacks we can think of.
this should probably better discussed on either superuser or serverfault.
在<代码>stackover>(针对> programrs)上,我们都知道:它需要时间才能使我们自己的所有方案符合UAC的概念,以及如何实施“权利”方式——“microsoft”方式:
When a process is running at the low integrity level, you can t write to %temp% so I need a way to find the path to the %temp%Low directory (Without hardcoding the word "Low")
I am trying to write a batch file for my users to run from their Vista machines with UAC. The file is re-writing their hosts file, so it needs to be run with Administrator permissions. I need to be ...
I have a VB6 application that still references some old VB5 libraries (dll, vbr, tlb, and ocx). We re having some strange issues like it can t read the registry using advapi32.dll. I ve tried running ...
This is a driving me nuts. I have searched all over StackOverflow and read all about UAC. But I m still running into a problem. Using VS 2008, I have a simple program that does nothing but this: ...
I have written a wizard in C++ which installs some files to the program files folder under windows. As I understand, I need Admin rights to write to program files under Vista/7. So my question is: Is ...
I am trying to build an automation application in C# 2005 express edition under windows vista. Problem is, Whenever I try to run this application, either from IDE or directly compiled executable under ...
Since Vista & windows 7 came out some of my .NET application has started throwing security exceptions. I ve noticed that some applications (i.e. my antivirus, control panel) have a small shield ...
For a while now the installer for my program has used the below code to make my app run with administer privileges. But it seems to have no effect under Windows 7. In Vista it worked beautifully. If I ...