Video Screencast Help
Search Video Help Close Back
to help
New in the Rewards Catalog: Vouchers for "Symantec Technical Specialist" and "Symantec Certified Specialist" exams.

Hide SVS Against Editing

Updated: 29 Jul 2010 | 3 comments
FrankB's picture
FrankB
0 0 Votes
Login to vote

The purpose of hiding SVS is to keep local admin users from noticing that SVS is on the machine. This keeps the machine maintainable - fewer times you need to re-install the OS or software.

To Hide SVS you have to do the following:

  1. Copy the SVSCMD.EXE to the %WINDIR%\System32 folder.
  2. Make a registry setting to hide the fslrdr folder:
  3. Open regedit and go to HKLM\SYSTEM\Altiris\FSL and create a new DWORD value named HideRedirectAreas and set the data value to 1.

    Click to view.

  4. Remove %PROGRAMFILES%\Altiris\Software Virtualization Agent directory.

    When you manage your layers you have to use the SVSCMD.EXE file from now on.

You will have to reboot the computer for this to take effect.

FrankB

blog entry Filed Under:
, ,

Comments

Scott Jones's picture
15
Sep
2008
0 Votes 0
Login to vote
Scott Jones
Symantec Employee

More Pros of Obscuring Redirect Areas, Plus the Limitations

More pros, plus the limitations of obscuring the redirect areas. You need to know all before deciding whether to do this:

Pros:

  • Prevents inventory scanners from hitting on virtualized apps twice (see this).
  • Prevents self-healing shortcuts (esp. Quick Launch shortcuts) from getting "fixed up" by Windows when the app's layer is inactive. By "fixed up" I mean the target gets altered to point to the real path instead of the virtual and you end up running the app (or at least trying to) from the redirect area. Result: either the app breaks, or if it does run it runs as if from the base so is effectively not virtualized.

For these two reason, obscuring the redirect area is usually a best practice. However...

Limitations:

  • Only works for the default redirect areas (usually c:\fslrdr and HKLM\SOFTWARE\fslrdr, or as specified during SVS Agent install). So when you have multiple redirect areas, all the non-default ones will be visible.
  • The purpose of Obscure Redirect Areas is to achieve the benefits above (and esp. the one Frank listed -- to keep nosey users from seeing it and getting curious!). But it is not a security feature. Even when the redirect areas are obscured, users still have their normal Windows permissions for objects (files or reg. values) in the redirect areas and can still access them directly if they know the full path and object name.
  • Can be an annoyance for technicians trying to troubleshoot a layer problem locally on a client. If they want to switch the setting, they have to reboot and then remember to switch it back before handing the machine back to the end user.

Scott Jones
Technical Product Manager
Symantec Endpoint Virtualization

Scott Jones
Business Critical Engineer, Endpoint Virtualization
Symantec Corporation
www.symantec.com
 

FrankB's picture
16
Sep
2008
0 Votes 0
Login to vote
FrankB

That's a long answer for such a short article ;)

Imagine this:

On a University your students need to have administrative access on their machine, for developing or other purposes. Then the above mentioned solution is perfect.

With the Pro's I agree completly, but the con's :)

1. Default Redirect, I agree, but nowadays the system partition is rather big.
2. What a user doesn't know can't harm him.
3. Which technician distributes applications that aren't tested?
______________________________________________
Kind Regards, Frank Bastiaens
Senior Technical Consultant
Vanderlet B.V.

______________________________________________
Frank Bastiaens
Senior Technical Consultant
Vanderlet B.V.

robertser's picture
30
Sep
2008
0 Votes 0
Login to vote
robertser

see also this article

Same problem from 2 years ago.

http://juice.altiris.com/tech-tip/342/how-to-deal-...

Technical Support

Symantec.com

Store

Community Stats

Total Content Items
Members
258,776