Video Screencast Help

HKCU VirtualStore

Created: 27 Mar 2014 | 5 comments

I'm working through this with an app that we have but can't seem to figure out exactly how to do this. We are using SWV 7.5 and Windows 7 x64. We have an app we want to place in SWV but when installed and run by non-admins, sometimes it writes content to both the user's virtualstore in the file stytem and the virtual store in their registry keys. When we disable the layer we want these items to go away since they will interfere with any upgraded versions we would deploy but we don't want any other files to disappear once the layer has been deactivated. Any thoughts on how best to handle this? We can't simply pre-write the contents into the layer since A) its per user and B) the items are not always written there. They are if the user is a non-admin but might not need to be depending on what has been done in the past. (Confusing, I know!).

Any thoughts would be appreciated!

Operating Systems:

Comments 5 CommentsJump to latest comment

delvalled's picture

I'm not sure I completely follow your question:

but we don't want any other files to disappear once the layer has been deactivated. Any thoughts on how best to handle this?

You should try using exclude entries; this will allows you to configure the layer to allow certain file extensions or paths that you want to specify that should write to the base system instead of the writeable sublayer. 

From page 49 of the Symantec Workspace Virtualization 7.5 User's Guide:

Exclude entries let you prevent files from being saved in the redirect area of the layer. By default, when an application layer generates files, those files are saved to the application’s writeable sublayer. If the layer is reset, the files in the writeable sublayer are lost. An exclude entry lets you specify file types or locations on the base system and not in the application's writeable sublayer.

For example, if I create a layer for Notepad++, I can configure the layer to exclude "C:\temp" so that whenever I save a file into C:\temp, these files end up on the base system. When I deactivate my Notepad++ layer, the files I wrote to C:\temp remain, but everything else written in C:\Program Files\Notepad++ disappears.

jpellet2's picture

Yeah, I wasn't exactly clear but I want the opposite. On Windows 7 machines, if you are not an admin on a computer and you have a (poorly, in my opinion) written piece of software, it may want to write back to HKLM but can't. In that case, the OS could try to write the data to HKEY_CURRENT_USER\Software\Classes\VirtualStore. In the case of the applications I am talking about, this location causes major issues if it exists after a traditional software upgrade so we would need it to go away once a layer is deactivated. Does that help explain it a little better.

delvalled's picture

Oh yeah, now I understand what you are asking. You're describing a condition that happens because of User Account Control; quoting from Microsoft's article on registry virtualizion:

Virtualization is intended only to provide compatibility for existing applications. Applications designed for Windows Vista and later versions of Windows should not write to sensitive system areas, nor should they rely on virtualization to remedy any problems.

For those interested in some deeper reading, Inside Windows Vista User Account Control by Mark Russinovich goes into greater detail about the problems UAC solves and describes the architecture and implementation of its component technologies.

I assume from your line of questioning, that when you run the virtualized app, the data written to HKEY_CURRENT_USER\Software\Classes\VirtualStore "leaks" onto the base system? This incorrect behavior (leaking to the base) might be due to UAC as it wants to perform its own virtualizion to the application's registry read/write operations which we might not be able to follow.

OlafK's picture

We had the same issue. Raised a case.

Apparently the VirtualStore mechanism is broken in 7.5+.

Hotfix is currently tested and soon to be released.

balachandar_manimala's picture

“Symantec Workspace Virtualization and Symantec Workspace Streaming 7.5 SP1 HF1” is now GA.