为什么我的应用程序允许我将文件保存到Vista中的Windows和System32文件夹? [英] Why does my application allow me to save files to the Windows and System32 folders in Vista?
问题描述
我有一个用Delphi 7编写的应用程序,不需要运行管理员权限。
I have an application written in Delphi 7 which does not require an admin privilages to run.
由于某种原因,即使应用程序,我也可以从应用程序内部将文件保存到c:\windows和c:\windows\system32尚未请求UAC提升。我已以管理员身份登录,并且 UAC已打开,但我尚未更改任何默认的UAC设置。这些文件实际上也显示在Windows资源管理器下。我没有使用以管理员身份运行选项。
For some reason I am able to save files to c:\windows and c:\windows\system32 from within the application even though the application has not requested UAC elevation. I am logged in as an admin with UAC turned on and I haven't changed any of the default UAC settings. The files actually show up under Windows Explorer as well. I am not using the 'Run as Administrator' option.
如果我尝试在同一配置文件下使用写字板执行相同的操作,则会收到预期的错误。
If I try to do the same thing using WordPad under the same profile I get an error as expected.
有什么想法吗?
该应用程序正在使用Ole Structured Storage保存并包含以下清单,
Th application is using Ole Structured Storage to save and includes the following manifest, if that helps.
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity type="win32" name="DelphiApplication" version="1.0.0.0" processorArchitecture="*"/>
<dependency>
<dependentAssembly>
<assemblyIdentity
type="win32"
name="Microsoft.Windows.Common-Controls"
version="6.0.0.0"
publicKeyToken="6595b64144ccf1df"
language="*"
processorArchitecture="*"/>
</dependentAssembly>
</dependency>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges>
<requestedExecutionLevel
level="asInvoker"
uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
编辑:要清楚,我的应用程序默认情况下不会将任何内容保存到这些位置。我通过标准文件保存对话框选择这些位置。
To be clear my application does not save anything to these locations by default. I am choosing these locations via the standard file save dialog.
更新
我发现了为什么我的应用程序被视为旧版应用程序的原因尽管包括上述清单。事实证明,其中也包含第二个清单,其中没有 trustInfo部分。我已经删除了第二个清单,现在一切都很好。
I have found out why my application was being treated as legacy despite including the above manifest. It turns out a 2nd manifest was also being included which did not have the 'trustInfo' section. I have removed this 2nd manifest and all is well now.
感谢所有帮助
推荐答案
这是UAC的一项功能,可以使旧应用程序与Vista兼容。它会将任何用户没有权限写入系统文件夹的请求重定向到本地文件夹。
This is a feature of UAC to make old applications compatible with Vista. It redirects any request to write to a system folder that the user lacks permission to a local folder.
它们存储在 AppData\Local\VirtualStore文件夹下当前用户的个人资料。
有一个禁用此功能的组策略设置:虚拟化文件和注册表对每个用户位置的写入失败
They are stored under "AppData\Local\VirtualStore" folder under the current user's profile. There is a group policy setting to disable this feature: "Virtualize file and registry write failures to per-user locations"
此文件和注册表虚拟化功能是设计为允许旧版应用程序在Windows Vista标准用户帐户下运行。传统应用程序定义为没有特定Vista清单的32位可执行文件。如果您提供Vista清单文件来将您的应用程序装饰为与Vista兼容,则该虚拟化设置不会影响您的应用程序(如您的写字板示例)
This file and registry virtualization features are designed to allow legacy applications to run under Windows Vista standard user accounts. Legacy application is defined as a 32-bit executable without a specific Vista manifest. If you provider a Vista manifest to decorate your application as Vista-compatible, this virtualization setting won't affect your application (as in your Wordpad example)
Mark Russinovich有一个很棒的文章: Windows Vista用户帐户控制内部
Mark Russinovich has a great article on this: Inside Windows Vista User Account Control
这篇关于为什么我的应用程序允许我将文件保存到Vista中的Windows和System32文件夹?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
