Application Support
File and Registry Virtualization
Windows 7 uses a feature called File and Registry virtualization to enable nonadministrator users to run applications that previously required administrative privileges to run correctly.
Some applications write to the Registry and to protected folders, such as C:\Windows and C:\Program Files. For nonadministrator users, Windows 7 redirects any attempts to write to protected locations to a per-user location. By doing so, Windows 7 enables users to use the application successfully while it protects critical areas of the system.
- Some pre-Windows 7 applications store data and configuration settings in file and registry locations that were not meant for this purpose.
- With User Account Control, Windows 7 can distinctly recognize and control access to sensitive system areas. The 32-bit version of Windows 7 has virtualized select system file and registry areas for backward-compatibility with pre-Windows 7 applications.
- Some of the key system areas that are virtualized include:
- HKEY_LOCAL_MACHINE\Software: A registry area that stores software conf guration settings applicable to the entire computer.
- %SystemRoot%: A system variable that identif es the location of the Windows 7 operational files. This is typically C:\Windows.
- %ProgramFiles%: A system variable that identif es the location where applications are installed by default. This is typically C:\Program Files.
- File and registry virtualization is not supported in the 64-bit version of Windows 7.
- UAC-aware applications can include an XML formatted description of application compatibility settings stored either in an application DLL, an executable, or a separate file that is called the application manifest. The application manifest can identify the application as UAC aware, which disables UAC file and registry virtualization automatically for that application. If a non UAC aware application is run with elevated privileges, that is, allowing it to run as Administrator, file and registry virtualization is not used for that application while it is running with elevated privileges. Running a legacy application with more permission than required is not a best practice.