What is Vista Registry Virtualization?

Windows Vista Registry Virtualization: Overview

Registry virtualization is incorporated in the Microsoft Windows Vista operating system to redirect registry write operations that have a global impact on the system to per-user locations. The operation is transparent to all applications that read information from or write information to the registry.

In Windows operating systems prior to Windows Vista, applications were run only by the administrators. Because of this, applications had free access to various registry keys and system files. However, if a standard user-without administrative rights-tried to run an application, it would fail in absence of the required rights.

Windows Vista registry virtualization fixes this problem and enhances application compatibly by redirecting this operation. This means that when a standard user tries to access and run an application, the required registry entries from the global store “HKEY_LOCAL_MACHINE\Software" are redirected to a virtual location (virtual store) within that user’s profile –HKEY_USERS\<User_SID>_Classes\VirtualStore\Machine\Software.

Registry Virtualization: Classification

Broadly, registry virtualization in Windows Vista can be classified into the following three types:

Open

When a caller does not have write access to a particular registry key but can open it with the KEY_ALL_ACCESS, the required key is opened and provides the caller with maximum allowed access.

However, if the REG_KEY_DONT_SILENT_FAIL flag is disabled for this key, virtualization of the key is implicitly disabled.

Write

When a caller attempting to write a value to a key or create a subkey within this key does not have write access rights to the key, the value is written or the new subkey is created in the virtual store instead of the global store.

For instance, if a standard user tries to write to the key, HKEY_LOCAL_MACHINE\Software\Application_Key_1, registry virtualization redirects the operation to a virtual location within the user profile –HKEY_USERS\<User_SID>_Classes\VirtualStore\Machine\Software\Application_Key_1.

Read

When the caller has to read registry keys both from the virtual and global stores, a merged view of both non-virtual and virtual values are presented to the caller.

For instance, consider that Value1 and Value2 of the registry key HKEY_LOCAL_MACHINE\Software\Application_Key_1 are in the global store and Value3 is in the virtual store. When a user attempts to read these keys, a merged view of all the three keys-Value1 and Value2 from global store and Value3-are presented to the user.

Registry Virtualization: Scope

The scope of Registry virtualization is limited to certain types of applications and processes.

It is enabled only for the following:

  • Registry keys to which a user with administrative privileges can write to.
  • Registry keys included in the HKEY_LOCAL_MACHINE\Software key.
  • 32-bit interactive processes

Registry virtualization does not work for:

  • Non-interactive processes, such as services.
  • 64-bit processes.
  • Processes, such as drivers that work in the kernel mode.
  • Processes with requestedExecutionLevel included in the manifest.
  • Keys and subkeys included in the following registry keys:
    • HKEY_LOCAL_MACHINE\Software\Classes
    • HKEY_LOCAL_MACHINE\Software\Microsoft \Windows
    • HKEY_LOCAL_MACHINE\Software\Microsoft \Windows NT
  • Processes that attempt to perform an operation by impersonating a user

Registry virtualization is just an interim feature included in Windows Vista to provide backward compatibility with already existing applications. This feature will be gradually removed as more and more Vista compatible applications are launched in the market. Therefore, new application developers should not design their applications around this feature. Additionally, you must ensure that all applications designed to work on Windows Vista should not write to any sensitive system areas.