Re: Repost: Using SetTokenInformation to control file system virtualization on Vista?
- From: jetan@xxxxxxxxxxxxxxxxxxxx ("Jeffrey Tan[MSFT]")
- Date: Tue, 05 Dec 2006 07:45:44 GMT
Hi Jordan,
Thanks for your patient.
Below is the feedback information I got from one of the Vista security
developer:
1. Nope. SetTokenInformation() is already a high-level API :)
2. That's the only effect, but note that you're dancing on the edge of
what's supported when you tinker with a process's virtualization state.
Virtualization is intended as a bridge technology that we will remove in
the future once enough applications work without needing its assistance
(ideally Windows 8, but we'll see), so there are no guarantees with what
will happen if you build in assumptions on it (though the API and infolevel
will always be there). For example, the call will have no effect in a
process where virtualization cannot be enabled (e.g., a process with an
application manifest that specifies a "requestedExecutionLevel").
3. Yes, 0 and 1 are the actual values.
4. Nope -- virtualization is explicitly disabled under impersonation, so
the setting is ignored in the thread token (i.e., process token only).
Below is some more information:
For both file and registry virtualization, we disable virtualization for
the call if the thread effective token type is not TokenPrimary. Given the
final design, it probably makes more sense to simply query the process
token. We will look into this.
Hope this helps.
Best regards,
Jeffrey Tan
Microsoft Online Community Support
==================================================
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif
ications.
Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/subscriptions/support/default.aspx.
==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
.
- Follow-Ups:
- References:
- Repost: Using SetTokenInformation to control file system virtualization on Vista?
- From: Jordan Russell
- Re: Repost: Using SetTokenInformation to control file system virtualization on Vista?
- From: Jeffrey Tan[MSFT]
- Re: Repost: Using SetTokenInformation to control file system virtualization on Vista?
- From: Jordan Russell
- Repost: Using SetTokenInformation to control file system virtualization on Vista?
- Prev by Date: Setting Default SChannel CSP for SSL
- Next by Date: Re: custom CSP
- Previous by thread: Re: Repost: Using SetTokenInformation to control file system virtualization on Vista?
- Next by thread: Re: Repost: Using SetTokenInformation to control file system virtualization on Vista?
- Index(es):
Relevant Pages
|
