2. Aaron Margosis Principal Consultant Microsoft Session Code: CLI405

3. Some Available Techniques Get rid of the app! Let Windows handle it File/registry virtualization Limitations on file/registry virtualization Update the application Acquire new version from vendor Fix compatibility bugs in the source code Apply shims Pre-install required files, registry keys Employ application or machine virtualization

4. When to Use Shims Define standards for when to use this technique: Vendor no longer in business Internal applications Support negotiable Shimming applications can be outsourced

5. ApplicationApplication WindowsWindows How Shims Work Shim DLL ImportFunctionImportFunctionExportFunctionExportFunction ImportFunctionImportFunction

6. When Shims Are Used Windows APIs Kernel32 Kernel32 User32 User32 Advapi32 Advapi32 OleAut32 OleAut32 … Windows APIs Kernel32 Kernel32 User32 User32 Advapi32 Advapi32 OleAut32 OleAut32 … AppY.exe v 2.3.4.5 Windows loads app. Checks AppCompat DB(s). Match found: Selected API calls intercepted and modified. AppY.exe v 2.3.4.5

7. Some Useful Shims Problem Type Shim Bad Windows version checks Version Lie Shims (e.g., WinXPSP3VersionLie) Writing to HKCR at runtime VirtualizeHKCRLite Unnecessary checks for “am I admin?” ForceAdminAccess Writing to WRP-protected keys and files WRPMitigationWRPDllRegisterWRPRegDeleteKey Windows thinks your app is an installer SpecificNonInstaller Writing to protected folder and registry locations CorrectFilePathsVirtualRegistry Using kernel object in global space LocalMappedObject

8. Detailed Shim Information Install App Compat Toolkit and look in act.chm Also on technet.microsoft.com Chris Jackson’s blog (blogs.msdn.com/cjacks)

9. Show me the shims

10. How do I know what's wrong? Problem Type Symptoms Invalid Windows version check Says “This app requires Windows XP” Admin rights issue Says “Requires admin rights”, or Fails non-elevated, works elevated (Caveat about testing elevated) Security configuration Works when Group Policy or security template setting is removed New platform Works with Windows Classic theme

11. Testing environment Have multiple configurations available Be able to reimage quickly Virtual machines (snapshots, undo disks) MDT deployment (e.g., PXE boot) Apply security policies to local Group Policy rather than domain LGPO utilities: blogs.technet.com/fdcc

12. Tools for identifying specific issues Sysinternals Process Monitor Standard User Analyzer (App Compat Toolkit) LUA Buglight v2.1 just released Includes support for Windows 7 and x64 http://blogs.msdn.com/aaron_margosis/pages/Lua Buglight.aspx

13. LUA Buglight, Process Monitor, SUA

14. www.microsoft.com/teched Sessions On-Demand & Community http://microsoft.com/technet Resources for IT Professionals http://microsoft.com/msdn Resources for Developers www.microsoft.com/learning Microsoft Certification & Training Resources Resources Required Slide Speakers, TechEd 2009 is not producing a DVD. Please announce that attendees can access session recordings at TechEd Online. Required Slide Speakers, TechEd 2009 is not producing a DVD. Please announce that attendees can access session recordings at TechEd Online.

15. Complete an evaluation on CommNet and enter to win an Xbox 360 Elite!

16. © 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION. Required Slide