Registry Virtualisation

Executive Summary

Registry Virtualisation is new to Microsoft Windows Vista. Registry Virtualisation provides a solution to a problem specific to Windows Vista.

The problem:    How to provide improved security without decreasing application compatibility?

Registry Virtualisation resolves this problem by adding a layer of abstraction between calling processes and the windows registry, when  virtualisation is enabled for a process¹ it transparently redirects any attempt to access secure areas of the windows registry to instead access an application specific clone of those areas which is held in the current users private registry profile².

Implementaiton Specifics

Registry virtualization is enabled when:

• Running a 32-bit interactive processes (it is assumed 64bit processes will be correctly designed)
• Accessing registry keys under HKEY_LOCAL_MACHINE\Software
• Accessing registry keys requiring Administrator  permissions to modify.

The following registry locations are never virtualised:

HKEY_LOCAL_MACHINE\Software\Classes, HKEY_LOCAL_MACHINE\Software\Microsoft\Windows HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT

1) Registry Virtualisation is enabled for 32bit processes by default unless the process either contains an application manifest disabling it or is Vista aware and disables it via an API.

2) Virtualised registry locations are redirected to the following location for each user: HKEY_ CURRENT_USER\Software\Classes\VirtualStore.

 Return