Feb 05, 2014 - 1 Comments - Virtual Vibes -

Global Registry State Changes in App-V 5.0

We have come a long way from the good ol’ .pkg files we had back in days on 4.x. I have discussed at length both App-V 5.0 – OS Integration – State Changes and Global File State Changes in App-V 5.0, but what about when we make changes to global locations of registry for our application?

We can break down how this is handled into two categories; Admin and Non-Admin.

Admin

So you launch an App-V application as an Admin user and make a change to a global setting;

For example here I have chosen to enable automatic checks for updates and betas. This is a global change that writes to HKLM. As we are logged in as an admin user we write the change into HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\AppV\Client\Packages\CA43F9E3-4C6F-4A71-8EE9-977EF8FF5F20\S-1-5-21-2435128332-2813322235-3721083121-500\REGISTRY\MACHINE\Software\Paint.NET

Notice we store the change not only under the context of the package itself but also under the sub-context of the Users SID, this means this particular change although global will only actually take affect for this particular user thus protecting other users on the same machine picking up another individuals changes.

Non-Admin

So what about non-admin users? Well first of all we expect our applications to behave differently for non-admin users in that they shouldn’t be able to affect global change, this is a reliance on how the application itself is written first and foremost. For example Paint.NET in this case prevents users from changing its update settings:

However does anything stop us cracking open a regedit inside the bubble and changing our global registry keys in HKLM regardless? The answer is no…

For example here I have gone in as a non-admin user and changed the CHECKFORBETAS value in HKLM to hold the value virtualvibes. How is this possible!!

Well if we open up a local regedit we can see how this is handled. As a non admin cannot write to HKLM machine we find the changes being written to HKCU:

HKEY_CURRENT_USER\Software\Classes\AppV\Client\Packages\CA43F9E3-4C6F-4A71-8EE9-977EF8FF5F20\REGISTRY\MACHINE\Software\Paint.NET

Now notice this is actually under the classes section of registry and not where we normally go to view traditional registry state for the user. This location is reserved for non-elevated processes writing to HKLM.