|WINDOWS10 - User Account Control
Especially the following paths are involved
C:\Program Files (x86)
and maybe other system critical paths.
Moreover some file types may only be altered with administrator rights, thus among many more
which are mostly executable files, which may contain malicious code in the worst. For information that is more detailed please look at the document of Mark Russinovich.
For the program Metric it is now impossible to save basic settings like measure systems, calibration, exposure time or the connection of measure tables or motor drives – all save in Metric.opt within the program path – with one exception: It has to be started with elevated rights. This in turn would tear down the security wall of the system, if the normal user could start program with administrator rights.
To get rid of these problems, Microsoft established the technique called “UAC virtualization”. If a program does not have the rights to write or alter a file in the path of desire, a copy of this file is stored at a special location and this copy (or even not existing file in the destination directory) is virtually shown in the destination directory.
Example: You are logged in as „YouAsAUser“ with normal user rights and want to save the settings to Metric.opt. As you are not allowed to do that within
|C:\Users\YouAsAUser\AppData\Local\VirtualStore\Program Files (x86)\Metric\
The UAC virtualization saves the file to a completely different location.
There is no difference if the administrator has altered your write permission to
If you now go ahead and load your file from
For you as a single user this is extremely handsome. On one hand, you have the high security level by the UAC virtualization and on the other hand, you may keep your practice and save your files and settings where your program is installed.
If in this situation another user logs in as “YourCollegue”, two things will happen:
Your colleague will read on the first start of Metric the originally installed file Metric.opt
On saving, your colleague will create a new Metric.opt in his own VirtualStore, and this copy is only visible to him.
You now have three different Metric.opt: The one installed from the CD, your private copy and yours colleague private copy, although all of you will just see a single Metric.opt in the application path. The only difference will be presumably the size and the creation time. You now have the advantage, that your colleague may not alter your settings. However, if some basic settings like calibration have to be changed, this has to be done for all workers separately, which may be a lot of work, if many workers do their jobs on this machine.
If in your case this UAC virtualization is a problem, you may work around as follows.
The solution UAC File Exclude
A simple user now must not change the settings any more. Only the administrator, who explicitly starts Metric with elevated rights, may alter the settings. If this is the desired solution in your case, you are done. The file “uac opt exclusion.reg” contains the registry entry, which does the job for you and adds the file extension OPT to the excluded extensions.
|Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\luafv\
Those hexadecimal characters code for the string “OPT” in DBCS format and an empty string. By double clicking this file and accepting all UAC questions this entry is made to the registry and a final reboot of the system lets the effects run on your system.
The extended solution “write permission”
|uac opt exclusion.zip
|© KITOTEC GmbH — 2020