VMware Horizon Community
EricNichols
Hot Shot
Hot Shot
‎05-29-2019 09:49 PM

Legacy apps and compatibility with VDI and UEM

I thought I'd share some tricks we have used to get legacy apps to work on newer versions of Windows and to persist their data.

For HKLM settings you want to persist you can either change the permissions of the desired key on the golden image so that during uem import, the key can be modified or you can use registry virtualization

Registry Virtualization - Windows applications | Microsoft Docs  which I think is more difi ult to set up. Either way, be as selective as possible by modifying just the key you are trying to persist instead of opening up the permissions of the entire HKLM. Similarly, with UAC on and LUA principles followed, we resort to using UEM to capture files from %localappdata%\virtualstore\

Security: Inside Windows Vista User Account Control | Microsoft Docs

For legacy apps that use .ini files in protected locations, you can use .ini file mapping which stores the .ini values in the registry instead.

https://support.microsoft.com/en-us/help/102889/mapping-ini-file-entries-to-the-registry

Microsoft provides the Application Compatibility Toolkit. The kit let's you create a custom shim database which modifies the behavior of specific apps like reading and writing to different file locations using the CorrectFilePaths command.

https://support.microsoft.com/en-us/help/317510/how-to-use-the-compatibility-administrator-utility-i...

We have half a dozen legacy apps that use at least one if not two of these tricks. While making someone a local admin or elevating a process with UEM is an option, it is the easy way out and leaves you vulnerable.

Reply
0 Kudos
1 Reply
ijdemes
Expert
Expert
‎05-31-2019 12:14 AM

Interesting! Thanks for sharing EricNichols​!


\\ Ivan
---
Twitter: @ivandemes
Blog: https://www.ivandemes.com
Reply
0 Kudos