1 Reply Latest reply on May 31, 2019 12:14 AM by ijdemes

    Legacy apps and compatibility with VDI and UEM

    EricNichols Hot Shot

      I thought I'd share some tricks we have used to get legacy apps to work on newer versions of Windows and to persist their data.

       

      For HKLM settings you want to persist you can either change the permissions of the desired key on the golden image so that during uem import, the key can be modified or you can use registry virtualization

      Registry Virtualization - Windows applications | Microsoft Docs  which I think is more difi ult to set up. Either way, be as selective as possible by modifying just the key you are trying to persist instead of opening up the permissions of the entire HKLM. Similarly, with UAC on and LUA principles followed, we resort to using UEM to capture files from %localappdata%\virtualstore\

      Security: Inside Windows Vista User Account Control | Microsoft Docs

       

      For legacy apps that use .ini files in protected locations, you can use .ini file mapping which stores the .ini values in the registry instead.

      https://support.microsoft.com/en-us/help/102889/mapping-ini-file-entries-to-the-registry

       

      Microsoft provides the Application Compatibility Toolkit. The kit let's you create a custom shim database which modifies the behavior of specific apps like reading and writing to different file locations using the CorrectFilePaths command.

      https://support.microsoft.com/en-us/help/317510/how-to-use-the-compatibility-administrator-utility-in-windows

       

      We have half a dozen legacy apps that use at least one if not two of these tricks. While making someone a local admin or elevating a process with UEM is an option, it is the easy way out and leaves you vulnerable.