Question : When we open CoW local user location we can see that Application has created many folders. Among them we can see two folders with the same name APPV_ROOT & APPV_ROOTS.What is the difference?Any Special reasons why two folders are created?
Answer : When a virtual application requires to make changes to the files or folders during runtime, it does not make changes in package store (%programdata%\App-V).Instead App-V creates Copy on Write (COW) locations and make changes over there during runtime, CoW support both roaming and non-roaming locations.
Roaming CoW Location - %AppData%\Microsoft\AppV\Client\VFS
Local CoW Location - %LocalAppData%\Microsoft\AppV\Client\VFS
In Local CoW location we can see two folders named APPV_ROOT & APPV_ROOTS created during runtime when shortcut makes changes to files/folders.
The S signifies the restricted location when the virtual service requests the change as a different elevated user from the logged on users. The non-S location stores standard user based changes.
In other words from Steve Thomas - Standard users will read and write from the regular directory (with relaxed ACL’s) while elevated processes will read and write to the “S” version.
In a test lab, we have user A named admin who is the local administrator. Lets create four other users USER 1, USER 2, USER 3, USER 4. Among them USER 1 and USER 2 are made as admins and USER 3 and USER 4 are made as standard users. Now Publish the package to the machine globally. When launching the shortcut in admin(local administrator) the runtime files were created in APPV_ROOTS. Launching the shortcut in USER 1 and USER 2, they made changes to APPV_ROOT. The same happens with USER 3 and USER 4 they make changes to APPV_ROOT folder.
Now let us elevate USER 3 and we can see that the changes were written to APPV_ROOTS.
To conclude folders with 'S' (APPV_ROOTS,Common AppDataS, Common ProgramsS,WindowsS etc) are special restricted folders to which only elevated users/Local admin can make changes to.
Answer : When a virtual application requires to make changes to the files or folders during runtime, it does not make changes in package store (%programdata%\App-V).Instead App-V creates Copy on Write (COW) locations and make changes over there during runtime, CoW support both roaming and non-roaming locations.
Roaming CoW Location - %AppData%\Microsoft\AppV\Client\VFS
Local CoW Location - %LocalAppData%\Microsoft\AppV\Client\VFS
In Local CoW location we can see two folders named APPV_ROOT & APPV_ROOTS created during runtime when shortcut makes changes to files/folders.
The S signifies the restricted location when the virtual service requests the change as a different elevated user from the logged on users. The non-S location stores standard user based changes.
In other words from Steve Thomas - Standard users will read and write from the regular directory (with relaxed ACL’s) while elevated processes will read and write to the “S” version.
In a test lab, we have user A named admin who is the local administrator. Lets create four other users USER 1, USER 2, USER 3, USER 4. Among them USER 1 and USER 2 are made as admins and USER 3 and USER 4 are made as standard users. Now Publish the package to the machine globally. When launching the shortcut in admin(local administrator) the runtime files were created in APPV_ROOTS. Launching the shortcut in USER 1 and USER 2, they made changes to APPV_ROOT. The same happens with USER 3 and USER 4 they make changes to APPV_ROOT folder.
Now let us elevate USER 3 and we can see that the changes were written to APPV_ROOTS.
To conclude folders with 'S' (APPV_ROOTS,Common AppDataS, Common ProgramsS,WindowsS etc) are special restricted folders to which only elevated users/Local admin can make changes to.
No comments:
Post a Comment