I already talked about the virtualization features of Windows Vista in a previous blog post entitled UAC Redirection 4 Fun & Profit. Today, I want to tackle the file redirection that happens when UAC virtualizes your application and you try to write to a location it monitors - like the Program Files directory:

This command prompt was started with Run as Administrator (the window title hints at that). I was UAC-prompted, and then could go about my business. Not so if I would be running it unelevated:

It tells me that I don't have access. Right, not a big surprise, but why didn't virtualization kick in for cmd.exe? Because it is off by default for the command line. How can I turn it on? Well, easy. Go to Windows Task Manager

Add the Virtualization column

After a bit drag & drop magic I made it the second column and I can see which application is virtualized or not. And sure enough, cmd.exe isn't. Right-clicking allows you to change that:

You will be warned that this will possibly affect the running application, but go ahead. And then try again to write to the Program Files location:

This time I can write to Program Files - wait a second, really? No, it of course went to the virtual store for this user account:

As you can see, it lives next to files from a heck a lot of applications that wanted to write to somewhere (like system32) where they didn't have access to - but virtualization (on by default for applications except those opting out explicitly) took care of the disk operations and redirected them to the virtual store. Note that a well-written application (ie one that doesn't require administrative rights) wouldn't show up here...