Why does my application allow me to save files to the Windows and System32 folders in Vista?

Question

I have an application written in Delphi 7 which does not require an admin privilages to run.

For some reason I am able to save files to c:\windows and c:\windows\system32 from within the application even though the application has not requested UAC elevation. I am logged in as an admin with UAC turned on and I haven't changed any of the default UAC settings. The files actually show up under Windows Explorer as well. I am not using the 'Run as Administrator' option.

If I try to do the same thing using WordPad under the same profile I get an error as expected.

Any ideas what is going on?

Th application is using Ole Structured Storage to save and includes the following manifest, if that helps.

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
    <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
    <assemblyIdentity type="win32" name="DelphiApplication" version="1.0.0.0" processorArchitecture="*"/>
<dependency>
<dependentAssembly>
  <assemblyIdentity
    type="win32"
    name="Microsoft.Windows.Common-Controls"
    version="6.0.0.0"
    publicKeyToken="6595b64144ccf1df"
    language="*"
    processorArchitecture="*"/>
</dependentAssembly>
</dependency>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
            <security>
                    <requestedPrivileges>
                            <requestedExecutionLevel
                                   level="asInvoker"
                                   uiAccess="false"/>
                    </requestedPrivileges>
            </security>
    </trustInfo>
</assembly>

Edit: To be clear my application does not save anything to these locations by default. I am choosing these locations via the standard file save dialog.

Update

I have found out why my application was being treated as legacy despite including the above manifest. It turns out a 2nd manifest was also being included which did not have the 'trustInfo' section. I have removed this 2nd manifest and all is well now.

Thanks for all the help

Answer 1

I am running as an admin with UAC turned on.

Do you mean that you are logged on as Administrator or do you mean that you run your Delphi application with the option "Run as administrator" (i.e. with an elevated token)?

If the latter is the case than your application will have permission to write to C:\Windows.

Answer 2

This is a feature of UAC to make old applications compatible with Vista. It redirects any request to write to a system folder that the user lacks permission to a local folder.

They are stored under "AppData\Local\VirtualStore" folder under the current user's profile. There is a group policy setting to disable this feature: "Virtualize file and registry write failures to per-user locations"

This file and registry virtualization features are designed to allow legacy applications to run under Windows Vista standard user accounts. Legacy application is defined as a 32-bit executable without a specific Vista manifest. If you provider a Vista manifest to decorate your application as Vista-compatible, this virtualization setting won't affect your application (as in your Wordpad example)

Mark Russinovich has a great article on this: Inside Windows Vista User Account Control

Answer 3

The files will end up in a virtual location under your user directory, unless you have UAC disabled.