Finding solutions to application incompatibility in Windows Vista

Prepare for Windows Vista migration by evaluating every application for compatibility.

Danielle Ruest
Danielle Ruest
Although the adoption of Windows Vista may be lagging behind Microsoft's expectations, there is no doubt that people will be moving eventually to this powerful platform. Making the switch can be easier with a little preparation.

A major roadblock to adoption in the minds of IT mangers is the lack of a service pack. This will soon be resolved as Microsoft releases SP1 in early 2008. Another is the lack of application compatibility, but there are some specific changes that affect how applications work on this new environment.

Nelson Ruest, Contributor
Nelson Ruest
One of those key areas is security. There are a number of changes in the way Windows Vista behaves and in the way applications run in Vista based on Microsoft's new security model. For example, User Account Control (UAC), which automatically runs every process in standard user mode, has a direct impact on most applications. It grants each user a standard user token with low-level access rights. Each time a process requires administrative access, it queries the user to see if it can be granted.

More on Windows Vista migration
Avoiding software conflicts in a Windows Vista migration

Troubleshoot your Windows Vista woes with your peers at ITKnowledge Exchange.
Of course, if you have access to an administrative account, you can determine whether or not you wish to grant access. But problems arise -- sometimes major problems -- when you don't have these elevated access rights. Because of UAC, applications must be well behaved and write in user-only locations.

Another significant security change is the introduction of Windows Resource Protection (WRP), which protects key areas of the registry and the Windows file system. If applications modify these areas, then they will fail when you try to run them.

Vista also introduces a significantly different firewall. The Vista Firewall is on by default and may affect how applications that need access to external connections may work on this new platform.

But among the most significant changes in security is the modification of the logon process. In previous versions of Windows, Microsoft relied on the Graphical Interface for Network Authentication, or GINA. In Vista, Microsoft has moved to the Credential Manager and has completely removed the GINA. This means that any application that is integrated to the logon process must be completely revamped so that it can work with Vista.

These are only a few of the changes that Microsoft has introduced in Vista. In short, every application you run must be evaluated for compatibility with Vista. Use the following table to review how security components will change the way your applications work:

Programmatic change Description Solution
User Account Control Runs all processes with a standard user token. Applications that require elevated rights will fail unless they are run as Administrator.
  • Vista's virtualization of both file and registry automatically redirects most application components to user-writable areas of the system.

  • Applications can be virtualized through third-party tools.

  • Applications can be supplemented with tools that provide elevated access rights on an as-needed basis.
  • Windows Resource Protection Protect both the file system and the registry from unauthorized changes. Applications that write to protected areas of the registry or the Windows folder structure will fail.
  • Runs application in appropriate compatibility mode.

  • Corrects the application if you have access to the source code.

  • Relies on commercial application compatibility mitigation tools
  • Vista Firewall Relies on the Windows Filtering Platform, which filters at several layers in the networking stack for better system protection. Applications that cannot take into account firewall restrictions will fail.
  • Makes sure you provide specific exclusions for the applications in the firewall.
  • Credential Manager Vista now uses the Credential Manager for all logons. Applications that do not take this into account will fail.
  • All third-party logon modules must be updated to Vista compatible versions.
  • You can test all applications and prepare them for Vista, but consider using application virtualization. It does away with these security issues in one fell swoop. To learn more about application virtualization, take a look at the Application Virtualization: Ending DLL Hell once and for all webcast.

    Moving to application virtualization is the easiest strategy for a Vista migration, and it gives the best return on investment when it comes to application lifecycle management. Keep this in mind when you prepare your own path toward a Vista migration.

    Danielle Ruest and Nelson Ruest are IT professionals specializing in systems administration, migration planning, software management and architecture design. Danielle is a Microsoft MVP in virtualization, and Nelson is a Microsoft MVP in Windows Server. They are authors of several books about Windows and are currently working on the Definitive Guide to Vista Migration for Realtime Publishers as well as the Complete Reference to Windows Server 2008 for McGraw-Hill Osborne.
    This was first published in January 2008

    Dig deeper on Microsoft Windows Vista operating system

    Pro+

    Features

    Enjoy the benefits of Pro+ membership, learn more and join.

    0 comments

    Oldest 

    Forgot Password?

    No problem! Submit your e-mail address below. We'll send you an email containing your password.

    Your password has been sent to:

    -ADS BY GOOGLE

    SearchVirtualDesktop

    SearchWindowsServer

    SearchExchange

    Close