Roaming (folder transition)

from Wikipedia, the free encyclopedia

In computer science, roaming is a special form of overlaying directory contents . It is used to enable error-free operation of software that is not adapted to the rights system of the operating system and therefore wants to write to protected directories - which it accepts as freely writable. For this purpose, the operating system on the one hand redirects write operations that the program wants to carry out in protected directories to a special directory belonging to the user in the user profile . On the other hand, the operating system superimposes the content of this special directory on the other data in the protected directory so that, from the point of view of the non-adapted program, the redirected data appear to be in the protected directory - as expected by the program.

In contrast to simple folder redirections ( soft link , hard link or junction point ), a directory entry is not simply redirected to another directory , but there are now two directories with the corresponding name - the normal one in the original location ( C:\Program Files\xxx) and a shadow directory ( %LOCALAPPDATA%\VirtualStore\xxx), which only contains the contains changed and new files ; next to it entries that certain files should be C:\Program Files\xxxconsidered deleted . For the corresponding running application program it appears C:\Program Files\xxxas if all changes were made directly there.

Directory overloaded on live systems

With live operating systems , which are usually on a CD or DVD , the directories on the data carrier cannot be written to; therefore a directory overload service is often set up so that programs that want to write still work. Their written data can be temporarily stored on a RAM disk , where they are lost when the computer is switched off. If, on the other hand, they are saved on a persistent medium (usually a USB stick ) ( persistent mode ), this medium can be re-integrated after the next start of the live system and the previously made file system changes are there again.

Folder and file virtualization in Microsoft operating systems

The Microsoft - operating systems from Windows Vista include this procedure, but only for 32-bit applications without a manifest with trustinfospecifications at; only access to the own installation directory under C:\Programmeand access to the Windows directory (or respective subdirectories) are redirected ("virtualized").

Part of the registration database is also protected in this way: the operating system redirects write access to the key HKEY_LOCAL_MACHINE\Software to the section HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\Software.

According to a c't article “Microsoft understands virtualization only as a temporary compromise for downward compatibility. When more and more software has been adapted to Vista, the manufacturer wants to deactivate the crutch in a future Windows version. "

example

The image viewer IrfanView is used as an example : There is a program directory C:\Program Files\IrfanViewwhich contains the unchanged files / content, as well as a shadow directory ( C:\Users\USERNAME\AppData\Roaming\IrfanView) which only contains the changed and new files, as well as entries that certain files should be C:\Program Files\IrfanViewconsidered deleted . For the current program (here: IrfanView for user USERNAME) the contents of C:\Users\USERNAME\AppData\Roaming\IrfanViewsuch in C:\Program Files\IrfanViewappears that the additional files appear there in addition, modified files from C:\Users\USERNAME\AppData\Roaming\IrfanViewthe local overlap, and marked as deleted no longer appear (although they actually in C:\Program Files\IrfanViewstill present and are not deleted).

To the IrfanView program, executed under the USERNAME user, everything appears as if every delete, change or creation operation on files in the directory had worked C:\Program Files\IrfanViewwithout any problems.

history

Roaming was introduced under Windows Vista for the first time , as Microsoft changed the division into administrator and restricted user for the first time so that a "normal user" is both at the same time (so-called user account control "UAC"). According to Microsoft, the process should not have any negative effects on security for users.

Microsoft is trying to avoid the problems that arise from the fact that many users work and work as administrators because they use software that is not adapted for use with (restricted) user rights. Roaming means that it should no longer be necessary to run these programs with administrator rights.

Demarcation

Microsoft also has the techniques

  • Roaming profile , which describes a central user administration, whereby changes to files in the user directory are transferred to the server and vice versa;
  • Roaming user , which, in connection with roaming profiles, describes the user who works on different computers (e.g. in the company network).
  • A folder redirection is a symbolic link (soft link ) or a hard link (hard link ); these techniques are similar to the roaming described here, but cannot overlay directory contents on other, existing directory contents.
  • Also, since Windows 2000 existing junction points of NTFS are another technique described here; they correspond to a directory redirection.

Individual evidence

  1. Axel Vahldiek: The right twist , tips on Windows Vista Explorer. In: c't , 3/2007, p. 107. Quotation: “[…] Redirection in the context of user account control […]: Windows programs that want to write a file to the Windows directory, for example, pretend that it does would work, while the file actually ends up somewhere else [...]. While the open dialog of this application then shows the file in the Windows folder, the Explorer shows it where it really is. "
  2. a b c Sven Ritter: Window Guard , UAC: How Windows Vista restricts user accounts. In: c't , 2/2007, p. 172, section "Vista virtual"