KFW and Vista
jhutz at cmu.edu
Wed Nov 29 18:59:37 EST 2006
On Thursday, November 23, 2006 07:47:01 AM -0500 Jeffrey Altman
<jaltman at secure-endpoints.com> wrote:
> are not permitted to modify the contents of the %WinDir% directory tree.
> Any changes will be reverted.
So what's the problem? Kerberos is not an "application"; it is system
software. Ordinary users should not be modifying the conf files we're
talking about; only administrative users should be doing that.
If I understand what you're saying correctly, is that the virtualization of
%WinDir% and \Program Files\ is not layered, so non-privileged code doesn't
even get to _see_ the contents of the real directories; instead they see a
tree of empty stuff.
Except I can't imagine that is actually true, because it would make it
impossible for an administrator to install a traditional non-vista-aware
application in a way that makes it available for all users of the system.
> (3) if you build for Vista, can the resulting binaries be executed
> on Vista?
The answer to this one had better be "YES". For which occurance of "Vista"
should we be reading "XP" ?
> Now in the Vista SDK, symbols are being selectively defined
> based upon the OS version you are building the application for.
So it's impossible to build an application that uses appropriate interfaces
based on a run-time test to determine if it's running on Vista or XP? Ugh.
Again, I have trouble believing it's that bad, given that they appear to
have gotten this right for device drivers for several years and through
several WDM versions.
> I'm suggesting drawing the line at Vista partly because the use of the
> Vista SDK requires it but also because the user experience on Vista
> is going to be different from the older OS versions anyway.
I actually find the latter argument somewhat compelling, especially if the
feature set and user experience are expected to diverge further in the
More information about the krbdev