How to disable filesystem and registry virtualization on Windows 7 ?
Registry virtualization in Vista/W7 is a clever way to run legacy programs that would otherwise require administrator access, but it seems to be a way for user accounts to get infected with viruses, e.g. writing startup code into the user's virtual registry. If there is no requirement to run legacy software, how can one disable virtualization to enhance security, on a home PC (non-professional version, not connected to a Windows domain) ? (previously asked on the server forum; one answer given is to set a group policy)A.Daviel
February 3rd, 2011 8:17pm

Adaviel, Did you try to manualy set the policy? Go to the following registery hive HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ create a DWORD Key with the name EnableVirtualization and give it the value 0 More info: http://technet.microsoft.com/en-us/library/dd835564(WS.10).aspx#BKMK_Virtualize Reboot your machine and check if this works. Let me known if this solution works for you. Kind Regards DFTIM me - TWiTTer: @DFTER
Free Windows Admin Tool Kit Click here and download it now
February 4th, 2011 4:30am

Thanks - that looks like it might work for me. I know this is going to sound weird, but do you have a suggestion to test it ? I mean, do you know of a legitimate free simple application that would use virtualization, or a way to check if my existing 3rd-party programs use it ? I'm generally a Linux user and don't have a ton of old Win95 progs on my system. Also, is it possible, once having disabled virtualization globally, to enable it for specific applications in the same way as you can add firewall exceptions ? http://msdn.microsoft.com/en-us/library/aa965884%28v=vs.85%29.aspx suggests that REG_KEY_DONT_VIRTUALIZE can be used on a single application, and that it can be used recursively, but I didn't understand how to set it at the global level then clear it for specific programs. Or even if it did what I wanted. A.Daviel
February 4th, 2011 7:12pm

Advaviel, If you set this registery key, you compleetly disable the file and registery virtualisation. (Turning off UAC will also disable this functionality) Yes you can turn it off and on for registery keys / hives or for processes. But this will be a pain in the ass to configure this. The cleanest solution that i can recomend you is: 1. Dissable the File and registery feature. 2. Install Windows XP Mode 3. Install all your Legacy applications in Windows XP Mode. Windows XP Mode is a seperate download and is aviable here: http://www.microsoft.com/windows/virtual-pc/download.aspx Kind Regards DFTIM me - TWiTTer: @DFTER
Free Windows Admin Tool Kit Click here and download it now
February 5th, 2011 1:22pm

> (Turning off UAC will also disable this functionality) I had assumed that turning off UAC makes the system less secure, not more. Or is that only for administrator accounts ? Wih UAC off, can you still elevate privilege on the fly, or do you have to go back and use "ran as", same as in XP ? > Install Windows XP Mode This I see only works in the professional version of Windows 7. What are the security implications of XP mode ? Offhand, it would seem to have the same problems as registry virrtualization - that an account can become infected with a virus that acts at login time. regards, AndrewA.Daviel
February 7th, 2011 9:28pm

Hi, You can elevate the privilege with "Run as" when the UAC turned off.Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
Free Windows Admin Tool Kit Click here and download it now
February 15th, 2011 4:30am

Yes, EnableVirtualization works (once I remembered to reboot). Thanks. I remembered I have Perl installed so I could easily create a test script. My real intent was to see if it helped block malware, and as far as I can see it does not - after deliberately executing several nasties found in my spambox or on an infection list, I didn't see any entries in VirtualStore. Mostly stuff in %homepath%\AppData, and one managed to write to C:\A.Daviel
March 3rd, 2011 9:23pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics