Monday 9 May 2011

Microsoft Tech Days: Application Compatibility Update


As I mentioned in a blog posting a little while ago, I had the opportunity to speak at Microsoft TechDays in Amsterdam. Taking a break from these sessions, I was able to attend Aaron Margosis' session on application compatibility.

I learned a lot from the sessions and  took some notes. What I really appreciated was the pragmatic approach to application compatibility that Aaron employed. As a Microsoft consultant, he is on the "sharp-end" of getting applications to work and has probably seen more than his faire share of broken applications. This I feel reflects his broad approach to remediating applications which includes the following;

  1. Retire the app
  2. Get an updated version of the app (from vendor or your developers)
  3. Modify the installer via transforms or post-install scripts
  4. Let UAC file/Registry virtualization do its magic
  5. Apply shims
  6. Change permissions or security policies
  7. Machine virtualization

We have talked before about changing settings and application rationalization exercises (retire or upgrade the application) and so I wanted to focus on Aaron's thinking on Shims.

In this presentation, he used a slide titled, "What are shims good for?" with the following bullet points; *

  • Bad Windows version checks
  • Writing to HKCR registry keys at application runtime
  • Unnecessary application start-up checks for “am I admin?”
  • Writing to WRP-protected keys and files
  • Windows thinks your application is an installer
  • Some file/registry redirections

From my experience, I would say that shims could be used to resolve these issues but updating the application package directly probably has a more management, traceable approach. However, shims do help with the in-built hard-coded "am I admin" checks and security manifest can't really help here.

Most importantly, Aaron continues with the slide titled, "When are shims important?" and answers with the following notes;

  • Source code fix not feasible
  • Vendor support not important

I really agree! These are key factors in deciding if and how to fix an application.

Finally,  the presentation ends a pragmatic comment on Shims including;

  • Not all general purpose shims have the same … “customer love” applied in their creation
  • The (shim) tools are … “primitive”
  • Shims management not integrated into other management tools (e.g. Group Policy)
  • You can do a lot with just the Top 10 shims
  • But to becoming a shim ninja takes time and much practice

This is really the 1st time that I have heard some realistic comments about the manageability of shims from Microsoft - This is great stuff, and I would love to hear more from Aaron

*Note: I was talking hand-written notes during the session. I have tried to capture each note accurately - hopefully, there are no glaring mistakes.


No comments: