Windows Vista Security Guide

Chapter 4: Application Compatibility

Application compatibility is always a critical and important challenge that organizations must address when deploying a new operating system. A large part of the development effort for Windows Vista™ involved helping to ensure that the new features and services in the operating system maintain a high level of functionality and compatibility with older programs. Throughout development, the Microsoft Application Experience Team tested many applications from a wide range of third-party vendors.

The security settings prescribed in this guide to harden Windows Vista have been extensively tested to work compatibly with the core operating system, as well as with the Microsoft® Office suite of applications. Applications that run on Windows Vista should continue to operate properly on client computers subject to the setting recommendations in this guide.

However, there is a possibility that older applications may not work properly with some of the new security technologies built into Windows Vista. Technologies such as User Account Control (UAC) and Windows Resource Protection can interfere with older applications.

The Microsoft Solution Accelerator for Business Desktop Deployment (BDD) 2007 contains comprehensive application compatibility guidance to enable IT professionals to test applications for compatibility with Windows Vista, and mitigate compatibility issues discovered during the process. For more information, see the Application Compatibility Feature Team Guide on Microsoft TechNet®.

This chapter includes simple procedures that you can use to test the level of compatibility of your applications with Windows Vista, discusses some of the more common causes of application compatibility issues, and provides pointers to available resources that can help you to address them.

On This Page

Thirty-Minute Compatibility Check Thirty-Minute Compatibility Check
Known Application Compatibility Issues Known Application Compatibility Issues
Tools and Resources Tools and Resources
More Information More Information

Thirty-Minute Compatibility Check

This section provides guidance on how to test and evaluate application compatibility with Windows Vista. It includes two scenarios that you can use to test application compatibility with the operating system. These will help you to:

  • Test an application with a clean installation of Windows Vista.
  • Test an application with an upgrade to Windows Vista from Microsoft Windows® XP with Service Pack 2 (SP2).

To test an application with a clean installation of Windows Vista

  1. Install Windows Vista on a test computer.
  2. Log on as an administrator on the test computer running Windows Vista.
  3. Install the application that you want to test on Windows Vista. If a prompt displays requesting permission to install the application, click Permit to continue the installation. If the installation succeeds, go to Step 6.
  4. If the application installation fails and no installation permission prompt displayed, right-click the installer .exe file, click the Run this program as administrator option, and re-install the application. If the installation succeeds, go to Step 7.

    Note   This step is not necessary if you use a Microsoft Installer (.msi) file to install the application.

  5. If you receive any errors related to the operating system version, application registration, or file copy, right-click the installer .exe file, click Compatibility, and then choose the Windows XP SP2 compatibility mode.
  6. Repeat Step 2. If you still cannot install the application, go to Step 8.
  7. Log on as a user without administrative privilege to the test computer running Window Vista.
  8. Start the application. If the application does not start properly or displays errors, enable the Windows XP SP2 compatibility mode for the application .exe file, and then try to install it again on the operating system.
  9. If the application starts successfully, run through the full suite of tests that you would typically use to test it on a computer running Windows XP. Verify your application functionality to confirm that it performs properly. If the application passes all major functionality tests, the application works properly with Windows Vista.
  10. If the application does not install and start successfully, stops responding, encounters an error, or fails any of your major functionality tests, it may be one of a small set of applications that is subject to compatibility issues with Windows Vista. Refer to the other reference resources in this chapter to further investigate and test your application.

To test an application with an upgrade to Windows Vista from Windows XP SP2

  1. Install Windows XP with SP2 on a test computer and then install the application that you want to test. Verify all functionality of the application before proceeding.
  2. Upgrade the test computer to Windows Vista. Follow the Windows Vista setup and upgrade instructions. After the upgrade is complete, log on to the test computer as you would to a computer running Windows XP.
  3. Start the application. If the application does not start properly or if errors are displayed, enable the Windows XP SP2 compatibility mode for the application .exe file, and then try installing it again.
  4. If the application starts successfully, run through the full suite of tests that you would typically use to test it on a computer running Windows XP. Verify your application functionality to confirm that it performs properly. If the application passes all major functionality tests, the application works properly with Windows Vista.
  5. If the application does not install, start successfully, stops responding, encounters an error, or fails any of your major functionality tests, it may be one of a small set of applications that is subject to compatibility issues with Windows Vista changes. Refer to the other reference resources in this chapter to further investigate and test your application.

If you complete both scenarios and determine that the application performs properly, you can assume that it will work with Windows Vista.


Top Of Page Top of page

Known Application Compatibility Issues

This section describes several of the most common new technologies, enhancements, and changes in Windows Vista that are known to cause application compatibility issues. Where possible, this section also includes ways to potentially mitigate them.

Important   Test all third-party applications that you plan to use in your environment with Windows Vista to ensure that they will work properly with the operating system.

Security Enhancements

The following new security enhancement features in Windows Vista may cause compatibility issues with third-party applications:

  • User Account Control. This new feature provides a method of separating standard user privileges and tasks from those that require administrator access. UAC increases security by improving the computer experience for users running standard user accounts. Users can now perform more tasks and enjoy higher application compatibility without the need to log on to their client computers with administrative-level privileges. This helps reduce the affect of malware, unauthorized software installation, and unapproved system changes.

    UAC can introduce problems in applications that are not compliant with this technology enhancement. For this reason, it is important to test applications with UAC enabled before you deploy them. For more information about application compatibility testing, see the BDD Application Compatibility Feature Team Guide on TechNet.

  • Windows Resource Protection. This new feature in Windows Vista helps safeguard system files and protected registry locations to help improve the overall security and stability of the operating system. Most applications that previously accessed or modified these locations are automatically redirected to temporary locations, which they can then use to continue to operate without issues.

    However, applications that require full access to these protected areas and cannot handle the automatic redirection process will not operate properly with Windows Vista. In these cases, you must modify the applications so that they function as intended. For more information about this new feature and its implications for application compatibility, see About Windows Resource Protection on Microsoft MSDN®.

  • Protected Mode. This new feature of Microsoft Internet Explorer® 7 helps protect computers running Windows Vista from the installation of malware and other harmful software by running the operating system with lower, more secure rights. When Internet Explorer is in Protected Mode, the browser can only interact with very specific areas of the file system and registry.

    Although Protected Mode helps maintain the integrity of client computers running Windows Vista, it can affect the proper operation of older Internet and intranet Web applications. You may need to modify such Web applications to run them in a more restrictive environment.

Operating System Changes and Innovations

The following new operating system changes and innovations in Windows Vista may cause compatibility issues with third-party applications:

  • New system APIs. Application programming interfaces (APIs) expose layers of the Windows Vista operating system differently than in previous versions of Windows. Antivirus and firewall software are examples of applications that rely on these new APIs to properly monitor and safeguard Windows Vista. You need to upgrade applications that perform these functions to versions that are compatible with Windows Vista.
  • Windows Vista 64-Bit. 16-bit applications and 32-bit drivers are not supported in the Windows Vista 64-bit environment. Automatic registry and system file redirection is not available for the 64-bit environment. For these reasons, new 64-bit applications must comply with the full Windows Vista application standards.
  • Operating system versions. Many older applications check for specific versions of Windows. When third-party applications cannot detect a specific operating system version, many of them stop responding.

    Most operating system versioning requirements related to compatibility issues are addressed by new functionality built into Windows Vista. Features such as the Program Compatibility Assistant can usually resolve these types of issues automatically. For more information about the Program Compatibility Assistant and other tools and resources, see the next section of this chapter.

The Windows Vista Developer Story: Application Compatibility Cookbook on MSDN provides additional information about these security enhancements and operating system changes and innovations in Windows Vista. The cookbook also provides test approaches and possible remedies for most of these compatibility issues.


Top Of Page Top of page

Tools and Resources

This section provides brief overviews and pointers to several features and technologies available for Windows Vista that are designed to help you address application compatibility issues.

Program Compatibility Assistant

This feature automatically specifies an appropriate "compatibility mode" for applications designed to run with previous versions of Windows. When Windows Vista detects applications that need to run in compatibility modes for Windows XP, Windows 2000, or later versions of Windows, the operating system directs the applications to be updated automatically to run on Windows Vista without further user intervention.

For more information, see the Program Compatibility Assistant: frequently asked questions page of the Windows Vista Help and Support Web site.

Program Compatibility Wizard

The Program Compatibility Wizard is included with Windows Vista to assist you when a program written for an earlier version of Windows does not run correctly. The wizard will help you specify compatibility settings for the program, which will resolve application compatibility issues for many older programs.

To access the Program Compatibility Wizard, double click the Program Compatibility Wizard icon on your desktop.

For more information, see the Make older programs run in this version of Windows page of the Windows Vista Help and Support Web site.

  Warning

Do not run the Program Compatibility Wizard on older antivirus programs, disk utilities, or other system programs because it might cause data loss or create a security risk. Instead, use only versions of these programs and utilities designed specifically to work with Windows Vista.

Microsoft Standard User Analyzer

This application compatibility tool helps developers and IT professionals diagnose issues that would prevent a program from running properly without administrative privileges. Using the Standard User Analyzer to test your application can identify issues with file access, registry access, tokens, and other protected areas of the operating system.

On Windows Vista, even administrators run most programs with standard user privileges by default. This tool helps you to ensure that your application does not have administrator access as a dependency. Results display in a simple graphical interface.

You can download this tool from the Microsoft Standard User Analyzer on the Microsoft Download Center.

Application Compatibility Toolkit

Microsoft has made available a suite of tools and documentation to help you identify and manage your organization’s application portfolio. The Windows Application Compatibility Toolkit (ACT) is designed to help you reduce the cost and time involved to resolve application compatibility issues to better enable you to quickly deploy Windows Vista.

ACT can help you prepare to use Windows Vista by detailing your existing application inventory, managing critical applications, and determining the extent of your application environment that may require special attention in preparation for Windows Vista.

ACT 4.1 is currently available and was delivered to assist customers with their Windows XP SP2 deployment. ACT 4.1 examines DCOM interfaces, firewall settings, and Internet Explorer issues. ACT was designed to identify applications that require further testing, to identify outdated ones, and to determine which applications are already compatible with SP2, enabling you to prioritize your efforts.

ACT 5.0 has been specifically updated to support the security features of Windows Vista.

Enhancements in this toolkit include:

  • New Windows Vista–specific compatibility evaluators.
  • An updated user interface that allows you to manage evaluator settings centrally.
  • New data organizing features that allow you to categorize and prioritize your applications.
  • Data analysis features that allow you to view comprehensive compatibility reports.
  • An online application community that allows customers and independent software vendors (ISVs) to share information about their own application compatibility testing results.

For more information about the toolkit, see the Windows Application Compatibility page on TechNet.

Temporary Remedies

In addition to specific application compatibility tools and resources, there are additional Microsoft technologies you can use to address application compatibility issues that might take some time to fully resolve. These technologies are designed to help you migrate to Windows Vista, and continue to run business critical applications that are not compatible with Windows Vista. These technologies include the following:

  • Virtual PC. You can use Virtual PC to run applications on Windows Vista that only work properly with older versions of Windows. Virtual PC lets users keep a previous version of Windows available to run non-compatible applications within their Windows Vista environment until upgraded versions of non-compatible applications are developed. For more information, see the Microsoft Virtual PC Web site on Microsoft.com.
  • Terminal Services for hosting applications. Hosting older applications on Terminal Services lets you deliver Windows-based applications, or the Windows desktop itself, to virtually any computing device on your network. Windows Vista clients can connect to these application-hosting environments through Remote Desktop to access older applications. For more information, see the Technical Overview of Windows Server 2003 Terminal Services on the Microsoft Windows Server 2003 R2 Web site.
  • Virtual Server for hosting applications. With a Virtual Server environment, you can host legacy applications and allow remote connectivity from end users who need access to those applications. In conjunction with Windows Server 2003, Virtual Server 2005 R2 provides a virtualization platform that runs most major x86 operating systems in a guest environment, and is supported by Microsoft as a host for Windows Server operating systems and Microsoft Windows Server System™ applications. For more information, see the Virtual Server 2005 R2 Product Overview on the Microsoft Virtual Server Web site.

Top Of Page Top of page

More Information

The following links provide additional information about Windows Vista application compatibility related topics:


Top Of Page Top of page