09 January 2008

Things that Virtual PC needs to be run as Administrator for...

For the most part Virtual PC is able to happily run when you are using a non-administrative user account and everything will work. There are - however - a couple of things that will not work correctly unless Virtual PC is run under an Administrative account:

  1. Using ping (or other ICMP based tools) over shared networking.

    In order to create ICMP packets (as opposed to standard TCP/IP packets) that appear to originate from the virtual machine when using shared networking - we need to access Windows APIs that are restricted to only being accessed by administrators.

    The reason why these APIs are restricted is that there are a number of known ICMP based network attacks that malicious software could try to utilized on your computer.

    The impact of this is that you will simply be unable to ping other computers from a virtual machine. Note that this does not affect virtual machines that are using a direct connection to the physical network adapter.

  2. Using or converting linked virtual hard disks.

    Linked virtual hard disks require us to open a handle to the raw physical disk object (and bypass the Windows file system). As this mechanism could also be used to bypass file system security it is restricted to administrative processes only.

    If Virtual PC is not running as an administrative process you will be unable to create linked virtual hard disks, convert linked virtual hard disks or boot virtual machines with linked virtual hard disks connected to them.

  3. Accessing copy protected CDs.

    Virtual PC attempts to access the physical CD by using a handle to the raw disk (like with linked virtual hard disks) but if that fails it will fall back to using the Windows file APIs to access the CD.

    The Windows file APIs work fine for accessing normal data off of CDs - but is unable to provide the information necessary to support the use of copy protected CDs inside of virtual machines.

    If Virtual PC is not running as an administrative process access to normal CDs will function correctly - as will data access to copy protected CDs - however any software that attempts to check the authenticity of a copy protected CD will fail.

  4. Configuring the Virtual PC security options.

    Configuring the Virtual PC security options requires that we change registry keys stored in the Local Machine registry hive. The values are stored here so that non-administrative users cannot undo security settings changes made by an administrative user.

    If Virtual PC is not running as an administrative process the settings on this options page will be disabled.

Now remember that under Windows Vista Virtual PC will be running as a non-administrative process even if you are using an administrative account. To get these features to work under Vista you need to right click on the Virtual PC icon in the start menu and select 'Run as administrator' (with the exception of the Virtual PC security options where we will prompt you to give administrative approval if you are not running as administrator).

Bookmark and Share ITStuff.ca

No comments:

Post a Comment