Compartilhar via


Trouble shooting your app on Vista if its WRP

Troubleshooting Suspected WRP Issues

Check the Application and System event logs for messages regarding failed attempts at replacing files in system32.
Do you get an error message something like "Error replacing xxx.dll in system32"?
then you have a high probability that you’ve hit a WRP issue

You may also get a non-descript error message.  This is much harder to troubleshoot.

o       Are there log files? msi log files? Installshield log files? These might give a clue as to which file is attempting to be replaced.

o       If there are no log files, then you would need to use filemon, with the filter of "windows;windows\system32" to see if any files in these directories gets touched.
Also reg keys in HKLM might be touched which will have to be debugged with regmon.

(tools at https://www.sysinternals.com/)

 

More info on WRP:

Windows Resource Protection (WRP)

As an initiative to increase system stability, predictability and reliability Windows Resource Protection (WRP)is designed to protect system read-only state. This is a manageability and integrity feature. It provides a reliable OS, a predictable customer experience in terms of installing and uninstalling OS protected resources.  It mitigates problems where applications attempt to make system changes that negatively impact the system and in some cases other applications. Windows Resource Protection relies on existing Windows Security mechanisms to lock-down access to protected resources.  ACLs are set on protected resources. These ACLs restrict write access to the Trusted Installer SID. This means that no users including the administrator can modify or delete WRP resources. The default SDDL gives everyone read/execute, although this may be further restricted by defining it in the SDDL.