In Windows Vista, the directory %windir%\WinSxS has much stronger protection on it than it did in Windows XP and Server 2003. The owner/group is now a SID named "Trusted Installer", a service SID used to start the TrustedInstaller service. Users other than the trusted installer are granted only generic-read/generic-execute by default. This increased protection ensures that only the trusted installer service is allowed to modify the servicing-related metadata and files. If a limited user could modify a file in the directory, for example, they could convince the servicing stack to overwrite one binary with another when the next administrator comes along to enable the Games for Windows package.
Content is added to this directory in response to installing applications, enabling packages in the add-remove-programs UI, and installing Windows Out-of-Band releases. Content is removed from this directory as a result of uninstall + scavenging - a topic for another time. One important note - uninstalling your application or Windows app will not necessarily remove the physical bits from the system. The servicing stack marks the bits as unusable and prevents their use through "normal" means. Files and directories will be removed over time as the servicing system cleans up after itself. Administrators should not, for any reason, take it upon themselves to clean out the directory - doing so may prevent Windows Update and MSI from functioning properly afterwards. Preventing accidental deletion from the directory is accomplished by putting a strong security descriptor on the directory that inherits to its children.
Bookmarks