The Issues Caused by TS_AWARE (Concerning Shadow Keys)
Published on 11 Jul 2012Tags #64-Bit Windows (x64) #PowerShell #Reg.exe #Regedit.exe #Shadow Keys #TS_AWARE #Windows Server 2008 R2 #Windows Server 2012 #Windows Server 8 #Windows x64
I have recently published the shadow key companion which compiles all currently known information about shadow key in a single article. An important piece of information is the flag TS_AWARE for executables causing Windows not to produce shadow keys in install mode. Unfortunately, there is a downside to this flag that may well affect installation scripts.
System Tools are flagged TS_AWARE
When looking at shadow keys on Windows Server 2012 RC, I noticed that many tools provided by Windows are flagged TS_AWARE. This includes the following:
- reg.exe
- regedit.exe
- powershell.exe
- cmd.exe
- cscript.exe
- wscript.exe
Consequently, using those tools – either 32 bit or 64 bit – does not produce shadow keys.
The Issues Caused by TS_AWARE
If you are using any of the system tools flagged TS_AWARE, you will not be able to produce shadow keys. Any automated installation scripts cannot rely on shadow keys unless the process is not flagged TS_AWARE.
This is again a very strong argument against shadow keys. Apart from the issues caused by the architecture of shadow keys, you cannot rely on them being created as expected.
##
Afterword
I have updated the shadow key companion accordingly.