Tuesday, May 8, 2012

Uh Oh - don't stop the Application Information service!

The alternative title for this post is How to successfully move the SoftwareDistribution folder.

Today I had an issue... I could no longer elevate applications to Administrator level. Let me explain how I got into this mess.

I run Windows 7 and my boot drive is only 40GB. I needed to install yet another SDK, and I only had ½ GB or so left on that drive, so the installer immediately barfed and reported a drive space issue. So I go in and delete stuff from the various temp folders, then I run WinDirStat to see what else is taking space. After it has done its thing, a likely space-hogging candidate shows up - the SoftwareDistribution folder under C:\Windows.

Now an easy way to gain space is to move space hogging directories onto another drive, delete the original, and create a symlink in its place (as detailed in this and this blog post by Scott Hanselmann). Of course you need to move files/folders that Windows does not have open or is not constantly using. SoftwareDistribution fits that category - almost. There was one file I couldn't delete because it was held open by the Application Information service. The Application Information service looks innocuous, but you need to be very careful how you deal with it. It cannot be shut down cleanly. You can try to shut it down, but it errors every time you try, until it appears to end up in some kind of twilight state. So because I couldn't shut it down (in order to release its lock on the ReportingEvents.log file), I thought I would do another clever thing: set it's startup mode to disabled, and then reboot.

Of course this works, not a problem. But then I quickly discovered the flaw in my plan. In order to delete the remains of the SoftwareDistribution folder, I need to provide administrative permission, i.e. I have to agree to the UAC prompt. Therein lies the problem - the UAC uses the Application Information service to perform the elevation, but I've shut the service down and prevented it from being started. In fact I have a Catch-22 because I cannot do anything as Administrator, which means I also cannot restart the service or change its startup mode back to what it should be.

Big mistake. Here is where I am going to save you some time if you have the same problem - don't bother Googling the answer, because 100% of the answers I looked at were wrong. They either require you to run an elevated command prompt, or they require you to roll back to the last System Restore point. Remember that we can't elevate, and because I rebooted the last System Restore point is useless to me (I know because I tried it).

So how did I fix it? Quite simply I took advantage of a idiosyncracy in Windows that I didn't know about until now. I rebooted into safe mode, and then changed the Application Information service details from there. This works because UAC is not invoked in safe mode, if your user account is in the local Administrators group then anything you run is running as admin, unlike regular useage where the apps need to be individually elevated. While I was in safe mode I finished deleting the SoftwareDistribution folder and created the symlink, then I rebooted back into normal mode.

So the two critical things to remember if you are going to mess with important services or try and move the SoftwareDistribution folder:

  • make sure your user account is in the local Administrators group 
  • do the work in safe mode, or reboot into safe mode to fix issues 

Of course I could just buy a shiny new drive and reinstall Windows, but do you know how many hours is involved in repaving a development machine? Not to mention that you have way less fun if you do things the boring way!

keywords: application information service, safe mode, softwaredistribution, uac, appinfo


Anonymous said...

Heh, thanks a lot for interesting info. I think I'll visit this blog a few more times to learn some more stuff.

Anonymous said...

Sounds like an extreme idea for making your computer safer. Admin changes have to be done in safe mode, but I don't know if all admin tools are available in safe mode.

Anonymous said...

Thanks so much, it really helped.

Catalin Salcieanu said...

Omg ,it helped me so much,i was stuck for hours on this problem ,thx!

Miroslav Cvach said...

Now this probably saved me a LOT of trouble, I was just about to fall into the exactly same pothole, dude! Thank god (and you!) I found this information before I tried it.

Anonymous said...

THANKS, you saved my day!

Criticatlarge said...

wunderbar! but... it works only if you can get into safe mode. which doesn't appear on my Lenovo Thinkpad's option
screen after I press the magic THINKPAD button to alter the startup stuff.

so I think I'm rather hosed.... sure, the machine functions, ya just can't install anything or run any
administrative tools whatsoever.

was wondering if there's any way to force APPINFO to run by executing the appropriate command...???

meanwhile, at least I can surf the net, get / send email, and post HELP ME messages...

Anonymous said...

This was exactly my problem and the solution was nowhere else but here!