[FAQ] Isolated programs and profile folder

[fixer]

Sometimes I get questions like: "Looks like real user profile folder is special. I can't add it in File System Objects Access Rights in isolated environment. I can't save anything there from isolated program, even when I browse it from there, the contents don't look right. What's the deal with it?" Let's figure it out.

As you already probably know, isolated programs don't have any access to real user profile folder or registry hive. And while there are folders they don't have any access to, but it can be granted, real user profile folder is some kind of a sacred cow. It's meant to be a sanctuary for user files and folders, for his eyes only, no other can enter there under no circumstances. That's why no way you can allow isolated programs get into that folder. This should answer the question why you can't add files and folders from there in File System Objects Access Rights in isolated environment.

But if it's such a sacred location, how can you browse there and even try to save files there from isolated environment? The answer is simple: actually you don't browse or save files there, you access corresponding isolated user profile folder. That's why you see strange contents, you don't browse real user profile folder. And you save files in corresponding isolated user profile folder. Why? Because ReHIPS transparently redirects for isolated programs all access to real user profile folders to isolated user profile folders. Why? Copy User Data feature blogpost here https://forum.rehips.com/index.php?topic=9560.0 answers this question. In short words: programs usually keep their data in user profile folder, they don't have access to real user profile folder, so it's redirected to isolated user profile folder where program data can be copied and accessed.

All of the said above also applies to real user registry hive.