Platform

What the product does.
System by system.

AppProfileSafe is a manifest-driven migration engine for Windows application profiles. Five functional systems handle extraction, transformation, validation, automation, and licensing. Core migration features are free in Community Edition. Enterprise adds CLI automation, SIEM integration, and compliance reporting.

Migration Engine

Extract, transport, restore — with full fidelity

The migration engine captures application state from the registry, file system, and NTFS security layer. Data is written atomically and validated against XSD schemas before commit.

AppProfileSafe Registry Browser
Registry

Registry Extraction

Exports full keys or individual values from any supported hive. All native data types are preserved — REG_SZ, DWORD, QWORD, BINARY, MULTI_SZ, EXPAND_SZ. Protected keys are logged and skipped without aborting the operation.

Scope control: App definitions specify per-key or per-value targets. Only what is defined gets exported — no hive-wide snapshots, no accidental captures.

Resilience: Access-denied on protected keys is logged with full detail but never aborts the export. Remaining entries continue normally.

  • All hives: HKCU, HKLM, HKCR, HKU, HKCC
  • Per-value or per-key scope in app definitions
  • XML serialization validated against RegistrySchema XSD
  • Protected keys logged with access-denied detail, never fatal
Documentation →
Files

File System Extraction

Backs up application files and folders with recursive traversal or single-file targeting. Paths use environment variables for portability across machines. The manifest records file hashes and sizes for downstream diff comparison.

Portability: Paths are stored with environment variables (%APPDATA%, %LOCALAPPDATA%, %USERPROFILE%, %PROGRAMDATA%) and expanded at import time on the target machine.

Manifest tracking: Each entry records DataFolderName, content hash (SHA256), and file size. The dry run engine uses these for change detection.

  • Recursive folder backup or individual file selection
  • Environment variables expanded at import time for portability
  • Content hashing (SHA256) for dry run and integrity verification
  • Manifest records DataFolderName for portable export packages
Documentation →
AppProfileSafe Export window

ACL Preservation

NTFS security descriptors are captured during export using AccessControlSections.All and restored during import. Existing files receive additive ACL merges; new files get the full descriptor.

Consistency: Export and dry run both read AccessControlSections.All for comparison. Import applies .Access for existing files (additive merge) and .All for new files.

Atomic Writes

All file operations use a write-to-temp, then atomic-move pattern. If the process is interrupted mid-write, the target file is never left in a partial state.



Implementation: AtomicFileWriter writes to a temporary file in the same directory, then calls File.Move with overwrite. The event queue store uses the same pattern.

Path Guard

Before any write operation, the import engine validates that target paths are within expected boundaries. Entries referencing paths outside the application scope are rejected.


What it catches: Mapping rules that accidentally rewrite to system directories. Manifest entries with absolute paths that bypass environment variable expansion.

Mapping Framework

Declarative path transformation for registry and files

When the target environment differs from the source — different username, drive letter, or directory structure — the mapping framework rewrites paths during import. Rules are defined in XML, validated, previewed, and applied deterministically.

Core

Stateful Mapping

The MappingService holds separate rule sets for registry paths and file system paths. Rules are loaded from XML, validated against the Mapping XSD, and applied after environment variable expansion — in the same order for both live imports and dry runs.

  • Separate RegistryMappings and FileMappings collections
  • Applied after ExpandEnvironmentVariables, before write
  • Identical application order in import and dry run
  • Registered as Singleton for session-wide consistency
Validation

XSD Validation

Mapping files are validated against the Mapping XSD schema before loading. Invalid structures, missing attributes, or malformed paths are rejected at load time — not discovered mid-import.

  • Schema validation at LoadMappings()
  • Invalid XML rejected before any rules are applied
  • Same XSD used by GUI editor and CLI
Service

Mapping State Service

The MappingService is a session-scoped singleton that holds loaded rules across operations. Once mappings are loaded, they remain active for all subsequent imports and simulations in the same session.

  • MappingsLoaded flag prevents operations on uninitialized state
  • RegistryMappings.Count and FileMappings.Count for diagnostics
  • Shared between GUI and CLI codepaths
Configuration

Mapping Preferences

Common transformations — username changes, drive letter swaps, base path relocations — are expressed as declarative rules. Configurations are saved and reused across operations and machines.

MSP workflow: Create one mapping file per customer environment. Reuse across all devices in that tenant. Store alongside the manifest on the network share.

From To
C:\Users\OldUser C:\Users\NewUser
D:\Apps C:\Apps
HKCU\...\OldUser HKCU\...\NewUser
GUI

Preview UI

The GUI mapping editor shows before/after path transformations for every registry key and file path in the manifest. Admins review the full transformation result before committing.

  • Side-by-side before/after preview
  • Transformation applied to all manifest entries
  • Visual confirmation before import or simulation
  • Invalid transformations highlighted
Documentation →
Dry Run & Diff

Compare manifest against live system before any write

The dry run engine reads the manifest and the target system, computes the delta, and produces a structured diff report. Nothing is written. The diff CSV is hash-linked to the audit trail.

AppProfileSafe Simulation Progress
Preview

Simulation Mode

The GUI simulation runs the full import pipeline in read-only mode. Registry and file operations are evaluated but never executed. The import button remains disabled until simulation completes successfully.

What it prevents: Destructive imports on production endpoints. Broken app behavior from untested path mappings. Rollback operations that cost hours per device.

Scope: Works with local and UNC network paths. Mapping rules are applied identically to the live import path.

  • Full import pipeline in read-only mode
  • GUI blocks import until simulation completes
  • No audit log entries for simulation runs
  • Mapping rules applied identically to live import
Documentation →

ImportChangeCollector

During live imports, the change collector records every registry and file operation as a DiffItem. After import, the collected changes are compiled into a DiffReport and written as a hash-verified CSV.

Activation: Active only during real imports, not simulations. The collector is injected by the import orchestrator and compiled via BuildReport().

Diff CSV Export

The DryRunService produces a structured CSV with one row per registry key, registry value, file, or folder. Each row shows application name, item type, action, and old/new values for changed items.

Column Content
App Application name
Type RegKey, RegValue, File, Folder
Action Created, Changed, Unchanged
OldValue Current state on target
NewValue Value from manifest

Controlled Activation

Simulation and live import are architecturally separate paths. The ImportService branches on isSimulation at the method level — simulation calls SimulateRegistryImport/SimulateFileImport, live import runs the full pipeline with change collection and audit logging.

Design: isSimulation controls branching, not runtime checks. DryRunService is a standalone read-only analysis path, separate from both.

CLI & Automation Enterprise

Scriptable operations with structured output

The CLI runs the same engine as the GUI with full parameter validation, structured exit codes, and JSON run reports. Designed for Scheduled Tasks, SCCM, Intune, and deployment pipelines. Requires an Enterprise license.

Enterprise
// Export to UNC share with credential store
AppProfileSafe.Cli.exe --export --manifestFile "\\server\backups\Manifest.xml" --apps "Firefox,Chrome" --unc-credential-store ✓ Export completed — 2 apps, 847 entries

// Preflight validation before import
AppProfileSafe.Cli.exe --preflight --import --manifestFile "\\server\backups\Manifest.xml" --apps "Firefox" --mappingFile "C:\Mappings\prod.xml" ✓ Preflight passed — 9/9 checks OK

// Monthly compliance report
AppProfileSafe.Cli.exe --generateComplianceReport --reportFrom "2026-01-01" --reportTo "2026-01-31" ✓ Report saved — ComplianceReport_WS01_20260201.pdf
Output

Silent Mode & Exit Codes

Silent mode suppresses all console output (log file only). Every execution returns a structured exit code that deployment scripts can evaluate without parsing text output.

Code Meaning
0 Success
1 User error (invalid arguments, missing files)
2 System error (I/O failure, export/import failure)
3 License error (missing, invalid, or expired)
4 SIEM error (forwarding active but unreachable)
5 Audit error (integrity check failed)
Validation

Preflight Mode

Preflight runs all precondition checks without performing any operations. The result is a structured JSON report with pass/fail per category.

  • Validates 9 precondition categories
  • Admin rights, license, manifest paths, app definitions
  • Disk space, XSD schemas, SIEM connectivity
  • JSON report output for pipeline integration
  • Non-zero exit code if any check fails
Integration

Script Integration

Whitelist-based parameter validation ensures only valid combinations per mode. Each mode (Export, Import, ComplianceReport) has a defined set of allowed parameters — anything outside the whitelist is rejected with exit code 1.

UNC authentication: Network shares authenticate via Windows Credential Manager (--unc-credential-store) or explicit credentials (--unc-user / --unc-password). Credential store is recommended for Scheduled Tasks.

Restore points: A system restore point is created automatically before import. Use --noRestorePoint to skip or --ignoreRestorePointLimit to continue when the 24h Windows limit applies.

  • Per-mode parameter whitelists (Export, Import, ComplianceReport)
  • Unknown parameters rejected at startup
  • JSON run reports for every export/import operation
  • System restore point before import (configurable)
CLI Reference →
License System

Two editions, one product

Community Edition is free and fully functional for GUI-based migrations. Enterprise licenses unlock CLI automation, Event Pipeline, and Compliance Reports. Licenses are RSA-PSS signed XML documents validated offline — no license server, no phone-home, no internet dependency.

Community Edition

Full GUI with unlimited applications. Export, Import, Simulation, Dry Run, Preflight, Mapping, local Audit Log with integrity verification. No registration, no time limit, no app limit.

Grace period: When an Enterprise license expires, a 30-day grace period maintains full functionality. After that, the application continues as Community Edition — all GUI features remain available.

RSA-PSS Validation

License files are signed with RSA-PSS (SHA-256) and validated against an embedded public key. The signature covers all license fields — tampering with any attribute invalidates the file. No network call required.


Why RSA-PSS: Probabilistic padding eliminates the signature forgery vectors present in PKCS#1 v1.5. Each signing produces a unique signature even for identical inputs.

Environment Binding

Enterprise licenses are bound to an Active Directory domain or Azure tenant UUID. One license covers all devices within your organization’s identity boundary. A license issued for one environment cannot be transferred without reissuance.


Binding scope: Configurable per license tier. Domain-wide or tenant-based binding for MSP scenarios.

Explore further

See how these systems connect at the architecture level, or download Community Edition to test them hands-on. All core features, unlimited apps, free forever.

Architecture → Download Free