Simulation vs. DryRun Comparison
AppProfileSafe offers two read-only pre-import validation features: Simulation and DryRun. Although both run without modifying the target system, they serve different purposes and produce different outputs. This page clarifies when to use each one.
Feature Comparison
| Property | Simulation | DryRun |
|---|---|---|
| Purpose | Validates tests path mappings, registry writes, and file copies in a read-only pass through the import engine | Predicts what would change — compares manifest data against the live system to produce a detailed diff report |
| Engine | Uses the regular import service with IsSimulation = true, which logs all actions but skips actual writes |
Uses the dedicated DryRunService, which reads the manifest and live system independently |
| When it runs | Before import — triggered from the mapping editor | Before import — optionally during the import workflow (user can check/uncheck "DryRun analysis" in the pre-import dialog) |
| Scope | End-to-end import path: manifest parsing, mapping application, registry key resolution, file path resolution | Item-by-item comparison: compares each registry value, file, and folder between manifest and live system |
| Output | Pass/fail result with progress log (same format as a real import). Audit action: SimulateMappingExecuted |
DiffReport with items classified as Created, Changed, or Unchanged. Optionally saved as a diff CSV file. Audit action: DryRunExecuted |
| Detail level | Logs each operation as App|Type|Source|Destination|Result but does not compare old vs. new values |
Reports old value and new value for each item (type-encoded registry values, SDDL strings for files) |
| Writes to system | No — all writes are skipped | No — read-only analysis |
| Blocks import | No — runs independently from import | No — DryRun results are shown for review, then the user decides whether to continue |
| Available in CLI | No — GUI only (part of the import workflow) | No — GUI only (part of the import workflow) |
Import Workflow Order
In the GUI import workflow, validation steps run in this order:
- Simulation — Validates that mappings and paths resolve correctly. If this fails, the workflow stops.
- Preflight — Checks system prerequisites (admin rights, license, disk space, config files). See What Preflight Checks Validate.
- DryRun (optional) — Compares manifest against live system and shows a diff report with counts of created, changed, and unchanged items. The user reviews the report and clicks "Continue" to proceed.
- Restore Point — Creates a system restore point.
- Import — Executes the actual import.
DryRun Diff Report
The DryRun analysis produces a DiffReport containing items of type RegKey, RegValue, File, or Folder. Each item is classified:
| Action | Meaning |
|---|---|
Created |
Item exists in the manifest but not on the live system — it will be newly created |
Changed |
Item exists in both, but the values differ — it will be overwritten |
Unchanged |
Item exists in both with identical values — no action needed |
The diff report can be saved as a CSV file with the schema: App, Type, Path, OldValue, NewValue, Action. For registry values, the OldValue and NewValue are type-encoded (e.g. REG_SZ:hello). For files and folders, they contain SDDL strings. The CSV file's SHA-256 hash is recorded in the audit log for integrity verification.
When to Use Which
- Use Simulation when you want to verify that your mapping configuration is correct and that the import engine can process all entries without errors. This is especially useful after creating or editing mapping files.
- Use DryRun when you want to understand the exact impact of an import on the target system — how many items will be created, changed, or left unchanged. This is useful before deploying to production machines or when importing to a machine that already has the applications configured.