EWF

[De Pessemier An]

Hi,

I used EWF with disk overlay. It works fine but if a user delete some
critical files in the "Windows" or "System32" directory the system becomes
corrupt.
The system won't start anymore and it isn't possible to run EWFMGR /restore.
How can i prevent this or is it possible to restore such a system?

Thanks,
An

 

[KM]

De Pessemier An,

I am guessing this question has been asked and answered in this NG.
However, I'm wondering why do you need to commit at run time with user
changes?
Also, wouldn't be that easy to restrict users access to important system
directories? (policies, security permissions (not on system dirs, though),
etc.)

KM

 

[De Pessemier An]

Thank you for your answer

What i would like to do is:
1) Protect our HDD against writing
2) But software updates must be possible

The problem is that we would like to have a system without login.
We would like to have full control on the device but the user may not change
anything.

 

[Slobodan Brcin \(eMVP\)]

Hi An,

For this purpose I'm using RAM EWF.

All dynamic configuration parameters like display resolution, our program
config, etc.. we store on second partition (unprotected). This solution
requires some time but final result is what counts.
During the system boot our init app set XPe to requested state and then
start our main application.

If you need to do software update, you can always update software, commit
changes, and reboot device (if this is acceptable to your solution).

Regards,
Slobodan

 

[Troy Shaw[MS]]

If you hit F8 as the BIOS completes its POST (power on self test), you will
come to a startup screen. You may need to hit F8 a 2nd time to get to the
"Windows Advanced Options Menu." From there you can select "Enhanced Write
Filter Restore Mode (restores one level)". This will do the same thing as
running ewfmgr /restore, but it occurs very early in boot, even before the
damaged overlay (that contains missing Windows or System32 items) is active.

 

[Doug Hoeffel]

Huh! Hitting F8 kinda sounds like Safe Mode that I thought didn't exist in
XPe?

.... Doug

 

[Troy Shaw[MS]]

This is an EWF-NTLDR feature, that doesn't require entering safe mode to
use.