XpEmbedded

[BeeFarmer]

I am working with XPembedded and use the ewfmgr function to lock down the
system. I was wondering if there is a way to lock down let's say XP
professional? Also, could you load a hard drive up with the full version of
XPembedded and lock the hard drive down? My main goal is to lock down XP
Professional like I can XPEmbedded.


Many Thanks
Bob

 

[KM]

Bob,

Technically, it is possible to have EWF working on XP Pro. (you just have to copy EWF driver files and set some registry entries
properly)
However, legally you won't be able to do that anyway.

--
Regards,
KM, BSquare Corp.

PS. ewfmgr is just a client application that uses EWF API underneath. It is EWF driver that is protecting your partition(s) data
from writes (redirecting the writes to the EWF overlay).

I am working with XPembedded and use the ewfmgr function to lock down the
system. I was wondering if there is a way to lock down let's say XP
professional? Also, could you load a hard drive up with the full version of
XPembedded and lock the hard drive down?

What is the "full version of XPembedded"?
If by locking down the hard driver you mean just protecting it from writes, then yes, EWF is the way to go.

 

[Sean Liming \(eMVP\)]

Just to answer one of the questions..

You can build an XP Pro like image from XPe and use EWF to lock the system
down.

Regards,

Sean Liming (eMVP)

Windows XP Embedded Supplemental Toolkit Covering XPe SP2
Windows XP Embedded Advanced
Windows NT Embedded Step-by-Step
All available at www.sjjmicro.com andXPe Center website: www.seanliming.com

To learn more about Windows XP Embedded, come to MEDC 2005 in Las Vegas!
www.medc2005.com

 

[BeeFarmer]

Thanks KM,

Can you tell me why legally you can't do this? I have been using a program
called DeepFreeze for our 2000 platform and wanted to move away and use
something that wasn't as costly to roll out. Any suggestions or help is
appreciated!

Bob

 

[BeeFarmer]

I would be very interested in finding out how I could do this.

Thanks
Bob

 

[Slobodan Brcin \(eMVP\)]

Bee,

Well my guess is that EWF legaly belong to XP Embedded package and that you
don't have a right to use it on XPP for now, but you should contact MS legal
departement about this.

Regards,
Slobodan

 

[Slobodan Brcin \(eMVP\)]

Bee,
1. Copy ewf.sys to windows\ssytem32\drivers folder.
2. Find out the documentation about Reg configured RAM EWF.
3. Enter all the registry entries described there and EWF will start
working. There is Enabled registry entry missing there but nevertheless EWF
will start enabled by default without it. (You can add it manually)

Regards,
Slobodan

 

[KM]

Bob,

Well.. I am a developer, not a lawyer so I can't tell you much details about the legal side of it.
However, as with pretty much any product on the market, you cannot legally take some parts of the product and use them in another
software without permissions (and possible some royalty fees) from the company who's developed that product.

 

[KM]

Bob,

Slobodan already gave you the answer but I just wanted to extend it a little bit.

Basically you would need this reg.keys:
HKLM,"SYSTEM\CurrentControlSet\Enum\Root\LEGACY_EWF","NextInstance",0x00010003,1
HKLM,"SYSTEM\CurrentControlSet\Enum\Root\LEGACY_EWF\0000",,0x00000012
HKLM,"SYSTEM\CurrentControlSet\Enum\Root\LEGACY_EWF\0000","Service",0x00000002,"EWF"
HKLM,"SYSTEM\CurrentControlSet\Enum\Root\LEGACY_EWF\0000","Legacy",0x00010003,1
HKLM,"SYSTEM\CurrentControlSet\Enum\Root\LEGACY_EWF\0000","ConfigFlags",0x00010003,32
HKLM,"SYSTEM\CurrentControlSet\Enum\Root\LEGACY_EWF\0000","Class",0x00000002,"LegacyDriver"
HKLM,"SYSTEM\CurrentControlSet\Enum\Root\LEGACY_EWF\0000","ClassGUID",0x00000002,"{8ECC055D-047F-11D1-A537-0000F8753ED1}"
HKLM,"SYSTEM\CurrentControlSet\Enum\Root\LEGACY_EWF\0000","DeviceDesc",0x00000002,"EWF"
HKLM,"SYSTEM\CurrentControlSet\Enum\Root\LEGACY_EWF\0000","Capabilities",0x00010003,0
HKLM,"SYSTEM\CurrentControlSet\Enum\Root\LEGACY_EWF\0000\Control","ActiveService",0x00000002,"EWF"
HKLM,"SYSTEM\CurrentControlSet\Services\ewf","ErrorControl",0x00010003,1
HKLM,"SYSTEM\CurrentControlSet\Services\ewf","Group",0x00000002,"System Bus Extender"
HKLM,"SYSTEM\CurrentControlSet\Services\ewf","Start",0x00010003,0
HKLM,"SYSTEM\CurrentControlSet\Services\ewf","Type",0x00010003,1
HKLM,"SYSTEM\CurrentControlSet\Services\ewf\Parameters\Protected\Volume0","Enabled",0x00010003,0
HKLM,"SYSTEM\CurrentControlSet\Services\ewf\Parameters\Protected\Volume0","Type",0x00010003,1

HKLM,"SYSTEM\CurrentControlSet\Services\ewf\Parameters\Protected\Volume0","ArcName",0x00000002,"multi(0)disk(0)rdisk(0)partition(1)"
HKLM,"SYSTEM\CurrentControlSet\Control\Class\{71A27CDD-812A-11D0-BEC7-08002BE2092F}","UpperFilters",0x00010000,"EWF"

And copy these files:
ewf.sys
ewfmgr.exe (this is going to be helpful to you as the console app to control EWF on the target)

(cut from http://www.mp3car.com/vbulletin/archive/index.php/t-40978.html)

The easiest way to grab all required keys would be just exploring EWF component (reg.section and scripts) from XPE ToolKit.

 

[BeeFarmer]

Thanks!

KM, I am going to give this a try and see what happens. Do you folks work
with this at your place of business?

Thanks
Bob

 

[BeeFarmer]

Thanks, I wonder if anyone else has ever tried to lockdown XP and what they
used. I am open to any suggestions or even having someone custom build
something for us.

Thanks

 

[KM]

Bob,

There is a bunch of 3rd party utilities/tools/products available on the market to lock down NT/2K/XP OSes.
One of the most popular would probably be nLite and BartPE (search Google).

Although, I still prefer XPE as this is a way from down to up building an OS meeting your requirements.
The nLite or BartPE, however, are still based off XP Pro build and therefore won't give you as much flexibility as you'd want.
Anyway.. this is probably too different products to compare.

 

[KM]

Bob,

Not sure about your question.
Are you asking whether we here worked with EWF? We certainly did. Less or more

 

[Slobodan Brcin \(eMVP\)]

Konstantin,

As long as ewf.inf file is in windows\inf folder you do not need
SYSTEM\CurrentControlSet\Enum, it will be created by PnP.

Regards,
Slobodan

 

[KM]

Slobodan,

True. I have excluded the ewf.inf from the file list.
If we get it back there, we won't need the Enum entries.