- This topic is empty.
19. January 2009 at 5:21 #1713
I’m trying to get a handle on the new File Based Write filter as all of our images are based on the enhanced write filter.
Can anyone shed some light on what directories I need to exclude so that when the write filter is enabled and I then change the display resolution as well as other user accessibility options, they’re preserved across the reboot?
I had a look and couldn’t see anything obvious – i’ve tried excluding C:Documents and SettingsUser
Kieran19. January 2009 at 5:50 #14910
Managed to find the solution – quick eh!
Exclude c:Documents and SettingsUser or just C:Documents and Settings
All good!19. January 2009 at 7:08 #14915ConfGenKeymaster
- Total Post: 10966
- Jedi Master
although this is working I would not recommend it.
Opening document&settings and system32/config means that all changes to the profiles and ALL changes to registry are saved.
This means a lot of write access to the flash drive and will result in an earlier flash death. Beside that it will open nearly all critical parts of Windows and opens the door for a lot of viruses, trojans and other malware.
Just my 2 cents
CG19. January 2009 at 22:43 #14930
Cheers for the heads up – Here’s the situation:
– The new Wyse build doesn’t have users as being administrators for the changes to be preserved due to the changes in the write filter as long as the directories are excluded – great fature!
– our users want to be able to change their desktop settings such as display resolution, accessibility options just like they can on their normal XP desktops
– i’ve tried excluding just down to documents and settings without the windows directory but the changes to the display settings weren’t being saved
– i’m not sure where you’re coming from in regards to trogans and viruses – the users aren’t admins, we run an extreemly locked down environment where they can’t load anything and it auto-connects as needed. The only case where i’d see this coming into effect is if there was a trojan on the network that was remotely exploiting these systems – is that where you’re coming from? And if so, hows this any different from normal XP?
– I am interested in the impact on the life of the units – is there any info about this I can review?
If there is another way to allow users to save their settings such as registry changes without needing to log them off, log on as administrator, disable the write filter, reboot, make the change, re-enable the write filter then i’m open for it.
I’ll be looking at locking down the exact changes being made from the generalistic folder based restrictions i’ve talked about above (to get it to work) to being the exact files as needed. If you can provide some info – that’d be great.20. January 2009 at 10:13 #14944ConfGenKeymaster
- Total Post: 10966
- Jedi Master
I do not know a way to overcome this issues in a nother way then you already did it. But I just want to give you some background infos on the issues that coudl arise.
I have customer using XPes embedded IE to let the user surf the web. Opening a system like you did it and allow local apps will give you an uncountable risk. Some install an antivirus solution on the units to prevent this again.
Or maybe your user can attach their USB drives? Another big issue for security reasons.
Regarding flash live time. Flash memory is working in a different way then HDDs are. You only have limited count of flash read/write accesses. This means that around this value (which I don’t know right out of my head, but it was some million I think) the flash is dying. This does not mean that the whole flash is dead from one second to the other. But there will be more and more sectors on the flash die, resulting in less space.
Writefilter is helping to prevent this.
- You must be logged in to reply to this topic.