|Home||Switchboard||Unix Administration||Red Hat||TCP/IP Networks||Neoliberalism||Toxic Managers|
|May the source be with you, but remember the KISS principle ;-)|
|News||Recommended Books||Recommended Links||Logical Volume Snapshots||Acronis True Image||Disk Backup|
|Integrity checking||Registry security||Internet Scams||Creating baseline||Ghost based baseline images||Integrity checkers||Windows Process Viewers||Hardening||Etc|
An ounce of prevention is worth a pound of cure.
Microsoft's free tool for Windows XP called Windows SteadyState allow to control the programs access to the drive, internet, system and installed software. It is discontinued but still can be installed in 32-bit Windows XP. Like with other abandonware there is no support. It is also available for Vista but not for Windows 7. Windows SteadyState is not compatible on a 64-bit Windows.
Essentially this is Microsoft implementation of an old but very useful filesystem feature -- disk snapshot feature which are standard on Solaris ZFS and is available on AIX and Linux (via LVM) under different names.
Windows SteadyState caches changes on windows partition in a large (2 GB as a minimum) cache file. It needs at least 4 GB of unallocated space on your Windows partition to create its shadow partition where it writes all the changes, but the default size uses is approximately 50% of the available disk space (40 GB maximum).
If Windows Disk Protection is installed and enabled, you can choose it to:
You can disable Windows Disk Protection. In this case it will clear the cache and removes the Windows Disk Protection’s driver.
Similar capabilities are available in Try&Decide feature in Acronis True Image, ShadowMode feature of StorageCraft’s ShadowSurfer.
Chapter 6 Windows Disk Protection (Microsoft Shared Computer Toolkit for Windows XP Handbook )
September 16, 2005
The Windows Disk Protection tool protects the Windows operating system and program files from being permanently changed on a Windows partition. During a session, a user can make changes as necessary within the bounds of any restrictions placed on the user. When the computer restarts, Windows Disk Protection returns the Windows partition to its original condition, discarding any changes made during the user session.
This tool helps protect computers from users who might attempt to damage the operating system, and it also prevents malware and spyware from tampering with the computer.
Malicious software, which includes viruses, worms, and Trojan horses, that is designed to harm a computer operating system.
Potentially unwanted software that may collect personal information and is inappropriate for shared computers.
Each time the computer restarts, Windows Disk Protection returns the partition that holds the Windows and program files (called the Windows partition) to its original state. This provides the next user with a standard and reliable experience.
Before you turn on Windows Disk Protection, be sure that you have correctly prepared the disk and created, customized, and restricted the required user profiles as discussed in the previous chapters.
On This Page
- Turn On Windows Disk Protection
- Save Changes When Windows Disk Protection Is On
- Retain Changes When Windows Disk Protection Is On
- Retain Changes Indefinitely When Windows Disk Protection Is On
- Improve the Performance of Windows Disk Protection
- Manage the Protection Partition
Turn On Windows Disk Protection
The default behavior of Windows Disk Protection is to clear disk changes made to the Windows partition with each computer restart, thereby protecting the disk from unwanted changes. Operators can at any time choose to save changes made to the disk. Operators can also schedule Windows Disk Protection to download, install, and save critical updates to disk automatically while the computer is not in use.
For best disk performance, defragment your Windows partition prior to turning on Windows Disk Protection. Do not defragment the disk when Windows Disk Protection is on.
To turn on Windows Disk Protection and schedule critical updates
- Click Start, point to All Programs, point to Microsoft Shared Computer Toolkit, and then click Windows Disk Protection. Restart the computer if requested and then start Windows Disk Protection again.
- In the Restart Action section, click Keep On. If this is the first time you have used the Shared Computer Toolkit, Windows Disk Protection creates the protection partition. The computer requires a restart to complete the initialization process.
- After the restart, return to Windows Disk Protection to complete the configuration.
- If Windows Disk Protection identifies antivirus software it knows how to update, it displays a dialog box to this effect. If you see this dialog box, click OK.
- If Windows Disk Protection did not detect your antivirus software, click Set to specify an antivirus script you have created. You can configure other update scripts as needed to manage updates for third-party programs.
- In the Critical Updates section, configure the day and time at which Windows Disk Protection should download and install critical updates.
- For Microsoft Updates, Click Enabled to enable critical Microsoft updates.
- Click OK.
- Windows Disk Protection displays a message that states that the computer must be restarted for the changes to take effect. Click Yes to restart the computer.
Do not attempt to change any partition after Windows Disk Protection is turned on because it tracks physical disk and partition numbers and they must not change. If you must change partitions, turn off Windows Disk Protection and delete the protection partition before making any partition changes.
The default setting for Windows Disk Protection is to Clear changes with each restart. This option ensures that untrusted users and malware cannot save any disk changes to the Windows partition of the computer. When the computer restarts, all disk changes that were made are removed, and the computer returns to its previous state.
The Restart Option will not become available to change until after the computer has been restarted with Windows Disk Protection turned on. This ensures that Windows Disk Protection is started with the default settings.
Services, such as event logging, that usually write to the Windows partition will not be able to permanently record log entries because new entries will be lost when changes are cleared. To keep event logs, consider moving them to a persistent volume. This process is covered in the “Improve the Performance of Windows Disk Protection” section later in this chapter.
Hibernation and Windows Disk Protection
If hibernation is enabled on your system when you turn on Windows Disk Protection, you will receive a message that indicates that hibernation does not work with Windows Disk Protection.
When a system hibernates, it writes the contents of the system RAM to a file on the disk. Because modifications to the Windows partition are cleared when Windows Disk Protection is on and set to Clear changes with each restart, hibernation will fail.
To disable hibernation, open Control Panel, double-click Power Options, click the Hibernate tab, and then clear the Enable hibernation check box.
Windows Disk Protection Status
When Windows Disk Protection is on and Getting Started is not configured to run automatically, a popup called Disk Protection Is On will appear when you log on as the Toolkit administrator. This popup provides a convenient way to open Windows Disk Protection when you have to save changes to disk.
If you want to stop this popup from appearing, delete the Check Windows Disk Protection shortcut from the Toolkit administrator’s Startup folder.
When you turn on Windows Disk Protection, it will continue to install Microsoft critical updates using the Automatic Updates schedule you may have configured previously. It will use Microsoft Update, Windows Update, or Windows Server Update Services, depending on which of these is currently used by Windows. (Software Update Services is not supported.) You can enable or disable Microsoft Updates and set the schedule to suit your needs when you turn on Windows Disk Protection.
When Windows Disk Protection downloads and installs critical updates, it will log off the active user, restart the computer to clear disk changes, and temporarily disable local user accounts to prevent unapproved disk changes from being saved at the same time. After downloading and installing the updates, it will set Windows Disk Protection to Save changes with next restart and then restart the computer.
In addition to being able to save Microsoft critical updates automatically, Windows Disk Protection allows a script you select to save antivirus updates and updates for other programs.
Alternatively, you can schedule antivirus updates through the graphical interface your antivirus product provides. Schedule the updates to occur at the exact same hour and day(s) as the schedule you select for critical updates in the Windows Disk Protection tool. The Windows Disk Protection critical updates process will wait at least 10 minutes for other updates to be completed concurrently before it restarts the computer to save disk changes.
Windows Disk Protection will offer to perform antivirus updates automatically as part of the critical updates process if it detects an antivirus product it knows how to update. The Toolkit currently detects and includes scripts for updating the following antivirus products:
If you have another antivirus product, you might want to prepare a signature update script for it as described in your antivirus software manual. Look for sections that describe the command-line tools that perform signature updates.
Check the Microsoft Windows Shared Access newsgroup to see if anyone else has already created a signature update script for the antivirus software you have.
For more information about the Windows Disk Protection critical updates process, see Appendix A, “Technical Primer.”
Other Updates from Microsoft
Windows Disk Protection only automates critical updates from Microsoft—it does not automatically install recommended updates, optional updates, driver updates, or special updates that may have their own license agreements. Review the updates available on Microsoft Update periodically, download and install the ones you want, and then use the Windows Disk Protection tool to save changes to disk.Chapter 2: Prepare the Disk for Windows Disk Protection
Published: September 16, 2005
The Windows Disk Protection tool protects the Microsoft® Windows XP operating system and program files from being permanently changed on the Windows partition— typically the C: drive. When Windows Disk Protection is on, users can work as usual and Windows behaves as expected. However, all disk changes made aren’t actually being made to the Windows partition—they are stored temporarily in another location.
If the terms in this chapter are difficult to understand, you might want to review the "Disks and Partitions" section in Appendix A, “Technical Primer.”
When the computer restarts, Windows Disk Protection returns the Windows partition to its original condition, clearing the changes made since the previous restart. This is a powerful security feature for shared computers.
Windows Disk Protection requires special preparation of the hard disk on the computer, which is explained through the following topics:
- Windows Disk Protection requirements
- Resize an existing partition
- Size the disk during Windows XP Setup
On This Page
Windows Disk Protection Requirements
Resize an Existing Partition
Size the Disk During Windows XP Setup
Windows Disk Protection Requirements
Windows Disk Protection requires a minimum of 1 GB of unallocated disk space. This unallocated disk space will become the protection partition—for storing disk changes temporarily when Windows Disk Protection is turned on. Some computer uses—such as burning CDs and DVDs—require large amounts of disk space (double the size of the project being written to disk). Keep this in mind and ensure that sufficient unallocated disk space exists when you configure computers that will be used for this purpose.
An alternative to increasing the size of the protection partition for burning CDs and DVDs is to configure your disk-burning software to place its temporary files off the Windows partition.
To turn on Windows Disk Protection, you must fulfill the following requirements:
- Ensure that at least 1 GB or approximately 10 percent of the Windows partition (whichever is greater) is available as unallocated disk space.
- The unallocated disk space must follow a primary partition; it cannot be at the beginning of the disk.
- The disk that contains unallocated disk space may have no more than three primary partitions.
- The Windows partition must be a basic disk. Dynamic disks are not supported by Windows Disk Protection.
The protection partition can also be created in free space in an extended partition, or you can use unallocated disk space on a second physical disk. For more information about each of these techniques, see the “Manage the Protection Partition” at the end of this chapter.
You can use the Disk Management utility to view the current partitions on the hard disk.
To use the Disk Management utility in Windows XP to view current partitions
- Log on as the Toolkit administrator.
- If Getting Started does not open automatically, click Start, point to All Programs, point to Microsoft Shared Computer Toolkit, and then click Getting Started.
- In Step 1 of the Getting Started tool, click the Open Disk Management link at the bottom of the topic. A shortcut to Disk Management is also included in the Quick access section near the top of the Getting Started window.
Alternatively, you can right-click My Computer, click Manage, and then click Disk Management.
The following figure shows the Disk Management utility on a computer with a single 40-GB hard disk. The hard disk has a 36-GB Windows partition (the C: drive) and 4 GB of unallocated disk space for Windows Disk Protection.
If you leave unallocated space equivalent to the size of the Windows partition, Windows Disk Protection will not be restricted by disk space and will be able to track all changes made to the Windows partition.
Most shared computers do not offer users a way to store persistent data locally, but some environments may want to offer this capability. Alternatives for storing persistent user data when Windows Disk Protection is on are described in Chapter 9, “Advanced Scenarios.”
To calculate required size of unallocated disk space
If you need to determine the required size of the unallocated space, you can use one of the following procedures:
- Windows partition uses the entire disk. Divide the disk size in GB by 10. If the result is more than 1 GB, that is the required size of the unallocated space.
- Windows partition uses part of disk. Divide the size of the Windows partition by 10. If the result is more than 1 GB, that is the required size of the unallocated space.
If the tool you use to resize partitions reports space in MB, multiply the calculated figures by 1024 to convert gigabytes to megabytes.
The following table provides several hard disk configuration examples:
Hard Disk Partition for C: Drive Unallocated disk space (1 GB = 1024 MB) 30 GB 27 GB 3 GB (3,072 MB) 80 GB 72 GB 8 GB (8,192 MB) 120 GB 108 GB 12 GB (12,288 MB) 250 GB 225 GB 25 GB (25,600 MB)
Some tasks, such as creating or copying CDs, use significant amounts of disk space on a temporary basis. If your computer will be used for these tasks, ensure enough unallocated disk space exists before the protection partition is created to contain the full contents of two CDs or DVDs.
Resize an Existing Partition
Most computers do not come with unallocated disk space—the entire disk is typically fully partitioned, often as a single C: drive. This section provides two options for creating the unallocated disk space necessary for Windows Disk Protection.
Microsoft does not provide support for third-party disk partitioning products. Please contact the product vendor regarding any support issues with these products.
If your computer already has Windows XP installed and you do not want to reinstall and reconfigure Windows and other programs, you need a third-party disk utility to resize the Windows partition and leave unallocated disk space for Windows Disk Protection.
This section describes how to use Symantec Norton PartitionMagic 8.0 to create the unallocated disk space required for Windows Disk Protection.
Alternatively, you can use TeraByte Unlimited BootIt Next Generation. Full instructions and downloadable trial software are available on the TeraByte Unlimited Web site.
You can locate other disk partitioning utilities by searching Windows Marketplace.
Start PartitionMagic 8.0 by starting the computer from the program CD—not by starting the program from within Windows. You should also make a full backup before you begin this procedure.
To resize a partition using PartitionMagic 8.0
- Insert the PartitionMagic CD into the CD-ROM drive on the computer.
- If the program starts automatically, click Exit.
- Click Start, click Turn Off Computer, and then click Restart. Ensure the computer starts from the PartitionMagic CD.
- After PartitionMagic starts, at the command prompt, type 1 for Norton PartitionMagic, and then select the language you want to use.
- In the main window for the program (shown in the following figure) choose a hard disk by clicking the drop-down menu on the main toolbar. The example in the following figure shows a 40-GB hard disk with a single primary partition.
Make sure you leave enough room for Windows XP and all necessary programs, typically at least 10 GB for the Windows partition. In this example, the 40 GB partition is resized to 36 GB.
- Click the partition that you want to resize, click Operations, and then click Resize/Move.
- In the Resize/Move Partition dialog box (shown in the following figure), in the Free Space After box, type the amount of unallocated space to reserve. Use this formula: Number of GB * 1024. The following example shows 4096 (4*1024). The exact number is not important, as long as it is greater than 1024 (1 GB).
Figure 2.3 Resizing a partition in PartitionMagic 8.0
In its user interface, PartitionMagic 8.0 refers to the required unallocated disk space as Free Space After.
- Click OK and then click Apply to resize the partition. It will take a few minutes to complete.
- After it finishes, click Exit, remove the CD, restart the computer, and log on to Windows as the Toolkit administrator.
- Within a minute after you log on to Windows, a System Settings Change dialog will appear that asks if you want to restart your computer. Click No.
The computer is now ready for Windows Disk Protection to be turned on.
After you complete these steps, proceed to Chapter 3, “Profile Management.”
Size the Disk During Windows XP Setup
If you plan to perform a clean installation of Windows XP, the best way to prepare the hard disk for Windows Disk Protection is to create a primary partition of the appropriate size during Windows XP setup. This option is only appropriate if you are willing to overwrite all programs, settings, and files on the computer’s hard disk.
Deleting partitions will destroy any data on that partition. Use this method only if you do not need to preserve any information on the computer and are willing to reinstall Windows, all necessary programs, and all necessary drivers.
After you start Windows XP Setup (which you can do by starting the computer with the Windows XP installation CD in the CD-ROM drive), and after you accept the Microsoft Windows XP Licensing Agreement, Setup displays the page shown in the following figure.
To size a partition during Windows XP Setup
- The example in the previous figure shows a single hard disk that has 40 GB (40,955 MB) of unallocated space. To create a partition, press C to display the page shown in the following figure. This page shows the minimum and maximum size you can designate for a new partition.
- Type the appropriate size in MB for the partition you want to create and then press ENTER. For example, to create a 36-GB partition, you would type 36864 (36 * 1024). Leave the remaining space unallocated for use by Windows Disk Protection.
- Use the arrow keys to select the partition into which to install Windows (if it is not already selected) and then press ENTER.
- Use your arrow keys to select Format the partition using the NTFS file system (Quick) and then press ENTER.
- Windows XP Setup copies the necessary installation files, and then restarts your computer. Continue with the installation of Windows.
Create the C: partition only during Windows installation. You can create an optional persistent partition using the Disk Management tool after the Windows installation completes. This procedure is covered in Chapter 9, "Advanced Scenarios."
Undo your worries with Windows Disk Protection
Windows Disk Protection keeps everything on the Windows disk partition from being permanently changed by users. This means every change made during a user session can easily be undone and the computer returned to its original state.
Create a consistent experience
On a shared computer, the goal is to create a consistent, uniform environment for all users. They should not be able to modify or corrupt the system. However, activities performed during a user session cause many changes to the operating system partition. Program files are created, modified, and deleted. The operating system also updates system information as part of its normal operation.
Windows Disk Protection clears all changes to the operating system partition whenever you restart the computer-or at whatever interval you specify.
How Windows Disk Protection works
When disk protection is turned on, it creates a cache file to retain all the modifications to the operating system or program directories. Histories, saved files, and logs are all stored in this cache file which has been created on a special partition of the system drive. At intervals you designate, Windows SteadyState deletes the contents of the cache and restores the system to the state in which disk protection was first turned on.
Set it and forget it
Choose the disk protection level that fits how your computer is used and whether or not your users need to save data for a specific length of time.
Malware infection and unwanted system changes are the biggest concerns by organizations and individuals. It's easy to be infected nowadays if the anti-virus' real-time protection failed to detect malicious behavior while a user is surfing or installing unknown programs. It's also easy to have unusable system if an update or software installation contains bugs or incompatibility with existing applications.
The above problems will be solved by using ShadowMode, Try&Decide or Windows Disk Protection. For screenshots, please refer to below images.
1. ShadowMode feature in ShadowSurfer, ShadowUser and ShadowServer:
StorageCraft's ShadowServer, ShadowSurfer and ShadowUser include a feature called ShadowMode. ShadowMode will create a virtual volume so you can run your PC or server in a virtual state. Unwanted changes or malware infection will not affect the system if ShadowMode is enabled. If you will install software, updates or make a major change on the system but later realize that it is not what you like or the update has unknown or known issues, you can simply end the ShadowMode session and go back to the previous system state.
ShadowSurfer and ShadowUser are compatible on Windows 2000 and XP systems. Vista system is not supported yet at the time of this writing. ShadowServer will run on 2000 and 2003 editions of Windows Server. You can commit the changes on files, folder or entire system; continue a ShadowMode session across reboots; schedule automatic reset of the computer to previous state and schedule to enable or disable a ShadowMode session if you will use ShadowUser and ShadowServer.
Groupthink : Two Party System as Polyarchy : Corruption of Regulators : Bureaucracies : Understanding Micromanagers and Control Freaks : Toxic Managers : Harvard Mafia : Diplomatic Communication : Surviving a Bad Performance Review : Insufficient Retirement Funds as Immanent Problem of Neoliberal Regime : PseudoScience : Who Rules America : Neoliberalism : The Iron Law of Oligarchy : Libertarian Philosophy
War and Peace : Skeptical Finance : John Kenneth Galbraith :Talleyrand : Oscar Wilde : Otto Von Bismarck : Keynes : George Carlin : Skeptics : Propaganda : SE quotes : Language Design and Programming Quotes : Random IT-related quotes : Somerset Maugham : Marcus Aurelius : Kurt Vonnegut : Eric Hoffer : Winston Churchill : Napoleon Bonaparte : Ambrose Bierce : Bernard Shaw : Mark Twain Quotes
Vol 25, No.12 (December, 2013) Rational Fools vs. Efficient Crooks The efficient markets hypothesis : Political Skeptic Bulletin, 2013 : Unemployment Bulletin, 2010 : Vol 23, No.10 (October, 2011) An observation about corporate security departments : Slightly Skeptical Euromaydan Chronicles, June 2014 : Greenspan legacy bulletin, 2008 : Vol 25, No.10 (October, 2013) Cryptolocker Trojan (Win32/Crilock.A) : Vol 25, No.08 (August, 2013) Cloud providers as intelligence collection hubs : Financial Humor Bulletin, 2010 : Inequality Bulletin, 2009 : Financial Humor Bulletin, 2008 : Copyleft Problems Bulletin, 2004 : Financial Humor Bulletin, 2011 : Energy Bulletin, 2010 : Malware Protection Bulletin, 2010 : Vol 26, No.1 (January, 2013) Object-Oriented Cult : Political Skeptic Bulletin, 2011 : Vol 23, No.11 (November, 2011) Softpanorama classification of sysadmin horror stories : Vol 25, No.05 (May, 2013) Corporate bullshit as a communication method : Vol 25, No.06 (June, 2013) A Note on the Relationship of Brooks Law and Conway Law
Fifty glorious years (1950-2000): the triumph of the US computer engineering : Donald Knuth : TAoCP and its Influence of Computer Science : Richard Stallman : Linus Torvalds : Larry Wall : John K. Ousterhout : CTSS : Multix OS Unix History : Unix shell history : VI editor : History of pipes concept : Solaris : MS DOS : Programming Languages History : PL/1 : Simula 67 : C : History of GCC development : Scripting Languages : Perl history : OS History : Mail : DNS : SSH : CPU Instruction Sets : SPARC systems 1987-2006 : Norton Commander : Norton Utilities : Norton Ghost : Frontpage history : Malware Defense History : GNU Screen : OSS early history
The Peter Principle : Parkinson Law : 1984 : The Mythical Man-Month : How to Solve It by George Polya : The Art of Computer Programming : The Elements of Programming Style : The Unix Hater’s Handbook : The Jargon file : The True Believer : Programming Pearls : The Good Soldier Svejk : The Power Elite
Most popular humor pages:
Manifest of the Softpanorama IT Slacker Society : Ten Commandments of the IT Slackers Society : Computer Humor Collection : BSD Logo Story : The Cuckoo's Egg : IT Slang : C++ Humor : ARE YOU A BBS ADDICT? : The Perl Purity Test : Object oriented programmers of all nations : Financial Humor : Financial Humor Bulletin, 2008 : Financial Humor Bulletin, 2010 : The Most Comprehensive Collection of Editor-related Humor : Programming Language Humor : Goldman Sachs related humor : Greenspan humor : C Humor : Scripting Humor : Real Programmers Humor : Web Humor : GPL-related Humor : OFM Humor : Politically Incorrect Humor : IDS Humor : "Linux Sucks" Humor : Russian Musical Humor : Best Russian Programmer Humor : Microsoft plans to buy Catholic Church : Richard Stallman Related Humor : Admin Humor : Perl-related Humor : Linus Torvalds Related humor : PseudoScience Related Humor : Networking Humor : Shell Humor : Financial Humor Bulletin, 2011 : Financial Humor Bulletin, 2012 : Financial Humor Bulletin, 2013 : Java Humor : Software Engineering Humor : Sun Solaris Related Humor : Education Humor : IBM Humor : Assembler-related Humor : VIM Humor : Computer Viruses Humor : Bright tomorrow is rescheduled to a day after tomorrow : Classic Computer Humor
The Last but not Least
Copyright © 1996-2018 by Dr. Nikolai Bezroukov. www.softpanorama.org was initially created as a service to the (now defunct) UN Sustainable Development Networking Programme (SDNP) in the author free time and without any remuneration. This document is an industrial compilation designed and created exclusively for educational use and is distributed under the Softpanorama Content License. Original materials copyright belong to respective owners. Quotes are made for educational purposes only in compliance with the fair use doctrine.
FAIR USE NOTICE This site contains copyrighted material the use of which has not always been specifically authorized by the copyright owner. We are making such material available to advance understanding of computer science, IT technology, economic, scientific, and social issues. We believe this constitutes a 'fair use' of any such copyrighted material as provided by section 107 of the US Copyright Law according to which such material can be distributed without profit exclusively for research and educational purposes.
This is a Spartan WHYFF (We Help You For Free) site written by people for whom English is not a native language. Grammar and spelling errors should be expected. The site contain some broken links as it develops like a living tree...
|You can use PayPal to make a contribution, supporting development of this site and speed up access. In case softpanorama.org is down you can use the at softpanorama.info|
The statements, views and opinions presented on this web page are those of the author (or referenced source) and are not endorsed by, nor do they necessarily reflect, the opinions of the author present and former employers, SDNP or any other organization the author may be associated with. We do not warrant the correctness of the information provided or its fitness for any purpose.
Last modified: October 03, 2017