Hi everyone !
In the second part of my article on how to deploy some thin client that run Windows 10 IoT I will talk on the write filter.
It exist three way to manage it that I know that exist;
1 – HP Write Filter (Shipping inside that terminal model as it’s a HP’s brand)
2 – Microsoft Unified Write Filter. That is new a new feature that come from EWF. (Shipped inside the terminal, as the Windows IoT is an Enterprise’s build)
3 – DeepFreeze (not free)
Today I will talk about HPWF and how to deploy the settings to the terminals.
To make the initial configuration to deploy, you must login inside one terminal to configure the overlay exception. We will capture the change after to deploy that.
We right click the HPWF management icon in the systray; it’s the green lock.
A side note; The green icon mean the overlay usage is ok, if it turn yellow or red, it mean it’s now in a critical state. To explain it, the overlay is stored inside the RAM, and each file change is stored inside of that buffer, it’s how the system can revert back the change after a reboot.
Let’s go back to our settings, when we will click the icon we will see which write filter is used;
Inside that windows we can click the More Settings to see which exception is set, and what use the overlay;
I put in red some exception that I did, as some default’s exception exist. The exception I really suggest to enable is for;
- Your Antivirus product.
- In that case I added TrendMicro and Windows Defender
- The user profile if you intend to not use roaming profile, and that you want permanent settings for the user.
- Chrome there, as the default behaviour of Chrome is to auto-update (which is not bad if you want to be secure in the long term)
- I suggest too the Windows LogFiles folder.
The exception will allows our Antivirus to update in a day to day routine, while most of the program files and system folder will revert back.
I suggest to target a test user and test the terminal to see if the overlay cache stay in a consistent state. The goal is if the user write a lot of data to the hard-drive for a reason X, we need to know why.
With the why, we can try to push an needed application to a RDS server in example to prevent HDD usage, or if really needed we can make new exception.
Now to push the settings we need HPDM, which I talk more in detail in the part 3, but I will show you the task to do;
We need to capture the settings, and after we push the captured settings back to our terminals.
The two task w e need to know is:
_Capture Write Filter Exclusion List
This template captures the FBWF/UWF exclusion list from a device running a Windows operating system with FBWF or UWF.
_Deploy Write Filter Exclusion List
This template deploys the write filter exclusion list to devices running a Windows operating system with FBWF or UWF
Thanks everyone for reading, stay tuned for the part 3 soon !