Hi everyone !
In the second part of my article on how to deploy some thin client that run Windows 10 IoT I will talk on the write filter.
It exist three way to manage it that I know that exist;
1 – HP Write Filter (Shipping inside that terminal model as it’s a HP’s brand)
2 – Microsoft Unified Write Filter. That is new a new feature that come from EWF. (Shipped inside the terminal, as the Windows IoT is an Enterprise’s build)
3 – DeepFreeze (not free)
Today I will talk about HPWF and how to deploy the settings to the terminals.
To make the initial configuration to deploy, you must login inside one terminal to configure the overlay exception. We will capture the change after to deploy that.
We right click the HPWF management icon in the systray; it’s the green lock.
A side note; The green icon mean the overlay usage is ok, if it turn yellow or red, it mean it’s now in a critical state. To explain it, the overlay is stored inside the RAM, and each file change is stored inside of that buffer, it’s how the system can revert back the change after a reboot.
Let’s go back to our settings, when we will click the icon we will see which write filter is used;
Inside that windows we can click the More Settings to see which exception is set, and what use the overlay;
I put in red some exception that I did, as some default’s exception exist. The exception I really suggest to enable is for;
- Your Antivirus product.
- In that case I added TrendMicro and Windows Defender
- The user profile if you intend to not use roaming profile, and that you want permanent settings for the user.
- Chrome there, as the default behaviour of Chrome is to auto-update (which is not bad if you want to be secure in the long term)
- I suggest too the Windows LogFiles folder.
The exception will allows our Antivirus to update in a day to day routine, while most of the program files and system folder will revert back.
I suggest to target a test user and test the terminal to see if the overlay cache stay in a consistent state. The goal is if the user write a lot of data to the hard-drive for a reason X, we need to know why.
With the why, we can try to push an needed application to a RDS server in example to prevent HDD usage, or if really needed we can make new exception.
Now to push the settings we need HPDM, which I talk more in detail in the part 3, but I will show you the task to do;
We need to capture the settings, and after we push the captured settings back to our terminals.
The two task w e need to know is:
_Capture Write Filter Exclusion List
This template captures the FBWF/UWF exclusion list from a device running a Windows operating system with FBWF or UWF.
_Deploy Write Filter Exclusion List
This template deploys the write filter exclusion list to devices running a Windows operating system with FBWF or UWF
Thanks everyone for reading, stay tuned for the part 3 soon !
Windows 10 IoT Terminal Deployment – Part 1 – Introduction
7 thoughts on “Windows 10 IoT Terminal Deployment – Part 2 – Protect the Hard Disk ? – Deploy Write Filter !”
This is the post what i was looking for.
In my environment i have HP thin client model t620 Windows 10 IOT 4 GB RAM and 32 GB ROM.
I am using UWF in my environemnt, Is there any benefit of using HPWF? i guess you can’t set more than default overlay size like 671 MB in this but i am not sure.
I am using Microsoft UWF with overlay size 1024 MB, our setup is configured in Kiosk mode where user has only two
apps one is chrome browser and other is Horizon client.
But the thing is both chrome and Horizon is not excluded in UWF and all the writes are form these two apps, so system buffer memory gets full around 25 to 30 days then after system needs to reboot and memory we can monitor through monitoring system.
My question is for excluding chrome and Horizon, we need to exclude both in File and Registry exclusion, which may be
as follows or you can guide:
System is in kiosk and always connected by user mode and following locations user has apps startup set.
C:\Program Files (x86)\VMware\VMware Horiozn View Client\vmware-view.exe – this location is pointed in the user app
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe – this location is pointed in the user app
Thanks in advance.
Following are the exclusion list except chrome and Horizon in our setup:
What’s your opinion on this ?
C:\Program Files\Windows Defender
C:\Program Files (x86)\Windows Defender
C:\Program Data\Microsoft\Windows Defender
HKLM\SOFTWARE\Microsoft\Windows NT\Currentverison\Time Zones
Thanks in advance.
LikeLiked by 1 person
Thanks for the feedback. The exclusion seem ok. My first test I would do is to query your overlay cache to be sure what file is using the most cache.
I see the user profile is protected, so I would ask where the Chrome cache is in your case (appdata redirected?)
If it’s local I would think it’s maybe there that you loose the cache.
To be sure please run that powershell script; it will list where your overlay is active.
$wmiobject = get-wmiobject -Namespace “root\standardcimv2\embedded” -Class UWF_Overlay
$files = $wmiobject.GetOverlayFiles(“c:”)
$files.OverlayFiles | select-object -Property FileName,FileSize | export-csv -Path D:\output.csv
Let me know what you find in the overlay cache
LikeLiked by 1 person
Hi Thanks too for your review and reply.
As i can see user profile is protected in my case, C:\Users folder is not excluded but you have excluded in your exclusion list.
Should we also exclude also C:\Users – Isn’t keep filling storage if we exclude, its good user activity is flush out if its protected also good for security point of view, if user need some setting we can disabled UWF and change setting and Enabled UWF back. In my case user has less privilege.
Chrome cache is not redirected, its in the same user appdata location:
“C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cache (So It’s local i think)
The output of the above commands created data of 1195 rows.Its large data.
How do we filter with column 1?
LikeLiked by 1 person
But i dont know why onedrive and corona are also consuming which are uninstalled and disabled.
Here is the output of the above powershell script: