Stupid Question but...

  • Thread starter Thread starter Paul Tyler
  • Start date Start date
P

Paul Tyler

I have to ask

If the EWF is disabled does this mean if a user makes a change then that
change will be there if we reboot?

or
does it mean that if the user makes a change then that change will be kept
when the machine is rebooted?

Example being:

I have disabled EWF "ewfmgr c: -diable" then reboot I then delete an
application from the desktop. I then empty the trash. I reboot again the
application has gone completely. Is this correct? If so how do I stop the
user from doing that and have the app back in its original position when we
reboot? Do I keep the ewfmgr enabled "ewfmgr c: -enable" and reboot, will
that stop the image being changed after the next reboot?

Basically we want EWF running so that the user cannot permanently change any
thing on our XPe run time image.

Cheers and Happy Thanksgiving!!

Paul
 
If it is disabled then it is like EWF driver is not installed.
Everything goes immediately to disk.

You can also use -commit to save changes during shutdown without disabling
EWF.

If state of EWF is enabled during the boot this will prevent further
modification of data unless you commit data and reboot.

For you it is probably best solution RAM EWF.


Regards,
Slobodan
 
Thanks Slobodan

That is what I thought, Disabled is like no EWF and Enabled the image is
protected. A colleague of mine said that he thought it was the reverse and
he gave a very persuasive arguement, just glad I am correct :-) What is the
reason for Commit and Disable?? To what purpose does this command serve, if
EWF is enabled you can commit and change the data and if you disable the EWF
you can then also change the data, why would you commit a change and then
disable the write filter?

--
Paul Tyler
Athena USA
6524 Walker Street
Suite 230
Saint Louis Park, MN 55426
952-876-0428
952-883-0065 FAX
 
Commit is notification flag used when you make changes to registry or files
on protected disk to write those changes on disk when you gracefully close
Windows.

Disable - Is used just for disabling EWF (you think application of this)
Enable - Is used to enable disabled EWF.

CommitAndDisable - Is used if you don't have EWF temporary partition when
using RAM overlay. This is the only way to disable EWF. Since values for EWF
are in this case read from registry during the boot. But to change value in
registry you need to commit change, so this is the reason for existence of
this command.


Regards,
Slobodan
 
Back
Top