Disk Protection in XPe FP07 CTP

7 08 2006
After a first look, it is quite evident that disk protection will become a very important topic in the coming feature pack.
Not the well known enhanced write filter (EWF) is updated and its integration with HORM is much improved but there are also two new filter drivers. A registry filter and a file based write filter (FWBF).  While EWF uses an approach based on the physical sectors of the disk, the FWBF is based on the file system itself. This comes in handy when certain files are required to be persisted through the filter. The registry filter solves two problems. It allows to refresh the machine account password in a domain / Active Directory environment without turning off EWF and if XPe is used for Terminal services it stores the secret of the TS session, also without further persistence steps.
All filters can be used in mixed mode (but EWF/FWBF not on the same partition, of course) , which enables interesting scenarios such as an EWF protected OS partition accompanied by data partitions protected by FWBF allowing the write through of log files etc, while keeping the rest of the partition secure.
The next interesting thing, I am having a look at, is USB boot. I will try get this on my USB stick next and will let You know how it worked.



Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: