One challenge that IT always faces is ensuring the robust operation of shared computers (Infokiosks, internet cafe, training labs, etc.).
Incorrect or malicious manipulations, deletion of files without approval, installation of unnecessary programs, changes in system settings, etc. are common.
Η δημιουργία προφίλ χρήστη με περιορισμένες δυνατότητες, σε συνδοιασμό με πολιτικές ασφάλειας που θα περιορίζουν την πρόσβαση σε στοιχεία του Πίνακα ελέγχου και την επεξεργασία σημαντικών συστατικών του λειτουργικού, είναι εν μέρει μια λύση, που δεν βρίσκει εφαρμογή σε περιπτώσεις όπου ο χρήστης πρέπει να έχει δικαιώματα εγκατάστασης προγραμμάτων / πλήρη πρόσβαση στον τοπικό δίσκο για δημιουργία/διαγραφή αρχείων κλπ, όπως για παράδειγμα σ ένα εργαστήριο information technologys.
UWF is a feature found in the Enterprise versions of Windows and provides the solution to all of the above.
Activating it ensures the system resets after each reboot, undoing any change made by the user, whichever group he belongs to (administrators, power users, etc.).
Applies only to the local drive (HDD / SSD / M2 etc) of the system in which the operating system is installed.
Unlike third-party software such as the well-known Deep Freeze, as a component of the operating system does not present incompatibilities.
It also does not apply to System Restore, which undoes changes made by software (for mobile devices to report the) or device drivers (drivers) and not the total reset of the system.
Installation:
All steps are done as Local Administrator
1 Way:
Πίνακα Ελέγχου (Control Panel) → Προletterτα και δυνατότητες/ Ενεργοποίηση ή απενεργοποίηση των δυνατοτήτων των Windows (Windows Features / Turn Windows Features On or off ).
From the list, select Device Lockdown Un Unified Write Filter.
Shows us a progress bar and when done: Close.
2 Way:
Open a CMD window with administrator privileges (press Windows start, type CMD and holding down Shift + Ctrl click on it or select Run with administrator privileges from the left of the menu)
We give the order:
DISM.exe / Online / enable-Feature / FeatureName: client-UnifiedWriteFilter / all
Activation:
We open a window orders cmd and give the command:
uwfmgr filter enable
We restart the computer.
Με το enter και την επανεκκίνηση διαγράφεται η εικονική μνήμη (virtual memory) , απενεργοποιείται η επαναφορά συστήματος (restore system), το Superfetch, η υπηρεσία ευρετηρίου (File indexing), fastboot, defragmentation service and in the BCD settings the bootstatuspolicy is set to Ignoreallfailures mode. Virtually any service that uses the disk is disabled (temporarily).
Since (as usual) the operating system is in partition C, we give the command from cmd:
uwfmgr.exe volume protect C:
and returns a message that it will be activated after rebooting the system.
To confirm that we have activated the filter and to get information about it, type
uwfmgr.exe get-config
in addition to whether it was activated, we see in our system if there are exceptions, ie directories that will not be protected.
An example of activating it with the information we get:
Exceptions:
We can define some folders in which we do not want to undo the changes.
Microsoft does not recommend excluding anything under the directory (folder) Windows and EFI, Boot, Paging Files and of course it does not make sense to exclude the volume (Volume) in which we applied protection from the beginning.
The command to do this is:
uwfmgr.exe file add-exclusion path
uwfmgr.exe file add-exclusion path
Examples:
Disable UWF:
We order:
uwfmgr filter disable
After the reboot we check if it was successfully deactivated with the command
uwfmgr.exe get-config
_______________________________
There is a case, despite the deactivation, we get an error in the addition and subtraction of a program.
Then we follow the route:
Control Panel Control Programs and Features / Enable or Disable Windows Features (Windows Features / Turn Windows Features On or off)
and uninstall the feature by restarting.