One challenge that IT always faces is ensuring the robust operation of shared computers (Infokiosks, internet cafe, training labs, etc.).
Incorrect or malicious manipulations, deletion of files without approval, installation of unnecessary programs, changes in system settings, etc. are common.
Creating a user profile with disabilities, combined with security policies that restrict access to Control Panel components and the processing of important components of the operating system, is partly a solution that does not work in cases where the user must have permissions. software installation / full access to the local disk for creating / deleting files etc, for example in a computer lab.
UWF is a feature found in the Enterprise versions of Windows and provides the solution to all of the above.
Activating it ensures the system resets after each reboot, undoing any change made by the user, whichever group he belongs to (administrators, power users, etc.).
Applies only to the local drive (HDD / SSD / M2 etc) of the system in which the operating system is installed.
Unlike third-party software such as the well-known Deep Freeze, as a component of the operating system does not present incompatibilities.
It also does not concern the System Restore function, which performs undo changes by software or drivers and not the total system restore.
All steps are done as Local Administrator
Control Panel Control Programs and Features / Enable or Disable Windows Features (Windows Features / Turn Windows Features On or off).
From the list, select Device Lockdown Un Unified Write Filter.
Shows us a progress bar and when done: Close.
Open a CMD window with administrator privileges (press Windows start, type CMD and holding down Shift + Ctrl click on it or select Run with administrator privileges from the left of the menu)
We give the order:
DISM.exe / Online / enable-Feature / FeatureName: client-UnifiedWriteFilter / all
Open the cmd command window and give the command:
uwfmgr filter enable
We restart the computer.
Enter and restart the virtual memory, deactivate the restore system, Superfetch, File indexing, fast boot, defragmentation service and in the BCD settings the bootstatuspolicy policy enters Ignoreallfailures mode. Virtually any service that uses the disk is disabled (temporarily)
Since (as usual) the operating system is in partition C, we give the command from cmd:
uwfmgr.exe volume protect C:
and returns a message that it will be activated after rebooting the system.
To confirm that we have activated the filter and to get information about it, type
in addition to whether it was activated, we see in our system if there are exceptions, ie directories that will not be protected.
An example of activating it with the information we get:
We can define some folders in which we do not want to undo the changes.
Microsoft does not recommend excluding anything under the directory (folder) Windows and EFI, Boot, Paging Files and of course it does not make sense to exclude the volume (Volume) in which we applied protection from the beginning.
The command to do this is:
uwfmgr.exe file add-exclusion path
uwfmgr.exe file add-exclusion path
uwfmgr filter disable
After the reboot we check if it was successfully deactivated with the command
There is a case, despite the deactivation, we get an error in the addition and subtraction of a program.
Then we follow the route:
Control Panel Control Programs and Features / Enable or Disable Windows Features (Windows Features / Turn Windows Features On or off)
and uninstall the feature by restarting.