如何在Windows 8 Embedded Standard中使用UWF注册表过滤器来保留环境变量？ [英] How to persist an enviroment variable using UWF Registry Filter In Windows 8 Embedded Standard?

问题描述

如何在使用统一写过滤器锁定大部分注册表和文件系统的同时保留环境变量？

问题：

当使用C：protected启用统一写入过滤器并为HKEY_LOCAL_MACHINE \SYSTEM\ControlSet001 \Control\Session Manager添加唯一的注册表过滤器排除时，重启系统变得不稳定。

机器多次启动重启（进入重启循环而不进入shell）。有时机器会在关闭和打开后恢复正常工作。

机器可以正常使用完全保护和完整的注册表过滤器（没有自定义例外），但我确实需要存储一个环境变量，在重新启动之间持续存在。

环境变量实际存储在HKLM \\ system \\ CurrentControlSet \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ ，但使用该排除仅完全不起作用。

• 有没有办法在保持文件系统过滤器的同时完全关闭注册表过滤器C：使用UWF？
• 我应该尝试添加哪些注册表项来排除？

我有在不受保护的会话之间运行HKLM导出的差异，但差异相当大，主要是二进制。

操作系统： Windows 8 Embedded Standard，几乎使用ICE配置完整图像（保存一些功能，如蓝牙），在我之后在打开uwf之前，安全性和其他更新完全更新了安装。未安装常规用户软件（如IE）
。

操作系统启动到自定义Shell，这是常规的cmd.exe。许多自定义服务已启动。

硬件： SuperMicro X10SLL + -F，Xeon E3-1230V3，Innodisk 64GB SATADOM-MH 3ME SSD，4GB ECC

分区：C：40GB D：20GB，只有C：受UWF保护。想法是保持C：锁定，同时允许D中的两组类似软件根据环境变量运行。

解决方案

您是否将注册表过滤器用作单独的组件与Unified Write Filter同时进行？

如果是这样，那就错了，因为只有与旧的写过滤器兼容，Registry过滤器才会在Standard 8中保留。

UWF有自己的手段实现注册表过滤。

尝试从操作系统映像中排除注册表过滤器，并使用UWF表示：
uwfmgr registry add-exclusion" HKLM \ System \ CurrentControlSet \Control\Session Manager \Environment"

注册表实际上是一组文件，所以如果你启用了写过滤器，它会阻止注册表进行任何更改同样。尽管启用了写过滤器，注册表过滤器（或UWF中的类似工具）实际上允许向注册表写入内容。基于此，
第一个问题的简答题是否定的。虽然您可以尝试将注册表文件添加到文件排除项并检查它是否有效，但我没有测试过，我认为它无法正常工作。最简单的原因是因为注册表项可以
包含文件系统对象的链接，如果文件系统受到保护而注册表不受管理，则在发生某些更改后会出现此类链接的问题（例如，由于新安装并重新启动。

至于排除 - 我在测试系统上尝试了上面例子中的路径，它可以与UWF一起使用。

How would one go about persisting an enviroment variable while locking down most of registry and file system using Unified Write Filter?

Problem:

When Unified Write Filter is enabled with C: protected and a sole Registry Filter exclusion added for HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager , upon restart system becomes unstable.

Machine starts rebooting multiple times(goes into reboot cycle not getting to shell). Sometimes machine will resume working normally after being turned off and on.

Machine works fine with full protection and full Registry Filter (no custom exceptions), but I do need to store an Enviroment Variable that persists between reboots.

The enviroment variable is actually stored in HKLM\\System\\CurrentControlSet\\Control\\Session Manager\\Environment , but using that exclusion solely did not work at all.

• Is there a way to completely turn off Registry Filter while still keeping File System Filter for C: using UWF?
• What registry keys should I try adding to exclusions?

I have run a diff on HKLM exports between unprotected sessions, but diff is rather large and mostly binary.

OS: Windows 8 Embedded Standard, almost full image configured using ICE (save a few features such as Bluetooth), after installation fully updated with security and other updates before uwf was turned on. General user software (such as IE) are not installed.

OS boots to Custom Shell which is regular cmd.exe . A number of custom services are started.

Hardware: SuperMicro X10SLL+-F, Xeon E3-1230V3,  Innodisk 64GB SATADOM-MH 3ME SSD , 4GB ECC

Partioning: C: 40GB D: 20GB, only C: is protected with UWF. The idea is to keep C: locked down while allowing two banks of similar software in D to be run depending on enviroment variable.

解决方案

Do you use Registry filter as a separate component simultaneously with Unified Write Filter?

If so, that's wrong, because Registry filter persists in Standard 8 only for compatibility with old write filters. UWF has its own means to implement registry filtering.

Try to exclude Registry filter from OS image, and use UWF means like that: uwfmgr registry add-exclusion "HKLM\System\CurrentControlSet\Control\Session Manager\Environment"

Registry is actually set of files, so if you have write filter enabled, it prevents registry from any changes as well. Registry filter (or similar tool in UWF) actually allows to write something to registry despite on enabled write filter. Based on this, the short answer on the first question is no. Although you can try to add registry files to file exclusions and check if it works, but I haven't tested that and I suppose it won't work correctly. The simplest reason for that is because registry entries can contain links to file system objects, and if file system is protected and registry is not, the issues with such links can occur after some changes (for example, due to new installation) and reboot.

As for exclusions - I've tried the path from example above on a test system and it works fine with UWF.

这篇关于如何在Windows 8 Embedded Standard中使用UWF注册表过滤器来保留环境变量？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！