Jump to content

Disable WFP during Setup- Enable after setup

cableguy_uk
 Share

Recommended Posts

cableguy_uk

cableguy_uk

Posted
Posted

Thanks to some bright people on here, most now know how to disable SFC in XP.

But i would like to switch it back on after setup so my system is more secure.

Now is this as easy as copying the original SFC_OS.dll back after setup via a small batch script or is it more involved.

Has anyone done this....

its really annoying coming back to a pc after 3 hours to find it hanging during setup as i've overwritten some file or other.....grrrrrrr.

Any help will be greatly appreciated

Link to comment
Share on other sites

cableguy_uk

cableguy_uk

Posted
  • Author
Posted

So basically what your saying is disable with modified SFC_OS.dl_. Then turn it back on with a registry tweak during T-13 setup or first logon.

Even though i have a hacked SFC_OS.dll file on the install, will turning it back on with a reg tweak after logon work with a hacked file or not.

I can turn it off no problem at all, thanks to info gained from this forum, but i want to turn it back on during first logon or at the very end of an XP setup rebuild.

thanks for your prompt reply Alanoll

Link to comment
Share on other sites
Alanoll

Alanoll

Posted
Posted
If I understand this correctly, the hex edit of the DLL is done specifically to give you the extra options to turn FP on or off with the reg tweak.

correct. By default the original file changes SFCDisable to 1 automatically. By using the modified file, the key is changed to SFCSetting and the program that does change the value changes the wrong key. SFCSetting is changed when you change it.

Link to comment
Share on other sites
Denney

Denney

Posted
Posted

The main reason I created that patch was to disable WFP so I could remove/overwrite some things at T-13 and at RunOnceEx.

If you want to re-enable WFP, I would suggest enabling it via the registry edit at the end of RunOnceEx or first logon just before you restart the PC. That way, when you login the second time and start using your computer, WFP will be enabled again.

2 things to note about turning it back on though...

1. Most of the directories you can delete with WFP turned off will be RECREATED when you turn WFP back on.

2. Make sure you delete anything in the "C:\WINDOWS\system32\dllcache" directory first and eject your Windows CDROM. Otherwise, I think, the files will be overwritten again.

I've never needed to re-enable WFP so I can't be for sure what side effects would occur when turning it back on. If you do turn it back on, please post again to let us know what happened.

Link to comment
Share on other sites
jaclaz

jaclaz

Posted
Posted

I might add,

you might want to change some settings in the registry.

As a matter of fact, what found here:

http://www.microsoft.com/whdc/winlogo/drvsign/wfp.mspx

After detecting the replacement of a protected file, WFP searches for the replaced files in the following order:

1. Search the dllcache directory.

2. If the system was installed via network install, search the network install path.

3. Search on the CD.

If the file is found in dllcache or the install source is auto-located, WFP replaces the file without prompting the user and moves on. If the file cannot be found, WFP displays a dialog box that prompts the user to either insert distribution media or cancel the restore operation.

Means in plain english, that WFP does:

1. Search the dllcache directory.

2.&3. Search the original file in the location specified in this registry key, it can be CD, local Hard disk, network Hard disk:
KEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\SourcePath

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ServicePackSourcePath

HKEY_LOCAL_MACHINE \SOFTWARE\Microsoft\Windows NT\CurrentVersion\SourcePath

(info above gathered from this German only Microsoft kb article:

http://support.microsoft.com/default.aspx?...b%3Bde%3BD43422

of which I found an english translation, here:

http://www.lermanet.com/cisar/survey/bm.htm?FACTNet

(well, know I know that I Executive Software finds out I have been cruel to others :) I will not be able to defrag my hard disk anymore!) :rolleyes:

So, you should make a backup and delete those keys.

I don't know if you reinsert at any time your install CD, if Windows SFC will be able to gather it is the install one and will try again to copy over protected files.

jaclaz

Link to comment
Share on other sites
cableguy_uk

cableguy_uk

Posted
  • Author
Posted

Brilliant and informative reply's as always, i was thinking along these lines myself as i'm using this install on a large number of pc's, and want to make sure that WFC is turned back on after t13 or at the very least after first logon via a reg tweak.

I didn't realize it was a small hack on the dll, sounds like it might work.

I will post results from both SP1 & SP2 builds as i'm using both at the moment.

many many thanks.....

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...