cableguy_uk Posted August 7, 2004 Share Posted August 7, 2004 Thanks to some bright people on here, most now know how to disable SFC in XP.But i would like to switch it back on after setup so my system is more secure.Now is this as easy as copying the original SFC_OS.dll back after setup via a small batch script or is it more involved.Has anyone done this....its really annoying coming back to a pc after 3 hours to find it hanging during setup as i've overwritten some file or other.....grrrrrrr.Any help will be greatly appreciated Link to comment Share on other sites More sharing options...
Alanoll Posted August 7, 2004 Share Posted August 7, 2004 if you use the modified SFC_OS.DLL that's either from nLite or RaveRod you simply change either SFCDisable/SFCSetting to 1 instead of FFFFFF9c or whatever it is. Link to comment Share on other sites More sharing options...
cableguy_uk Posted August 7, 2004 Author Share Posted August 7, 2004 So basically what your saying is disable with modified SFC_OS.dl_. Then turn it back on with a registry tweak during T-13 setup or first logon.Even though i have a hacked SFC_OS.dll file on the install, will turning it back on with a reg tweak after logon work with a hacked file or not.I can turn it off no problem at all, thanks to info gained from this forum, but i want to turn it back on during first logon or at the very end of an XP setup rebuild.thanks for your prompt reply Alanoll Link to comment Share on other sites More sharing options...
visitor Posted August 8, 2004 Share Posted August 8, 2004 If I understand this correctly, the hex edit of the DLL is done specifically to give you the extra options to turn FP on or off with the reg tweak. Link to comment Share on other sites More sharing options...
Alanoll Posted August 8, 2004 Share Posted August 8, 2004 If I understand this correctly, the hex edit of the DLL is done specifically to give you the extra options to turn FP on or off with the reg tweak.correct. By default the original file changes SFCDisable to 1 automatically. By using the modified file, the key is changed to SFCSetting and the program that does change the value changes the wrong key. SFCSetting is changed when you change it. Link to comment Share on other sites More sharing options...
Denney Posted August 8, 2004 Share Posted August 8, 2004 The main reason I created that patch was to disable WFP so I could remove/overwrite some things at T-13 and at RunOnceEx.If you want to re-enable WFP, I would suggest enabling it via the registry edit at the end of RunOnceEx or first logon just before you restart the PC. That way, when you login the second time and start using your computer, WFP will be enabled again.2 things to note about turning it back on though...1. Most of the directories you can delete with WFP turned off will be RECREATED when you turn WFP back on.2. Make sure you delete anything in the "C:\WINDOWS\system32\dllcache" directory first and eject your Windows CDROM. Otherwise, I think, the files will be overwritten again.I've never needed to re-enable WFP so I can't be for sure what side effects would occur when turning it back on. If you do turn it back on, please post again to let us know what happened. Link to comment Share on other sites More sharing options...
jaclaz Posted August 8, 2004 Share Posted August 8, 2004 I might add,you might want to change some settings in the registry.As a matter of fact, what found here:http://www.microsoft.com/whdc/winlogo/drvsign/wfp.mspxAfter detecting the replacement of a protected file, WFP searches for the replaced files in the following order: 1. Search the dllcache directory.2. If the system was installed via network install, search the network install path.3. Search on the CD.If the file is found in dllcache or the install source is auto-located, WFP replaces the file without prompting the user and moves on. If the file cannot be found, WFP displays a dialog box that prompts the user to either insert distribution media or cancel the restore operation.Means in plain english, that WFP does:1. Search the dllcache directory.2.&3. Search the original file in the location specified in this registry key, it can be CD, local Hard disk, network Hard disk:KEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\SourcePathHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ServicePackSourcePathHKEY_LOCAL_MACHINE \SOFTWARE\Microsoft\Windows NT\CurrentVersion\SourcePath(info above gathered from this German only Microsoft kb article:http://support.microsoft.com/default.aspx?...b%3Bde%3BD43422of which I found an english translation, here:http://www.lermanet.com/cisar/survey/bm.htm?FACTNet(well, know I know that I Executive Software finds out I have been cruel to others I will not be able to defrag my hard disk anymore!) So, you should make a backup and delete those keys.I don't know if you reinsert at any time your install CD, if Windows SFC will be able to gather it is the install one and will try again to copy over protected files.jaclaz Link to comment Share on other sites More sharing options...
cableguy_uk Posted August 8, 2004 Author Share Posted August 8, 2004 Brilliant and informative reply's as always, i was thinking along these lines myself as i'm using this install on a large number of pc's, and want to make sure that WFC is turned back on after t13 or at the very least after first logon via a reg tweak.I didn't realize it was a small hack on the dll, sounds like it might work.I will post results from both SP1 & SP2 builds as i'm using both at the moment.many many thanks..... Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now