Unified Write Filter not working after cloning update

Aaron Shefter 21 Reputation points
2021-02-10T18:37:40.297+00:00

related to "Unified Write Filter not working after cloning"

The solution on that thread is:

  1. Disable the filter: UWFMGR filter disable
  2. Reboot
  3. Protect the volume again: UWFMGR Volume protect c:
  4. Enable the filter: UWFMGR filter enable
  5. Reboot

When UWFMGR get-config is run there are 2 entries for c:. I want to get rid of the first one that is not actually doing anything.

I tried UWFMGR volume unprotect \?\Volume{e35258b2-fd1b-4293-8121-323d96c02042} and after rebooting this c: is now listed as "unprotected"

After testing everything works as expected, except I still have this second c: entry when the get-config command is issued.

How are partitions deleted from this list

Windows for IoT
Windows for IoT
A family of Microsoft operating systems designed for use in Internet of Things (IoT) devices.
381 questions
0 comments
Accepted answer
  1. Sean Liming 4,511 Reputation points
    2021-02-12T00:03:04.197+00:00

    Tracking down all the files and registry keys is tedious. To disable UWF feature from Windows, simply run the following command:

    DISM.exe /Online /disable-Feature /FeatureName:client-UnifiedWriteFilter

    There was NT Embedded, XP Embedded, WES7, etc. I don't know about a Windows 2000 Embedded. Windows 10 is much easier to use than the predecessors. The challenge is and has always been getting Windows architected for the system.

4 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Sean Liming 4,511 Reputation points
    2021-02-11T17:50:06.167+00:00

    In Windows there are two identifiers for disks. There is a friendly drive letter and unique volume GUID, and they are pointing to the same thing. get-config show both in the output. When you unprotected the volume GUID, drive C was made unprotected. The following will show you how to check for the GUID: How to find the disk and volume GUID on Windows 10

    Can you provide the output from the get-config?

    0 comments
  2. Aaron Shefter 21 Reputation points
    2021-02-11T18:19:19.103+00:00

    Sean,

    Initially after cloning, Get-config responded with a single entry. My guess is this is the GUID from the system upon which the OS was originally built.

    After issuing a UWFMGR Volume Protect C: on the clones drive attached to a different CPU/System, I then issue a Get-Config command that responds with 2 entries for C:, the original entry and a new entry with a different GUID.

    I then Issue UWFMGR volume unprotect \?\Volume{e35258b2-fd1b-4293-8121-323d96c02042} and reboot. I issue another Get-Config command that responds with 2 entries for C:, the original entry now states "Unprotected" and a new entry states "Protected." The filter now works properly.

    From previous research, now lost to me there were command line scripts to clear all this out and auto search and protect all volumes seen by the system. Did this about a year ago and it worked with the side affect of picking up 2 additional partitions that I do not want to protect.

    So given that information, I need to know how to manually manipulate the partitions included such that partitions that are redundant or not desired to be on the list used by UWF can be removed. A full sysprep is not desired in our manufacturing scenario, but I can preload a script to be run and then deleted on one of the unprotected partitions.

  3. Aaron Shefter 21 Reputation points
    2021-02-11T19:06:25.037+00:00

    To repeat myself...

    "From previous research, now lost to me, there were command line scripts to clear all this out and auto search and protect all volumes seen by the system.

    I Did this about a year ago and it worked with the side affect of picking up 2 additional partitions that I do not want to protect."

    Do you know where the info on scripting for UWF management is locate within the MS multitude of sites? I found a switch under a HW site:

    https://learn.microsoft.com/en-us/windows-hardware/customize/enterprise/uwf-volumesetbindbydriveletter

    That seems to indicate that I can either address C: loosely, ie. by drive letter or tightly by GUID. It appears these commands are accessed via WMI somehow, "Unified Write Filter WMI provider"

    It appears to me if I set this to loose binding that it will just protect whatever is assigned to C: in the registry.

    Are you familiar with this interface and the functionality provided?

  4. Aaron Shefter 21 Reputation points
    2021-02-11T23:20:45.883+00:00

    To close this out, does a complete list of files, directories and registry entries used by UWF exist? It seems to be hit or miss uninstalling the UWF feature.

    It also seems to be necessary to reboot between every step of the enabling process or I get access denied error even with an escalated command window.

    Lastly, don't try UWFMGR filter reset-setting, that produces access denied and file not found errors.

    I've been at this since Win 2000 embedded, and for a producer on machines with no display, not kiosks, the changes in Win 10 have been very painful.