Windows Resource Protection (WRP) prevents the replacement of essential system files, folders, and registry keys that are installed as part of the operating system. It became available starting with Windows Server 2008 and Windows Vista. Permission for full access to modify WRP-protected resources is restricted to TrustedInstaller. WRP-protected resources can only be changed using the Supported Resource Replacement Mechanisms with the Windows Modules Installer service. Protecting these resources prevents application and operating system failures.
Applications should not attempt to modify WRP-protected resources because these are used by Windows and other applications. If an application attempts to modify a WRP-protected resource, it can have the following results.
Application installers that attempt to replace, modify, or delete critical Windows files or registry keys may fail to install the application and will receive an error message stating that access to the resource was denied.
Applications that attempt to add or remove sub-keys or change the values of protected registry keys may fail and will receive an error message stating that access to the resource was denied.
Applications that rely on writing any information into protected registry keys, folders, or files may fail.
WRP is the new name for Windows File Protection (WFP). WRP protects registry keys and folders as well as essential system files. WFP was available in Microsoft Windows Server 2003 and Windows XP. WRP replaces WFP in Windows Server 2008 and Windows Vista.
This module describes how you can use Intune to create and manage WIP policies that manage this protection. The module also covers implementing BitLocker and Encrypting File System.