Learn to use Windows File Protection - part 2

Last week we talked about the Windows File Protection (WFP) service and

the associated utility System File Checker (SFC) utility. The SFC

utility is part of the Windows 2000/XP and Server 2003 platform and must

be used in conjunction with the WFP service. This week we'll discuss

some of the associated registry settings and command line parameters

that allow you to optimize and better control the functionality of the

SFC utility.

One of the most important components of the SFC utility is the DLLCache

folder. This folder contains the verified (via driver signing) system

files that your system maintains. If this folder becomes corrupt, you

can run "sfc /purgecache". This purges the existing, but corrupted

DLLCache folder and automatically begins a scan of the system.

Some administrators may want to control what files are contained in the

DLLCache folder. This may be necessary in an FDA-qualified environment

at a pharmaceutical or healthcare organization. To maintain a copy of

the DLLCache folder on shared network share for all users, you must

modify the following registry key on all of the machines that you want

to be using the shared location:

Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows

NT\CurrentVersion\Winlogon

Key = SFCDllCacheDir (REG_EXPAND_SZ)

Path = local or network location of the Dllcache folder (default is the

%SystemRoot%\System32\Dllcache folder)

NOTE: Modify the registry at your own risk. Incorrect modifications

can cause your system to fail.

The only caveat to doing this is that if a machine cannot access the

shared folder (i.e. a laptop user who is traveling), then they will not

be able to run the SFC utility until they are connected to the LAN

again.

Another useful registry setting is the SFCShowProgress registry key:

Key = SFCShowProgress (REG_DWORD)

0 = Do not display the System File Checker progress meter (default)

1 = Display the System File Checker progress meter

This registry setting allows you to show a progress meter while SFC is

running so that you know its status.

Last, due to the number of system files that WFP is monitoring for you,

you may want to increase the size of the DLLCache folder. You can do

this by setting the registry key:

Key = SFCQuota (REG_DWORD)

n = size (in megabytes) of the Dllcache folder quota

ffffffff = (default) cache all protected system files on the local hard

disk

The default size of the DLLCache folder is approximately 250M-bytes.

Top 10 Hot Internet of Things Startups
Join the discussion
Be the first to comment on this article. Our Commenting Policies