Learn to use Windows File Protection - part 2

By Bryan Muehlberger, ITworld |  How-to

Last week we talked about the Windows File Protection (WFP) service and
the associated utility System File Checker (SFC) utility. The SFC
utility is part of the Windows 2000/XP and Server 2003 platform and must
be used in conjunction with the WFP service. This week we'll discuss
some of the associated registry settings and command line parameters
that allow you to optimize and better control the functionality of the
SFC utility.

One of the most important components of the SFC utility is the DLLCache
folder. This folder contains the verified (via driver signing) system
files that your system maintains. If this folder becomes corrupt, you
can run "sfc /purgecache". This purges the existing, but corrupted
DLLCache folder and automatically begins a scan of the system.

Some administrators may want to control what files are contained in the
DLLCache folder. This may be necessary in an FDA-qualified environment
at a pharmaceutical or healthcare organization. To maintain a copy of
the DLLCache folder on shared network share for all users, you must
modify the following registry key on all of the machines that you want
to be using the shared location:

Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows
Key = SFCDllCacheDir (REG_EXPAND_SZ)
Path = local or network location of the Dllcache folder (default is the
%SystemRoot%\System32\Dllcache folder)

NOTE: Modify the registry at your own risk. Incorrect modifications
can cause your system to fail.

The only caveat to doing this is that if a machine cannot access the
shared folder (i.e. a laptop user who is traveling), then they will not
be able to run the SFC utility until they are connected to the LAN

Another useful registry setting is the SFCShowProgress registry key:

Key = SFCShowProgress (REG_DWORD)
0 = Do not display the System File Checker progress meter (default)
1 = Display the System File Checker progress meter

This registry setting allows you to show a progress meter while SFC is
running so that you know its status.

Last, due to the number of system files that WFP is monitoring for you,
you may want to increase the size of the DLLCache folder. You can do
this by setting the registry key:

Key = SFCQuota (REG_DWORD)
n = size (in megabytes) of the Dllcache folder quota
ffffffff = (default) cache all protected system files on the local hard

The default size of the DLLCache folder is approximately 250M-bytes.

Join us:






Answers - Powered by ITworld

Ask a Question