When Windows Embedded write filters are not enabled, the Configuration Manager 2007 client behaves normally. However, when write filters are enabled, the client functions differently depending on which write filters are used.
The Configuration Manager 2007 client uses many Windows components on the computer or device on which it is installed. These might, for example, include Windows Management Instrumentation (WMI), Background Intelligent Transfer Service (BITS), and Windows Server Update Services (WSUS). Both the Configuration Manager 2007 client and these Windows components store installation and state information in the registry and on the primary storage device of the computer or device.
In addition, other folders, files, and registry keys can be modified during the installation of software or software updates on a Configuration Manager 2007 client.
Windows Embedded write filters are designed to take these registry and file changes, store them in an overlay, and then discard that overlay when the device restarts. Depending on which write filter you use, the implications of write filters are different for the Configuration Manager 2007 client and Windows components that the client uses.
Using the Configuration Manager Client with Enhanced Write Filter
The Configuration Manager 2007 client makes frequent writes to the registry and to the storage drive as part of its regular activities that include hardware and software inventory, policy download and evaluation, software distribution, and software updates management. Because Enhanced Write Filter works at the sector level on protected disks, the Configuration Manager 2007 client would be unable to guarantee that only approved changes are committed to the Windows Embedded system. For this reason, Configuration Manager 2007 does not automatically manipulate your write filter configuration to persist its own write operations. As part of the management process for your Configuration Manager 2007 Windows Embedded clients, you can use one of the procedures provided in About Write Filters in Windows Embedded.
The next sections describe specific details for Configuration Manager 2007 when Enhanced Write Filter is used on a Windows Embedded device.
Software Distribution and Software Updates Management
Before using Configuration Manager 2007 to distribute software or software updates to devices running Windows Embedded, you must ensure that the write filter is disabled.
You can use a script which is initiated by a Configuration Manager 2007 task sequence to disable the write filter, install the necessary updates, and then re-enable the write filter. For more information, see How to Manage Windows Embedded Write Filters Using Configuration Manager 2007.
Ongoing Client Operation
As a part of its regular operation, the Configuration Manager 2007 client connects with the Configuration Manager 2007 server to download policy information, downloads and caches files for software installation, collects and sends inventory, and sends status and state messages. In addition, Configuration Manager 2007 relies on external processes such as WMI and BITS, which also store state information about the storage drive. Since the write filter provides a transparent shield on the system, these processes continue to occur regularly to the system. However, at the next restart, unless data is committed to the drive, all these changes are lost. This means that when the client restarts and loads Windows Embedded, the Configuration Manager 2007 client starts to operate as if it has not performed any of those operations since the last time the state data for those operations was committed to the storage drive.
As a result of this, the following issues might occur:
- The Windows Embedded client re-downloads
all Configuration Manager 2007 policies which were rolled back as a
result of the device restart.
- The Windows Embedded client re-downloads
from the Configuration Manager 2007 Distribution Point any software
distribution and software updates content that were removed as a
result of the device restart.
- The Windows Embedded client produces new
delta software and hardware inventory reports. Depending on the
currency of the data found during those scans, the server might
additionally request a full scan to resynchronize the client and
server.
- The Windows Embedded client re-sends
status messages regarding any activities before the device restart
to the Configuration Manager 2007 site server.
Depending on your specific configuration, you might experience a temporary impact to client performance during initial startup on Windows Embedded devices. You might also experience an increase in network traffic to and from the Windows Embedded client until the client is again re-synchronized and in an operational state.
 Note |
|---|
| To avoid unnecessary network traffic, it is recommended that thin clients be restarted only as needed and otherwise left in a powered on state. |
Using the Configuration Manager Client with File-Based Write Filter
Like Enhanced Write Filter, File-Based Write Filter protects the storage drive against changes. File-Based Write Filter works at the file level instead of the sector level on protected disks. By default, the whole disk is protected, but certain folders can be given exceptions, known as selective write-through, which enables writes to persist across device restarts.
Software Distribution and Software Updates Management
Although selective write-through can be employed to enable write operations to specific locations, bypassing the write protection, exclusions for some folders, such as the Windows system folders, or for large parent folders, such as the Program Files folder, are not recommended. Additionally, the folders to be granted exceptions must be known in advance, and a restart is required to activate these exclusions. As a result, selective write-through can be employed for specific scenarios, but might not be practical as a general method for installing software and software updates. Like Enhanced Write Filter, the recommended method to perform change operations using Configuration Manager 2007 is to disable the write filter, make the changes that you want, and then re-enable the write filter. For more information, see How to Manage Windows Embedded Write Filters Using Configuration Manager 2007.
Ongoing Client Operations
Selective write-through can be used to persist state data from the ongoing operations of the Configuration Manager 2007 client and other components it uses, such as WMI and BITS. However, this is not recommended because you cannot specifically limit the necessary exceptions to just the data needed for Configuration Manager 2007. Therefore, the same conditions apply to File-Based Write Filter protected Windows Embedded systems as for Enhanced Write Filter protected systems.
Using the Configuration Manager Client with Registry Filter
In addition to the two disk write filters, a registry filter is available for Windows Embedded that protects the registry against changes, discarding uncommitted changes at each restart. The registry filter does not use the enable, disable, or commit commands but can persist changes across restarts by using monitors. A registry monitor essentially takes changes to the registry and writes them to a temporary file, which is then re-imported to the registry following each restart. As with exceptions to the File-Based Write Filter, the registry exceptions must be known in advance and must be configured when the active write filter, either Enhanced Write Filter or File Based Write Filter, is disabled.
Consult your hardware vendor to see whether registry filter exceptions are an available option for your device.
Other Considerations with Windows Embedded
Some hardware vendors provide a RAM disk for temporary file storage instead of writing to the storage drive. While this not important on a disk-based system, it becomes more important on a flash-based system. Non-volatile RAM (NVRAM) storage is fast but provides a limited number of writes to the media. Excessive writes to the media shortens the life span and can eventually lead to failure. Therefore, standard RAM is used as a way to provide temporary storage that does not impact the NVRAM.
The challenge imposed in this scenario is that the RAM disk might be allocated in a manner that provides insufficient space for the temporary location of installation files. Software installations often require large amounts of temporary storage space to uncompress files and install them to a permanent location. If the space allocated for this temporary storage is too small, the installation fails.
When configuring automated installation of software, consider the available temporary storage area and the requirements of the program for temporary storage. If the requirements exceed the allocated space, a solution might be to temporarily reassign the path of the TEMP and TMP system variables to another location, such as a shared folder on the network.
Before redirecting the TEMP and TMP system variables to a network shared folder, ensure that the installation has sufficient access permissions and consider any network latency issues you might encounter connecting to and from the remote shared folder.