For security and operational reasons, it might be undesirable to write to storage media in Windows Embedded devices. By redirecting all write requests to either a separate disk partition or RAM, a write filter allows the run-time image to maintain the appearance of a writable run-time image without committing the changes to the storage media.

Starting with Feature Pack 2007 for Windows XP Embedded Service Pack 2, the following write filters are available:

Enhanced Write Filter and File-Based Write Filter redirect all writes targeted for protected volumes to a RAM or disk cache called an overlay. The overlay stores changes made to the operating system but is removed when the device is restarted, restoring the device to its original state.

Enhanced Write Filter works at the sector level on protected disks and allows you to commit changes so that they persist when the device is restarted. Enhanced Write Filter is useful for thin clients that do not need to store cached information or receive frequent updates. Changes made to a system protected by Enhanced Write Filter are stored in one or more layers that represent snapshots in time. Applying changes to an image applies all changes made to the operating system during a specific period of time.

File-Based Write Filter works at the file level instead of the sector level on protected disks. By default, File-Based Write Filter protects the whole disk, but selective write through exceptions can be granted to specific files and folders. Writes to folders which have been granted exceptions persist when the device restarts.

Windows Embedded also features a registry filter, which monitors all writes to the registry and stores changes in a separate layer that is discarded when the device restarts. For registry writes, the registry filter supports persisting specific registry changes by using registry monitors when the device restarts. This feature is independent from Enhanced Write Filter and File-Based Write Filter and can be used regardless of your specific configuration.

For more information about Windows XP Embedded Enhanced Write Filter, see http://go.microsoft.com/fwlink/?LinkId=79553.

For more information about Windows XP Embedded File-Based Write Filter, see http://go.microsoft.com/fwlink/?LinkId=79554.

For more information about Windows Embedded Standard 2009 Enhanced Write Filter, see http://go.microsoft.com/fwlink/?LinkID=162726.

For more information about Windows Embedded Standard 2009 File-Based Write Filter, see http://go.microsoft.com/fwlink/?LinkId=162727

General Software Update Processes with Enhanced Write Filter or File-Based Write Filter

When you use Enhanced Write Filter or File-Based Write Filter protection on the drive for the Windows Embedded device, all uncommitted writes to the device are lost when the device restarts. This includes any software or software updates that have been installed. To persist changes when the device restarts, Enhanced Write Filter or File-Based Write Filter must be turned off prior to performing the change actions, or the changes must otherwise be explicitly committed to the drive using the commit command. This is required regardless of the method used to install software or software updates.

You can take the following steps to persist changes when the device is restarted.

To disable and then enable the write filter

  1. Disable Enhanced Write Filter or File-Based Write Filter. Disabling the filter takes effect after the next device restart. All changes to the system made prior to the device restart are discarded before Enhanced Write Filter is disabled.

    Note
    An alternative to this step is to use the -commitanddisable command for Enhanced Write Filter which will cause all pending write operations to be committed to the storage device before the filter is disabled. This is not recommended because it commits an unknown number of changes to the storage device.

  2. After the device restarts, all new changes are written directly to the storage device. The drive remains unprotected until Enhanced Write Filter or File-Based Write Filter is re-enabled.

  3. The required changes can now be made, such as installing or updating software, and changing system settings.

  4. After the necessary changes to the system have been made, Enhanced Write Filter or File-Based Write Filter can be re-enabled. This causes Enhanced Write Filter or File-Based Write Filter to be enabled after the next device restart. All changes prior to the restart are saved on the storage device.

  5. After restarting the device, the system returns to a protected state.

    Note
    If this procedure fails at any point after disabling the write filter, the system is left in an unprotected state.

To use the commit command to write changes

  1. Restart the device to clear any changes that were made to the protected volume.

  2. Make the required changes to the system, such as installing or updating software, and changing system settings.

  3. Issue the commit command to cause all changes made to the system to be committed to the storage device after next device restart.

  4. After restarting the device, any changes to the system are committed and the system returns in a protected state.

  5. If any items that have been installed require the device to be restarted, a second restart might be required. Any changes caused by this second restart are automatically committed to the storage device.

Although the second method does not completely disable the write filter, both methods write the entire contents of the overlay to disk, regardless of the source of the changes. The second method might also require an additional device restart and commit action to account for installations that have post-restart actions, such as file replacement or drivers or services being installed. With the first method, you can handle any additional restarts as part of your software installation before re-enabling the write filter.

The use of write filters on Windows Embedded imposes unique requirements on system administrators who are tasked with change management. One option for administrators is to use a script to automate the additional actions needed to complete a software or software updates installation. For a sample script that performs these write filter modifications, see Example Script for Configuring Write Filters Using Configuration Manager 2007 on Windows Embedded Devices.

See Also