Registry Filter (Standard 7 SP1)
The Registry Filter enables a user to persist specific registry keys and/or values across multiple reboots without requiring all changes in a hive to be persisted. The default behavior for a write filter protected system is that all commits to the registry hives are stored in a RAM overlay until shutdown and/or reboot. The Registry Filter monitors updates to specific registry keys, values, or both, and commits those changes to its own overlay. When the device reboots, the registry changes in the Registry Filter overlay are reapplied to RAM in order to persist the changes. Registry filter, combined with the FBWF or EWF, allows persistence of specific registry keys while protecting the rest of the OS.
The Registry Filter persists the following registry changes:
Device Domain Participation
Joining a domain requires that the system's secret be updated every 30 days. This data is written to the registry. If the system volume is protected by EWF or FBWF, then this change is applied only to the RAM overlay. On subsequent reboots, this secret is flushed from the device's memory. Because the domain controller believes that device secret has been successfully updated, it stores the secret in its database to be utilized the next time the device attempts to participate in the domain. If the overlay is not committed prior to a reboot, then the changes are lost because the EWF or FBWF RAM cache is flushed. The device then uses the old secret while trying to authenticate itself with the domain controller. This causes the domain controller to deny the device access to domain resources.
Terminal Services Client Access License (TSCAL)
For devices that use the Remote Desktop Client to connect to application servers, a TSCAL is issued when connecting for the first time. If the system volume is protected by EWF or FBWF and the device is rebooted, then the license information (which is stored in the registry) is lost. The next time the device connects to the application server, it requests a new license to be used even though a license was previously issued. Over time, the License Server runs out of licenses, and the quantity of licenses reported far exceeds the quantity used and/or required.
You can persist user-defined custom keys with Registry Filter. In Image Configuration Editor you can specify whether you want to add, update, or delete a registry key.
Important: You can only use Registry Filter to persist custom keys in the HKLM registry root. Registry Filter is not guaranteed to persist all registry keys in the SYSTEM hive because the system can update registry keys early in the boot process before Registry Filter loads. Registry Filter can only persist registry keys that change after it loads and starts tracking registry changes.
- Registry Filter
Provides information about the Registry Filter package and settings.