Lockdown or Secure a Device (Industry 8)

  • Article

7/8/2014

Review the lockdown features available for your Windows Embedded 8 Industry (Industry 8) device.

In order to provide a controlled and specialized experience for the end user of an Windows Embedded 8 Industry (Industry 8) device, you may decide to limit the ways in which an end user can interact with that device. These limits can help protect the device from malicious users, provide a custom-defined user experience, and increase system reliability.

Because Industry 8 is based on Windows 8, you can use many of the Windows 8 lockdown features such as AppLocker, Windows Firewall, and Group Policy settings as part of your overall lockdown strategy. Industry 8 also offers additional lockdown features specifically for devices that can be used to support scenarios such as enabling stateless service, hiding specific dialog boxes, and preventing users from locking the device by using the Ctrl+Alt+Delete key combination.

Lockdown Overview

Industry 8 Filters

  • Write Filters
    You can use write filters in your embedded system to help protect your physical storage media. Write filters intercept writes to protected volumes and redirect the writes to a virtual overlay that keeps track of changes to the protected volumes.

    Industry 8 includes three different write filters: Unified Write Filter (UWF), Enhanced Write Filter (EWF), and File-Based Write Filter (FBWF). UWF is a new feature in Industry 8, and combines the functionality of both EWF and FBWF. It is now the recommended write filter, and both EWF and FBWF are deprecated in Industry 8. In addition, the functionality of Registry Filter has also been incorporated into Unified Write Filter (UWF) and Registry Filter is deprecated in Industry 8.

    See Write Filters Overview for more information on write filters.

    • **Unified Write Filter (UWF) **
      UWF operates at the sector level, intercepting all writes to a protected volume. However, you can specify that certain files, directories, or registry keys are excluded from being filtered. Excluded files and directories are tracked in a file exclusion list, and excluded registry entries are tracked in a registry exclusion list. Writes to items in an exclusion list are written directly to the protected volume.
    UWF includes Hibernate Once/Resume Many (HORM) functionality, which lets you use a reuse a hibernation file under certain conditions. You can use HORM to boot your device to a preconfigured state. Normally, hibernation files are discarded on restart, but on a device with HORM enabled the hibernation file is not discarded, and the device will reuse the same hibernation file on every restart until a new hibernation file is created. A device with HORM enabled can quickly be turned off or shut down, and will start into the preconfigured state upon restart, even in the event of a sudden power loss.

See [Unified Write Filter](dn195631\(v=winembedded.81\).md) for more information on UWF.

  • Keyboard Filter
    You can use Keyboard Filter to disable undesirable key presses or combinations. For example, you can disable common Windows key combinations like Ctrl+Alt+Delete and Alt+Tab. You can disable any key or key combination. Keyboard Filter has been redesigned and works with physical keyboards, touch keyboards, and the Windows 8 On-Screen keyboard. Keyboard Filter also detects dynamic layout changes, such as switching from one language set to another, and continues to suppress keys correctly, even if the location of suppressed keys has changed on the keyboard layout.

    See Keyboard Filter for more information on Keyboard Filter.

  • Dialog Filter
    You can use Dialog Filter to block specific dialog boxes from appearing on the screen. You can specify a default action for Dialog Filter to take for all top-level dialog boxes. You can also specify protected processes that are exempt from the default action.

    See Dialog Filter for more information on Dialog Filter.

  • Gesture Filter
    You can use Gesture Filter to disable the new edge gestures available in Windows 8 Windows 8. Gesture Filter enables you to block each of the edge gestures (left, right, bottom, top, and each corner) individually.

    See Gesture Filter for more information on Gesture Filter.

See Also

Concepts

Unified Write Filter
Keyboard Filter
Dialog Filter
Gesture Filter

Other Resources

Write Filters Overview