Windows Resource Protection
   HOME

TheInfoList



Click Here for Items Related To - Windows Resource Protection
OR:
Windows Resource Protection on:   [Wikipedia]   [Google]   [Amazon]

Windows Resource Protection is a feature first introduced in
Windows Vista Windows Vista is a major release of the Windows NT operating system developed by Microsoft. It was the direct successor to Windows XP, which was released five years before, at the time being the longest time span between successive releases of ...
and
Windows Server 2008 Windows Server 2008 is the fourth release of the Windows Server operating system produced by Microsoft as part of the Windows NT family of the operating systems. It was released to manufacturing on February 4, 2008, and generally to retail on Fe ...
. It is available in all subsequent Windows operating systems, and replaces
Windows File Protection Windows File Protection (WFP), a sub-system included in Microsoft Windows operating systems of the Windows 2000 and Windows XP era, aims to prevent programs from replacing critical Windows system files. Protecting core system files mitigates proble ...
. Windows Resource Protection prevents the replacement of critical system files,
registry Registry may refer to: Computing * Container registry, an operating-system-level virtualization registry * Domain name registry, a database of top-level internet domain names * Local Internet registry * Metadata registry, information system for re ...
keys and folders. Protecting these resources prevents system crashes. The way it protects
resources Resource refers to all the materials available in our environment which are technologically accessible, economically feasible and culturally sustainable and help us to satisfy our needs and wants. Resources can broadly be classified upon their a ...
differs entirely from the method used by Windows File Protection.


Overview

Windows Resource Protection (WRP) works by registering for notification of file changes in
Winlogon In computing, Winlogon (Windows Logon) is the component of Microsoft Windows operating systems that is responsible for handling the secure attention sequence, loading the user profile on logon, and optionally locking the computer when a screens ...
. If any changes are detected to a protected system file, the modified file is restored from a cached copy located in . Windows Resource Protection works by setting discretionary access control lists (DACLs) and
access control list In computer security, an access-control list (ACL) is a list of permissions associated with a system resource (object). An ACL specifies which users or system processes are granted access to objects, as well as what operations are allowed on giv ...
s (ACLs) defined for protected resources. Permission for full access to modify WRP-protected resources is restricted to the processes using the ''Windows Modules Installer service'' (TrustedInstaller.exe). Administrators no longer have full rights to system files; they have to use the ''SetupAPI'' or take ownership of the resource and add the appropriate Access Control Entries (ACEs) to modify or replace it. The TrustedInstaller account is used to secure core operating system files and
registry Registry may refer to: Computing * Container registry, an operating-system-level virtualization registry * Domain name registry, a database of top-level internet domain names * Local Internet registry * Metadata registry, information system for re ...
keys.


Protected resources

Windows Resource Protection protects a large number of file types: 
*.acm *.ade *.adp *.app *.asa *.asp *.aspx *.ax *.bas *.bat *.bin *.cer *.chm *.clb *.cmd
*.cnt *.cnv *.com *.cpl *.cpx *.crt *.csh *.dll *.drv *.dtd *.exe *.fxp *.grp *.h1s *.hlp
*.hta *.ime *.inf *.ins *.isp *.its *.js *.jse *.ksh *.lnk *.mad *.maf *.mag *.mam *.man
*.maq *.mar *.mas *.mat *.mau *.mav *.maw *.mda *.mdb *.mde *.mdt *.mdw *.mdz *.msc *.msi
*.msp *.mst *.mui *.nls *.ocx *.ops *.pal *.pcd *.pif *.prf *.prg *.pst *.reg *.scf *.scr
*.sct *.shb *.shs *.sys *.tlb *.tsp *.url *.vb *.vbe *.vbs *.vsmacros *.vss *.vst *.vsw *.ws
*.wsc *.wsf *.wsh *.xsd *.xsl
WRP also protects several critical folders. A folder containing only WRP-protected files may be locked so that only the TrustedInstaller user is able to create files or subfolders in the folder. A folder may be partially locked to enable administrators to create files and subfolders in the folder. Essential
registry Registry may refer to: Computing * Container registry, an operating-system-level virtualization registry * Domain name registry, a database of top-level internet domain names * Local Internet registry * Metadata registry, information system for re ...
keys installed by Windows Vista are also protected. If a key is protected by WRP, all its sub-keys and values can be protected. WRP copies only those files that are needed to restart Windows to the cache directory located at . Critical files that are not needed to restart Windows are not copied to the cache directory, unlike Windows File Protection which cached the entire set of protected file types in the ''Dllcache'' folder. The size of the cache directory and the list of files copied to cache cannot be modified. Windows Resource Protection applies stricter measures to protect files. As a result, Windows File Protection is not available under Windows Vista. In order to replace any single protected file, Windows File Protection had to be disabled completely; Windows Resource Protection works on a per-item basis by setting ACLs. Therefore, by taking ownership of any single item, that particular item can be replaced, while other items remain protected. System File Checker is also integrated with WRP. Under Windows Vista, Sfc.exe can be used to check specific folder paths, including the Windows folder and the boot folder.


Resource replacement methods

In Windows Vista and Server 2008, full access to Windows Resource Protection is restricted to the TrustedInstaller user. The Windows Modules Installer service can replace resources using the following methods: * Installing Windows
Service Packs In computing, a service pack comprises a collection of updates, fixes, or enhancements to a software program delivered in the form of a single installable package. Companies often release a service pack when the number of individual patches to a ...
* Installing Windows Updates and hotfixes * Performing operating system upgrades An error message is generated if applications attempt to replace a WRP resource using different methods. In these cases, the applications or installers are denied access to the resource.


See also

*
Windows File Protection Windows File Protection (WFP), a sub-system included in Microsoft Windows operating systems of the Windows 2000 and Windows XP era, aims to prevent programs from replacing critical Windows system files. Protecting core system files mitigates proble ...
* System File Checker *
Access Control List In computer security, an access-control list (ACL) is a list of permissions associated with a system resource (object). An ACL specifies which users or system processes are granted access to objects, as well as what operations are allowed on giv ...
*
Security Identifier In the context of the Microsoft Windows NT line of operating systems, a Security Identifier (commonly abbreviated SID) is a unique, immutable identifier of a user, user group, or other security principal. A security principal has a single SID for ...


References


External links


Evolving the Software Organism - MSDN Blogs, Chris Jackson (Archived from the original)
{{Windows Components Windows administration Windows components Windows Vista