Wireless Network Persistence with Windows 7 Embedded File-Based Write FilterΒΆ

Tested on HP mt41 thin client laptops. The goal is to lock down the thin client, allowing only the wireless settings to persist, so users don’t have to re-key their wireless settings every night when they get home.

The “RegFilter” registry settings below tell the File-Based Write Filter (FBWF) which registry locations to save, and which files to save them in.

While logged in as Administrator, with the write filter disabled, merge something like this:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RegFilter\Parameters\MonitoredKeys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RegFilter\Parameters\MonitoredKeys\0]
"ClassKey"="HKLM"
"FileNameForSaving"="_MachineAccount.RGF"
"RelativeKeyName"="SECURITY\\Policy\\Secrets\\$MACHINE.ACC"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RegFilter\Parameters\MonitoredKeys\1]
"ClassKey"="HKLM"
"FileNameForSaving"="_MSLicensing.RGF"
"RelativeKeyName"="Software\\Microsoft\\MSLicensing"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RegFilter\Parameters\MonitoredKeys\2]
"RelativeKeyName"="SOFTWARE\\HP\\HPWFMgr"
"FileNameForSaving"="HPWFMgr.rgf"
"ClassKey"="HKLM"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RegFilter\Parameters\MonitoredKeys\3]
"ClassKey"="HKLM"
"FileNameForSaving"="_wlansvc.rgf"
"RelativeKeyName"="Software\\Microsoft\\Wlansvc"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RegFilter\Parameters\MonitoredKeys\4]
"ClassKey"="HKLM"
"FileNameForSaving"="_netsig.rgf"
"RelativeKeyName"="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\NetworkList\\Signatures\\Unmanaged"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RegFilter\Parameters\MonitoredKeys\5]
"ClassKey"="HKLM"
"FileNameForSaving"="_netprofile.rgf"
"RelativeKeyName"="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\NetworkList\\Profiles"

Run As Administrator:

fbwfmgr /enable
fbwfmgr /addexclusion C:\ProgramData\Microsoft\Wlansvc\Profiles\Interfaces

Reboot. This enables the File-Based Write Filter. After reboot, the thin client will be locked down.

To view the persisted files:

mkdir c:\data
mountvol c:\data \\?\Volume{bbf71292-a819-11da-9fcb-806d6172696f}\
persistence

persistence