Tuesday, June 29, 2010

EWF in Windows Embedded Standard 7

While developing a custom shell for a project, I encountered a strange behavior while enabling/disabling EWF protection. For development purposes, I created a Windows Embedded Standard 7 thin client image using IBW, including EWF feature with all default settings. Everything worked fine until I tried to start playing with the disk protection. According to MSDN documentation, EWF can be controlled via EWF Manager tool (EWFMGR) from a console window (with Administrator rights) or programmatically by using EWF APIs.

In the custom shell that I was developing, I needed to control EWF state according to a number of internal procedures: in some cases the protection had to be enabled and in others it had to be disabled. I had no problems when enabling the protection (both via console and programmatically), while the strange thing happened in disabling the protection.

I was expecting that the protection could be disabled in the same way it can be enabled, just by invoking the ewfmgr –disable command from a console window or by using the EwfMgrDisable API function, followed by a device reboot. But that didn’t work. After the device restart, the EWF protection was still enabled. At first I thought I didn’t configure properly the EWF protection when installing the image via IBW, so I created an answer file with ICE, configured the EWF feature with default parameters and then deployed the image again. No way, again: the protection, once enabled, couldn’t be disabled anymore. How to solve the problem?

After many retries and a lot of frustration, I found the solution looking inside the EWF API samples (I couldn’t find any reference about that in MSDN documentation): a comment to the EwfMgrDisable function clearly stated that when EWF is configured in RAM REG mode (as it is when using default settings in Widows Embedded Standard 7), it is necessary to perform a commit operation after calling the disable function. Instead, if EWF is configured in RAM mode, just the disable operation will suffice. Additionally, the same result can be obtained using  ewfmgr –commitanddisable [–live] command (with –live option, no reboot is required) or, through API, with EwfMgrCommitAndDisableLive function.

I hope this little addendum to MSDN documentation can save you time and troubles while using EWF in Windows Embedded Standard 7.

No comments:

Post a Comment