Jump to content

Main menu Navigation ●Main page ●Contents ●Current events ●Random article ●About Wikipedia ●Contact us ●Donate Contribute ●Help ●Learn to edit ●Community portal ●Recent changes ●Upload file

●Create account ●Log in ●Create account ● Log in Pages for logged out editors learn more ●Contributions ●Talk

(Top) 1 Overview 2 Protected resources 3 Resource replacement methods 4 See also 5 References 6 External links

Windows Resource Protection

●Русский ●中文 Edit links ●Article ●Talk ●Read ●Edit ●View history Tools Actions ●Read ●Edit ●View history General ●What links here ●Related changes ●Upload file ●Special pages ●Permanent link ●Page information ●Cite this page ●Get shortened URL ●Download QR code ●Wikidata item Print/export ●Download as PDF ●Printable version Appearance From Wikipedia, the free encyclopedia

This article needs additional citations for verification. Please help improve this articlebyadding citations to reliable sources. Unsourced material may be challenged and removed.
Find sources: "Windows Resource Protection" – news · newspapers · books · scholar · JSTOR (August 2022) (Learn how and when to remove this message)

Windows Resource Protection is a feature first introduced in Windows Vista and Windows Server 2008. It is available in all subsequent Windows operating systems, and replaces Windows File Protection. Windows Resource Protection prevents the replacement of critical system files, registry keys and folders. Protecting these resources prevents system crashes.^[1] The way it protects resources differs entirely from the method used by Windows File Protection. ^{[citation needed]}

Overview[edit]

Windows Resource Protection (WRP) works by registering for notification of file changes in Winlogon.^{[disputed – discuss]} If any changes are detected to a protected system file, the modified file is restored from a cached copy located in %WinDir%\WinSxS\Backup.^[2] Windows Resource Protection works by setting discretionary access control lists (DACLs) and access control lists (ACLs) defined for protected resources. Permission for full access to modify WRP-protected resources is restricted to the processes using the Windows Modules Installer service (TrustedInstaller.exe). Administrators no longer have full rights to system files; they have to use the SetupAPI or take ownership of the resource and add the appropriate Access Control Entries (ACEs) to modify or replace it. The TrustedInstaller account is used to secure core operating system files and registry keys.

Protected resources[edit]

Windows Resource Protection protects a large number of file types:

*.acm *.ade *.adp *.app *.asa *.asp *.aspx *.ax *.bas *.bat *.bin *.cer *.chm *.clb *.cmd
*.cnt *.cnv *.com *.cpl *.cpx *.crt *.csh *.dll *.drv *.dtd *.exe *.fxp *.grp *.h1s *.hlp
*.hta *.ime *.inf *.ins *.isp *.its *.js *.jse *.ksh *.lnk *.mad *.maf *.mag *.mam *.man
*.maq *.mar *.mas *.mat *.mau *.mav *.maw *.mda *.mdb *.mde *.mdt *.mdw *.mdz *.msc *.msi
*.msp *.mst *.mui *.nls *.ocx *.ops *.pal *.pcd *.pif *.prf *.prg *.pst *.reg *.scf *.scr
*.sct *.shb *.shs *.sys *.tlb *.tsp *.url *.vb *.vbe *.vbs *.vsmacros *.vss *.vst *.vsw *.ws
*.wsc *.wsf *.wsh *.xsd *.xsl

WRP also protects several critical folders. A folder containing only WRP-protected files may be locked so that only the TrustedInstaller user is able to create files or subfolders in the folder. A folder may be partially locked to enable administrators to create files and subfolders in the folder. Essential registry keys installed by Windows Vista are also protected. If a key is protected by WRP, all its sub-keys and values can be protected.

WRP copies only those files that are needed to restart Windows to the cache directory located at %WinDir%\WinSxS\Backup. Critical files that are not needed to restart Windows are not copied to the cache directory, unlike Windows File Protection which cached the entire set of protected file types in the Dllcache folder. The size of the cache directory and the list of files copied to cache cannot be modified.^[2]

Windows Resource Protection applies stricter measures to protect files. As a result, Windows File Protection is not available under Windows Vista. In order to replace any single protected file, Windows File Protection had to be disabled completely; Windows Resource Protection works on a per-item basis by setting ACLs. Therefore, by taking ownership of any single item, that particular item can be replaced, while other items remain protected.^{[citation needed]}

System File Checker is also integrated with WRP.^[3] Under Windows Vista, Sfc.exe can be used to check specific folder paths, including the Windows folder and the boot folder.

Resource replacement methods[edit]

In Windows Vista and Server 2008, full access to Windows Resource Protection is restricted to the TrustedInstaller user. The Windows Modules Installer service can replace resources using the following methods:

Installing Windows Service Packs^[4]
Installing Windows Updates and hotfixes
Performing operating system upgrades

An error message is generated if applications attempt to replace a WRP resource using different methods. In these cases, the applications or installers are denied access to the resource. ^[5]