For those who have not read the first part of the article, I will say that in this article, an OEM is meant a specialist who prepares Windows for replication to multiple devices.
In this part, we will look at how to improve the security and fault tolerance of the system using standard Windows tools: AppLocker , write filter , device blocking . In addition, we will consider the features of sealing the system in welcome mode (OOBE) with some specific system settings.
From the first part you learned how to quickly create and deploy an image of the system, in this part this skill will come in handy most of all, because we will experiment with settings for increasing security. If they are incorrectly configured, the system may not boot, or when the setting is enabled, so many parameters in the system will change that it will be easier to deploy a previously saved system image than to reconfigure it.
In the second part of the article , we reviewed the basic settings for a fixed device. In this part, we will consider the security settings in the context of the previously made settings. Therefore, to successfully conduct experiments as described in the article, take the system image that you got after the second part or configure the system so that it meets the following requirements:
- The "HORM" power scheme is enabled using the "PowerSettings" script
- System in audit mode
- The system has two created accounts, one only in the Administrators group, the second only in the Users group
- With the help of " Shell Launcher V1 " the launch of the application for the "Users" group is configured
, Windows 10 IoT Enterprise 1809. , , «winver».
, . Windows 10 IoT « ». , .
AppLockerâ. , AppLockerâ , .. , . AppLockerâ , AppLocker .
, , , .
. . «Shell Launcher V1», IE. IE , , . IE -.
, ⊠-.
, IE , . âŠ
, «Ctrl + Shift + Esc» «Shift».
AppLockerâ â . , â .
AppLockerâ . AppLockerâ , « \ Windows\ \ \AppLocker».
AppLockerâ « » « ». .
AppLocker, AppLockerâ «AppIDSvc» . AppLocker , AppLockerâ . , AppLockerâ , AppLockerâ « \ \ \ \Microsoft\Windows\AppLocker\EXE DLL». 8001, , AppLockerâ .
« » , . , «F5».
« âŠÂ», .
, â «Not configured», , , .
, . « » â . « » â , AppLockerâ , , .
, .. , , .
AppLocker, . , AppLockerâ, , . , «», «» , .. . «AppIDSvc» .
, «Enter».
, AppLocker , AppLockerâ, .
AppLocker , .
, , . , . «netplwiz» . .
, , , AppLockerâ, AppLockerâ. «» (Users).
AppLockerâ. «Tools\TestRunAs.bat», , .
«Administrators» AppLockerâ. , «AuditBased», . , , «AppLocker.ps1» «-RuleNamePrefix». «Ctrl + F».
, . . , , «Ctrl + Shift + Esc» «Shift».
, . AppLockerâ, . AppLockerâ .
AppLockerâ . , . , , , .
AppLockerâ .
AppLockerâ, , , «Administrator», . , , AppLocker .
â OOBE
, . :
, , , , . , .
. «» «», :
- AppLocker .
. âŠ
. .
" ," â .
" ," â , .
SIDâ , . «Shell Launcher V1» «», .
AppLockerâ , , OOBE, .
«OOBE» Shell Launcherâ AppLockerâ. , . AppLockerâ Shell Launcherâ , . , , .
, , - .
USB , BIOSâ, , USB . . , .
.
ID , ID ID . ID «PCI\VEN_8086&DEV_9D23» «PCI\VEN_8086&DEV_9D23*», .. ID «PCI\VEN_8086&DEV_9D23&SUBSYS_8079103C&REV_21\3&11583659&0&FC» .
, , , .
, « , ». . ID GUIDâ . GUIDâ . , GUID GUIDâ SSD, , GUIDâ .
, . , « ». , . , , .
ID GUIDâ â , « , ». , . . , ID GUIDâ .
ID GUIDâ , , . ID, ID, : «PRINTENUM», «ROOT», «SW», «ACPIAPIC», «MONITOR». , ID «Add-Devices». ID : «&SUBSYS», «&REV», «&CC» .
, . . «OK».
. . «Param» , ID GUIDâ . «Value» ID GUID , . , «OK».
. .
/ .
ID GUID , , .
!!!
, , . , . .
. 30 â 40 , , . HORM, .
. , , , , .
- â HORM
, , .
, .
, , , . , .. « , , ». .
, â 512 MB â 1024 MB. . « Windows > ».
| Overlay usage | Source | Level | Event ID |
|---|---|---|---|
| Warning threshold | uwfvol | Warning | 1 |
| Critical threshold | uwfvol | Error | 2 |
| Back to normal | uwfvol | Information | 3 |
, , .
. , , , , .
, , . , , , . . , , .
, , , ? . «uwfmgr servicing enable» . , .
HORM
HORM â Hibernate Once/Resume Many (HORM). HORMâ . , . «hiberfil.sys», «hiberfil.sys» . HORM , , , «hiberfil.sys» . , . , , .
. . «HORM», «PowerSettings», .
- .
. «uwfmgr.exe». «UnifiedWriteFilter», .
. , , , , , «uwfmgr get-config».
. , . . . 1 x32 2 x64. .
. , . : 50% â , 100% â . . : 80% â , 90% â . : 10% â , 20% â . % , «WarningThresholdGlobal» «CriticalThresholdGlobal».
. , . , .
. . , .
, HORM. , , , . , . , , . , .
, , . Unified Write Filter WMI .. «uwfmgr».
. . . , .
, , «VirusEmulator.exe». . , .
, . , , «» . .
HORM, HORM, . HORM, , . , , , .
, HORM, HORM, . , HORM .
Windows 10 IoT Enterprise . , , , . , Windows, , - , , . Windows , .
Windows 10 IoT Enterprise, mse@quarta.ru quarta-embedded.ru.
: , .