Windows
File Protection operation can be customized in several ways with the
simplest way of modifying the options being through the Group Policy
Editor. Click on Start, Run, type in gpedit.msc &
hit the Ok button. Expand Computer Configuration, Administrative
Templates, System & select the Windows File Protection
folder.
To
change the properties for each available setting double click on it
& select the Setting tab.
Set
Windows File Protection scanning. This option may be useful to the more paranoid system administrators
out there. Selecting Enabled & setting this to Scan during
startup will set WFP to scan protected files during system startup
& replace them as required. This will prolong startup time however so
for regular users you should just select Do not scan during startup
instead for fastest startup time. Neither of these options will affect how
WFP operates once the OS is loaded however.
See also the
sfc
/scanonce, sfc
/scanboot & sfc /revert or sfc /enable
commands.
Hide
the file scan progress window.
Setting this to Enabled will disable the display of the
progress meter for WFP, as displayed when running, say sfc /scannow.
Personally I’d recommend this set to Disabled.
Limit
Windows File Protection cache size.
By default
WFP will store a large amount of protected system files (Depending on hard
drive space) in the dllcache folder. While this makes replacing protected
files easy, it also can take up an excessive amount of hard drive space
given the amount of files cached. By default there is no limit on
the size of the dllcache. To set a maximum
size for this folder select Enabled & enter in a value in MB
for the dllcache & thus can help
ensure that it doesn’t grow too large. 100MB would be a decent
size for those with smaller hard drives, though if space allows you should
try larger values (200-300MB) so as to save on potentially having to
re-insert the Windows 2000/XP CD if a file required isn’t in the
dllcache folder. For optimal operating performance of WFP though set this to
Not Configured (To allow it to cache files at will).
See also the
sfc /cachesize=x command.
Specify
Windows File Protection cache location. Should you wish to change the default directory where the
dllcache folder resides set this to Enabled & in the Cache
file path field enter in the desired directory you wish to use
instead. By default this will be %SystemRoot%\system32,
which will place the dllcache folder in a location such as C:\Windows\system32\dllcache.
This might be useful for those with multiple Hard Drives as it could be
used to place the dllcache on the least used Hard drive. Set this to Not
Configured should you wish to use the default directory.
To
further customize WFP operation, click on Start, (All Programs)
Programs, Accessories then Command Prompt. Commands
available are as follows (Some are OS specific as noted however);
sfc
/scannow. This command
will immediately initiate WFP to scan all protected files to verify their
integrity, replacing any files which are an incorrect version (You may be
prompted for your CD during this process).
sfc
/scanonce. This command
sets WFP to scan all protected files when you reboot your system, similar
to the previous option this requires your installation media, e.g. CD, be
available.
sfc
/scanboot. This works
basically same as sfc /scanonce, though rather than only running
the next time you boot the system this will run it everytime
you boot up. This would be a more useful option for system administrators
& the like, should you wish to ensure less experienced users on your
network do something they really shouldn’t have done.
Both
of these last options can also be set via the registry, which you may
prefer;
1.
Click on Start, Run
type in regedit & hit Enter.
2.
Open the following registry
key [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon].
3.
In the right hand
pane, Modify/Add a New DWORD Value Right click
entitled SFCScan.
4.
In the Value Data
field, entering a Decimal value of 0 to enable normal
operation of WFP (Default). A Decimal value of 1 sets
WFP scan all protected system files everytime the system is booted, while
a Decimal value of 2 sets WFP to scan all protected system
files the next time you boot the system.
5.
Reboot
for any changes to take effect.
sfc /cancel. In Windows 2000, this
command immediately cancels all pending scans of protected system files.
This has no effect in Windows XP.
sfc /quiet. In Windows 2000 this sets
WFP to replace any incorrect system files detected with the appropriate
version from the dllcache without any user notification. This has
no effect in Windows XP.
sfc /purgecache. This empties the
contents of the dllcache folder, in Windows 2000 WFP will also
begin scanning all protected files after this deletion is complete.
sfc /cachesize=x. By default
WFP will store a large amount of protected system files (Depending on hard
drive space) in the dllcache folder. While this makes replacing protected
files easy, it also can take up an excessive amount of hard drive space
given the amount of files cached. By default there is no limit on
the size of the dllcache. Replacing x with a value (in MB) sets the
maximum allowable size of the dllcache folder & thus can help
ensure that it doesn’t grow too large. 100MB would be a decent
size for those with smaller hard drives, though if space allows you should
try larger values (200-300MB) so as to save on potentially having to
re-insert the Windows 2000/XP CD if a file required isn’t in the
dllcache folder.
sfc /revert or sfc /enable.
Both of these commands reset WFP to the default mode of operation
– with sfc /revert to be used in Windows XP & sfc /enable
in Windows 2000.
