locked
Managing Windows Disk Protection through Active Directory RRS feed

  • Question

  • According to the Steady State web page, one of the new features is as follows: More scalable. For server-based networks, the new group policy support for Windows Disk Protection means it can be managed in an Active Directory environment

     

    Is the only way to do this through the API that I keep hearing about?  The old version had a script that could be executed against a large amount of machines at once to change the status of disk protection when do major software installs or upgrades to entire labs.  Is there going to be an easier way to gain this type of functionality again? 

    Tuesday, July 10, 2007 3:28 PM

Answers

  • 1.     In SteadyState, most of the settings and restrictions available in Windows SteadyState are also available through the Group Policy template (SCTSettings.adm) provided with Windows SteadyState. However, the status of Windows Disk Protection (WDP) cannot be controlled via the group policy template. As you mentioned, we have publish a WDP WMI API to enable you to query and set WDP status. You may refer to the following Microsoft Knowledge Base article to create a script to do so.

     

    http://support.microsoft.com/kb/938335

     

    As the sample script included in the above article does not contain constant declaration, please add the following lines to the sample code to run it.

     

    '

    ' Define some useful constants

    '

     

            ' WDP_Control.CurrentStatus

            const WDP_ACTIVE  = 0

            const WDP_PASSIVE = 1

     

            ' WDP_Control.CurrentMode

            const WDP_MODE_DISCARD = 0

            const WDP_MODE_PERSIST = 1

            const WDP_MODE_COMMIT  = 2

     

    2.       Actually, when Windows Disk Protection is on, software updates to the computer are ideally performed through the critical updates process offered by Windows Disk Protection. Windows Disk Protection helps keep the computer trustworthy by first performing a regularly scheduled restart to clear all disk changes, and then downloading and installing the required updates on top of this trusted base. This model is less flexible than some central software management models in which updates can be initiated centrally and scheduled to occur at any time. If your organization requires regularly changing the schedule for software updates, instead of following a fixed schedule you set within Windows Disk Protection, you might want to consider whether Windows Disk Protection is right for your environment. In contrast, if you can integrate your centrally managed software update process into the client-driven Windows Disk Protection update process, you might have a situation in which central software distribution and Windows Disk Protection can work together.

     

    For more information, you can refer to the “Central Software Management and Windows Disk Protection” of SteadyState handbook.

    Wednesday, July 11, 2007 11:59 AM