Update: i have renamed this post to better represent the content.
All our users have 1 Writable Volume for OST and Search storage and a few Appstacks.
The Writable Volume is configured (snapvol.cfg) with the following entry:
#virtualize=\
Registry virtualization has been removed.
And the rest is the default snapvol.cfg + extra exclusions for virusscanner.
And using UEM/DEM we configured the OST to be placed on the writable volume.
This way we thought it would not virtualize the complete disk and only virtualize the paths we want, and it looked like this was working fine. Till now...
We now see stuff appearing inside the writable volume. Partly it's my fault not picking this up before. I wasn't looking at the right locations when testing this setup in our test environment and i thought everything was working as planned.
Our usecase is very simple. Writable Volume is used to store the OST and Search database and nothing else. The user profile part is managed using UEM/DEM.
Thats part 1 of the challenge we are facing; "How do we realize this usecase?" We thought we had this covered, but is seems we didn't.
Part 2 is that i need some more info on the relationship between Appstacks and Writable Volumes.
I did some testing with the following snapvol.cfg for my writable volume:
exclude_path=\ProgramData\
exclude_path=\Users\
exclude_path=\Windows\
exclude_path=\Program Files (x86)\
exclude_path=\Program Files\
When i use this snapvol.cfg for my writable vol and attach one or more appstacks as well, this isn't functioning like i was expecting.
I see that the folder structure from the appstack is visible in my file system, but the data is not accessible. That makes me think the processing of the appstack is influenced by the configuration of the writable volume. But both the appstacks and the writable volumes have there own snapvol.cfg. So that made me believe they are processed independently. My testing is indicating otherwise.
Can someone clearify this behaviour?
And maybe help me to correct our setup so it complies with our usecase; "Writable Volume is used to store the OST and Search database and nothing else"?
I see there is no easy answer to my questions
Lets simplify this a bit;
- How do i make sure that no data is saved to the writable volume by the apps that are installed inside the golden image and attached appstacks?
- Do i really need to exclude every process, folder, path, that is used by every installed application inside the golden image and appstacks to make sure no data like temp files, settings, updates, etc ends up in the writable volume? We have several appstacks with a lot of apps installed. It would take us ages to figure out what needs to be excluded i guess.
If this really is the only way and is there no other viable option then so be it. Better ask now instead of being sorry afterwards i guess...
In basic functionality the writable captures everything that is n ot excplicitly excluded within the writable volume, it has nothing to do with what you have installed on your GI or Appsatcks. If you were to install a new application and didn;t change anything on the snapvol.cfg it would eventually just grab everything.
I have seen people being able to just add a few folders but you would then need readjust the snapvol.cfg accordingly.
Does the writable volume also collect data/files and registry settings that is created by processes started from an appstack? For example temp files or application settings?
I think that it does as the filter driver isn't selective in this, but am i correct? Just to be sure.
Managing a lot of application and excluding every process, path and registry that might process some data is an almost impossible task then, if your goal (like ours) is to not store this data.
Does the writable volume also collect data/files and registry settings that is created by processes started from an appstack? For example temp files or application settings?
I think that it does as the filter driver isn't selective in this, but am i correct? Just to be sure.
Yes it does. Windows cannot make the distinct difference between an appstack and a non appstack application.
Managing a lot of application and excluding every process, path and registry that might process some data is an almost impossible task then, if your goal (like ours) is to not store this data.
I believe someone did get this to work and just have the .ost file and windows search in the writable, not quite sure if that post is here or on the DEM forum.
Logically you would need to exclude all folders on the C drive exept the one where the .ost file is stored in.
That would mean use excludes that exclude the entire Program files and windows directory and you would be pretty good to go.
I am in the process of creating and testing exactly that inside a new snapvol.cfg for this usecase. I will report back the results....
Thanks in advance!
By the way, i know exactly how to view the file contents of a writable volume. But how can i check what registry settings are saved inside the writable volume?
If i exclude the "\Windows" "\Program Files" and "\Program Files (x86)" inside the snapvol.cfg from the writable volume, the applications from the appstacks are not attached correctly. They don't appear in the start menu and are not visible at the filesystem.
The snapvol.cfg contained inside the Writable Vol is also impacting the Appstacks despite having there own snapvol.cfg
Why?
I'm pretty sure the writable is attached last, and the snapvol.cfg is either merged with the earlier ones, or the writable snapvol.cfg is used instead of the other ones(I was told this was the case by VMware, but recently people have been suggesting they get merged). Your seeing this here, I've never was able to get what your trying to do work. Small exclusions work, but trying to removable program files and the windows folders breaks everything.
You might be right there. We'll then have to really explicitly exclude a LOT.... Damn.
Is what we are trying to accomplish really that unique? Why include everything if it's not necessary. Including that much "useless" data is only going to slow things down, use up space, might be the source for issues in the future after updates/upgrades, god knows what else....
So, frustrations are vented, now continiu searching for solutions
If your on a later version look at what's in the profile only snapvol.cfg, and maybe compare that to what you have, as that is "supposed" only do the profile.
Funny, that's exactly what i am doing right now
The below configuration is what a few users are testing at the moment and it seems to do the trick for us.
The only stuff i see stored inside the Writable Volume is everything we change inside the "C:\Summa" folder, and nothing else from the filesystem.
In the registry i only see the releated search entries.
OST and Search database is written to the Writable Volume as well, and that setting is done by DEM.
We also have several AppStacks that seem to function fine (different snapvol.cfg).
The only thing i am unsure of is the need for the "Process Exclusions"? I don't see any stuff making it inside the Writable Volume, so i am not sure if i need to keep them in the config.
Our config:
################################################################
# Date: 10-12-2019
# Version: 2
################################################################
scope=volume
type=writable
writable_type=uia
################################################################
# File system
################################################################
virtualize=\summa
################################################################
# Registry
################################################################
virtualize_registry=\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Search
virtualize_to=\MACHINE\SOFTWARE\Microsoft\Windows Search
os=64
virtualize_registry=\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows Search
virtualize_to=\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows Search
os=any
################################################################
# File system inclusions
################################################################
include_path=\summa
################################################################
# File system exclusions
################################################################
exclude_path=\$Recycle.bin
################################################################
# Registry inclusions
################################################################
include_registry=\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Search
os=64
include_registry=\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows Search
os=any
################################################################
# Registry exclusions
################################################################
exclude_registry=\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Search\VolumeInfoCache
os=64
exclude_registry=\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows Search\VolumeInfoCache
os=any
################################################################
# Process exclusions
################################################################
# exclude kaspersky
exclude_process_path=\Program Files (x86)\Kaspersky Lab\
# exclude Office Klik-en-klaar service
exclude_process_path=\Program Files\Common Files\Microsoft Shared\ClickToRun
# App-V 4.6 and 5.0
exclude_process_path=\ProgramData\App-V
exclude_process_path=\ProgramData\Microsoft\AppV
exclude_process_path=\ProgramData\Microsoft\Application Virtualization
exclude_process_path=\Program Files\Microsoft Application Virtualization
exclude_process_path=\svruby
exclude_process_path=\Program Files\SnapVolumes
exclude_process_path=\Program Files\CloudVolumes
#exclude_process_name=regedit.exe
exclude_process_name=CCmExec.exe
exclude_process_name=chkdsk.exe
exclude_process_name=chkntfs.exe
exclude_process_name=svcapture32.exe
exclude_process_name=svcapture64.exe
exclude_process_name=autochk.exe
exclude_process_name=wininit.exe
exclude_process_name=diskpart.exe
exclude_process_name=vds.exe
exclude_process_name=vdsldr.exe
# Windows Update
#exclude_process_name=wuapp.exe
#exclude_process_name=wuauclt.exe
#exclude_process_name=wusa.exe
# Windows Activation
exclude_process_path=%SystemRoot%\system32\wat
# McAfee
exclude_process_path=\Program Files\Common Files\McAfee\SystemCore
#AtHocGov
exclude_process_path=\Program Files\AtHoc
################################################################
# 64-Bit OS exclusions
################################################################
os=64
# exclude kaspersky
exclude_process_path=\Program Files (x86)\Kaspersky Lab\
# CloudVolumes
exclude_process_path=\Program Files (x86)\SnapVolumes
exclude_process_path=\Program Files (x86)\CloudVolumes
#AtHocGov
exclude_process_path=\Program Files (x86)\AtHoc
# AppSense
exclude_process_path=\Program Files (x86)\AppSense
# App-V 4.6 and 5.0
exclude_process_path=\Program Files (x86)\Microsoft Application Virtualization
# This should always be the last line in the policy
os=any
A few days have passed now and testing with above config seems to work perfectly for us!
When looking through the writable volume of a few users, only OST ans Search data is present (plus a specific folder for testing usage). Also in registry no data is written besides related to OST and Search.
For us this config seems to be spot on. We also seen no negative impact in the performance and working of Windows 10.
Thank you for sharing all the steps you performed and the cfg file that works, it saved us huge amount of time and effort.