14 Replies Latest reply on Jan 29, 2020 4:44 AM by ruiterrinhapalexpo

    Updated: working config! How to keep the writable volume as clean as possible?

    SummaCollege Enthusiast

      Update: i have renamed this post to better represent the content.

       

      All our users have 1 Writable Volume for OST and Search storage and a few Appstacks.

      The Writable Volume is configured (snapvol.cfg) with the following entry:

       

      #virtualize=\

      Registry virtualization has been removed.

       

      And the rest is the default snapvol.cfg + extra exclusions for virusscanner.

       

      And using UEM/DEM we configured the OST to be placed on the writable volume.

      This way we thought it would not virtualize the complete disk and only virtualize the paths we want, and it looked like this was working fine. Till now...

      We now see stuff appearing inside the writable volume. Partly it's my fault not picking this up before. I wasn't looking at the right locations when testing this setup in our test environment and i thought everything was working as planned.

       

      Our usecase is very simple. Writable Volume is used to store the OST and Search database and nothing else. The user profile part is managed using UEM/DEM.

      Thats part 1 of the challenge we are facing; "How do we realize this usecase?" We thought we had this covered, but is seems we didn't.

       

      Part 2 is that i need some more info on the relationship between Appstacks and Writable Volumes.

      I did some testing with the following snapvol.cfg for my writable volume:

      exclude_path=\ProgramData\

      exclude_path=\Users\

      exclude_path=\Windows\

      exclude_path=\Program Files (x86)\

      exclude_path=\Program Files\

       

      When i use this snapvol.cfg for my writable vol and attach one or more appstacks as well, this isn't functioning like i was expecting.

      I see that the folder structure from the appstack is visible in my file system, but the data is not accessible. That makes me think the processing of the appstack is influenced by the configuration of the writable volume. But both the appstacks and the writable volumes have there own snapvol.cfg. So that made me believe they are processed independently. My testing is indicating otherwise.

      Can someone clearify this behaviour?

       

      And maybe help me to correct our setup so it complies with our usecase; "Writable Volume is used to store the OST and Search database and nothing else"?

        • 1. Re: Relation between Appstack and Writable volume and help with our usecase
          SummaCollege Enthusiast

          I see there is no easy answer to my questions

           

          Lets simplify this a bit;

          - How do i make sure that no data is saved to the writable volume by the apps that are installed inside the golden image and attached appstacks?

          - Do i really need to exclude every process, folder, path, that is used by every installed application inside the golden image and appstacks to make sure no data like temp files, settings, updates, etc ends up in the writable volume? We have several appstacks with a lot of apps installed. It would take us ages to figure out what needs to be excluded i guess.

           

          If this really is the only way and is there no other viable option then so be it. Better ask now instead of being sorry afterwards i guess...

          • 2. Re: Relation between Appstack and Writable volume and help with our usecase
            Ray_handels Master
            vExpertCommunity Warriors

            In basic functionality the writable captures everything that is n ot excplicitly excluded within the writable volume, it has nothing to do with what you have installed on your GI or Appsatcks. If you were to install a new application and didn;t change anything on the snapvol.cfg it would eventually just grab everything.

             

            I have seen people being able to just add a few folders but you would then need readjust the snapvol.cfg accordingly.

            • 3. Re: Relation between Appstack and Writable volume and help with our usecase
              SummaCollege Enthusiast

              Does the writable volume also collect data/files and registry settings that is created by processes started from an appstack? For example temp files or application settings?

              I think that it does as the filter driver isn't selective in this, but am i correct? Just to be sure.

               

              Managing a lot of application and excluding every process, path and registry that might process some data is an almost impossible task then, if your goal (like ours) is to not store this data.

              • 4. Re: Relation between Appstack and Writable volume and help with our usecase
                Ray_handels Master
                vExpertCommunity Warriors

                Does the writable volume also collect data/files and registry settings that is created by processes started from an appstack? For example temp files or application settings?

                I think that it does as the filter driver isn't selective in this, but am i correct? Just to be sure.

                Yes it does. Windows cannot make the distinct difference between an appstack and a non appstack application.

                Managing a lot of application and excluding every process, path and registry that might process some data is an almost impossible task then, if your goal (like ours) is to not store this data.

                I believe someone did get this to work and just have the .ost file and windows search in the writable, not quite sure if that post is here or on the DEM forum.

                Logically you would need to exclude all folders on the C drive exept the one where the .ost file is stored in.

                 

                That would mean use excludes that exclude the entire Program files and windows directory and you would be pretty good to go.

                1 person found this helpful
                • 5. Re: Relation between Appstack and Writable volume and help with our usecase
                  SummaCollege Enthusiast

                  I am in the process of creating and testing exactly that inside a new snapvol.cfg for this usecase. I will report back the results....

                  Thanks in advance!

                  • 6. Re: Relation between Appstack and Writable volume and help with our usecase
                    SummaCollege Enthusiast

                    By the way, i know exactly how to view the file contents of a writable volume. But how can i check what registry settings are saved inside the writable volume?

                    • 7. Re: Relation between Appstack and Writable volume and help with our usecase
                      SummaCollege Enthusiast

                      If i exclude the "\Windows" "\Program Files" and "\Program Files (x86)" inside the snapvol.cfg from the writable volume, the applications from the appstacks are not attached correctly. They don't appear in the start menu and are not visible at the filesystem.

                      The snapvol.cfg contained inside the Writable Vol is also impacting the Appstacks despite having there own snapvol.cfg

                       

                      Why?

                      • 8. Re: Relation between Appstack and Writable volume and help with our usecase
                        sjesse Master
                        User ModeratorsvExpert

                        I'm pretty sure the writable is attached last, and the snapvol.cfg is either merged with the earlier ones, or the writable snapvol.cfg is used instead of the other ones(I was told this was the case by VMware, but recently people have been suggesting they get merged). Your seeing this here, I've never was able to get what your trying to do work. Small exclusions work, but trying to removable program files and the windows folders breaks everything.

                        • 9. Re: Relation between Appstack and Writable volume and help with our usecase
                          SummaCollege Enthusiast

                          You might be right there. We'll then have to really explicitly exclude a LOT.... Damn.

                          Is what we are trying to accomplish really that unique? Why include everything if it's not necessary. Including that much "useless" data is only going to slow things down, use up space, might be the source for issues in the future after updates/upgrades, god knows what else....

                           

                          So, frustrations are vented, now continiu searching for solutions

                          • 10. Re: Relation between Appstack and Writable volume and help with our usecase
                            sjesse Master
                            User ModeratorsvExpert

                            If your on a later version look at what's in the profile only snapvol.cfg, and maybe compare that to what you have, as that is "supposed" only do the profile.

                            • 11. Re: Relation between Appstack and Writable volume and help with our usecase
                              SummaCollege Enthusiast

                              Funny, that's exactly what i am doing right now

                              • 12. Re: Relation between Appstack and Writable volume and help with our usecase
                                SummaCollege Enthusiast

                                The below configuration is what a few users are testing at the moment and it seems to do the trick for us.

                                 

                                The only stuff i see stored inside the Writable Volume is everything we change inside the "C:\Summa" folder, and nothing else from the filesystem.

                                In the registry i only see the releated search entries.

                                 

                                OST and Search database is written to the Writable Volume as well, and that setting is done by DEM.

                                We also have several AppStacks that seem to function fine (different snapvol.cfg).

                                 

                                The only thing i am unsure of is the need for the "Process Exclusions"? I don't see any stuff making it inside the Writable Volume, so i am not sure if i need to keep them in the config.

                                 

                                Our config:

                                ################################################################

                                # Date:    10-12-2019

                                # Version: 2

                                ################################################################

                                 

                                 

                                 

                                 

                                scope=volume

                                type=writable

                                writable_type=uia

                                 

                                 

                                 

                                 

                                ################################################################

                                # File system

                                ################################################################

                                 

                                 

                                virtualize=\summa

                                 

                                 

                                 

                                 

                                ################################################################

                                # Registry

                                ################################################################

                                 

                                 

                                virtualize_registry=\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Search

                                virtualize_to=\MACHINE\SOFTWARE\Microsoft\Windows Search

                                 

                                 

                                os=64

                                 

                                 

                                virtualize_registry=\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows Search

                                virtualize_to=\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows Search

                                 

                                 

                                os=any

                                 

                                 

                                ################################################################

                                # File system inclusions

                                ################################################################

                                 

                                 

                                include_path=\summa

                                 

                                 

                                ################################################################

                                # File system exclusions

                                ################################################################

                                 

                                 

                                exclude_path=\$Recycle.bin

                                 

                                 

                                ################################################################

                                # Registry inclusions

                                ################################################################

                                 

                                 

                                include_registry=\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Search

                                 

                                 

                                os=64

                                include_registry=\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows Search

                                os=any

                                 

                                 

                                ################################################################

                                # Registry exclusions

                                ################################################################

                                 

                                 

                                exclude_registry=\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Search\VolumeInfoCache

                                 

                                 

                                os=64

                                exclude_registry=\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows Search\VolumeInfoCache

                                os=any

                                 

                                 

                                ################################################################

                                # Process exclusions

                                ################################################################

                                 

                                 

                                # exclude kaspersky

                                exclude_process_path=\Program Files (x86)\Kaspersky Lab\

                                 

                                 

                                # exclude Office Klik-en-klaar service

                                exclude_process_path=\Program Files\Common Files\Microsoft Shared\ClickToRun

                                 

                                 

                                # App-V 4.6 and 5.0

                                exclude_process_path=\ProgramData\App-V

                                exclude_process_path=\ProgramData\Microsoft\AppV

                                exclude_process_path=\ProgramData\Microsoft\Application Virtualization

                                exclude_process_path=\Program Files\Microsoft Application Virtualization

                                 

                                 

                                exclude_process_path=\svruby

                                exclude_process_path=\Program Files\SnapVolumes

                                exclude_process_path=\Program Files\CloudVolumes

                                 

                                 

                                #exclude_process_name=regedit.exe

                                exclude_process_name=CCmExec.exe

                                exclude_process_name=chkdsk.exe

                                exclude_process_name=chkntfs.exe

                                exclude_process_name=svcapture32.exe

                                exclude_process_name=svcapture64.exe

                                exclude_process_name=autochk.exe

                                exclude_process_name=wininit.exe

                                exclude_process_name=diskpart.exe

                                exclude_process_name=vds.exe

                                exclude_process_name=vdsldr.exe

                                 

                                 

                                # Windows Update

                                #exclude_process_name=wuapp.exe

                                #exclude_process_name=wuauclt.exe

                                #exclude_process_name=wusa.exe

                                 

                                 

                                # Windows Activation

                                exclude_process_path=%SystemRoot%\system32\wat

                                 

                                 

                                # McAfee

                                exclude_process_path=\Program Files\Common Files\McAfee\SystemCore

                                 

                                 

                                #AtHocGov

                                exclude_process_path=\Program Files\AtHoc

                                 

                                 

                                 

                                 

                                ################################################################

                                # 64-Bit OS exclusions

                                ################################################################

                                 

                                 

                                os=64

                                 

                                 

                                # exclude kaspersky

                                exclude_process_path=\Program Files (x86)\Kaspersky Lab\

                                 

                                 

                                # CloudVolumes

                                exclude_process_path=\Program Files (x86)\SnapVolumes

                                exclude_process_path=\Program Files (x86)\CloudVolumes

                                 

                                 

                                #AtHocGov

                                exclude_process_path=\Program Files (x86)\AtHoc

                                 

                                 

                                # AppSense

                                exclude_process_path=\Program Files (x86)\AppSense

                                 

                                 

                                # App-V 4.6 and 5.0

                                exclude_process_path=\Program Files (x86)\Microsoft Application Virtualization

                                 

                                 

                                # This should always be the last line in the policy

                                os=any

                                1 person found this helpful
                                • 13. Re: Relation between Appstack and Writable volume and help with our usecase
                                  SummaCollege Enthusiast

                                  A few days have passed now and testing with above config seems to work perfectly for us!

                                  When looking through the writable volume of a few users, only OST ans Search data is present (plus a specific folder for testing usage). Also in registry no data is written besides related to OST and Search.

                                   

                                  For us this config seems to be spot on. We also seen no negative impact in the performance and working of Windows 10.

                                  1 person found this helpful
                                  • 14. Re: Relation between Appstack and Writable volume and help with our usecase
                                    ruiterrinhapalexpo Lurker

                                    Thank you for sharing all the steps you performed and the cfg file that works, it saved us huge amount of time and effort.