Download presentation
Presentation is loading. Please wait.
1
Windows Resource Protection
By: 3rd course IT student Laurynas Geležius
2
About Windows Resource Protection (WRP) is a feature that started in Windows Vista and is still used by newest Windows operating systems. It replaces Windows File Protection (WFP) that was included in operating systems of Windows 2000 and Windows XP era.
3
What it does Windows Resource Protection protects registry keys and folders in addition to critical system files. The way it protects resources differs from the method used by Windows File Protection.
4
Windows File Protection
This sub-system aims to prevent programs from replacing critical Windows system files. Protecting core system files mitigates problems such as DLL hell (complications that arise when working with dynamic-link libraries (DLLs) )
5
How WFP works When WFP is active, replacing or deleting a system file that has no file lock to prevent it getting overwritten causes Windows immediately and silently to restore the original copy of the file from a cached folder that contains backup copies (for example: %WinDir%\System32\Dllcache). Only certain OS components like Package Installer (Update.exe) or Windows Installer (Msiexec.exe) can replace these files. OS versions with WFP (2000, XP) also shipped together with a System File Checker (SFC) – utility that allows users to scan for and restore corruptions in Windows system files themselves.
6
How WRP works WRP works in a similar way like WFP as in that if any changes are detected to a protected system file, the modified file is restored from a cached copy located at “dllcache” folder. The difference begins with access control lists (ACLs) that are defined for protected resources. An ACL specifies which users or system processes are granted access to objects, as well as what operations are allowed on given objects. Additionally permission for full access to modify WRP-protected resources is only given to processes using the Windows Modules Installer service (TrustedInstaller.exe). The “Trusted Installer” account is used to secure core operating system files and registry keys. Administrators no longer have full rights to system files, they have to take ownership of the resource and add the appropriate Access Control Entries (ACEs) to modify or replace it. System File Checker is integrated with WRP.
7
What WRP Protects 1. Large number of file types (picture above)
2. Several critical folders. If a folder is protected by WRP, it’s subfolders and files in them will also be protected. 3. Essential registry keys installed by Windows Vista and latter. If a key is protected by WRP, all it’s sub-keys and values will also be protected.
8
WRP issues Quite a few people have problems with WRP where: a) It “could not start the repair service” b) It “could not perform the requested operation” c) SFC Scannow not working Some of these issues were caused by TrustedInstaller service malfunction, but could be fixed. Some of the issues users could not find the reason and/or solution to.
10
Thank you, for your attention!
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.