Install SteadyState and Enable Disk Protection in one shot!

Wednesday, October 1, 2008

Install SteadyState and Enable Disk Protection in one shot!



After 12 years, Microsoft's support for Windows XP ended April 8, 2014. Since there will be no more security updates or technical support for the Windows XP operating system I have removed the transforms file link.

This article remains online for historical purposes only.


Here's the code that I used to install Windows SteadyState v2.5 and enable windows disk protection all in one shot. This took forever to figure out with myself and a colleague doing a significant amount of head scratching.

After Windows installer finishes the SteadyState install (I used a custom transform to skip the WGA validation since an unattended install would always freeze during this process), you need to run the SCTUI.EXE application located in the folder C:\Program Files\Windows SteadyState\. The catch is that if you try and run it from the same script that you ran the installer from, SCTUI will launch and immediately exit without enabling disk protection. The workaround we finally came up with was to have the installer script create a temporary user account that is a member of the local administrators group and execute SCTUI as that user. Ah, but you can't pass a password to RUNAS.EXE you say? That's where cpau from joeware comes in.

With cpau, you can specify both the user id and the password on the command line. The beauty of this is that once SCTUI has been launched you can delete the "temporary" administrator account we created earlier (the one that cpau is using to launch SCTUI) and the process will still run because of the way security contexts work in Windows (note: I have not yet tested this on Vista).

We guessed (correctly) that the SCTUI was somehow sensing that it was being launched from the same parent process as the Windows Installer instance that installed SteadyState. That's where the other benefit of cpau comes in. The process that cpau creates will be in an entire new user context and won't inherit any of the parent process' environment.

Once the installer scripts finish, the system will reboot. Once the system comes back up, you'll have to run the Windows SteadyState management tools to more fully configure Windows Disk Protection if you don't want all disk changes discarded with each boot.

Getting this all going took me 2 scripts, since I wanted to do some tidying up with the second script. Remember to watch out for line-wrap. As always, your mileage may vary, run these scripts at your own risk and always test on non-production systems and have good backups! That said, I cannot spend a significant amount of time supporting these scripts, here they are:

Script 1; GO.CMD:

@ECHO OFF
ECHO Installing SteadyState Components...
MSIEXEC /I SteadyState.msi /qb TRANSFORMS=SteadyState-attempt4.mst /log %TEMP%\SteadyState.Log

:WDP
ECHO About to enable disk protection...
ECHO.
ECHO Please close all running applications and save all settings.
ECHO When the computer reboots after this, all changes made to the
ECHO hard drive will be discarded when the computer is shutdown or
ECHO restarted.
ECHO.
ECHO THIS IS YOUR FINAL WARNING! Press CTRL-C and choose Y to cancel or
PAUSE
NET USER WDPINSTALLER WDP@ss0123 /ADD
NET LOCALGROUP ADMINISTRATORS
WDPINSTALLER /ADD
@START cmd /c wdpenable.bat
Script 2; WDPEnable.BAT:

@ECHO OFF
REM Cleanup the SteadyState installer and any files that
REM contain sensitive account information (like passwords).
DEL /Q *.CMD
DEL /Q *.MSI
DEL /Q *.MST
@cpau -u
WDPINSTALLER -p WDP@ss0123 -ex "C:\Program Files\Windows SteadyState\SCTUI.exe /EnableWDPAndReboot"
REM Once the process has been launched we can safely
REM
delete the installer user account
@NET USER
WDPINSTALLER /DEL
DEL /Q CPAU.EXE
If you want to know more about the transform file I used, send me an email message.

Update (3/18/2009):
Some people have asked me what I used to create the transform (MST) file.  The tool I used is called ORCA, which is included in the Windows SDK Components for Windows Installer Developers, part of the Microsoft® Windows® Software Development Kit. If you’re just looking for the Windows Installer tools (which includes ORCA) and not the full SDK (which can be huge), Microsoft has also released the Windows Installer 4.5 Software Development Kit which is only 7MB.
Update (2/26/2011):

Instead of using ORCA I now prefer InstEd for MSI editing and transform file creation. I have found it to be more stable and far more powerful than ORCA.

9 comments :

Alex said...

I'm trying to use this to enable hard disk protection because when I try to do it from the GUI, it tells me I don't have enough space.

Because it opens a new window, I can't really see what it tells me... But I don't think it's working, simply because "Enable and Restart" should technically restart afterward, but nothing happens. Any suggestions?

erikpt said...

McTrafik: You've already answered your own question. If the GUI is telling you you don't have enough disk space to enable Windows Disk Protection, my installer will not be able to enable it either.

The error message that is going by in the new window is likely "Cannot enable Windows Disk Protection, not enough space on the disk" or something similar. Please consider deleting old files or upgrading your hard drive so you have sufficient free space. I refer you to this website about SteadyState and WDP: http://bit.ly/lDaEw
Where it states:
Behind the scene, WDP creates and reserves a large (2 GB as a minimum) cache file to save all changes to the Operating System and program files. It needs at least 4 GB of unallocated space on your Windows partition to create its cache file, but the default size used is approximately 50% of the available disk space (40 GB as a maximum).

Anonymous said...

Do you know how to enable disk protection and do not reboot? (the script i am running shuts the computer down itself, i don't want it to reboot)

Anonymous said...

Do you know how to enable disk protection wihout rebooting? (i run it in a script which shuts the computer down itself, i don't want it to reboot)

erikpt said...

Tristan-

The reboot is performed by the command that enables WDP, I do not have an easy way of trapping the event ans canceling the restart operation.

Anonymous said...

Well i already figured it out, i stopped it from rebooting with "shutdownguard", and after it stopped steadystate from restarting, i kill the process and shutdown the pc.
Works like a charm :-)

Unknown said...

How do you use SteadyState now that there is Guest Mode in Win7? How can you use same features in Guest Mode?

Sinmo stop control said...

I'm interested in your response file but i can't find your email...

thanks!

erikpt said...

The response file and SteadyState are only relevant to Windows XP. As Microsoft is no longer supporting Windows XP, I have removed the files.