none
Windows 10 IoT Entreprise - UWF Access denied when trying to disable the filter RRS feed

  • Question

  • Hi Team,

    I have a Win 10 IoT Entreprise build 1803 with SSD drive. I am trying to lock down the drive using the UWF. I have two local account, one User (Standard) and one Admin. Login in with the Admin, I can start PowerShell (Admin).  I can use UWFMGR Filter Enable and UWFMGR volume protected C: without issue. I reboot the machine and the UWF is protecting my device (I can delete and create folder + file, and all is gone after reboot, back to my deployed system). Now, if I try to Get-Config - the results on the powershell prompt are extremely slow but do come back. If I try UWFMGR filter disable, the prompt stay on for about 10 minutes and return Could not disable the unified write filter (access is "denied")... I have no recourse but to recut my machine or reinstall from scratch.

    Is there anything I am missing? This should be working but I have not found a log anywhere that would help explaining the issue.  

    Friday, September 14, 2018 6:26 PM

All replies

  • Just wondering if you login as admin, then open Command Prompt (Admin) does that make a difference?
    Saturday, September 15, 2018 1:26 PM
  • Hi,


    Does we open the Powershell, then run as Administrator?
    Important
    Users with standard accounts can use commands that retrieve information, but only users who have administrator accounts can use commands that change the configuration settings.

    If you are booting from a USB drive and trying to protect a USB flash drive, this will not work. You cannot use UWF to protect external removable drives, USB devices or flash drives.

    Reference:
    uwfmgr.exe
    https://docs.microsoft.com/en-us/windows-hardware/customize/enterprise/uwfmgrexe

    Unified Write Filter (UWF) feature
    https://docs.microsoft.com/en-us/windows-hardware/customize/enterprise/unified-write-filter

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, September 17, 2018 6:23 AM
  • Yes, I am logged in as admin ( I also run PowerShell (Admin) )
    Monday, September 17, 2018 3:49 PM
  • Yes - I am running as admin. No I and not using a USB, I trying to apply UWF to the SSD where the system is installed (not a removable drive)...
    Monday, September 17, 2018 3:51 PM
  • Yes, I am logged in as admin ( I also run PowerShell (Admin) )
    then open Command Prompt (Admin) ?
    Monday, September 17, 2018 7:31 PM
  • Tried both, Command prompt (run as administrator) and PowerShell (Admin)

    Monday, September 17, 2018 8:02 PM
  • Hi,
    We can try the following way to disable UWF or disable the filter for a specific volume.
    To completely disable UWF (after the restart all changes will be saved permanently):
    uwfmgr.exe filter disable
    Or you can disable the filter for a specific volume:
    uwfmgr.exe volume unprotect C:

    Important:  If the system doesn’t boot due to the incorrect work of the filter, you can disable the filter by booting from the installation disk and edit the registry in the offline mode:
    Filter start can be disabled in HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\uwfvol by changing the value of start parameter to 4.
    Delete the uwfvol string in HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{71a27cdd-812a-11d0-bec7-08002be2092f}\Lower Filters

    For details we can refer to the article:
    Using Unified Write Filter (UWF) in Windows 10
    http://woshub.com/using-unified-write-filter-uwf-windows-10/

    Tip: This answer contains the content of a third-party website. Microsoft makes no representations about the content of these websites. We provide this content only for your convenience.

    Note: Because the operation involves changing the registry, it is important that we back up the registry before changing it.

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.


    Tuesday, September 18, 2018 4:21 AM
  • uwfmgr.exe filter disable

    Will end with Access Denied (which is the purpose of the post)

    uwfmgr.exe volume unprotect C:

    will never return, (or at least not returned after 15 hours executing)

    I will try the offline registry, but the issue is still the fact that Filter Disable returns "access denied"

    I also try to create a folder exclusions and the system would crash (blue screen) when accessing that folder.

    I rebuild the system from scratch, but to now avail. Filter can be enabled, but will refuse to be disabled. I wonder if my admin user created prior the filter should have more rights, but I am not sure what else I can do beside setting it to Administrator

    Tuesday, September 18, 2018 8:34 PM
  • Hi,
    When this feature is turned on and enabled, we cannot make changes while this configuration is in use, so we cannot disable this feature via the command of "uwfmgr.exe filter disable" and report an error of “access is denied”.
    We can disable it by turning off this feature.
    1. Open " Turn Windows features on or off ".
    2. Uncheck " Unified Write Filter " 
    3. Click " OK ".


    It is recommended that we try this command in Win RE or Win PE to see if you have the same error.

    Best Regards,
    Daisy Zhou

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, September 19, 2018 9:58 AM
  • I'm having the same issue.

    I have enabled the write filter, and cannot disable the filter with elevated command prompt.

    Get-config and most of the other commands work appropriately, but filter disable or unportect gives the access deny error.

    Additionally the event viewer shows the following:

    "unified write filter fail to be disabled, exit code:2147949201 Transaction support within the specified resource manager is not started or was shut down due to an error. "

    Thursday, September 20, 2018 12:18 PM
  • Thanks to Sean Liming he advised me (and thus everyone) to use Hyper-v instead of other virtualization software like VM-Ware (which i was using to test).

    Right now i spun up a brand new Win 10 ERP evaluation VM, downloaded all the updates and activated the UWF.

    I then enabled the filter and i could succesfully unlock the filter on a normal machine.

    Some sidenotes:

    Use 'Run as admin' even when you're an actual admin. This gives you elevation (this has to do with UAC) which you need for all setups.

    In Hyper-V, If you're trying to connect to your guest as host - make sure you run the virtualization manager in Admin mode as well - else the connection won't show.


    • Edited by sommmen Thursday, September 20, 2018 2:05 PM clarification that i was using hyper-v
    Thursday, September 20, 2018 2:03 PM
  • Hi,
    If this issue has any update or is this issue solved? Also, for the problem, is there any other assistance we could provide?
    Best Regards,
    Daisy Zhou


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, September 21, 2018 7:32 AM
  • Hi,
    I am just writing to see if this issue has any update. If anything is unclear, please feel free to let us know.
     
    Have a nice day!
    Best Regards,
    Daisy Zhou


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, September 25, 2018 9:38 AM
  • Hello!

    Same symptom here!

    Running in a fresh image of Windows 10 Enterprise 1803.

    any workaround ?

    Thanks in advance,

    Matias

    Wednesday, October 23, 2019 8:50 AM
  • Access Denied means command prompt is not elevated. Try my GUI UWF utility and see what happens: http://www.annabooks.com/SW_UWFUtility.html

    Sean Liming - Book Author: Starter Guide Windows 10 IoT Enterprise - www.annabooks.com / www.seanliming.com

    Wednesday, October 23, 2019 5:32 PM