Windows File Protection (WFP) automatically maintains the integrity of system files. If any unauthorized changes are detected, the affected file is removed and replaced with a CRC verified backup. This feature is enabled by default, but depending on your environment you may wish to control WFP centrally throughout your domain.
The controls that manage WFP are found in the Computer Configuration section of an Active Directory group policy object in the Administrative Templates, System, Windows File Protection folder.
The Set Windows File Protection scanning control specifies whether WFP performs its scans only during setup or during both setup and startup.
The Hide the file scan progress window control hides or displays the scanning progress window of WFP. Novice users may be confused by this window.
The Limit Windows File Protection cache size control sets the size of the file cache where CRC verified backup versions of system files are stored. By default, the cache is 50 MB. This control increases or decreases the size of this cache. The larger the cache, the more files can be protected by WFP.
The Specify Windows File Protection cache location control defines the path where the WFP cache will be located. By default, it is located in %systemroot%system32dllcache. It's not a good idea to place the cache directory on a network drive; use a local hard drive with sufficient free space.
Michael Stewart is a partner and researcher for ITinfo Pros, a technology-focused writing and training organization.
This was first published in December 2002