If you want EWF to protect additional volumes you can do this easily by adding a few registry entries.
- First run regedit and open the HKLM\System\CurrentControlSet\ Services\EWF\Parameters\Protected key. Make sure EWF is disabled on your XP volume otherwise your settings won't be persisted when you reboot.
- For each additional volume simply create a new key named "VolumeN". You should already have "Volume0", so the next one would be "Volume1".
- Create a String value named "ArcName" and enter the ARC path to the volume you want to protect. For full details on ARC naming conventions see this Microsoft KB article.
- To protect an extended partition on your primary master on the first IDE channel it'd be: multi(0)disk(0)rdisk(0)partition(2)
- To protect a slave drive on your first IDE channel it'd be: multi(0)disk(0)rdisk(1)partition(1)
- Create a DWORD value named "Enabled" and set it to "0", and a DWORD value named "Type" set to "1".
- Reboot your system and then run ewfmgr. You should see the additional drives listed. If not or you get an error then you need to double-check your ARC paths.
- Once you're ready to enable EWF on the additional volumes you need to make sure EWF is disabled on your OS volume. Since the state is persisted in the registry if you have EWF enabled on your C drive and try to enable another partition it won't persist once you've rebooted.
No comments:
Post a Comment