The default MokaFive layer configuration will separate files, directories, and registry keys onto the system, user and application disk layers. The factory defaults can be customized, while still allowing new factory-shipped rules to be added when guest tools are upgraded.
The factory default MokaFive policy file installed by the MokaFive Guest Tools is installed in:
C:\WINDOWS\system32\layering.pol. This file can be viewed but should never be edited. All customizations should be added to the admin.pol file.
If you need to customize the installation, you can define custom policies by creating a text file:
C:\WINDOWS\system32\admin.pol
Policies defined in admin.pol will override the default policies set in layering.pol
The default policy file uses three layers:
1. System: Holds system data for the core OS as well as temporary files. This layer is rejuvenated on every boot and is always updated to the latest copy published with the LivePC.
2. User: Holds the user profile, user documents, and machine-specific state. Data in this layer is kept even when the LivePC is rejuvenated or updated.
3. App: When the "Allow user to install applications" is enabled, the app layer is enabled. Files and registry keys that do not match one of the other layers is stored in the app layer. This layer can be enabled or disabled via the management console. If this layer is disabled, all entries directing elements to the app layer instead direct objects to the system layer.
Customizing Layers with admin.pol
There are several common use cases that require the customization of the MokaFive layering policy. Since the system layer is rejuvenated on each system boot, certain files and settings may need to be retained for installed applications to function as desired. This is typically required for proper operation of antivirus engines and various systems management agents. The format of the policy file is one entry per line. The policy is processed in order, and later entries override prior ones. Details on how to customize the admin.pol file are below.
Files and Folders:
Redirect single file to the user layer
file user \program files\software_install_folder\file.txt
Re-Direct a folder and all contents to the user layer
file user \program files\software_install_folder\folder
Re-Direct all files with a specific file extension (.dat) to the user layer
file user \Program Files\software_install_folder\/.*\.dat/
Registry Keys and Values:
Re-Direct a single registry value to the user layer
value user \Machine\software\key\\value
*(note the double backslash before the registry value)
Re-Direct a complete registry key to the user layer
key user \Machine\Software\key
Layer Customization Examples
//Symantec Endpoint Protection 11/12
key user \MACHINE\SOFTWARE\Symantec\SharedDefs
file user \ProgramData\Symantec\Definitions
file user \ProgramData\Symantec\Liveupdate
file user \ProgramData\Symantec\Liveupdate\Downloads
file user \ProgramData\Symantec\Symantec Endpoint Protection\Logs
file user \Program Files\Symantec\Symantec Endpoint Protection\/.*\.dat/
file user \Program Files\Symantec\Symantec Endpoint Protection\syslog.log
file user \Program Files\Symantec\Symantec Endpoint Protection\tralog.log
file user \Program Files\Symantec\Liveupdate
key user \Machine\SOFTWARE\Symantec\Symantec Endpoint Protection\AV
key user \MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\Content
key user \MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\LiveUpdate
key user \MACHINE\SOFTWARE\Symantec\Common Client\ccService\Channels
//IBM Endpoint Manager (BigFix)
file user \Program Files\BigFix Enterprise\BES Client
file user \Program Files\BigFix Enterprise\BES Client\actionsite.afxm
file user \Program Files (x86)\BigFix Enterprise\BES Client
file user \Program Files (x86)\BigFix Enterprise\BES Client\actionsite.afxm
key user \MACHINE\SOFTWARE\BigFix\EnterpriseClient\GlobalOptions
key user \MACHINE\SOFTWARE\BigFix\EnterpriseClient\Settings
key user \MACHINE\SOFTWARE\BigFix\EnterpriseClient\Settings\Client
key user \MACHINE\SOFTWARE\BigFix\EnterpriseClient\Status
value user \MACHINE\SOFTWARE\BigFix\EnterpriseClient\Status\GURL
value user \MACHINE\SOFTWARE\BigFix\EnterpriseClient\Status\GHRESULT
// McAfee VirusScan Plus Template
key user \MACHINE\SOFTWARE\McAfee\VirusScan\SysMon\Cache
key user \MACHINE\SOFTWARE\McAfee\VSCore\VirusScanner\ScheduledScan
key user \MACHINE\SOFTWARE\McAfee\oeminfo
key user \MACHINE\SOFTWARE\McAfee\AVEngine
key user \MACHINE\SOFTWARE\McAfee\HackerWatch
key user \MACHINE\SOFTWARE\McAfee\MSC\OEM
key user \MACHINE\SOFTWARE\McAfee\MSC\Scheduler\mcupdtsk
key user \MACHINE\SOFTWARE\McAfee\MSC\Update
key user \MACHINE\SOFTWARE\McAfee\SiteAdvisor\BrowserPlugins
key user \MACHINE\SOFTWARE\McAfee\VirusScan\InstallSettings
key user \MACHINE\SOFTWARE\McAfee\VirusScan\VSMap
file user \Program Files\McAfee\VirusScan\DAT
file user \Program Files\McAfee\VirusScan\Engine
file user \Program Files\McAfee\VirusScan\vsupgrade.inf
file user \Program Files\SiteAdvisor
file user \Program Files\SiteAdvisor\Oem.txt
file user \Program Files\Common Files\McAfee\Installer
file user \Program Files\McAfee\MSC\oem\634-4
file user \Program Files\McAfee\VirusScan
file user \Program Files\McAfee\VirusScan\mispreg.ini
file user \Program Files\McAfee\VirusScan\mispureg.ini
file user \Program Files\McAfee\VirusScan\mvsmain.inf
file user \Program Files\McAfee\VirusScan\mvspost.inf
file user \Program Files\McAfee\VirusScan\oem.inf
file user \Program Files\McAfee\VirusScan\smonres.inf
file user \Program Files\McAfee\VirusScan\subst.inf
file user \Program Files\McAfee\VirusScan\sysmondt.dll
file user \Program Files\McAfee\VirusScan\updunreg.ini
file user \Program Files\McAfee\VirusScan\vistareg.ini
file user \Program Files\McAfee\VirusScan\vsmain.inf
file user \Program Files\McAfee\VirusScan\vsosbt.inf |
|
|