Enable Windows Lockdown Features
For devices protection, Windows built many nice features in natively. For instance, function key protection disables Ctrl, Alt, and WinKey. UWF protection guarantees your disk C (System Partition) rollbacks to the original state after you reboot the Windows operating system. This lab guides you how to enable Windows lockdown features, and how to active/inactive them via DeviceOn portal. After this lab, you should:
Learn how to enable βKeyboard Filterβ and βUnified Write Filterβ (a.k.a. UWF) in Windows lockdown features.
Know what lockdown features can be controlled via DeviceOn portal.
Prerequisite
A running DeviceOn server.
A device which running on Windows 10 operating system (LTSB, LTSC) and installed WISE-Agent, that connects to DeviceOn server. Besides, this agent must install Advantech SUSI driver, or lockdown feature should not work properly.
Steps to Enable Windows Lockdown
Step 1: Go to the target agent device and open the file explorer window. In address bar, key βControl Panel\All Control Panel Items\Programs and Featuresβ in and followed by pressing βENTERβ. It opens the βPrograms and Featuresβ window.
Step 2: Click βTurn Windows features on or offβ on left hand side to open βWindows Featuresβ window.
Step 3: Scroll down the window, find and open the βDevice Lockdownβ item. Make sure both βKeyboard Filterβ and βUnified Write Filterβ are checked. Then click βOKβ.
Step 4: Now back to DeviceOn portal. Click βDeviceβ menu item, then βRemote Controlβ tab. And choose proper account, group, and device from βSELECT ACCOUNTβ, βSELECT DEVICE GROUPSβ, and βSELECT DEVICEβ fields accordingly. You can see βFunction Keyβ, βUWF Protectionβ control buttons there. Also, other than these two mentioned, βWatchdog Protectionβ, βWindows Notificationβ and more relevant features are available as you can see.
Step 5: Click βFunction Keyβ control button. You would find, after a while, the description of βFunction Keyβ changes from βAvailableβ to βCtrl, Alt, WinKey Lockdownβ. If you try to press such keys on the target device, they should not work as expected. Okay, you learned how to enable, disable βFunction Keyβ lockdown. Letβs go ahead and learn something regarding UWF.
Step 6: Click βUWF Protectionβ control button. A dialog pops up and the message shows that this action will reboot the device. Click βCONFIRMβ, its description changes from βDisabledβ to βEnabledβ. Just wait for the reboot completed.
Step 7: Now, write some data into disk C. You can, for example, download files into disk C, copy files into disk C. Or even generate by programmatically. Just do whatever you can do to mimic that you are working on disk C.
Step 8: Once you finish your tasks, reboot the target device. You would find that all those data you made at previous step disappear. The disk C rollbacks to the original state and just like you did nothing at all.
Last updated