one thing that really bothers me, is the automatic creation of the Windows objects $Recycle.Bin and System Volume Information, an even bigger annoyance than the cr**py My Documents innovation.
Using a Win7PESE build, I do not want to get these objects being (re-)created on every drive and partition I access.
I'm searching methods ("hacks", whatever...) to tell Windows/Win7PESE:
- not to create any $Recycle.Bin/$RECYCLE.BIN objects at all; never, for noone
- to delete files and folders immediately, not using any Recycler (maybe via NukeOnDelete)
- if necessary, to set any Recycler size to 0 MB
- to globally disable the System Restore service/functionality
- if feasible somehow, not to create any System Volume Information objects
- not to protect any of these objects if found, enabling me to remove them
RegWrite,HKLM,0x4,"Tmp_Software\Policies\Microsoft\Windows NT\SystemRestore",DisableSR,1
RegWrite,HKLM,0x4,"Tmp_Default\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{0E62E162-BDED-4E74-88F1-EE99FD717DEB}Machine\Software\Policies\Microsoft\Windows NT\SystemRestore",DisableSR,1
dealing with System Restore or
RegWrite,HKLM,0x4,Tmp_Software\Microsoft\Windows\CurrentVersion\Explorer\BitBucket,NukeOnDelete,1
RegWrite,HKLM,0x4,Tmp_Software\Microsoft\Windows\CurrentVersion\policies\Explorer,NoRecycleFiles,1
for Recycler settings, but that didn't get me further.
Has anybody already tried to achieve this? Maybe forensic folks out there...?
I do not want to mount a host system read only as I'm running my backup programs in Win7PESE, but I want to prevent the PE build to tamper with the host and external (NTFS formatted) hdds...
Any suggestions?
Thanks in advance!