Demystifying the new system protection features of Windows 7

In Windows 7 M3 Build 6801 we can see a new feature - PC Safeguard, a new PC protection feature. With PC Sageguard, we can create a Sandbox users in the system. When Sandbox users log in to the system, they are actually in a read-only environment. All operations, such as delete, write, and modify, will be in the system. The account disappears after being logged out.

PC Safeguard is designed for use in a multi-person computer environment such as computer classrooms, libraries, corporate public areas, and more. Suppose we may encounter a situation where we have to let someone else use our personal computer, or when a child at home needs to use a computer. In these scenarios, we know what happens after the computer is used publicly!!

Below, we use PC Safeguard to solve our worries. First go to "User Accounts and Family Safety" via the control panel and navigate to "Change an Account" and click on "Set up PC Safeguard". (Figure 1)

Select "Turn on PC Safeguard" on the "Set Up PC Safeguard" configuration page to enable this feature. In addition, you can click on "Local Hard disk drives (advanced)" for advanced configuration of local disks. (Figure 2)

"Local Disk Drives" configuration page We configure which disks are locked. When the disk is set to release, the user can modify the disk. In order to make screenshots in subsequent tests, I configured (D:) to unlock the state. (Figures 3, 4)

When I log in to the system using Sandbox users, a warning message will automatically pop up to inform you that the data you are doing in the current environment should Save to other storage. (Figure 5)

In order to test the specific capabilities of PC Safeguard, I performed in-depth testing. When we want to perform some modifications to the system itself, a UAC prompt will pop up, let me enter the administrator password for the authorization operation. The actions performed after the authorization is recorded are stored and stored. This feature is very flexible when used in the PC Safeguard environment. (Figure 6)

PC Safeguard is similar to the previous Windows SteadyState (early name: Shared Computer Toolkit), but it is easier to use, more compact, and more user-friendly. .

gOxiA performed related test operations in the PC Safeguard environment. It was found that when deleting the system's own files, the system mentioned above mentioned the lifting operation, type "sufan" in the above figure. After the password of the account, the file is successfully deleted, and then the "sufan" account is used to log in and the deleted file appears in the recycle bin under the account. Very interesting!

In addition, gOxiA also found a more interesting question! I mentioned before that in the PC Safeguard environment, the operations done by Sandbox users will not be saved (except for the escalation operation). However, only the information in the recycle bin under Sandbox uers will be saved. In other words, let's say we created a folder on the desktop and created a file in it. By default, the directory and files will be cleaned up after we log out. But when we delete the directory, the directory will be placed in the recycle bin. After we log out and log back in, we will find that the directory and the files still exist. We only need to restore the directory to retrieve the previous files.

Whether the emergence of this problem belongs to the Bug remains to be verified. Interested friends can do further testing. Finally, you need to be reminded that PC Safeguard only supports standard users, and PC Safeguard cannot be enabled if the user belongs to the administrator group.