Wat kan/moet je verwijderen uit een SVS laag na de capture?
[systemdrive]\Config.Msi\*.rbs
Uitleg:
Windows Installer accomplishes rollback by creating a rollback script. A rollback script is a file that contains a linear sequence of operations to perform, such as file and registry updates, configuration information updates, user interface notifications, and state information for other operations. Each operation recorded in the rollback script is a direct response to an operation in the installation script. Rollback scripts are stored in binary format. This improves efficiency, avoids the need for parsing the file, and discourages manual editing of the file. Rollback script files (.RBS and .RBF) are backups of existing files. Files with an .RBS file extension are rollback script files, and files with an .RBF file extension are backups of existing files. Both are stored in hidden folders called Config.msi. The Config.msi folders are created when the Msiexec.exe file starts copying from the installation point. The rollback script file (.RBS) is always stored in the Config.msi folder on the disk where the operating system is installed. The .RBF files are stored in the Config.msi folder on the disk where the program that is being backed up currently resides. This is done so that there is no crossing of disks when the program files are being backed up. All rollback files and the Config.msi folders are deleted when the installation completes successfully. …..
Bron:File Extension .RBS Details
[windir]\Prefetch
User-specific\USER_TEMPLATE
[cache]\* vb. [cache]\Content.IE5\
[cookies]\*
[history]\* vb. [history]\History.IE5\
[temp]\*
Writeable gedeelte:
User-specific\<SID>
idem als hierboven bij User-specific\USER_TEMPLATE.
Read-only
HKLM\SOFTWARE\Microsoft\Cryptography\RNG
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders ←- tenzij er aparte entries onder staan
HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Environment
HKEY_USERS\USER_TEMPLATE\Software\Microsoft\Windows\CurrentVersion\MountPoints2
HKEY_USERS\USER_TEMPLATE\Software\Microsoft\Windows\CurrentVersion\Shell Folders
Writeable
HKLM\SYSTEM\CurrentControlset\Control\Session Manager\Environment
HKEY_USERS\<SID>\Software\Microsoft\Windows\CurrentVersion\MountPoints2
HKEY_USERS\<SID>\Software\Microsoft\Windows\CurrentVersion\Shell Folders
Meestal komt dit neer op het verwijderen van HKEY_USERS\<SID>\Software\Microsoft\Windows als er verders niets meer onder staat.
In de regel: alles verwijderen.