A policy was implemented at a company to ensure the enhanced write filter (EWF) was disabled on all thin clients. Rather than loading up HP's way of doing this through HP Device Manager I decided PowerShell could do the job just as well.

I also didn't have to load some bloated software on a server somewhere!

HP has a utility called ewfmgr.exe that manages the write filter locally. However, there's no way to natively do this remotely. PowerShell to the rescue!

I decided to write two extremely simply cmdlets to get the job done. 95% of this code is just setting up the cmdlets. The real meat simply uses Sysinternals' tool PSEXEC to kickoff ewfmgr and report back the results.

I explicitly decided to use this method over PowerShell remoting because these thin clients were mostly running XP Embedded and didn't have enough space to install PowerShell on them. You manage what you're given.

Feel free to steal these and make them your own. As always, if you have a better way to get this accomplished please let me know in the comments.

Function Get-WriteFilter {
    <# .SYNOPSIS 
        Retrieves the status of an embedded device's write filter 
    .DESCRIPTION 
        This function uses remoting to find the status of a write filter 
    .EXAMPLE Get-WriteFilter -ComputerName HOSTNAME 
    .PARAMETER 
        ComputerName The computer name to query. Just one.
    #>
    [CmdletBinding()]
    param (
        [Parameter(Mandatory=$True,
        ValueFromPipeline=$True,
        ValueFromPipelineByPropertyName=$True,
        HelpMessage='What computer name would you like to target?')]
        $Computername
    )

    begin {
        $output_props = @{'ComputerName'=$ComputerName}
    }

    process {
        try {
            ## Run PSEXEC and don't generate a profile, run as local system, timeout as 10 seconds
            $process_output = C:\psexec.exe -e -s -n 10 \\$ComputerName C:\Windows\System32\ewfmgr.exe c:\ 2> | Out-Null
            if ($process_output -match 'State.+DISABLED') {
                $output_props.Add('State','Disabled')
            } else {
                $output_props.Add('State','Enabled')
            }
                new-object -TypeName PSCustomObject -Property $output_props
            } catch {
                $_.Exception.Message
        }
    }
}

Function Set-WriteFilter {
    <# .SYNOPSIS 
        Sets various properties on the write filter 
    .DESCRIPTION 
        This function is typically used to disable an embedded device's write filter 
    .EXAMPLE 
        Set-WriteFilter -ComputerName HOSTNAME -State Disabled 
    .PARAMETER 
        ComputerName The computer name to query. Just one. 
    .PARAMETER 
        State The state in which you'd like to leave the write filter
    #>
    [CmdletBinding()]
    param (
        [Parameter(Mandatory=$True,
            ValueFromPipeline=$True,
            ValueFromPipelineByPropertyName=$True,
            HelpMessage='What computer name would you like to target?')]
            $Computername,
        [Parameter(Mandatory=$True,
            ValueFromPipeline=$False,
            ValueFromPipelineByPropertyName=$True,
            HelpMessage='What state would you like the write filter in?')]
            $State,
        [Parameter(Mandatory=$False,
            ValueFromPipeline=$False,
            ValueFromPipelineByPropertyName=$False,
            HelpMessage='What state would you like the write filter in?')]
            [switch]$Restart
    )

    begin {
        $output_props = @{'ComputerName'=$ComputerName}
    }

    process {
        try {
            $current_state = (Get-WriteFilter $Computername).State
            if (($State -eq 'Disabled') -and ($current_state -eq 'Enabled')) {
                ## Run PSEXEC and don't generate a profile, run as local system, timeout as 10 seconds
                $process_output = C:\psexec.exe -e -s -n 10 \\$ComputerName C:\Windows\System32\ewfmgr.exe c:\ -disable 2> | Out-Null
                if ($Restart.IsPresent) {
                    Restart-Computer -ComputerName $Computername -Force
                }
            } elseif (($State -eq 'Enabled') -and ($current_state -eq 'Disabled')) {
                ## Run PSEXEC and don't generate a profile, run as local system, timeout as 10 seconds
                $process_output = C:\psexec.exe -e -s -n 10 \\$ComputerName C:\Windows\System32\ewfmgr.exe c:\ -enable 2> | Out-Null
                if ($Restart.IsPresent) {
                    Restart-Computer -ComputerName $Computername -Force
                }
            }
            if ($LASTEXITCODE -eq 0) {
                $output_props.Add('Result',$true)
            } else {
                $output_props.Add('Result',$false)
            }
                new-object -TypeName PSCustomObject -Property $output_props
        } catch {
            $_.Exception.Message
        }
    }
}

Join the Jar Tippers on Patreon

It takes a lot of time to write detailed blog posts like this one. In a single-income family, this blog is one way I depend on to keep the lights on. I'd be eternally grateful if you could become a Patreon patron today!

Become a Patron!