How to disable Windows File Protection in Windows XP or 7 from Registry?

Question

How to disable Windows File Protection in Windows 7 and/or XP from Registry?

I want to automatically replace a driver with my created driver. I used PendingFileRenameOperations key in HKLM\System\CurrentControlSet\Control\Session Manager but I've found that it can ONLY be used for simple (not-system) files, because Windows File Protection disables it for system files (see this post).

Now I need to temporarily disable WFP (and turn it on after changing driver). You can tell me another way to disable it. It can help me too. Any ideas?

Answer 1

It cannot be done as silently as you were probably hoping for, mainly because of the debugger requirement:

You may disable WFP by setting the value SFCDisable (REG_DWORD) in HKEY_LOCAL_MACHINE\ SOFTWARE\ Microsoft\ Windows NT\ CurrentVersion\ Winlogon. By default, SFCDisable is set to 0, which means WFP is active. Setting SFCDisable to 1 will disable WFP. Setting SFCDisable to 2 will disable WFP for the next system restart only (without a prompt to re-enable).

Important: You must have a kernel debugger attached to the system via null modem cable (for example:I386kd.exe or Windbg.exe) to use SFCDisable = 1 or SFCDisable = 2.

After WFP is disabled using the SFCDisable = 1 setting, the following message will appear after logon:

Warning! Windows File Protection is not active on this system. Would you like to enable Windows File Protection now? This will enable Windows File Protection until the next system restart. .

Clicking Yes will reactivate WFP until the next system restart. This message will appear at every successful logon until SFCDisable is set to 0.

See here.

Have you considered using devcon or, better yet, pnputil to load your driver from the command line?