Tips

Disabling Windows File Protection

Windows 2000 and Windows XP has a Windows File Protection (WFP) feature. It is a part of the System File Checker, the purpose of which is to avoid some of the most common DLL consistency issues. This option can also be used to prevent valid attempts from changing system files. Use this tweak if you want to disable it.

1) Open your registry. Then find the key below.

2) Edit the "SFCDisable". Set it to "ffffff9d" (WFS will be disabled) or "0" (WFS will be enabled). Other possible valid hexadecimal values are:

1 - disabled, prompt at boot to re-enable

2 - disabled at next boot only, no prompt to re-enable

4 - enabled, with popups disabled

ffffff9d - for completely disabled
3) Changes will be activated after the restart of Windows.
Additional Steps for Windows 2000 Service Pack 2 and Windows XP
- This setting is disabled in Windows 2000 SP2 and Windows XP. It has to be re-enabled: use a hex editor and change SFC.DLL (or SFC_OS.DLL for Windows XP) following these instructions:
Windows 2000 SP2

Make a backup the SFC.DLL in the C:\WINNT\SYSTEM32 directory.
Make an additional copy of SFC.DLL called SFC1.DLL . Open it in a hex editor.
At offset 00006211 (6211h) you should find the values "8B" and "C6". In case you cannot find these values, do not continue.
Modify the values "8B C6" to read "90 90". Save the changes.

Update the system files by running these commands:

 copy c:\winnt\system32\sfc1.dll c:\winnt\system32\sfc.dll /y copy c:\winnt\system32\sfc1.dll c:\winnt\system32\dllcache\sfc.dll /y

Click Cancel, if you are prompted to insert the Windows CD.
Changes will be activated after the restart of Windows.

Windows XP

Make a backup the SFC_OS.DLL in the C:\WINDOWS\SYSTEM32 directory.
Make an additional copy of SFC_OS.DLL called SFC_OS1.DLL. Open it in a hex editor.
Windows XP (no Service Pack)
At offset 0000E2B8 (0E2B8h) you should find the values "8B" and "C6".
Windows XP (Service Pack 1)
At offset 0000E3BB (0E3BBh) you should find the values "8B" and "C6".
In case you cannot find these values, do not continue.
Change the values "8B C6" to read "90 90". Save the changes.

Update the system files by running these commands:

 copy c:\windows\system32\sfc_os1.dll c:\windows\system32\sfc_os.dll /y copy c:\windows\system32\sfc_os1.dll c:\windows\system32\dllcache\sfc_os.dll /y

Click Cancel, if you are prompted to insert the Windows CD.
Changes will be activated after the restart of Windows.

When these files have been updated, you should apply the registry setting, presented above.


(Default)	REG_SZ	(value not set)
SFCDisable	REG_DWORD	0xffffff9d (4294967197)


	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVers...

Registry Legend

System Key:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

Value Name:

SFCDisable

Data Type:

REG_DWORD (DWORD Value)

Value Data:

0 = enabled (default), ffffff9d = disabled

User Comments

Mehran June 4, 2009

Nice !
Thanks a lot pc1news.

Larry Miller January 21, 2009

For most users this will be a bad idea. Do not attempt this unless you are fully aware of what you are doing and the potential risks. Windows File Protection is a valuable feature that should not be disabled lightly. There are better ways to change system files if this is necessary.

Larry Miller
Microsoft MCSA