Policy file (snapvol.cfg) is a configuration file that consists of keywords which must not be modified by users and those that can be customized. Policy keywords are used in specifying inclusions and exclusions for a file system, processes, and registry.

You can also add your custom policy file within the Writable Volume. For more information about updating Writable Volumes, see Update Writable Volumes.

Keywords

The following keyword values must not be modified:

  • virtualize
  • virtualize_registry
  • virtualize_registry_notify_change
  • reverse_replicate_file
  • delete_local_profile

The following table contains keywords that can be used to customize in the policy for application packages and Writable Volumes:

Keyword Description Examples
exclude_path

During a read or write operation, App Volumes excludes looking for any file or folder in the path specified in this keyword in either the application package or the Writable Volume.

Instead, if the file or folder specified in the path is present in the base image, then the read or write operation is performed in the base image.

Note: Any file or folder starting with the prefix value specified in the keyword is excluded.
exclude_path=\ProgramData\VMware

App Volumes excludes looking for VMware in either the application package or Writable Volume. Instead, if VMware is present in the base image then the read or write operation on the folder is performed in the base image.

include_path App Volumes reads any file or folder in the path specified in this keyword in the following order: Writable Volumes, application package, and the base image. Any write operation in this path is performed on the Writable Volume.
Note: Any file or folder starting with the prefix value specified in the keyword is included.
include_path=\Users

App Volumes reads all subfolders of Users from all the volumes: Writable Volume, application package, and the base image.

If an end user creates a folder or file within Users, then the file or folder is created on the Writable Volume.

exclude_registry

During a read or write operation, App Volumes excludes looking for any registry key or registry value in the path specified in this keyword in either the application package or Writable Volume.

Instead, if the registry key or registry value specified in the path is present in the base image, then the read or write operation is performed in the base image.

Note: Any registry key or registry value starting with the prefix value specified in the keyword is excluded.
exclude_registry=\REGISTRY\MACHINE\SOFTWARE\Policies

App Volumes excludes looking for any registry key or registry value specified within Policies in either the application package or Writable Volume. Instead if the path is present in the base image, then the read or write operation is performed on the registry key or registry value in the base image.

include_registry App Volumes reads any registry key or registry value in the path specified in this keyword in the following order: Writable Volume, application package, and the base image. Any write operation in this path is performed on the Writable Volume.
Note: Any registry key or registry value starting with the prefix value specified in the keyword is included.
include_registry=\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Search

App Volumes reads all registry keys and registry values at \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Search from all volumes: Writable Volume, application package, and base image. If a registry key or registry value is created at this path, then this operation is performed on the Writable Volume.

exclude_process_path All processes that are run from an executable file in this path or subpath only see the file system and registry content from the base image.
Note:
  • This rule is not applicable to the child processes.
  • Any process path starting with the prefix value specified in the keyword is excluded.
exclude_process_path=\Program Files\VMWare\AppCapture

Any executable file run from the AppCapture folder or its subfolders only sees the file system and registry content from the base image.

As this rule is not applicable to the child processes, the child processes do not inherit the exclusion. A child process see the content from the Writable Volume, AppStack, and base image.

include_process_name The process specified in this keyword sees the file system and registry content from the Writable Volume, AppStack, and base image.
Note: This rule is not applicable to the child processes.
include_process_name=SearchIndexer.exe

The SearchIndexer process sees the file system and registry content from all volumes.

exclude_process_name The process specified in this keyword sees the file system and registry content only from the base image.
Note: This rule is not applicable to the child processes.
exclude_process_name=chkdsk.exe

The chkdsk process sees the file system and registry content only from the base image.

The following table contains keywords that can be used to customize in the policy for Writable Volumes only:

Keyword Description Examples
exclude_uwv_file

App Volumes reads any file or folder in the path specified in this keyword in the following order: Writable Volume, application package, and the base image.

Any write operation to the file or folder in this path is performed on the Writable Volume, which persists for that particular session, but gets deleted when the user logs off from the computer.

Note:
  • Any file or folder starting with the prefix value specified in the keyword is excluded.
  • The path specified in this keyword must be terminated by using \\.
exclude_uwv_file=ProgramData\Temp\\

App Volumes reads any content present within the Temp folder from all volumes: Writable Volume, application package, and base image.

If an end-user creates a file example.txt within Temp, then the file persists for that session. When the end user logs off, example.txt is deleted.

exclude_uwv_reg

App Volumes reads any registry key or registry value in the path specified in this keyword in the following order: Writable Volume, application package, and the base image.

Any write operation to the registry key or registry value in this path is performed on the Writable Volume, which persists for that particular session, but gets deleted when the user logs off from the computer.

Note:
  • Any registry key or registry value starting with the prefix value specified in the keyword is excluded.
  • The path specified in this keyword must be terminated by using \\.
exclude_uwv_reg=\REGISTRY\MACHINE\SOFTWARE\McAfee\\

App Volumes reads any registry key or registry value within McAfee from all the volumes: Writable Volume, application package, and the base image.

If a new registry key or registry value is created within McAfee, the new key or value persists for that particular session. When the end user logs off, the key or value is deleted.