After clicking the protect hard disk option you should see the screen shown above. Here is a breakdown of what each option does.

Remove All Changes At Restart – This is the easiest way to lock down a PC with Steady State. Each time the machine resets, it clears the cache and things are restored to whatever state it was in when you activated this feature. When you turn this on for the first time it will warn you that it needs to create the cache and restart. By default it will use 50% of your remaining free space.

Retain Changes Temporarily – If you want changes to be persistent throughout the day this option would allow you to maintain state for a set period. This is helpful in an office environment where users could be warned that data on the windows partition will be wiped daily.

Retain All Changes Permanently – This turns off the cache feature but maintains the space it allocated during setup. This is helpful if an administrator wants to make permanent changes to a limited user account that won’t be wiped upon reboot. Once those changes are complete however, don’t forget to revert to a protected mode.

Change Cache File Size – By default Steady State will grab 50% of your available disk space, which if you have a massive 500 GB drive with nothing but windows on it, can be somewhat exessive. The cache only needs to be large enough to contain changes that will be made during an individual session. Unless users are constantly installing large programs the minimum 2 GB cache size is more than enough for everyday use. Clicking this option will bring up a seperate window where this can be adjusted. Should a user max out the cache during any individual session they will simply be prompted to restart the machine in order to free up space. The default cache layout is shown below.

3.) Set Computer Restrictions

Next we are going to dive into the Set Computer Restrictions option. The features that are selected within this menu option are global in nature. They will apply to any non administrative users on the machine without exception.

Most of the features listed in this window are somewhat obscure and only offer advantages in very niche scenarios.  Below we will delve into the options that are most important for home users or someone setting up a public machine.

Remove The Administrator User Name From The Welcome Screen – If you will only need administration privileges infrequently, or you’d rather not let others know it’s there, go ahead and enable this feature.

Do Not Store User Names or Passwords Used To Log on to Windows Live – Depending on if this is truly a public or private machine you may want to turn this option on or off accordingly.

Prevent Users From Creating Folders and Files in Drive c:\ - If disk protection is enabled anything on the c: drive gets wiped with every reboot. But if you decided not to go that route, this option can go a long way towards protecting the integrity of your file structure.

Prevent write access to USB storage devices – This is a useful security mechanism in an office environment or anytime you are concerned about user’s swiping large chunks of sensitive data on a thumb drive.  This feature roots deep into the OS and requires a restart to activate and deactivate.

4.) Schedule Windows Updates

Your newly protected system might feel invincible, but it’s still important to let the OS keep up with Windows updates. This will keep individual user sessions from becoming compromised and in the case of Vista, will allow for stability and compatibility fixes that might come in handy. To configure how you receive Windows updates select the Schedule Software Updates option from the main menu.

From here you can pick what time the machine will apply automatic updates or if you would like to opt out. Additionally under the Security Program Updates you can select any anti-virus program you currently have installed. In theory this should allow the signature database to update without interference. Microsoft hasn’t compiled an official list of compatible AV suites yet, but unofficially here is what is what users are having success with in the forums.

Computer Associates eTrust

McAfee VirusScan

Windows Defender

Trend Micro

Most of these products have a trial version available which I highly suggest you test out before you shell out any cash. Many problems have been reported getting definitions to survive a reboot, but this only applies to users who enabled hard disk protection in step 2. If you didn’t enable protected mode, anti-virus software will function normally.