Print
After clicking the protect hard disk option you should see the screen shown above. Here is a breakdown of what each option does.
Remove All Changes At Restart – This is the easiest way to lock down a PC with Steady State. Each time the machine resets, it clears the cache and things are restored to whatever state it was in when you activated this feature. When you turn this on for the first time it will warn you that it needs to create the cache and restart. By default it will use 50% of your remaining free space.
Retain Changes Temporarily – If you want changes to be persistent throughout the day this option would allow you to maintain state for a set period. This is helpful in an office environment where users could be warned that data on the windows partition will be wiped daily.
Retain All Changes Permanently – This turns off the cache feature but maintains the space it allocated during setup. This is helpful if an administrator wants to make permanent changes to a limited user account that won’t be wiped upon reboot. Once those changes are complete however, don’t forget to revert to a protected mode.
Change Cache File Size – By default Steady State will grab 50% of your available disk space, which if you have a massive 500 GB drive with nothing but windows on it, can be somewhat exessive. The cache only needs to be large enough to contain changes that will be made during an individual session. Unless users are constantly installing large programs the minimum 2 GB cache size is more than enough for everyday use. Clicking this option will bring up a seperate window where this can be adjusted. Should a user max out the cache during any individual session they will simply be prompted to restart the machine in order to free up space. The default cache layout is shown below.
Next we are going to dive into the Set Computer Restrictions option. The features that are selected within this menu option are global in nature. They will apply to any non administrative users on the machine without exception.
Most of the features listed in this window are somewhat obscure and only offer advantages in very niche scenarios. Below we will delve into the options that are most important for home users or someone setting up a public machine.
Remove The Administrator User Name From The Welcome Screen – If you will only need administration privileges infrequently, or you’d rather not let others know it’s there, go ahead and enable this feature.
Do Not Store User Names or Passwords Used To Log on to Windows Live – Depending on if this is truly a public or private machine you may want to turn this option on or off accordingly.
Prevent Users From Creating Folders and Files in Drive c:\ - If disk protection is enabled anything on the c: drive gets wiped with every reboot. But if you decided not to go that route, this option can go a long way towards protecting the integrity of your file structure.
Prevent write access to USB storage devices – This is a useful security mechanism in an office environment or anytime you are concerned about user’s swiping large chunks of sensitive data on a thumb drive. This feature roots deep into the OS and requires a restart to activate and deactivate.
Your newly protected system might feel invincible, but it’s still important to let the OS keep up with Windows updates. This will keep individual user sessions from becoming compromised and in the case of Vista, will allow for stability and compatibility fixes that might come in handy. To configure how you receive Windows updates select the Schedule Software Updates option from the main menu.
From here you can pick what time the machine will apply automatic updates or if you would like to opt out. Additionally under the Security Program Updates you can select any anti-virus program you currently have installed. In theory this should allow the signature database to update without interference. Microsoft hasn’t compiled an official list of compatible AV suites yet, but unofficially here is what is what users are having success with in the forums.
Most of these products have a trial version available which I highly suggest you test out before you shell out any cash. Many problems have been reported getting definitions to survive a reboot, but this only applies to users who enabled hard disk protection in step 2. If you didn’t enable protected mode, anti-virus software will function normally.
Comments are closed on this article
dnepr
September 30, 2010 at 5:45am
Anybody know? When will release the Steady State for Windows 7? Днепропетровский форум
zippzom
April 24, 2009 at 8:17pm
Maybe this is stupid, but does it wipe files as well, or just programs?
Mathewpb
September 25, 2008 at 5:54pm
way to include the whole 64bit crowd...good job. there a lot of people who have the 64bit version of vista....and bought it...unlike windows xp pro x64 which was pirated.
Justin.Kerr
September 13, 2008 at 8:09pm
Steady State will lock your system in whatever state it's in when you install the application. It unfortunatly can't roll back the clock.
russ2650
September 04, 2008 at 8:59am
I've been using this on my own personal computer for years now. During my first install it was called the Microsoft Shared Computer Toolkit. The only reason I use it is for Disk Protection. An extra partition is the best way to keep your downloads (movies, music, etc), and you can also test drive the applications you want to install before commiting them to your hard drive. Good post!
Don't forget there are separate versions for XP and Vista
downster
September 28, 2008 at 12:16pm
Windows steady state is ok if you're on a tight budget. I dont like the 50% allocation it uses up too, but I would look at Faronics Deep Freeze and Fortress grands clean slate which are $ but superior alternatives.
Pyrophorics
September 04, 2008 at 7:25am
Take it this doesn't work for Vista 64bit? My whole network is 64bit.
ElectricJazz
September 04, 2008 at 11:49am
Unfortunetly is does not support 64bit. http://download.microsoft.com/download/f/c/6/fc6955de-0765-46fc-b2a9-47b4d4bcd160/SteadyState_2.5_Technical%20FAQ_updated.pdf
___________________________________________________________________________________
Maybe you gots ta do something for me, I gots needs too you know. - The Spirit of Jazz.
dentaku
September 04, 2008 at 4:50am
I'm going to try this out on my XP installation i use for testing stuff out. I know it will come in handy some day.
I have worked on public computers before but doing something like this was too much of a hassle. It's never caused too much trouble lately to just leave the system unprotected (I just have to uninstall any extra junk that gets installed once in a while) but in the past it was annoying how people would just fill the machines with useless junk not knowing how much damage they where doing to someone else's computer.
b3rn4rd
September 04, 2008 at 6:26am
I've been using windows Steady State on pc's connected to workgroups since 2 months for public users who mess around with the OS configuration and this has limited their privileges. It's worth it.
