Print
Feature restrictions will give you complete control over a user’s internet session. This will allow you to set what web pages they are allowed to access and even if they will be able to set bookmarks. If control over the internet is an important consideration, then make sure you effectively locked down a user’s ability to install new software under the Windows Restrictions tab. Since these options pertain specifically to Internet Explorer, if a user can simply download a new browser (even though it might be flushed after each session) your settings won’t accomplish much.
For home users I would recommend low or no restrictions, but only if disk protection is enabled. Bookmarks can be enabled and disabled from here but If permanent storage of your favorites is important, and you are using disk protection, make sure you created the user profile on a separate partition as noted in step 5. This will allow bookmarks to persist between sessions. By enabling Prevent Internet Access (except web sites below) you can keep kids quarantined on the internet, but services such as OpenDNS will make for a more flexible solution to this problem. It also won’t force you to maintain a manual list of kid friendly websites.
This tab is where Steady State will allow you to block access to individual programs which are preinstalled on the machine. This list will update as the administrator adds additional programs and using the browse feature at the bottom, can even seek out individual .exe files you wish to block. It’s a great way to limit access to productivity killers such as solitaire, minesweeper, and even hold ‘em if you sprang for Vista Ultimate (The Microsoft equivalent of I Am Rich). Simply highlight the file you wish to block on the left hand side of the window and click the block button to advance it over to the right side. Once you have decided on your list go ahead and click OK which will return you to the main menu.
As you can see Steady State is a powerful tool and when configured properly can do wonders for your limited tech support schedule. As useful as it is, I wouldn't recommend power user’s put this on their primary machine if performance is of paramount concern. Since each file needs to be copied to the cache before it is modified, the OS can sometimes lag ever so slightly, but on modern machines it's hard to notice. Microsoft claims Steady State isn’t a replacement for anti-virus and recommends the two products be used together, but to be honest, AV is a bit redundant. This is especially true if you enabled disk protection. Anti-Virus software will only further bog down the system and has proven to be quite tricky when it comes to configuring it for automatic updates.
Finally I would urge anyone who is setting up a public machine to take a few extra minutes to tighten down the bios. It’s important to password protect the interface and make sure you remove any boot devices before the hard drive. Steady State will protect the machine from even the most sneaky root kitsl, but it can’t stop them from booting from a CD or thumb drive if you don’t tighten down every access point. For additional Steady State references check the links below.
Got any tips you would like to share? Did you find this article useful? Let us know in the comments section below.
Windows SteadyState Handbook (PDF)
Windows SteadyState Handbook (XPS)
Windows SteadyState Readme File
Comments are closed on this article
dnepr
September 30, 2010 at 5:45am
Anybody know? When will release the Steady State for Windows 7? Днепропетровский форум
zippzom
April 24, 2009 at 8:17pm
Maybe this is stupid, but does it wipe files as well, or just programs?
Mathewpb
September 25, 2008 at 5:54pm
way to include the whole 64bit crowd...good job. there a lot of people who have the 64bit version of vista....and bought it...unlike windows xp pro x64 which was pirated.
Justin.Kerr
September 13, 2008 at 8:09pm
Steady State will lock your system in whatever state it's in when you install the application. It unfortunatly can't roll back the clock.
russ2650
September 04, 2008 at 8:59am
I've been using this on my own personal computer for years now. During my first install it was called the Microsoft Shared Computer Toolkit. The only reason I use it is for Disk Protection. An extra partition is the best way to keep your downloads (movies, music, etc), and you can also test drive the applications you want to install before commiting them to your hard drive. Good post!
Don't forget there are separate versions for XP and Vista
downster
September 28, 2008 at 12:16pm
Windows steady state is ok if you're on a tight budget. I dont like the 50% allocation it uses up too, but I would look at Faronics Deep Freeze and Fortress grands clean slate which are $ but superior alternatives.
Pyrophorics
September 04, 2008 at 7:25am
Take it this doesn't work for Vista 64bit? My whole network is 64bit.
ElectricJazz
September 04, 2008 at 11:49am
Unfortunetly is does not support 64bit. http://download.microsoft.com/download/f/c/6/fc6955de-0765-46fc-b2a9-47b4d4bcd160/SteadyState_2.5_Technical%20FAQ_updated.pdf
___________________________________________________________________________________
Maybe you gots ta do something for me, I gots needs too you know. - The Spirit of Jazz.
dentaku
September 04, 2008 at 4:50am
I'm going to try this out on my XP installation i use for testing stuff out. I know it will come in handy some day.
I have worked on public computers before but doing something like this was too much of a hassle. It's never caused too much trouble lately to just leave the system unprotected (I just have to uninstall any extra junk that gets installed once in a while) but in the past it was annoying how people would just fill the machines with useless junk not knowing how much damage they where doing to someone else's computer.
b3rn4rd
September 04, 2008 at 6:26am
I've been using windows Steady State on pc's connected to workgroups since 2 months for public users who mess around with the OS configuration and this has limited their privileges. It's worth it.
