Lock down shared PCs with Windows SteadyState

Author: Kay Ewbank

Category: Client

Tags: lockdown system, shared PC, Windows SteadyState

When you’re responsible for the smooth running of computers in a small office, one problem you’ll quickly encounter is that of people making changes that cause problems.

They take off ‘boring’ stuff like anti-virus because ‘it makes the machine slow’. They change the layout of the desktop and confuse other users.

Windows SteadyState lets you prevent unauthorised changes while allowing those that are needed such as security updates. The toolkit is wizard based, easy to use and free to download from https://www.microsoft.com/dow...

One of the main elements of SteadyState is Windows Disk Protection, WDP. This protects system settings and data on the Windows partition from being permanently changed. You can set WDP to clear all the changes to the Windows partition at regular intervals, such as after a certain amount of time or more usually at restart. WDP works by creating a cache file where all the changes to system and application files are logged. This requires at least 4GB of space on your Windows partition. When the machine is rebooted, WDP deletes the contents of the cache and restores the system to its original state.

You can keep the machine up to date by setting an option to Schedule Software Updates, where you define the updates such as system patches and anti-virus, and when they should be installed.

SteadyState isn’t suitable for all machines, but is ideal if you have situations where a PC is used by a complete novice, or by a number of people and you need to ensure a consistent environment.

locking down a machine with SteadyState

Show other articles by this author

Sharepoint Comes of Age (02 November 2010)
Document management with Microsoft Search Server (11 May 2010)
Windows 7 upgrade tools (10 March 2010)
GFI tools for management (02 February 2010)
Managing Customer Relationships with CRM Software (10 October 2009)
GPO for IE8 (25 June 2009)
Offering Consultancy on Email Compliance Issues (25 June 2009)
Quest Object Restore for Active Directory (29 March 2009)
Recovering from mail server disasters (29 March 2009)

Email this page Printable version

Share |

Write comment

Download

Subscribe and get the magazine in the post before it's online

Subscribe and get access to all of the back issues

To read a sample eMagazine - March 2010

FREE SUBSCRIPTION!

Advertise

Request a media pack

IT EXPERT TOP TIP

If you're supporting en users who need to transfer files by FTP occasionally, explaining how to use FTP every time can get frustrating. Map an FTP site as a custom network location and they can do it through the familiar Explorer window. If you only have a couple of machines you can choose Tools >Map Network Drive… in Explorer and click the link 'Connect to a Web site that you can use to store your documents and pictures' to open a wizard that creates a network location. Select 'Choose a custom network location', type in the FTP address and fill in the user name and password. You can also create mapped drives and network places on the Environment tab of the user's Active Directory object - but if you have a lot of users to set up, put it in the logon script for the user profile under Active Directory Users and Computers.
If you're running into problems with Group Policy Objects, check this handy summary of the rules at http://support.microsoft.com/kb/555991/en-us. read more

Search

Lock down shared PCs with Windows SteadyState

Show other articles by this author

Download

Advertise

IT EXPERT TOP TIP

TAKE THE POLL

Unified communications

MOST POPULAR STORIES

RECENT FEATURES

RECENT COMMENTS

RSS FEED