Lock down shared PCs with Windows SteadyState

When you’re responsible for the smooth running of computers in a small office, one problem you’ll quickly encounter is that of people making changes that cause problems.

They take off ‘boring’ stuff like anti-virus because ‘it makes the machine slow’. They change the layout of the desktop and confuse other users.

Windows SteadyState lets you prevent unauthorised changes while allowing those that are needed such as security updates. The toolkit is wizard based, easy to use and free to download from

One of the main elements of SteadyState is Windows Disk Protection, WDP. This protects system settings and data on the Windows partition from being permanently changed. You can set WDP to clear all the changes to the Windows partition at regular intervals, such as after a certain amount of time or more usually at restart. WDP works by creating a cache file where all the changes to system and application files are logged. This requires at least 4GB of space on your Windows partition. When the machine is rebooted, WDP deletes the contents of the cache and restores the system to its original state.

You can keep the machine up to date by setting an option to Schedule Software Updates, where you define the updates such as system patches and anti-virus, and when they should be installed.

SteadyState isn’t suitable for all machines, but is ideal if you have situations where a PC is used by a complete novice, or by a number of people and you need to ensure a consistent environment.

locking down a machine with SteadyState
locking down a machine with SteadyState

Share |
Write comment
security image
smaller | bigger



Subscribe and get the magazine in the post before it's online

Subscribe and get access to all of the back issues

To read a sample eMagazine - March 2010



If you're supporting en users who need to transfer files by FTP occasionally, explaining how to use FTP every time can get frustrating. Map an FTP site as a custom network location and they can do it through the familiar Explorer window. If you only have a couple of machines you can choose Tools >Map Network Drive… in Explorer and click the link 'Connect to a Web site that you can use to store your documents and pictures' to open a wizard that creates a network location. Select 'Choose a custom network location', type in the FTP address and fill in the user name and password. You can also create mapped drives and network places on the Environment tab of the user's Active Directory object - but if you have a lot of users to set up, put it in the logon script for the user profile under Active Directory Users and Computers.
If you're running into problems with Group Policy Objects, check this handy summary of the rules at read more


Unified communications


The #1 Bestseller for Only 77p