Lock down shared PCs with Windows SteadyState

When you’re responsible for the smooth running of computers in a small office, one problem you’ll quickly encounter is that of people making changes that cause problems.

They take off ‘boring’ stuff like anti-virus because ‘it makes the machine slow’. They change the layout of the desktop and confuse other users.

Windows SteadyState lets you prevent unauthorised changes while allowing those that are needed such as security updates. The toolkit is wizard based, easy to use and free to download from https://www.microsoft.com/dow...

One of the main elements of SteadyState is Windows Disk Protection, WDP. This protects system settings and data on the Windows partition from being permanently changed. You can set WDP to clear all the changes to the Windows partition at regular intervals, such as after a certain amount of time or more usually at restart. WDP works by creating a cache file where all the changes to system and application files are logged. This requires at least 4GB of space on your Windows partition. When the machine is rebooted, WDP deletes the contents of the cache and restores the system to its original state.

You can keep the machine up to date by setting an option to Schedule Software Updates, where you define the updates such as system patches and anti-virus, and when they should be installed.

SteadyState isn’t suitable for all machines, but is ideal if you have situations where a PC is used by a complete novice, or by a number of people and you need to ensure a consistent environment.

locking down a machine with SteadyState