Lock down shared PCs with Windows SteadyState

When you’re responsible for the smooth running of computers in a small office, one problem you’ll quickly encounter is that of people making changes that cause problems.

They take off ‘boring’ stuff like anti-virus because ‘it makes the machine slow’. They change the layout of the desktop and confuse other users.

Windows SteadyState lets you prevent unauthorised changes while allowing those that are needed such as security updates. The toolkit is wizard based, easy to use and free to download from

One of the main elements of SteadyState is Windows Disk Protection, WDP. This protects system settings and data on the Windows partition from being permanently changed. You can set WDP to clear all the changes to the Windows partition at regular intervals, such as after a certain amount of time or more usually at restart. WDP works by creating a cache file where all the changes to system and application files are logged. This requires at least 4GB of space on your Windows partition. When the machine is rebooted, WDP deletes the contents of the cache and restores the system to its original state.

You can keep the machine up to date by setting an option to Schedule Software Updates, where you define the updates such as system patches and anti-virus, and when they should be installed.

SteadyState isn’t suitable for all machines, but is ideal if you have situations where a PC is used by a complete novice, or by a number of people and you need to ensure a consistent environment.

locking down a machine with SteadyState
locking down a machine with SteadyState

Share |
Write comment
security image
smaller | bigger



Subscribe and get the magazine in the post before it's online

Subscribe and get access to all of the back issues

To read a sample eMagazine - March 2010



leave When you add a new user and their email address doesn't show up in the Global Address List, work through the tips and suggestions in the ever-useful Exchangepedia Blog:
Bulk-add new users with the script here ( or give existing users mail access ( - this also has details for adding multiple meeting rooms as resources). And when an employee gets replaced, the steps at make it easy to connect the previous user's mailbox to the new user account so that mail for that job role keeps going to the right place. Reject spam with a custom message Just in case the message you're rejecting comes from a real person, you can have Exchange send a less cryptic message that the default error; it will make your customers look more professional. This blog post
explains how - but make sure to keep the 550 error code at the beginning.
read more


Unified communications


The #1 Bestseller for Only 77p