Protect Public Computers With Windows Steadystate

[sridefender 0]

This article series will focus on Windows SteadyState a completely free toolkit from Microsoft that helps administrators take control of shared access computers running Windows XP. This article series will include a short introduction to the possibilities we get with Windows SteadyState (WSS). We will look at the new version compared to older versions, system requirements, Windows Disk Protection (WDP).

 

If you have ever managed shared access computers, like computers in schools, public libraries, Internet cafes, kiosk machines, etc, you probably know how hard it is to keep the computers running in the long run, as well as keeping the security level high and up to date, without too much work and hands-on. What we need is a solution that protects hard disks from unauthorized changes as some changes are required (ex. updates) and others are not (like when kids - and others - change the desktop layout, Start Menu shortcuts, system settings and worse).

 

Maybe you, like me, have tried hardware solutions with hard disk controllers redirecting writes to the system/boot partition to a hidden partition which is then flushed at every reboot. This is a very good solution; however we do face a problem when updating the computers, ex. Windows Update, Office Update, antivirus signature updates, etc. In this case the computers must be booted in manager or admin mode before we can perform any changes.

 

You probably also tried loading tons of local Group Policy settings to keep curious fingers off the system settings, Start Menu & Desktop options, etc, just to keep the computer usable for more than a couple of days. But still, you didnt quite feel this was good enough for your scenario - maybe partly because of the fact that all local users were hit by those same local policy limitations, even administrators and support.

 

Microsoft provides a solution for administrators with the above mentioned, very common problems. The toolkit is called Windows SteadyState there is no additional hardware required You are just a quick download, a few clicks and a helpful wizard away from complete system protection.

 

If you have ever dealt with the mentioned problems before, you probably tested the Microsoft Shared Computer Toolkit, which was pretty good, actually. Windows SteadyState is an enhanced edition of this toolkit its just even easier to set up, configure and manage.

 

These are some of the new features added to the toolkit:

New user console with tabbed navigation that lets you easily manage shared computers from a single console.

Windows Disk Protection is now file-based so you can set up and install without changing your disk partitions.

Windows Disk Protection now supports Group Policy so you can manage it in an Active Directory environment.

More software restriction options give you greater control over which programs can be used.

More user restriction options, including significantly greater control over Internet Explorer.

High, medium, and low security defaults allow for quicker and easier customization.

Easily import and export user restrictions directly from the console, without using command line tools.

Easier setup and better documentation to help you get started.

With these great enhancements in mind, lets just recap the most fundamental and extremely important technology we get with Windows SteadyState for Windows XP: Windows Disk Protection!

[ View ]
Edited October 3, 2007 by sridefender (see edit history)

[hitmanblood 0]

I just read this article on the Microsoft Technology Playground that is some blog on the blogspot. And franquely I don't know what to say. This technology might be really innovative and good, also it might move current protection of the computers to the new level. However, I don't htink so because eventhough as I am Windows enthusiasta I must say that currently all fo their security technlogies has flaws and I think that this one qwill be no different especially of course if I understood correctly especially on the higher level they build it up because the previous one was in fact on the lower level that is on some higher level because previously I repeat again if I understood correctly was on the lower level however things may change but system incorporating this in fact can only be more stable and not more secure.I am certain that someone will already hack this new technology. And as Microsoft intends to use it on the public computers then you know what can happen we will have bunch of public computers that are using this microsoft's new technology and as soon one hackaer find flaw in it. All of these computer will be used for spamming or even DDOS attack and so on. (by the way DDOS stand for Distributed Denial Of Service attack therefore DDOS). So this might be good but eventhough I repeat once more I am Microsoft enthusiast I think that this technology might bring even more problems then we have currently.But one can never know because future will tell us everything.