Privacy and security are very important elements of the maintenance and use of a shared computer. With Windows SteadyState, you can help protect a shared computer against unwanted changes and also help provide an environment that better protects the privacy of your users.

This section contains recommendations to help you select computer, Windows, and feature restrictions in Windows SteadyState to help give shared users a more private and secure experience.

Setting Computer Restrictions

Privacy Settings

In Privacy Settings, select the following restrictions:

  • Do not display user names in the Log On to Windows dialog box
  • Prevent locked or roaming user profiles that cannot be found on the computer from logging on to this computer
  • Do not cache copies of locked or roaming user profiles for users who have previously logged on to this computer

Security Settings

In Security Settings, select the following restrictions:

  • Do not allow Windows to compute and store passwords using LAN Manager Hash values
  • Do not store user names or passwords used to log on to Windows Live ID or the domain (requires restart of the computer)
  • Prevent users from creating folders and files on drive C:\

Installing Updates

Schedule Updates

Select Use Windows SteadyState to automatically download and install updates. You can use Windows SteadyState to automatically install critical updates from Microsoft at a time you schedule. Scheduling automatic updates will ensure that necessary Microsoft updates are installed on the shared computer in a timely manner.

Select Updates

Select the Security Program Updates check box and then select the programs you want Windows SteadyState to automatically update. Windows SteadyState will then install software updates for programs displayed in the Security Program Updates box at the time you scheduled in the Schedule Software Updates dialog box.

Protecting Your Disk

In Protect the Hard Disk, select the following options:

  • Click On to turn on Windows Disk Protection.
  • Remove all changes at restart.

Configuring User Profiles

General Tab

  • Select Restart computer after log off for each shared user profile.
  • Select Lock Profile to prevent the user from making permanent changes under General Settings.
  • Select Log off after “xx” minutes idle in Session Timers and then enter the number of minutes in which you want the computer to log off if the user is away from the computer for an extended period of time.

Windows Restrictions Tab

In Start Menu Restrictions, select the following restrictions:

  • Remove the My Documents icon
  • Remove the My Recent Documents icon
  • Remove the My Pictures icon
  • Remove the My Music icon
  • Remove the Favorites icon
  • Remove the Frequently Used Programs list

Hide network drives and unprotected partition drives from the user in Hide Drives. You can still allow users to read from or save data to a USB drive.

Feature Restrictions Tab

In Internet Explorer Restrictions, select the following restrictions:

  • Empty the Temporary Internet Files folder when Internet Explorer is closed
  • Remove Security Tab in Internet Options
  • Remove Privacy Tab in Internet Options
  • Select Disable AutoComplete

See Also