Privacy and security are very important elements of the maintenance and use of a shared computer. With Windows SteadyState, you can help protect a shared computer against unwanted changes and also help provide an environment that better protects the privacy of your users.
This section contains recommendations to help you select computer, Windows, and feature restrictions in Windows SteadyState to help give shared users a more private and secure experience.
Setting Computer Restrictions
In Privacy Settings, select the following restrictions:
- Do not display user names in the Log On to
Windows dialog box
- Prevent locked or roaming user profiles
that cannot be found on the computer from logging on to this
- Do not cache copies of locked or roaming
user profiles for users who have previously logged on to this
In Security Settings, select the following restrictions:
- Do not allow Windows to compute and store
passwords using LAN Manager Hash values
- Do not store user names or passwords used
to log on to Windows Live ID or the domain (requires restart of the
- Prevent users from creating folders and
files on drive C:\
Select Use Windows SteadyState to automatically download and install updates. You can use Windows SteadyState to automatically install critical updates from Microsoft at a time you schedule. Scheduling automatic updates will ensure that necessary Microsoft updates are installed on the shared computer in a timely manner.
Select the Security Program Updates check box and then select the programs you want Windows SteadyState to automatically update. Windows SteadyState will then install software updates for programs displayed in the Security Program Updates box at the time you scheduled in the Schedule Software Updates dialog box.
Protecting Your Disk
In Protect the Hard Disk, select the following options:
- Click On to turn on Windows Disk
- Remove all changes at
Configuring User Profiles
- Select Restart computer after log
off for each shared user profile.
- Select Lock Profile to prevent the user
from making permanent changes under General Settings.
- Select Log off after “xx” minutes
idle in Session Timers and then
enter the number of minutes in which you want the computer to log
off if the user is away from the computer for an extended period of
Windows Restrictions Tab
In Start Menu Restrictions, select the following restrictions:
- Remove the My Documents icon
- Remove the My Recent Documents
- Remove the My Pictures icon
- Remove the My Music icon
- Remove the Favorites icon
- Remove the Frequently Used Programs
Hide network drives and unprotected partition drives from the user in Hide Drives. You can still allow users to read from or save data to a USB drive.
Feature Restrictions Tab
In Internet Explorer Restrictions, select the following restrictions:
- Empty the Temporary Internet Files folder
when Internet Explorer is closed
- Remove Security Tab in Internet
- Remove Privacy Tab in Internet
- Select Disable AutoComplete