Windows SteadyState Part 2
Now let's look at the exact options for the user settings.
Table of Contents
- Start Menu Restrictions
- General Restrictions
- Internet Explorer Restrictions
- Options menu
- Toolbar Options (hides, among other things, entries in the toolbar and menu bar)
- Microsoft Office Restrictions
- Options for advanced administrators
- Save settings and files of a user on a central computer (or a removable storage medium).
- Create an administrator who actually isn't
- What is not included in these instructionst
The choice is of course difficult (especially since the program is only available in English so far!)
What can be set under User Settings -> Windows Restrictions:
Click opens list as .pdf
Start Menu Restrictions
- Avoid right-clicking in the Start Menu
Prevents right-clicking (i.e. calling up the context menu) in the start menu
- Allow only the Classic Start Menu
Only the classic start menu is displayed
- Remove the Control Panel, Printer and Network Settings from the Start Menu
Removes the Control Panel, Printers, and Network Settings from the Start menu
- Remove the My Documents icon
Removes the start menu item "My Documents"
- Remove the My Recent Documents icon
Removes the start menu entry "Recently used documents"
- Remove the my Pictures icon
Removes the start menu item "My Pictures"
- Remove the My Music icon
Removes the start menu item "My Music"
- Remove the Favorites icon
Removes the start menu entry "Favorites"
- Remove the My Network Places icon
Removes the start menu entry "Network Neighborhood"
- Remove the Frequently used Programs list
Removes the "list" of the most frequently used programs (usually shown on the left in the start menu)
- Prevent programs in the All Users folder from My Computer
prevents the programs from All Users from being displayed in the start menu (i.e. only the programs from the current user profile are displayed)
- Remove the Control Panel icon
Removes the control panel icon from the start menu
- Remove the Set Program Access and Defaults icon
Removes the start menu item "Program access and standards"
- Remove the Connections (Connect to) icon
Removes the start menu item "Connect to ..."
- Remove the Printers and Faxes icon
Removes the start menu item "Printers and Faxes"
- Remove the Search icon
Removes the start menu item ?? Search ... ??
- Remove the Run icon
Removes the start menu item? Run?
- Remove the shut down button
Removes the ?? shutdown ?? Button from the start menu - Remove the Help and Support icon
Removes the start menu item ?? Help and Support ??
General Restrictions
- Prevent right-click in Windows Explorer
Prevents the context menu from being called by right-clicking
- Prevent AutoPlay on CD, DVD and USB drives
Prevents CD's and removable media from starting automatically
- Prevent access to Windows Explorer features: Folder Options, Customize Toolbar and the My Documents folder
Prevents the folder options, the context menu entry (toolbar) Customize... and My Documents from being accessible
- Prevent access to the taskbar
Prevents access to the system tray
- Prevent access to the command prompt
Prevents access to the command prompt
- Prevent access to the registry editor
Prevents access to the registry editor
- Prevent access to the Task Manager
Prevents the task manager from being called
- Prevent access to the Microsoft Management Console utilities
Prevents access to the management console (Run -> mmc) which can be used to change security and computer settings
- Prevent users from adding or removing printers
Prevents the user from installing or uninstalling printers
- Prevent users from locking the computer
Prevents the logged on user from locking the computer
- Prevent password changes (also requires the Control Panel icon to be removed)
Prevents changing the password (only works if the system control icon is hidden)
- Remove CD and DVD burning features
Removes access to the internal Windows burning functions
- Disable keyboard shortcuts that use the Windows Logo Key
Switches off key combinations with the Windows key (e.g. Win + E)
- Allow only programs in the Program files and Windows folders to run
Only programs that are in the Windows or Programs folder may be executed
- Disable System Tools and other management programs
Intended to prevent tuning and optimization tools from accessing system settings
- Disable Notepad and Wordpad
Turns off Notepad and Wordpad (this prevents batch files from being changed)
- Remove the Recycle Bin icon
Removes the trash from the desktop
- Prevent users from saving files to the desktop
Prevents users from saving files to the desktop
So now the third page of the User Settings
What can be set under User Settings -> Feature Restrictions:
Click opens list as .pdf
Internet Explorer Restrictions
- Prevent Internet access (except Web sites below)
Prevents access to the Internet (except for the pages released below)
- Prevent right click in Internet Explorer
Prevents calling the context menu in Internet Explorer by right-clicking
- Prevent printing
Prevents printing from Internet Explorer
- Do not allow access to favorites
Prevents access to the favorites
- Disable AutoComplete
Turns off auto-complete - Empty the Temporary Internet Files folder when Internet Explorer is closed
Empties the folder "Temporary Internet Files" when the Internet Explorer is closed
Options menu
- RemoveView Source
Removed the menu item Show source code
- Remove Find Files
Removed Edit -> Search on this page ...
- Remove theater mode
Prevents full screen mode
- Remove Help Menu
Removes the help (that?) From the menu bar
- Remove browser options
Hides the internet options
- Remove Expanded New Menu
Removes the menu item File -> New ... (all points to be found under New> are hidden)
- Remove General Tab in Internet Options
Removes the "General" tab under Tools -> Internet Options
- Remove Security Tab in Internet Options
Removes the "Security" tab under Tools -> Internet Options
- Remove Privacy Tab in Internet Options
Removes the "Privacy" tab under Tools -> Internet Options
- Remove Content Tab in Internet Options
Removes the "Contents" tab under Tools -> Internet Options
- Remove Programs tab in Internet Options
Removes the "Programs" tab under Tools -> Internet Options
- Remove Advanced Tab in Internet Options
Removes the "Advanced" tab under Tools -> Internet Options - Remove New Window Menu Option
Removes the context menu entry "Open in new window"
Toolbar Options (hides, among other things, entries in the toolbar and menu bar)
- Search
Search
- Folders
folder
- Edit
Edit
- Discussions
discussion
- Encoding
encoding
- Size
Size
- Full Screen
full screen
- Media
Media toolbar
- Print
Print
- History
Course
- Tools
Extras - Third party extension buttons
Removes the buttons from additional programs (e.g. Flashget
Microsoft Office Restrictions
- Prevent use of Visual Basic for Applications (VBA) in Office 2007/2003 / XP
Prevents the execution of VisualBasic scripts in Office documents
- Disable macro shortcut keys
Blocks the creation and use of keyboard shortcuts for macros
- Disable Macro menu items in the Tools menus
Hides the entire menu item "Macros" in the Tools menu
- Disable Add-ins menu items in the Tools menus
Hides the menu item "Templates and Add-ins" in the Tools menu
- Disable the Web toolbar in Office programs
Hides the web toolbar in Office
- Disable the Detect and Repair command in the Help menu
Hides the "Detect and Repair" menu item in the Help menu
- Prevent changes to Clip Organizer contents in Office 2007/2003 / XP
Prevents the contents of the clipboard from being changed.
Now that we know the settings of the user settings in more detail, now comes something for the advanced users:
Opportunities for advanced administrators
Why exactly Microsoft named it like that, I don't know exactly, maybe because it only works if you have a network?
What else can SteadyState do:
It can "connect" the set up user profiles with the XP user profiles and "store" them on a server.
In other words, similar to the central user administration of a domain network, the individual user on every computer in the network has the same desktop settings and security guidelines available on all computers.
Let's start with the simplest:
Save settings and files of a user on a central computer (or a removable storage medium).
Why this makes sense:
If you use Disk Protection, all changes on the hard disk are discarded by default when shutting down. As a result, all files that the user saves under "My Documents" would also be disposed of automatically (very inconvenient if you are currently writing for hours at a workshop ).
So the first thing we have to do is temporarily deactivate Disk Protection, turn off all restrictions for the relevant user and restart the computer.
Then right-click on "My Documents" to call up the properties and move the folder to the desired drive (yes, it's so easy, you don't have to search around in the registry , but this only applies to the currently active user account)
The easiest way would be to use a different partition on the hard drive, but any removable storage device or network drive can also be used.
After moving the user accounts (unfortunately you have to log in once with each user account), you switch the Disk Protection back on, reset the restrictions to the desired settings, and voilá: We have one (or more) secured users who, despite Disk Protection files and system settings (if we have allowed this) to be saved.
Create an administrator who actually isn't
Well that sounds nonsensical, doesn't it?
But it can be done with SteadyState, but why?
This is explained relatively simply: How often does it happen that you reach the limit with your normal user account and have to start programs with "Execute as ...", or sometimes even have to switch users to a certain application or, for example, a To start the browser game. Or LAN and online games cannot be played if you are not logged in as an admin (this is the case with me with Battlefield1942, for example).
Didn't you already wish you had an "administrative normal user"?
We’re going to do that with SteadyState !!
First, briefly deactivate the disk protection again as above.
Then log on to the computer as administrator and create a new administrator with the XP user account control. (e.g. "game account")
If you now select the user in SteadyState, you can simply turn off everything that he shouldn't be able to do, and then you have an administrator who can't do everything.
Next you switch on the disk protection again and voilá: We have an administrator who doesn’t care what happens while using the computer, everything is gone when you restart !!
What is not in this manual!
I won't explain some of the possibilities of SteadyState here, because they normally only occur in company networks.
For example, it is possible to additionally protect user accounts of a domain with SteadyState so that the group guidelines cannot be "undermined" by unplugging the network cable.
It is also possible to apply additional restrictions to domain user accounts on individual computers.
And you can also "transfer" user restrictions created in SteadyState to an Active Directory network.
But since such networks are rarely found in household use (and even if the "owner" of the house knows about it, otherwise he wouldn't have such a network), I think that would go a bit beyond the scope.
That was it. Have fun trying it out and make something safer !!
(And always remember, 100% security does not bring any program, only sensible use)
A big thank you goes to the moderator colleague Funkenzupfer, who helped me find some menu items .
Installation and initial setup of Windows SteadyState Part 1
Transparency: | This article may contain affiliate links. These lead directly to the provider. If a purchase is made through this, we receive a commission. There are no additional costs for you! These links help us to refinance the operation of win-tipps-tweaks.de. |
This tip comes from www.win-tipps-tweaks.de
© Copyright Michael Hille
Warning:
Using Registry Editor or its tips incorrectly can cause serious system problems that may require you to reinstall your operating system. Tampering with the registry files and using the tips is at your own risk.