Windows SteadyState Part 2

Part 2

Windows SteadyState Part 2

 

As promised, here is the second part of the Windows SteadyState workshop.

Now let's look at the exact options for the user settings.
 
If you look at the number of individual settings in Windows and the feature restrictions, you come to 77 ticks, which you can set (or not).

Windows Steady State Logo


The choice is of course difficult (especially since the program is only available in English so far!)

What can be set under User Settings -> Windows Restrictions:

User settings Internet set
Click opens list as .pdf

Start Menu Restrictions

  • Avoid right-clicking in the Start Menu
    Prevents right-clicking (i.e. calling up the context menu) in the start menu
  • Allow only the Classic Start Menu
    Only the classic start menu is displayed
  • Remove the Control Panel, Printer and Network Settings from the Start Menu
    Removes the Control Panel, Printers, and Network Settings from the Start menu
  • Remove the My Documents icon
    Removes the start menu item "My Documents"
  • Remove the My Recent Documents icon
    Removes the start menu entry "Recently used documents"
  • Remove the my Pictures icon
    Removes the start menu item "My Pictures"
  • Remove the My Music icon
    Removes the start menu item "My Music"
  • Remove the Favorites icon
    Removes the start menu entry "Favorites"
  • Remove the My Network Places icon
    Removes the start menu entry "Network Neighborhood"
  • Remove the Frequently used Programs list
    Removes the "list" of the most frequently used programs (usually shown on the left in the start menu)
  • Prevent programs in the All Users folder from My Computer
    prevents the programs from All Users from being displayed in the start menu (i.e. only the programs from the current user profile are displayed)
  • Remove the Control Panel icon
    Removes the control panel icon from the start menu
  • Remove the Set Program Access and Defaults icon
    Removes the start menu item "Program access and standards"
  • Remove the Connections (Connect to) icon
    Removes the start menu item "Connect to ..."
  • Remove the Printers and Faxes icon
    Removes the start menu item "Printers and Faxes"
  • Remove the Search icon
    Removes the start menu item ?? Search ... ??
  • Remove the Run icon
    Removes the start menu item? Run?
  • Remove the shut down button
    Removes the ?? shutdown ?? Button from the start menu
  • Remove the Help and Support icon
    Removes the start menu item ?? Help and Support ??

General Restrictions

  • Prevent right-click in Windows Explorer
    Prevents the context menu from being called by right-clicking
  • Prevent AutoPlay on CD, DVD and USB drives
    Prevents CD's and removable media from starting automatically
  • Prevent access to Windows Explorer features: Folder Options, Customize Toolbar and the My Documents folder
    Prevents the folder options, the context menu entry (toolbar) Customize... and My Documents from being accessible
  • Prevent access to the taskbar
    Prevents access to the system tray
  • Prevent access to the command prompt
    Prevents access to the command prompt
  • Prevent access to the registry editor
    Prevents access to the registry editor
  • Prevent access to the Task Manager
    Prevents the task manager from being called
  • Prevent access to the Microsoft Management Console utilities
    Prevents access to the management console (Run -> mmc) which can be used to change security and computer settings
  • Prevent users from adding or removing printers
    Prevents the user from installing or uninstalling printers
  • Prevent users from locking the computer
    Prevents the logged on user from locking the computer
  • Prevent password changes (also requires the Control Panel icon to be removed)
    Prevents changing the password (only works if the system control icon is hidden)
  • Remove CD and DVD burning features
    Removes access to the internal Windows burning functions
  • Disable keyboard shortcuts that use the Windows Logo Key
    Switches off key combinations with the Windows key (e.g. Win + E)
  • Allow only programs in the Program files and Windows folders to run
    Only programs that are in the Windows or Programs folder may be executed
  • Disable System Tools and other management programs
    Intended to prevent tuning and optimization tools from accessing system settings
  • Disable Notepad and Wordpad
    Turns off Notepad and Wordpad (this prevents batch files from being changed)
  • Remove the Recycle Bin icon
    Removes the trash from the desktop
  • Prevent users from saving files to the desktop
    Prevents users from saving files to the desktop

So now the third page of the User Settings

 

What can be set under User Settings -> Feature Restrictions:

User Settings
Click opens list as .pdf

Internet Explorer Restrictions

  • Prevent Internet access (except Web sites below)
    Prevents access to the Internet (except for the pages released below)
  • Prevent right click in Internet Explorer
    Prevents calling the context menu in Internet Explorer by right-clicking
  • Prevent printing
    Prevents printing from Internet Explorer
  • Do not allow access to favorites
    Prevents access to the favorites
  • Disable AutoComplete
    Turns off auto-complete
  • Empty the Temporary Internet Files folder when Internet Explorer is closed
    Empties the folder "Temporary Internet Files" when the Internet Explorer is closed

Options menu

  • RemoveView Source
    Removed the menu item Show source code
  • Remove Find Files
    Removed Edit -> Search on this page ...
  • Remove theater mode
    Prevents full screen mode
  • Remove Help Menu
    Removes the help (that?) From the menu bar
  • Remove browser options
    Hides the internet options
  • Remove Expanded New Menu
    Removes the menu item File -> New ... (all points to be found under New> are hidden)
  • Remove General Tab in Internet Options
    Removes the "General" tab under Tools -> Internet Options
  • Remove Security Tab in Internet Options
    Removes the "Security" tab under Tools -> Internet Options
  • Remove Privacy Tab in Internet Options
    Removes the "Privacy" tab under Tools -> Internet Options
  • Remove Content Tab in Internet Options
    Removes the "Contents" tab under Tools -> Internet Options
  • Remove Programs tab in Internet Options
    Removes the "Programs" tab under Tools -> Internet Options
  • Remove Advanced Tab in Internet Options
    Removes the "Advanced" tab under Tools -> Internet Options
  • Remove New Window Menu Option
    Removes the context menu entry "Open in new window"

Toolbar Options (hides, among other things, entries in the toolbar and menu bar)

  • Search
    Search
  • Folders
    folder
  • Edit
    Edit
  • Discussions
    discussion
  • Encoding
    encoding
  • Size
    Size
  • Full Screen
    full screen
  • Media
    Media toolbar
  • Print
    Print
  • History
    Course
  • Tools
    Extras
  • Third party extension buttons
    Removes the buttons from additional programs (e.g. Flashget

Microsoft Office Restrictions

  • Prevent use of Visual Basic for Applications (VBA) in Office 2007/2003 / XP
    Prevents the execution of VisualBasic scripts in Office documents
  • Disable macro shortcut keys
    Blocks the creation and use of keyboard shortcuts for macros
  • Disable Macro menu items in the Tools menus
    Hides the entire menu item "Macros" in the Tools menu
  • Disable Add-ins menu items in the Tools menus
    Hides the menu item "Templates and Add-ins" in the Tools menu
  • Disable the Web toolbar in Office programs
    Hides the web toolbar in Office
  • Disable the Detect and Repair command in the Help menu
    Hides the "Detect and Repair" menu item in the Help menu
  • Prevent changes to Clip Organizer contents in Office 2007/2003 / XP
    Prevents the contents of the clipboard from being changed.

Now that we know the settings of the user settings in more detail, now comes something for the advanced users:

 

Opportunities for advanced administrators


Why exactly Microsoft named it like that, I don't know exactly, maybe because it only works if you have a network?
What else can SteadyState do:


It can "connect" the set up user profiles with the XP user profiles and "store" them on a server.
In other words, similar to the central user administration of a domain network, the individual user on every computer in the network has the same desktop settings and security guidelines available on all computers.

 
Let's start with the simplest:

Save settings and files of a user on a central computer (or a removable storage medium).

Why this makes sense:
If you use Disk Protection, all changes on the hard disk are discarded by default when shutting down. As a result, all files that the user saves under "My Documents" would also be disposed of automatically (very inconvenient if you are currently writing for hours at a workshop ).

 


So the first thing we have to do is temporarily deactivate Disk Protection, turn off all restrictions for the relevant user and restart the computer.

 


Then right-click on "My Documents" to call up the properties and move the folder to the desired drive (yes, it's so easy, you don't have to search around in the registry , but this only applies to the currently active user account)

 
The easiest way would be to use a different partition on the hard drive, but any removable storage device or network drive can also be used.

 
After moving the user accounts (unfortunately you have to log in once with each user account), you switch the Disk Protection back on, reset the restrictions to the desired settings, and voilá: We have one (or more) secured users who, despite Disk Protection files and system settings (if we have allowed this) to be saved.

Create an administrator who actually isn't

Well that sounds nonsensical, doesn't it?
But it can be done with SteadyState, but why?

 
This is explained relatively simply: How often does it happen that you reach the limit with your normal user account and have to start programs with "Execute as ...", or sometimes even have to switch users to a certain application or, for example, a To start the browser game. Or LAN and online games cannot be played if you are not logged in as an admin (this is the case with me with Battlefield1942, for example).

 
Didn't you already wish you had an "administrative normal user"?
We’re going to do that with SteadyState !!


First, briefly deactivate the disk protection again as above.
Then log on to the computer as administrator and create a new administrator with the XP user account control. (e.g. "game account")


If you now select the user in SteadyState, you can simply turn off everything that he shouldn't be able to do, and then you have an administrator who can't do everything.


Next you switch on the disk protection again and voilá: We have an administrator who doesn’t care what happens while using the computer, everything is gone when you restart !!

 

What is not in this manual!

I won't explain some of the possibilities of SteadyState here, because they normally only occur in company networks.

 
For example, it is possible to additionally protect user accounts of a domain with SteadyState so that the group guidelines cannot be "undermined" by unplugging the network cable.

 


It is also possible to apply additional restrictions to domain user accounts on individual computers.

 


And you can also "transfer" user restrictions created in SteadyState to an Active Directory network.

 
But since such networks are rarely found in household use (and even if the "owner" of the house knows about it, otherwise he wouldn't have such a network), I think that would go a bit beyond the scope.

 


That was it. Have fun trying it out and make something safer !!
(And always remember, 100% security does not bring any program, only sensible use)

 
A big thank you goes to the moderator colleague Funkenzupfer, who helped me find some menu items .

 

Installation and initial setup of Windows SteadyState Part 1

read comment

Transparency: This article may contain affiliate links. These lead directly to the provider. If a purchase is made through this, we receive a commission. There are no additional costs for you! These links help us to refinance the operation of win-tipps-tweaks.de.

___________________________________________________
This tip comes from www.win-tipps-tweaks.de
© Copyright Michael Hille

Warning:
Using Registry Editor or its tips incorrectly can cause serious system problems that may require you to reinstall your operating system. Tampering with the registry files and using the tips is at your own risk.