Windows SteadyState
Installation & Configuration Tips

All of the information, instructions, and recommendations on this Web site are offered on a strictly "as is" basis. Remember "Murphy's Law." Please take the proper precautions before attempting any of the tips or modifications listed here.

Contents


What is Windows SteadyState?

Lessons Learned

  • Windows Disk Protection (WDP)
  • Imaging the Hard Disc Drive
  • Automatic Updates
Scripting SteadyState
Export / Import User Configuration
Script to Update Symantec Antivirus Corp 10
Unable to Create New or Modify Existing User Accounts
Unable to log on with an Imported SteadyState User
Security Now! Discussion of Windows SteadyState
Introduction to Windows SteadyState by Chris Peters for WebJunction
Protect Public Computers with Windows SteadyState
Windows SteadyState Home Page
Windows SteadyState Community ForumOff-site link

Description of the API for the Windows Disk Protection feature in Windows SteadyStateOff-site link

Principle of Least Privilege
Links: Shared Access Computing
Windows Tips Index
Computer Tips Index

 


[ Top ] [ Home ]

 

What is Windows SteadyState?

Windows SteadyState, an upgrade to Windows Shared Computer Toolkit, is a tool developed by Microsoft for use with Microsoft Windows that gives administrators enhanced options for configuring shared computers, such as hard drive protection and advanced user management. It is primarily designed for use on computers shared by many people, such as Internet cafes, schools, homes, etc.

The most important things to know about SteadyState is:

 


[ Top ] [ Home ]

 

Lessons Learned

Windows Disk Protection (WDP)

Imaging the Hard Disc Drive

Automatic Updates

 


[ Top ] [ Home ]

 

Scripting SteadyState

SteadyState 2.5 introduced command line parameters that allow you to enable/disable WDP:

 


[ Top ] [ Home ]

 

Export / Import User Configuration

Export a Windows SteadyState User configuration

  1. Run Windows SteadyState
  2. Click on "Export User" in the lower right-hand corner
  3. Navigate to the drive & directory that you want to save the configuration to
  4. Select "User name:"
  5. Enter the filename
  6. Click [Save]

Import a Windows SteadyState User configuration

  1. Run Windows SteadyState
  2. Click on "Import User" in the lower right-hand corner
  3. Navigate to the drive & directory that you want to import the configuration from
  4. Select the .ssu file
  5. Click [Open]

Note: The user does not have to already exist in Windows.

 


[ Top ] [ Home ]

 

Script to Update Symantec Antivirus Corp 10

The automatic updates in Windows SteadyState v2.0 does not automatically detect Symantec AntiVirus. The included script for Norton AntiVirus probably won't work for updating Symantec AntiVirus. The Symantec AntiVirus that comes with Symantec Client Security is installed in a different directory than the stand-alone Symantec AntiVirus:

 

SCTSymantecClientSecurityAvUpdate.vbs

' Location: C:\Program Files\Windows SteadyState\Scripts\
   ' filename: SCTSymantecClientSecurityAvUpdate.vbs
   ' From:  http://forums.microsoft.com/WindowsToolsandUtilities/ShowPost.aspx?PostID=1761830&SiteID=69   
   ' This is a working script for Symantec Antivirus Corp 10 that's 
   ' included with Symantec Client Security
   ' Make sure you go into  Control Panel > Symantec LiveUpdate. 
   ' Set it to Express Mode and put a check in both of the  Express Mode Settings.
   '
   ' Modified: 4/16/2008 by C
   ' Changes: 
   ' - Fixed path for Registry and HD location for Symantec Client Security
 ' - Renamed variable from sNortonPath to sSymantecPath
 ' ~~~ Force variables to be declared
   ' ~~~
   Option Explicit
 ' ~~~
   ' ~~~ Turn on error handling
   ' ~~~
   On Error Resume Next
 ' ~~~
   ' ~~~ Declare global variables
   ' ~~~
   Dim sSymantecPath, oShell, strComputer, oWMIService,  ColProcesses
 ' ~~~ Create objects
   Set oShell = CreateObject("WScript.Shell")
 ' ~~~ Set application path
   ' ~~~ Symantec Client Security installs AV in: C:\Program Files\Symantec Client Security\Symantec AntiVirus
   ' ~~~ Correct Reg key for SAV is: HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\InstalledApps\SAVCE
   ' ~~~                   Value is: C:\Program Files\Symantec Client Security\Symantec AntiVirus\
 '' sSymantecPath =  oshell.RegRead("HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\InstalledApps\SAV Install Directory")
   sSymantecPath =  oshell.RegRead("HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\InstalledApps\SAVCE")
 '~~~ Download Virus Signature
   ''  call oShell.Run("""" & sSymantecPath  & "\VPDN_LU.exe""" & " /s", 0, True)
   call oShell.Run("""" & sSymantecPath  & "VPDN_LU.exe""" & " /s", 0, True)
 ' ~~~ Wait 5 minutes
   WScript.Sleep (300000)

 

SoftwareUpdates.XML

Location: C:\Program Files\Windows SteadyState\XML\

' Filename: SoftwareUpdates.XML
   ' From:  http://forums.microsoft.com/WindowsToolsandUtilities/ShowPost.aspx?PostID=1761830&SiteID=69
   ' Posted by: JC Doll
' This will make SteadyState Autodetect 
<software
       id="SymantecAV10"
       name="Symantec AntiVirus 10"
        detectionPath="SOFTWARE\Symantec\InstalledApps"
       detectionName="SAV Install Directory"
       append="VPDN_LU.exe"
       script="SCTSymantecClientSecurityAvUpdate.vbs"
       category="Anti-Virus"  />

 

 


[ Top ] [ Home ]

 

Unable to Create New or Modify Existing User Accounts

Windows SteadyState v2.0
Operating System Windows XP Professional SP3
Network type Workgroup

Problem / Description

I ran into the following issue when using Windows SteadyState v2.0 to configure a system that was cloned from a Windows XP Professional system that was being used to share a directory, but we did not want non-Administrators to log into locally.

Error Messages

When trying to access an existing users profile, the following error was displayed after entering the password:

Logon failure: the user has not been granted the requested logon type at this computer.

When attempting to add a new user, the following error was displayed:

The user profile cannot be created.  Try again.

When attempting to logon as a User, after enabling disk protection, the following error was displayed:

The local policy of this system does not permit you to logon interactively.

Resolution

All three errors may have been caused by the Users group not being listed in the "Log on locally" policy.

After using GPedit.msc to add the Users group back to the "Log on locally" policy, you should now be able to use SteadyState to add a new user or edit an existing user.

These are the steps to make the change:

  1. Open a Command Prompt
  2. Run the Group Policy Snap-in by entering gpedit.msc
  3. In the Group Policy Snap-in, go to: Local Computer Policy > Computer Configuration > Windows Settings > Security Settings > Local Policies > User Rights Assignment > Log on locally
  4. Double click on "Log on locally" to open its properties
  5. Click the "Add User or Group..." button
  6. On the "Select Users or Groups" window, click the "Object Types..." button
  7. On the "Object Types" window, make sure that "Groups" is checked, then click OK.
  8. Back on the "Select Users or Groups" window, type Users into the white box, then click OK
  9. Click "OK" on the "Log on locally Properties" window to save the change.
  10. Exit from the Group Policy Snap-in.

 


[ Top ] [ Home ]

 

Unable to log on with an Imported SteadyState User

Windows SteadyState v2.0
Operating System Windows XP Professional
Network type Workgroup

Problem / Description

After importing a Windows SteadyState User configuration, for a user that did not already exist on the system, you may not be able to log in using the imported user account.

Error Message

When you attempt to login with the imported user account, the following message is displayed:

Windows cannot log you on because your profile cannot be loaded. Check that you are connected to the network, or that your network is functioning correctly.  If the problem persists, contact your network administrator.

Resolution

  1. Login with the SteadyState Administrator account
  2. Run Windows SteadyState
  3. Under "User Settings," click on the appropriate user
  4. Under "General Settings," unlock the profile
  5. Click [OK]
  6. Log off
  7. Login as the public user

Note: You may need to lock the user profile, save, then unlock the user profile again to get it work.

 


[ Top ] [ Home ]

 

All items Copyright ©1996 - 2017 Chin. All Rights reserved Reproduction without explicit permission is prohibited. See: Terms of use