Installation & Configuration Tips
All of the information, instructions, and recommendations on this Web site are offered on a strictly "as is" basis. Remember "Murphy's Law." Please take the proper precautions before attempting any of the tips or modifications listed here.
|What is Windows SteadyState?|
|Export / Import User Configuration|
|Script to Update Symantec Antivirus Corp 10|
|Unable to Create New or Modify Existing User Accounts|
|Unable to log on with an Imported SteadyState User|
|Security Now! Discussion of Windows SteadyState|
|Introduction to Windows SteadyState by Chris Peters for WebJunction|
|Protect Public Computers with Windows SteadyState|
|Windows SteadyState Home Page|
|Windows SteadyState Community Forum|
|Principle of Least Privilege|
|Links: Shared Access Computing|
|Windows Tips Index|
|Computer Tips Index|
Windows SteadyState, an upgrade to Windows Shared Computer Toolkit, is a tool developed by Microsoft for use with Microsoft Windows that gives administrators enhanced options for configuring shared computers, such as hard drive protection and advanced user management. It is primarily designed for use on computers shared by many people, such as Internet cafes, schools, homes, etc.
The most important things to know about SteadyState is:
SteadyState 2.5 introduced command line parameters that allow you to enable/disable WDP:
Note: The user does not have to already exist in Windows.
The automatic updates in Windows SteadyState v2.0 does not automatically detect Symantec AntiVirus. The included script for Norton AntiVirus probably won't work for updating Symantec AntiVirus. The Symantec AntiVirus that comes with Symantec Client Security is installed in a different directory than the stand-alone Symantec AntiVirus:
' Location: C:\Program Files\Windows SteadyState\Scripts\ ' filename: SCTSymantecClientSecurityAvUpdate.vbs ' From: http://forums.microsoft.com/WindowsToolsandUtilities/ShowPost.aspx?PostID=1761830&SiteID=69 ' This is a working script for Symantec Antivirus Corp 10 that's ' included with Symantec Client Security ' Make sure you go into Control Panel > Symantec LiveUpdate. ' Set it to Express Mode and put a check in both of the Express Mode Settings. ' ' Modified: 4/16/2008 by C ' Changes: ' - Fixed path for Registry and HD location for Symantec Client Security ' - Renamed variable from sNortonPath to sSymantecPath' ~~~ Force variables to be declared ' ~~~ Option Explicit' ~~~ ' ~~~ Turn on error handling ' ~~~ On Error Resume Next' ~~~ ' ~~~ Declare global variables ' ~~~ Dim sSymantecPath, oShell, strComputer, oWMIService, ColProcesses' ~~~ Create objects Set oShell = CreateObject("WScript.Shell")' ~~~ Set application path ' ~~~ Symantec Client Security installs AV in: C:\Program Files\Symantec Client Security\Symantec AntiVirus ' ~~~ Correct Reg key for SAV is: HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\InstalledApps\SAVCE ' ~~~ Value is: C:\Program Files\Symantec Client Security\Symantec AntiVirus\'' sSymantecPath = oshell.RegRead("HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\InstalledApps\SAV Install Directory") sSymantecPath = oshell.RegRead("HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\InstalledApps\SAVCE")'~~~ Download Virus Signature '' call oShell.Run("""" & sSymantecPath & "\VPDN_LU.exe""" & " /s", 0, True) call oShell.Run("""" & sSymantecPath & "VPDN_LU.exe""" & " /s", 0, True)' ~~~ Wait 5 minutes WScript.Sleep (300000)
Location: C:\Program Files\Windows SteadyState\XML\
' Filename: SoftwareUpdates.XML ' From: http://forums.microsoft.com/WindowsToolsandUtilities/ShowPost.aspx?PostID=1761830&SiteID=69 ' Posted by: JC Doll' This will make SteadyState Autodetect<software id="SymantecAV10" name="Symantec AntiVirus 10" detectionPath="SOFTWARE\Symantec\InstalledApps" detectionName="SAV Install Directory" append="VPDN_LU.exe" script="SCTSymantecClientSecurityAvUpdate.vbs" category="Anti-Virus" />
|Operating System||Windows XP Professional SP3|
I ran into the following issue when using Windows SteadyState v2.0 to configure a system that was cloned from a Windows XP Professional system that was being used to share a directory, but we did not want non-Administrators to log into locally.
When trying to access an existing users profile, the following error was displayed after entering the password:
Logon failure: the user has not been granted the requested logon type at this computer.
When attempting to add a new user, the following error was displayed:
The user profile cannot be created. Try again.
When attempting to logon as a User, after enabling disk protection, the following error was displayed:
The local policy of this system does not permit you to logon interactively.
All three errors may have been caused by the Users group not being listed in the "Log on locally" policy.
After using GPedit.msc to add the Users group back to the "Log on locally" policy, you should now be able to use SteadyState to add a new user or edit an existing user.
These are the steps to make the change:
|Operating System||Windows XP Professional|
After importing a Windows SteadyState User configuration, for a user that did not already exist on the system, you may not be able to log in using the imported user account.
When you attempt to login with the imported user account, the following message is displayed:
|Windows cannot log you on because your profile cannot be loaded. Check that you are connected to the network, or that your network is functioning correctly. If the problem persists, contact your network administrator.|
Note: You may need to lock the user profile, save, then unlock the user profile again to get it work.