Scenarios and Limitations

Applies To: Windows 7

Windows SteadyState provides key features for setting up and managing shared computers running Windows XP or Windows Vista. At a high level, the Windows SteadyState features and the Windows 7 features that this document describes include the following:

Windows SteadyState Windows 7 In this document

Creating user accounts and configuring user settings

You can apply system and feature restrictions to each user account on the computer so that users have limited access to Windows system tools, other services, applications, files, and data.

You can create standard user accounts to isolate users from system tools, services, applications, and files; then, use Group Policy settings to configure and restrict access to user settings.

Configuring Standard User Accounts

Configuring Shared User Accounts

Setting computer restrictions

You can apply privacy and security restrictions to the whole computer and design a uniform user experience.

You can create standard user accounts to restrict users from changing computer settings and help protect their privacy. You can configure the computer by using Group Policy settings.

Configuring Group Policy Settings

Scheduling software updates

You can download and install updates. This works with Windows Disk Protection to help ensure that important updates are applied to the computer and not removed.

You can schedule Automatic Updates by using Group Policy settings. Standard user accounts cannot remove these important updates.

Scheduling Updates

Restoring the hard disk drive after each user session

Windows Disk Protection helps protect the Windows operating system and program files from permanent changes. When people are using the computer, they can cause changes to the hard disk drive. However, Windows Disk Protection discards those changes after restarting the computer.

Users with standard user accounts cannot change system files or settings. Therefore, discarding changes to the hard disk drive after each user session is less critical. This also eliminates the complexity of updating computers that are using Windows Disk Protection. However, you can restore the hard disk drive on shared computers each night by using MDT 2010.

Restoring the Hard Disk Drive

Exporting and importing user profiles

You can export shared user profiles created on one computer and import them to any computer on which Windows SteadyState is installed.

You can export users’ files and settings by using Windows Easy Transfer, and then import them on any other computer. Windows Easy Transfer is a tool that is built in to Windows 7 that users can use to migrate their files and settings from one Windows installation to another.

Exporting and Importing Profiles

With the exception of Windows Disk Protection, the features that Windows SteadyState provides have counterparts in the native Windows 7 features and the free tools that this document describes. Although Windows SteadyState does provide a single, easy-to-use interface for configuring shared computers, any IT pro or partner can easily set up and manage shared computers by following the guidance in this document. As for Windows Disk Protection, the section titled Restoring the Hard Disk Drive, recommends strategies that can help you simulate, if not replicate, this feature.

This document supports a variety of scenarios. These include computers that are shared in businesses (for example, kiosks and call centers), libraries, schools, and Internet cafes. To help you better understand this document’s recommendations, it follows a fictional user named Ben Miller, who is an IT pro with Blue Yonder Airlines.

Introducing Ben Miller

Ben Miller is an IT pro for Blue Yonder Airlines. His manager tasked Ben with an exciting new project: setting up shared-access computers.

He is configuring two types of shared computers. The first type are computers that employees can use to check email, search the Web, and so on. These computers will be in meeting rooms and cafeterias. Employees will use their own accounts to log on to these computers.

The second type are shared computers in public areas that guests can access. Because guests will not have an account on the Blue Yonder Airlines domain, guests will log on to shared computers by role. That is, they will log on to shared computers using a preconfigured account named ByaGuest. Ben prefers to not enable the built-in Guest account.

In both cases, Ben has specific requirements. The health of the computers and users’ privacy are paramount. Additionally, he wants to assure users a consistent experience every time they log on to one of the shared computers. He is installing Windows 7; therefore, he cannot use Windows SteadyState to configure the shared computers.