A few years ago we developed a tool called Windows Steady State to enable IT admins in shared computing environments to control configure and revert the configuration computer of computers used in schools, libraries, internet cafes, kiosks as well as other public and shared computing locations.
Steady State was designed to work with Windows XP and Windows Vista, and was a really popular toolkit because it made it easy to do things like automatically discard all changes to a system that users may have made on the PC, lock down the desktop to control what Windows applications a user could use as well as control what Windows settings that users might be able to change.
Think about a large group of PCs that might be used in a public library. Because these PCs are accessible for use by anyone, you probably wouldn’t want users to be able to change the desktop appearance, reconfigure system settings or install unauthorized applications or malware, or add documents or files to the system. Windows Steady State made it quick and easy for admins to define the types of controls they wanted to place on what users could do, as well as to completely reset the desktop to a pristine state later.
A Windows 7 version of Steady State was not created and we’ve heard loud and clear from IT Pros that this is something they wanted and needed. After we evaluated the types of functionality Steady State provides, we found that using new Windows capabilities that are built into Windows 7, Group Policies and free tools from Microsoft, the majority of Steady State functionality could actually be replicated by IT admins.
We have just released a whitepaper along with an accompanying document that describes Group Policy settings that you can use to configure computer and user settings and also a reference excel worksheet which can be used to look up and filter the settings described in the whitepaper.
We think that most customers will be able to take advantage of this set of whitepapers reference guidance to recreate the Steady State experience.
Visit the Manage Windows 7 Zone on the Springboard Series on TechNet for more information on how to lock down and manage Windows 7 in your environments.
Let us know your thoughts – enjoy!
Those whitepapers piss me off honestly. There's no real equivalent to the Disk protection component of SteadyState although other group policy features are mostly the same. Please develop a compatible SteadyState for Windows 7. This is backtracking on the commitment Microsoft made as regards to Windows 7 compatibility that Vista compatible software will all be Windows 7-compatible.
I'm really disappointed in this. SteadyState is one tool where you can access all of these tools easily with check boxes. Group Policy, while probably more granular, is not easy to navigate.
If you really aren't going to go forward with such a wonderful tool, what I'd really like to see if a way to import and export Group Policy settings. SteadyState was easy to understand and gave you a large number of pre-set configurations which you could choose and tweak as need be.
I've spent two days trying to find out how to lock down a Windows 7 PC without going through Group Policy. I'll be damned if I'm going to go though it. I'll just reload the unit or put XP on there.
Wow. Stephen, the technologies and Group Policy settings listed in no way replace the majority of Steady State functionality for the typical IT administrator. Disk protection is a key element of Steady State. A friendly and simple GUI product for Windows 7 was needed the day Windows 7 became generally available in October, 2009. A year later you rehash advice Microsoft gave out then? These techniques and GPOs were not sufficient a year ago to meet our needs and they are not welcome now.
If you really "heard loud and clear from IT Pros that this is something [we] wanted and needed" then stop what you are doing and reallocate programmer hours to create Steady State for Windows 7. Anything less than the Steady State tool we used in Vista will not meet the world's need.
You are wrong when you "think that most customers will be able to take advantage of this set of whitepapers reference guidance to recreate the Steady State experience." Help us to upgrade to Windows 7. We need Steady State.
Some of us costumers would like a program to install that to go through those whitepapers and figure out if we did something right and if it worked. Yes, IT pros can really benefit form this and would really need these whitepapers, but showing these to people like me is just an up front insult especially these white papers are targeted to IT pros and not consumers. And NO, these whitepapers will not be able to replicate what Steady State was able to provide us previously.
Windows 7 is great, but I am deeply wanting Steady State. Thea ease it provides us decreases the need of us dedicating our time just to read whitepapers and figure things out. That's what Steady State was able to offer us.
I do still think it'sbetter to have a real app than a set of documentation. Automatic integration is the key point of using an app like Steady State. Manual integration, well, is error prone and PITA.
I was so excited to ready an article titled Steady State for Win 7 as I use it on 45 machines at two small public libraries. Then as you read the article and hear about how they "have heard the cry" I'm thinking ok they are going to update SS...then they slap us with a stack of white papers, docs, and sortof SS features. I felt insulted for teasing me. What's the big deal? With Bill and Melinda's dedication to education and public libraries you would almost think a SS for Win 7 would be a no brainer...no Win 7 for our public computers.
The actual product Steady State freed us from having to be experts on desktop security. Sure it's nice, and useful, and prudent to maintain current expert knowledge about all desktop threats. And given unlimited time, I might add it to my list.
That headline was a cruel trick. Steady State was nice because it was free, reliable, complete, and required so little effort. For our Windows 7 machines I'd much rather pay for Clean Slate than risk having missed some important footnote in a whitepaper.
BTW, we had some super nerd engineer on site here recently who indicated some Windows Activation Technologies or Software Protection Platform voodoo was currently standing firmly in the way of a full implementation of Steady State for Windows 7. Encouragingly though, he also said "stay tuned" because MS is continually changing and improving that stuff as MAK and KMS mature. Anything to this, Stephen?
Why was steady state/guest mode pulled from windows 7 in the first place? It was working perfectly
No amount of hacking the group policy can bring back the functionality and the ease of use of steadystate.
Nice to see that there are still features added to windows 7.
There is still one very big feature missing in windows 7, and that is font installation rights for non administrators.
I don’t know if you are aware of it, but a “graphic designer” is usually a virus magnet. (they usually come from mac’s where viruses are almost nonexistent.. not that their security is better, there are simply not enough of those enhanced calculators around for virus writers to be interested in the platform)
But that is totally beside the point. You simply don’t want to give your average graphic designer full admin access to their PC. But in Windows 7 that automatically means they cannot add/remove fonts. And they will call the admin 5 times a day for some font they really really need in a hurry.
In XP we had an option to change permissions on the Fonts dir.. but that does not work anymore in windows 7
It would be great if this could be fixed somehow. And maybe for future versions of windows can we please have something like personal Fonts in our user profile?
Very disappointing, Microsoft. The whole point of Steady State is that it's a one-stop-shopping experience. It's a quick and easy tool that accomplishes all the results of those whitepapers and more without having to jump through hoops to do it all.
You guys are saying you heard us loud and clear that it's something we wanted and expected and needed... if so, please deliver the utility again!
Very very dissapointing. How can you say people may "enjoy" lost functionality?. Is the same stuff that happens with Office's lost Power Point Macro Recorder. In the "papers" Microsoft says that the Macro Recorder is no longer available but you can use the VB Editor to create macros. What really happens is that you didn't have enough time/peope/budget to complete things and you try to make people think that there are new choices to replace functionality. You should be working instead of lying.
Stephen, I wanted to add that a quick search of "Windows 7" SteadyState will show a HUGE number of people interested in the continuation of SteadyState. Even in Microsoft's own forums. social.technet.microsoft.com/.../23f4b66a-623e-421b-9892-e9a798ba6de7 and social.technet.microsoft.com/.../8ddff48e-aa90-4bf3-9b5a-4b11b02906bb are just two examples.
I know it probably won't help, as Microsoft doesn't seem to like to go back on a decision they have made, even though there is a large outcry, but is anyone interested in doing an online petition? Please let me know. I'll gladly promote it. I just am not sure what to write.
I haven't used SteadyState before but am definitely interested in using it in the near future... hopefully in Windows 7. I agree with most people here. The solutions stated in the whitepaper as alternatives for the Disk Protection feature is not really a viable option. Take the "MDT2010 as replacement" for instance. Yes, MDT 2010 would allow you to easily reinstall Windows 7 already preconfigured and ready for use. But have you stopped and think about licensing ang prouct activation? Yes it would be great for organizations using Enterprise edition. But what about small internet cafes and libraries? Volume licensing would be overkill for just a few computers. If they use retail licenses, online activation would only be available 10 times after which one must phone in to activate windows. So should we suggest users don't activate? Heck why even buy a license, since we'll be reinstalling Windows 7 every night, right? Wouldn't that be a breach in some agreements with Microsoft especially since these shared computers are generally 'for rent'? So there, MDT 2010 is a good option, but does not even come close to replacing Disk Protection of SteadyState.
I forwarded your comments to the Windows Product management team this am. Here was the response.
First of all I want to thank everyone for your interest and passion. With Windows 7, we made several important engineering and design decisions to help IT Pros manage user controls. For example in the whitepaper we detail some of the Group Policy settings, Operating System features, and tools that didn’t exist in previous versions of Windows that you can take advantage of in Windows 7 for managing users.
Since we addressed many of the top user control needs with Windows 7, we chose not to continue Steady State. Although Windows Disk Protection is not a fully automated solution native in Windows 7, we do offer some approaches to help. Please reference page 22 in the document for several recommendations using combinations of Group Policy, System Restore, scripting, mandatory profiles, and Microsoft Deployment Toolkit to achieve the same effect. I hope you can try out some of these and share feedback afterwards.
We do understand that some of you may still want a full solution for managing shared computing environments and if so there are some 3rd party solutions that offer similar functionality that SteadyState provided. Our goal in this paper though was to detail how you could take advantage of some of the native capabilities in Windows 7 as well as our free tools to manage shared computing environments.
Again thanks for your feedback
Wole Moses
Sr Product Manager - Windows
Let's see one product called Steady State or as Stephen said with a straight face "Group Policy, System Restore, scripting, mandatory profiles, and Microsoft Deployment Toolkit"...lets all take a month off work and learn this so we can have a product that works about 90% as well as SS then give up and buy third party (fortresgrand products).
SS works great for small public libraries with only one IT guy (me). I don't have time to read all this ask questions in forums and then hope it works... My staff all use Win 7 and love it..but for the public we are stuck at XP...that's a shame...it really is...
Steve,
Has Microsoft seen all these Steady State Posts on Microsoft's Social Answer and the Social Technet Forums?
social.answers.microsoft.com/.../e274a5a6-80c6-46fa-93a6-50a1cd67c013
social.technet.microsoft.com/.../0110d93c-eea5-4da9-9eea-d97ff88bff0e
Pretty compelling posts from all over. Looking at all the Comments on this blog , and it states that SteadyState for Windows 7 can be done, but it has to be done through "Group Policy". I saw that one comment said it would take a month if not longer to learn the Group Policy process.
Why not have MSFT "Top Notch" programmers code Steady State for Windows 7 for 32 and 64 bit systems in a month. Then MSFT could come back and say "MSFT has read about all people that use Steady State, and MSFT has listened" back by popular demand:
"Steady State for Windows 7 32bit & 64bit operating systems"
Just think about great customer service.
Just my two cents :)
Lets face it, guys. Microsoft is not interested in making this thing. Forget that its EASY and allows home users like parents stop their kids from making serious problems for the computers. Fact is, if it wont make them money, and Steadystate will not, then why should they try.
If you're not a propeller head (and I'm not), then just be friggin happy that your machine works!
Come on, Steve, enough bullshit, why wont MS make this awesome tool again for people that aren't IT PROS (which seem to be all MS cares about)
Why is MS asking IT folks to work harder instead of smarter?
Moves like phasing out Steady State is just another reason that IT dept's everywhere are looking into phasing out Windows!
Well, thanks for nothing. I was so extraordinarily pleased with Windows Steady State and then you just take it away and your white papers are garbage. All that extra work for something that doesn't quite do the job is a waste of time to me.
So, If you're going to cost me time then I'll cost you money. It looks like my school in the university will have to go with making all our shared computer Macs. I'll also suggest them as the standard for our incoming faculty and staff. I am just tired of this sort of crap from this company.
Very disappointing. Re-imaging machines every night with MDT in no way replaces steady state. Steady state could be unlocked each night, automatically update essential files (eg antivirus software), and then lock itself up again. Re-imaging also assumes a high bandwidth to a local server .... not always available. MDT has been around for a while, it's not designed to appease steady state supporters, it just happens to be there already.
This is a real loss when moving to Windows 7
I am so dissapointed because I tested this work around and in no way is a comparable solutioin. My users at the library keep finding work arounds to all the GPOs, it is a battle trying to keep the public PCs safe. Please, please, please, if you hear us, bring back SteadyState.
This is how I built kiosks at a Chilren's Hospital in 2003. When the Shared Computer Toolkit was released I was extremely pleased. This is 2010, soon to be 2011. There should be an even better tool available than Steady State at this point. Why the regeression???? I've just been tasked with building a kiosk for my current employer, and with the demise of Steady State I will now be using Ubuntu with KDE Kiosk Mode.
Your "solution" is in absolute insult. I'm confident your unwillingness to reproduce Steady State is because it worked too well, completely nullifying the need for 3rd party anti-virus and content control solutions.
Instead of focusing on your horrible web browser, terrible Bing search engine, and constant security failure after failure, why not provide something decent and good that the IT community can actually make use of.
Bah, but why do I even bother. As others here have said, Ubuntu looks better and better every day.
It is really scary that the producers of the most widely used Operating system can be so blind to what they are and are not creating. They created a wonderful product that totally protects a publicly used computer from ever getting corrupted. No viruses, no spyware, no stupid users screwing stuff up. No matter what is done to the computer, you just reboot and it is back right as rain. For kiosk and such this is the only thing that can keep public use computers functioning. We have hotel business centers and airport fbo business centers with computers set up for customers to use at their liesure. Every morning about 3 am, the machines reboot automatically, and they are like brand new.
YOU CAN NOT DO THIS WITH GROUP POLICY SETTINGS.
Group policy is great for stopping stupid users from accidently screwing things up. But, as we've all learned over the years, no one, not even Microsoft can produce a bullet-proof operating system. There are fiends out there everyday creating hacks to get through the security. Things are going to get corrupted on the computers. You can't stop that with Group Policy. Only with something like Windows Disk Protection.
Well, if Microsoft doesn't want to produce it, someone like Faronics will. Deep Freeze works with Windows 7.
No way are the controls built into windows 7 a replacement for steady state, the white papers are a mess and quite frankly it would blow the budget to even get a rudimentary equivalent of steady state to work on Windows 7.
Bill gates makes such a fuss about all the money he is giving away, that he is helping people well steady state is exactly what is needed to allow people to help themselves, non profit organizations, charity groups etc don't have huge support budgets and every dollar they spend on maintenance means less people can be provided with training and education to allow those people to find work, feed themselves, their families etc.
So Bill Gates stop bragging about what you are doing and clean up your own place first, maybe it would cost you a couple of hundred thousand to update steady state for windows 7 but hey your giving away billions supposedly to help people help themselves, why not make this one of your projects, its not as if you have to buy another software company to do it.
I and a lot of people out there think it is cruel and uncaring that you are taking away opportunities for people to learn and improve their life by not supporting this product.
I think we need a world wide protest, every where bill goes to speak we need people with placards and banners !!!
Syb
So......
52 Windows XP computers in a shared Lab environment. In 2 hours every single one is 100%, completely locked down using Steady State.
A year later, the school director wants to upgrade to Windows 7. "Sure" the IT guy says, "the computers passed the upgrade advisor tests."
After establishing a test group of 4 computers to load, configure and create an image with it becomes readily apparent that there is no Steady State in Windows 7. "No problem" the IT guy says, "I remember reading about Guest Mode in the Windows 7 forums. We can use that, it's pretty close to Steady State."
Oh wait....what's this? Guest Mode was REMOVED from the retail version of Windows 7.
So MS publishes a Twenty Six page whitepaper called Creating a Steady State by Using Microsoft Technologies. But that's not enough, so they publish a Sixty Four page whitepaper called Group Policy Settings for Creating a Steady State. But that's not enough, so a spreadsheet that reads worse than the worst DIY instructions ever has to accompany NINETY pages of whitepapers.
In the first 10 pages of the 26 page whitepaper, there are 13 instances of the phrase "A comparable Group Policy setting is not available".
To even get STARTED towards creating a Steady State in Windows 7, one would have to wade through 90 pages of whitepapers, and to implement fully.....
- Firewall configuration is required
- File Permissions have to be set
- Group Policy needs to be set and implemented
- Install a different browser ("A comparable Group Policy setting is not available" appears for every single MSIE7 entry)
- Pray that your GP implementation is 100% correct the first time, as many settings affect admins as well as users.
After three days of going blind on GP, the idea of upgrading the lab to Windows 7 was scrapped citing too many man hours per computer. The Senior Product Manager for Windows actually sums up the difference best by writing: "Please reference page 22 in the document for several recommendations using combinations of Group Policy, System Restore, scripting, mandatory profiles, and Microsoft Deployment Toolkit to achieve the same effect."
Really?
He also admits that no FULL SOLUTION exists in Windows 7 by writing "We do understand that some of you may still want a full solution for managing shared computing environments and if so there are some 3rd party solutions that offer similar functionality that SteadyState provided."
So MS shoots itself in the foot again. Which begs the questioin......how many toes does Microsoft have left?
at the bottom of the post "Let us know your thoughts - enjoy!" enjoy what microsoft?what good is our thoughts if you dont even understand what we really need. I am an it guy and its such a pain in the ass to not have these kinds of simple tools to make our life easier. where is having computers and technology making our life easier?oh well. after reading all the comments i realize that from where i work, technology and IT is second priority after COST. so i think microsoft is also thinking about this. money is more important than everything else. why make a product that would not simply make profit. forget about the costumers specially the loyal ones. money is what we need. not them. thank you microsoft. i do not understand your direction.
Have a look at Deep Freeze by Faronics if you want full Windows 7 (and onwards) support for the reboot to restore functionality. Works underneath the operating system, so it's very secure also.
Wow, just spent two hours looking at the white papers and WAIK, and I have to say it would have been far simpler and more effective if I could have just clicked a few checkboxes in SteadyState to achieve my goals.
Who actually wants or needs to mess about with Group Policies or "Automated" installation kits. I guess our public computers will ave to stay on Windows XP until SteadyState is released for Windows 7.
Just bought 3 laptops with Win7 installed & am about to replace it with XP. Vista's junk & I MUST have SteadyState.
So... Bye Bye lovely 7.... :(
Ahh... Just before I put XP on, I'm going to give Comodo's 'Time Machine' a try. It's free & sounds like it might go the trick...
Damn... Time Machine's been taken off their site & doesn't look like it's coming back... I've found a copy of it here though
www.spyro-computer-support.com/.../ComodoTimeMachine-client_setup_2.9.161985.187.exe
Just joined the site to say SHAME ON YOU MICROSOFT.
The reasons for removing this was purely driven by greed.... apparently a small percentage of users had been using this to use trial versions... hence no solution has been offered to write protecting the disks.
This is causing me and my company an immense amount of work, and your documents are a load of crap. In the future, we will no longer providing public computers for our homeless service users.
Thanks for nothing.
I actually thought Stephen's response was a line from a Douglas Adams book:
"We do offer some approaches to help. Please reference page 22 in the document for several recommendations using combinations of Group Policy, System Restore, scripting, mandatory profiles, and Microsoft Deployment Toolkit to achieve the same effect. "
HA HA HA HA HA!!! I can't believe any one would seriously consider this to be a VIABLE alternative. I'm laughing so hard right now my sides are hurting. What a joke, Microsoft!!