How did Microsoft pull this one off without my noticing it? Without so many noticing? Just the other day I heard about SteadyState by Microsoft — a product that allows the management of a Windows (XP) PC controlling changes to [essentially] C: drive resources. The name – SteadyState – explains the goal of the product — to provide a means to restore a PC to previous state, preventing all or some of the changes that can be made, and then being able to return it to a known state simply by rebooting.
Windows Vista users out of luck? Nope. At least not for long, as there is a beta version for Vista (2.5) that will soon be available. But, why would Windows/Vista need it? I thought it was supposed to be a bastion of securely-hardened computing? Or is that only because no one is using it? Well, no matter, as there will be a version for Vista soon.
Oh! The cost! I forgot to mention that Microsoft is charging a whopping $0.00 for SteadyState! And let me be one of the first (hardly) to commend Microsoft for offering what is clearly a magnificent security system free of cost. Perhaps they’ll open source it. You think? Hah.
Easy to install, a clean uninstall, and extremely user-friendly screens to walk you through any level of hardening your system, what’s not to like?
So what do you secure? This does not replace policy manager; this is better, and it compliments policy manager. And there’s way too much to cover here (follow the link above for that kind of detail), but here’s a few things you can do: prevent AUTORUN on inserting CD’s; prevent loading software; prevent the upload or download of information to a thumbdrive; prevent specific programs from running by selecting them from a list; and prevent changing system configuration items like video, screen resolution.
Check it out for yourself, find it at the Microsoft shared access site. Think about the applications. If you’re own business, and you deploy multiple PC’s, I don’t have to tell you that. But what about that “shared” PC you might have — in the lobby of a hotel, or even your personal PC that your kids use from time to time. For the former, you can lock it down hard, preventing any changes at all. For the latter, you can be more flexible knowing that your nightly reboot will set everything back — back to a steady state.
