Microsoft offers a program somewhat similar to Faronics’ Deep Freeze application. Microsoft’s Windows SteadyState, however, is free for download after authenticating with Windows Genuine Advantage. Both of these programs essentially provide a way for system administrators to secure, manage, and reset machines to the exact state they were in before a user sat down to it.
Setup is really simple. You just run through it while logged in as a local administrator. The only mark-down with the setup I’d give is the bundling of the Windows Live Toolbar with it. After installation, SteadyState runs as a background service with about a 10 Meg footprint from two processes: Bubble.exe and SCTSvc.exe.
Once you get into configuring SteadyState as a local administrator, you’re into the meat of the program. You can set up global settings which affect all users of the computer or user-specific settings. These global settings, however, are over-ridden by any settings made in the Group Policy.
The user-specific settings are limited to local accounts and integrated within the SteadyState tool is the ability to easily create these accounts. They don’t reach Active Directory accounts unfortunately, but for the local accounts they allow very specific control. The user-specific settings can be exported as a user in a .ssu file (SteadyState User) and imported for easier setup of a lab environment.
Some cool features of Windows SteadyState are the integration into Windows Update and the Protect Hard Disk. You can set when Windows updates are applied so that those changes are made. I have to believe that with better integration and shared information as a Microsoft product this has to behave better than DeepFreeze. We have often run into problems where a machine will thaw, install the updates, and freeze again so that it is constantly in a state of needing to restart after the updates were installed. The machine logs you out and puts a pop up window over the Ctrl+Alt+Del login screen explaining that it is busy running updates. The pop doesn’t go away, even if you click ‘Ok’ on it until the machine completes updates and restarts.
The Protect Hard Drive features is also really handy for a public environment. The service takes a snapshot of your drive, just like DeepFreeze, and reverts back to this snapshot after every restart. This way users are not leaving behind confidential files, whatever they download or install is wiped out, and you create a consistent user experience no matter who has used the machine. This was also able to prevent a virus from creating havoc on the machine. Just for testing purposes, I intentionally downloaded the Antivirus 2009 trojan virus and let it infect the machine. As soon as I restarted the machine, it was operating nominally. The Protect Hard Drive has its own configuration where you can specify how much of the disk can be used. It defaults and maxes out at 50% of the hard drive space, but this can be lowered.
Get Windows SteadyState.