Dela via


Windows SteadyState

Applies To: Windows 7

This section cross-references the settings in Windows SteadyState with comparable Group Policy settings. In some cases, each Windows SteadyState setting corresponds to multiple Group Policy settings. In other cases, no comparable Group Policy setting is available, and this section notes that.

Global Computer Settings

The following tables cross-reference computer setup restrictions for privacy and security settings in Windows SteadyState to Group Policy computer settings. For more information, see the corresponding section in the Group Policy Settings section of this document.

Computer Setup Restrictions: Privacy Settings

In Windows SteadyState In Group Policy

Do not display user names in the “Log On to Windows” dialog box

Interactive logon: Do not display last user name

Prevent locked or roaming user profiles that cannot be found on the computer from logging on

A comparable Group Policy setting is not available; however, numerous policies for managing roaming user profiles are in Administrative Templates\System\User Profiles under the Computer Configuration and User Configuration nodes

Do not cache copies of locked or roaming user profiles for users who have previously logged on to this computer

A comparable Group Policy setting is not available; however, numerous policies for managing roaming user profiles are in Administrative Templates\System\User Profiles under the Computer Configuration and User Configuration nodes

Computer Setup Restrictions: Security Settings

In Windows SteadyState In Group Policy

Remove the Administrator user name from the Welcome screen

A comparable Group Policy setting is not available because the Welcome screen is specific to Windows Vista®

Remove the Shut Down and Turn Off options from the “Log On to Windows” dialog box and the Welcome screen

Shutdown: Allow system to be shut down without having to log on

Do not allow Windows to compute and store passwords using LAN Manager Hash values

Network security: Do not store LAN Manager hash value on next password change

Do not store user names or passwords used to log on to Windows Live™ ID or the domain

Network access: Do not allow storage of credentials or .NET Passports for network authentication

Prevent users from creating folders and files on drive C

A comparable Group Policy setting is not available; however, you can configure permissions to prevent users from creating folders and files on drive C

Prevent users from opening Microsoft Office documents from within Internet Explorer®

A comparable Group Policy setting is not available

Prevent write access to USB storage devices

Removable Disks: Deny write access

User Settings

The following tables cross-reference user restrictions (for general user settings, Windows settings, and feature settings) in Windows SteadyState to Group Policy user settings. For more information, see the corresponding section in the Group Policy Settings section of this document.

General User Settings: General Settings

In Windows SteadyState In Group Policy

Lock profile to prevent the user from making permanent changes

A comparable Group Policy setting is not available; however, using mandatory user profiles provides similar functionality (see Creating a Steady State by Using Microsoft Technologies)

General User Settings: Session Timers

In Windows SteadyState In Group Policy

Log off after _ minutes of use

A comparable Group Policy setting is not available; however, you can simulate this functionality by using a logon script

Log off after _ minutes idle

A comparable Group Policy setting is not available; however, Task Scheduler provides similar functionality

Always display the session countdown

A comparable Group Policy setting is not available

Restart computer after logoff

A comparable Group Policy setting is not available; however, you can simulate this functionality by using Task Scheduler to run Shutdown.exe after detecting a logoff event

Windows Restrictions: Start Menu Restrictions

In Windows SteadyState In Group Policy

Prevent right-click in the Start menu

Remove drag-and-drop and context menus on the Start Menu

Allow only the Classic Start menu

  • Force classic Start Menu

  • Remove links and access to Windows Update

  • Add Logoff to the Start Menu

Remove the Control Panel, Printer, and Network Settings from the Classic Start menu

Remove programs on Settings menu

Remove the My Documents icon

  • Remove My Documents icon on the desktop

  • Remove Documents icon from Start Menu

Remove the My Recent Documents icon

  • Remove Recent Items menu from Start Menu

  • Do not keep history of recently opened documents

Remove the My Pictures icon

Remove Pictures icon from Start Menu

Remove the My Music icon

Remove Music icon from Start Menu

Remove the Favorites icon

Remove Favorites menu from Start Menu

Remove the My Network Places icon

  • Remove Network icon from Start Menu

  • Hide Network Locations icon on desktop

  • Remove "Map Network Drive" and "Disconnect Network Drive"

Remove the Frequently Used Programs list

Remove frequent programs list from the Start Menu

Prevent programs in the All Users folder from appearing

Remove common program groups from Start Menu

Remove the Control Panel icon

Prohibit access to the Control Panel

Remove the Set Program Access and Defaults icon

Remove Default Programs link from the Start menu

Remove the Network Connections (Connect To) icon

Remove Network Connections from Start Menu

Remove the Printers and Faxes icon

A comparable Group Policy setting is not available

Remove the Run icon

Remove Run menu from Start Menu

Remove the Shut Down button

Prevent adding, dragging, dropping and closing the Taskbar's toolbars

Remove the Help and Support icon

Remove Help menu from Start Menu

Windows Restrictions: General Restrictions

In Windows SteadyState In Group Policy

Prevent right-click in Windows Explorer

  • Remove Windows Explorer's default context menu

  • Remove access to the context menus for the taskbar

Prevent AutoPlay on CD, DVD, and USB drives

Turn off Autoplay

Prevent access to Windows Explorer feature: Folder Options, Customize Toolbar, and the Notification Area

  • Remove the Folder Options menu item from the Tools menu

  • Disable customizing browser toolbar buttons

  • Disable customizing browser toolbars

  • Hide the notification area

Prevent changes to Windows Explorer’s advanced registry settings

A comparable Group Policy setting is not available; however, many policies for managing Windows Explorer are available in User Configuration\Administrative Templates\Windows Components\Windows Explorer

Use Control Panel Classic View

Always open All Control Panel Items when opening Control Panel

Prevent access to the taskbar

  • Prevent changes to Taskbar and Start menu settings

  • Lock the Taskbar

Prevent access to the command prompt

Prevent access to the command prompt

Prevent access to the registry editor

Prevent access to registry editing tools

Prevent access to Task Manager

Remove Task Manager

Prevent access to Microsoft Management Console utilities

Restrict users to the explicitly permitted list of snap-ins

Prevent users from adding or removing printers

  • Prevent addition of printers

  • Prevent deletion of printers

Prevent users from locking the computer

Remove Lock Computer

Prevent password changes (also requires that the Control Panel icon is removed)

Remove Change Password

Remove CD and DVD burning features

Remove CD Burning features

Disable keyboard shortcuts that use the Windows Logo key

Turn off Windows+X hotkeys

Allow only programs in the Program Files and Windows folders to run

See the section titled “Blocking Applications” in Creating a Steady State by Using Microsoft Technologies

Disable System Tools and other management programs

See the section titled “Blocking Applications” in Creating a Steady State by Using Microsoft Technologies

Disable Notepad and WordPad

See the section titled “Blocking Applications” in Creating a Steady State by Using Microsoft Technologies

Remove the Recycle Bin icon

  • Do not move deleted files to the Recycle Bin

  • Remove Recycle Bin icon from desktop

Prevent users from saving files to the desktop

A comparable Group Policy setting is not available; however, you can configure permissions to prevent users from creating folders and files on the desktop

Windows Restrictions: Hide Drives

In Windows SteadyState In Group Policy

Select the drives you want to hide from the user

  • Hide these specified drives in My Computer

  • Prevent access to drives from My Computer

Feature Restrictions: Internet Explorer Restrictions

In Windows SteadyState In Group Policy

Prevent Internet access (except Web sites below)

A comparable Group Policy setting is not available; however, you can restrict access to websites by configuring the firewall

Prevent changes to Internet Explorer registry settings

A comparable Group Policy setting is not available; however, numerous policies for managing Internet Explorer settings are in Administrative Templates\Windows Components\Internet Explorer under the Computer Configuration and User Configuration nodes

Prevent right-click in Internet Explorer

Disable Context menu

Prevent printing

Turn off Print Menu

Do not allow access to Favorites

Hide Favorites menu

Disable AutoComplete

  • Disable AutoComplete for forms

  • Turn on the auto-complete feature for user names and passwords on forms

Empty the Temporary Internet Files folder when Internet Explorer is closed

Empty Temporary Internet Files folder when browser is closed

Disable RSS Feeds (Internet Explorer 7 only)

  • Turn off the feed list

  • Turn off feed and Web Slices discovery

Feature Restrictions: Internet Explorer Restrictions, Menu Options

In Windows SteadyState In Group Policy

Remove View Source

View menu: Disable Source menu option

Remove Find Files

Search: Disable Find Files by clicking F3 within the browser window

Remove Theater Mode

View menu: Disable Full Screen menu option

Remove Help menu

Turn off displaying the Internet Explorer Help Menu

Remove Internet Options

Tools menu: Disable Internet Options... menu option

Remove expanded New menu

A comparable Group Policy setting is not available

Remove General tab in Internet Options

Disable the General page

Remove Security tab in Internet Options

Disable the Security page

Remove Privacy tab in Internet Options

Disable the Privacy page

Remove Content tab in Internet Options

Disable the Content page

Remove Connections tab in Internet Options

Disable the Connections page

Remove Programs tab in Internet Options

Disable the Programs page

Remove Advanced tab in Internet Options

Disable the Advanced page

Remove New Windows menu option

File menu: Disable New menu option

Feature Restrictions: Internet Explorer Restrictions, Toolbar Options

In Windows SteadyState In Group Policy

Search

A comparable Group Policy setting is not available for Internet Explorer 7

Folders

A comparable Group Policy setting is not available for Internet Explorer 7

Edit

A comparable Group Policy setting is not available for Internet Explorer 7

Discussions

A comparable Group Policy setting is not available for Internet Explorer 7

Encoding

A comparable Group Policy setting is not available for Internet Explorer 7

Size

A comparable Group Policy setting is not available for Internet Explorer 7

Full Screen

A comparable Group Policy setting is not available for Internet Explorer 7

Media

A comparable Group Policy setting is not available for Internet Explorer 7

Print

A comparable Group Policy setting is not available for Internet Explorer 7

History

A comparable Group Policy setting is not available for Internet Explorer 7

Tools

A comparable Group Policy setting is not available for Internet Explorer 7

Non-Microsoft extension buttons

A comparable Group Policy setting is not available for Internet Explorer 7

Command Bar

A comparable Group Policy setting is not available for Internet Explorer 7

Feature Restrictions: Home Page

In Windows SteadyState In Group Policy

Home Page

Web Addresses Allowed

Disable changing home page settings

Block Programs

The following table references information about blocking programs in Windows SteadyState and with Group Policy settings.

In Windows SteadyState In Group Policy

Block Programs

See Blocking Applications in Creating a Steady State by Using Microsoft Technologies