Windows SteadyState
Applies To: Windows 7
This section cross-references the settings in Windows SteadyState with comparable Group Policy settings. In some cases, each Windows SteadyState setting corresponds to multiple Group Policy settings. In other cases, no comparable Group Policy setting is available, and this section notes that.
Global Computer Settings
The following tables cross-reference computer setup restrictions for privacy and security settings in Windows SteadyState to Group Policy computer settings. For more information, see the corresponding section in the Group Policy Settings section of this document.
Computer Setup Restrictions: Privacy Settings
| In Windows SteadyState | In Group Policy |
|---|---|
Do not display user names in the “Log On to Windows” dialog box |
Interactive logon: Do not display last user name |
Prevent locked or roaming user profiles that cannot be found on the computer from logging on |
A comparable Group Policy setting is not available; however, numerous policies for managing roaming user profiles are in Administrative Templates\System\User Profiles under the Computer Configuration and User Configuration nodes |
Do not cache copies of locked or roaming user profiles for users who have previously logged on to this computer |
A comparable Group Policy setting is not available; however, numerous policies for managing roaming user profiles are in Administrative Templates\System\User Profiles under the Computer Configuration and User Configuration nodes |
Computer Setup Restrictions: Security Settings
| In Windows SteadyState | In Group Policy |
|---|---|
Remove the Administrator user name from the Welcome screen |
A comparable Group Policy setting is not available because the Welcome screen is specific to Windows Vista® |
Remove the Shut Down and Turn Off options from the “Log On to Windows” dialog box and the Welcome screen |
Shutdown: Allow system to be shut down without having to log on |
Do not allow Windows to compute and store passwords using LAN Manager Hash values |
Network security: Do not store LAN Manager hash value on next password change |
Do not store user names or passwords used to log on to Windows Live™ ID or the domain |
Network access: Do not allow storage of credentials or .NET Passports for network authentication |
Prevent users from creating folders and files on drive C |
A comparable Group Policy setting is not available; however, you can configure permissions to prevent users from creating folders and files on drive C |
Prevent users from opening Microsoft Office documents from within Internet Explorer® |
A comparable Group Policy setting is not available |
Prevent write access to USB storage devices |
Removable Disks: Deny write access |
User Settings
The following tables cross-reference user restrictions (for general user settings, Windows settings, and feature settings) in Windows SteadyState to Group Policy user settings. For more information, see the corresponding section in the Group Policy Settings section of this document.
General User Settings: General Settings
| In Windows SteadyState | In Group Policy |
|---|---|
Lock profile to prevent the user from making permanent changes |
A comparable Group Policy setting is not available; however, using mandatory user profiles provides similar functionality (see Creating a Steady State by Using Microsoft Technologies) |
General User Settings: Session Timers
| In Windows SteadyState | In Group Policy |
|---|---|
Log off after _ minutes of use |
A comparable Group Policy setting is not available; however, you can simulate this functionality by using a logon script |
Log off after _ minutes idle |
A comparable Group Policy setting is not available; however, Task Scheduler provides similar functionality |
Always display the session countdown |
A comparable Group Policy setting is not available |
Restart computer after logoff |
A comparable Group Policy setting is not available; however, you can simulate this functionality by using Task Scheduler to run Shutdown.exe after detecting a logoff event |
Windows Restrictions: Start Menu Restrictions
| In Windows SteadyState | In Group Policy |
|---|---|
Prevent right-click in the Start menu |
Remove drag-and-drop and context menus on the Start Menu |
Allow only the Classic Start menu |
|
Remove the Control Panel, Printer, and Network Settings from the Classic Start menu |
Remove programs on Settings menu |
Remove the My Documents icon |
|
Remove the My Recent Documents icon |
|
Remove the My Pictures icon |
Remove Pictures icon from Start Menu |
Remove the My Music icon |
Remove Music icon from Start Menu |
Remove the Favorites icon |
Remove Favorites menu from Start Menu |
Remove the My Network Places icon |
|
Remove the Frequently Used Programs list |
Remove frequent programs list from the Start Menu |
Prevent programs in the All Users folder from appearing |
Remove common program groups from Start Menu |
Remove the Control Panel icon |
Prohibit access to the Control Panel |
Remove the Set Program Access and Defaults icon |
Remove Default Programs link from the Start menu |
Remove the Network Connections (Connect To) icon |
Remove Network Connections from Start Menu |
Remove the Printers and Faxes icon |
A comparable Group Policy setting is not available |
Remove the Run icon |
Remove Run menu from Start Menu |
Remove the Shut Down button |
Prevent adding, dragging, dropping and closing the Taskbar's toolbars |
Remove the Help and Support icon |
Remove Help menu from Start Menu |
Windows Restrictions: General Restrictions
| In Windows SteadyState | In Group Policy |
|---|---|
Prevent right-click in Windows Explorer |
|
Prevent AutoPlay on CD, DVD, and USB drives |
Turn off Autoplay |
Prevent access to Windows Explorer feature: Folder Options, Customize Toolbar, and the Notification Area |
|
Prevent changes to Windows Explorer’s advanced registry settings |
A comparable Group Policy setting is not available; however, many policies for managing Windows Explorer are available in User Configuration\Administrative Templates\Windows Components\Windows Explorer |
Use Control Panel Classic View |
Always open All Control Panel Items when opening Control Panel |
Prevent access to the taskbar |
|
Prevent access to the command prompt |
Prevent access to the command prompt |
Prevent access to the registry editor |
Prevent access to registry editing tools |
Prevent access to Task Manager |
Remove Task Manager |
Prevent access to Microsoft Management Console utilities |
Restrict users to the explicitly permitted list of snap-ins |
Prevent users from adding or removing printers |
|
Prevent users from locking the computer |
Remove Lock Computer |
Prevent password changes (also requires that the Control Panel icon is removed) |
Remove Change Password |
Remove CD and DVD burning features |
Remove CD Burning features |
Disable keyboard shortcuts that use the Windows Logo key |
Turn off Windows+X hotkeys |
Allow only programs in the Program Files and Windows folders to run |
See the section titled “Blocking Applications” in Creating a Steady State by Using Microsoft Technologies |
Disable System Tools and other management programs |
See the section titled “Blocking Applications” in Creating a Steady State by Using Microsoft Technologies |
Disable Notepad and WordPad |
See the section titled “Blocking Applications” in Creating a Steady State by Using Microsoft Technologies |
Remove the Recycle Bin icon |
|
Prevent users from saving files to the desktop |
A comparable Group Policy setting is not available; however, you can configure permissions to prevent users from creating folders and files on the desktop |
Windows Restrictions: Hide Drives
| In Windows SteadyState | In Group Policy |
|---|---|
Select the drives you want to hide from the user |
|
Feature Restrictions: Internet Explorer Restrictions
| In Windows SteadyState | In Group Policy |
|---|---|
Prevent Internet access (except Web sites below) |
A comparable Group Policy setting is not available; however, you can restrict access to websites by configuring the firewall |
Prevent changes to Internet Explorer registry settings |
A comparable Group Policy setting is not available; however, numerous policies for managing Internet Explorer settings are in Administrative Templates\Windows Components\Internet Explorer under the Computer Configuration and User Configuration nodes |
Prevent right-click in Internet Explorer |
Disable Context menu |
Prevent printing |
Turn off Print Menu |
Do not allow access to Favorites |
Hide Favorites menu |
Disable AutoComplete |
|
Empty the Temporary Internet Files folder when Internet Explorer is closed |
Empty Temporary Internet Files folder when browser is closed |
Disable RSS Feeds (Internet Explorer 7 only) |
|
Feature Restrictions: Internet Explorer Restrictions, Menu Options
| In Windows SteadyState | In Group Policy |
|---|---|
Remove View Source |
View menu: Disable Source menu option |
Remove Find Files |
Search: Disable Find Files by clicking F3 within the browser window |
Remove Theater Mode |
View menu: Disable Full Screen menu option |
Remove Help menu |
Turn off displaying the Internet Explorer Help Menu |
Remove Internet Options |
Tools menu: Disable Internet Options... menu option |
Remove expanded New menu |
A comparable Group Policy setting is not available |
Remove General tab in Internet Options |
Disable the General page |
Remove Security tab in Internet Options |
Disable the Security page |
Remove Privacy tab in Internet Options |
Disable the Privacy page |
Remove Content tab in Internet Options |
Disable the Content page |
Remove Connections tab in Internet Options |
Disable the Connections page |
Remove Programs tab in Internet Options |
Disable the Programs page |
Remove Advanced tab in Internet Options |
Disable the Advanced page |
Remove New Windows menu option |
File menu: Disable New menu option |
Feature Restrictions: Internet Explorer Restrictions, Toolbar Options
| In Windows SteadyState | In Group Policy |
|---|---|
Search |
A comparable Group Policy setting is not available for Internet Explorer 7 |
Folders |
A comparable Group Policy setting is not available for Internet Explorer 7 |
Edit |
A comparable Group Policy setting is not available for Internet Explorer 7 |
Discussions |
A comparable Group Policy setting is not available for Internet Explorer 7 |
Encoding |
A comparable Group Policy setting is not available for Internet Explorer 7 |
Size |
A comparable Group Policy setting is not available for Internet Explorer 7 |
Full Screen |
A comparable Group Policy setting is not available for Internet Explorer 7 |
Media |
A comparable Group Policy setting is not available for Internet Explorer 7 |
A comparable Group Policy setting is not available for Internet Explorer 7 |
|
History |
A comparable Group Policy setting is not available for Internet Explorer 7 |
Tools |
A comparable Group Policy setting is not available for Internet Explorer 7 |
Non-Microsoft extension buttons |
A comparable Group Policy setting is not available for Internet Explorer 7 |
Command Bar |
A comparable Group Policy setting is not available for Internet Explorer 7 |
Feature Restrictions: Home Page
| In Windows SteadyState | In Group Policy |
|---|---|
Home Page Web Addresses Allowed |
Disable changing home page settings |
Block Programs
The following table references information about blocking programs in Windows SteadyState and with Group Policy settings.
| In Windows SteadyState | In Group Policy |
|---|---|
Block Programs |
See Blocking Applications in Creating a Steady State by Using Microsoft Technologies |