Description: Chris Peters describes and compares two tools ...



Description: Chris Peters describes and compares three free tools for securing shared or public access computers running Microsoft Windows operating systems: Windows SteadyState, which supersedes the Windows Shared Computer Toolkit, which itself superseded the old Public Access Computer Security Tool from the Gates Foundation.

What is Windows Steady State?

Windows SteadyState (formerly known as the Shared Computer Toolkit) is a free software tool that makes the lives of librarians easier by protecting their public access computers against the kinds of accidental or malicious changes that are inevitable when you let patrons use the library’s equipment.

SteadyState does this in two basic ways. First it restricts what the patron can access on the computer. If you choose, it can prevent access to all system settings (e.g. the run command, the control panel, etc.) and all drive letters. Or, you can selectively allow access to certain system settings and specific drive letters, but not others. In addition, you can pick which software applications patrons have access to.

Second, SteadyState has two different ways to wipe away any changes a patron makes to your computer, and any files they leave behind. At each logout, all normal traces of a user, like temporary files, Internet history and files saved to the desktop are deleted from the profile. Additionally, even if something defeats this profile security, SteadyState includes a feature known as Windows Disk Protection that wipes away all changes made to the hard drive at each reboot. Windows Disk Protection does require a minimum of 4 GB free space, which could be a limitation on older computers.

These two levels of security create a computer that’s protected from library patrons, but still allows activities such as the use of USB flash drives and CD burners if the library so chooses. It’s even possible to let users to permanently save files to the computer by configuring a separate hard drive partition for that purpose.

SteadyState and it’s predecessor the Shared Computer Toolkit were inspired by the Gates Foundation’s Public Access Computer Security Tool. With SteadyState, Microsoft has taken the Gates tool and improved on it by adding more features (notably, Windows Disk Protection) and enhancing usability. Moreover, Microsoft plans to provide ongoing support and development for SteadyState, whereas development of and support for the Gates Security Tool ended in 2004.

Windows SteadyState vs. the Gates Foundation’s Public Access Computer Security Tool (PAC Tool)

Advantages of SteadyState:

• With SteadyState, installation and removal are faster and easier.

• SteadyState includes Windows Disk Protection, a utility which is similar to Centurion Guard or DeepFreeze.

• With SteadyState it’s easier to download critical operating system updates and virus updates.

• SteadyState includes session timers.

• SteadyState allows access to certain programs that are difficult to use with the PAC Tool.

• SteadyState is fully compatible with Windows XP, Service Pack 2, while the PAC Tool has some minor bugs when running on XP SP2.

• SteadyState will be compatible with Windows Vista, though a release date for the Vista version hasn’t been determined yet.

• Microsoft will continue to develop SteadyState, while development of the PAC Tool ended in 2004. 

Advantages of the Public Access Computer Security Tool

• The PAC Tool works with Windows 2000 Professional (SteadyState only works with Windows XP SP2 and later machines).

• It’s easier to specify which IE toolbar buttons to add or remove when using the PAC Tool. 

Windows SteadyState vs. the Shared Computer Toolkit

As stated earlier, SteadyState is really version two of the Shared Computer Toolkit with a new name. In many ways, SteadyState is much more powerful and user-friendly than the SCT. Below are some of the ways that SteadyState improves on the SCT:

• Easier to install. Using the version of Windows Disk Protection that came with the Shared Computer Toolkit required a large amount of unallocated space on your hard drive. Since very few computers have unallocated space, most administrators needed to shrink one of their existing partitions with disk partitioning software (e.g. Partition Magic). SteadyState doesn’t need this unallocated space. When you turn on the new version of Windows Disk Protection that comes with SteadyState, a cache file is created automatically as long as you have at least 4 GB of free space on your system partition. Repartitioning is no longer necessary unless your system partition is running out of room. If your system partition needs to borrow space from an adjacent partition, or from adjacent unallocated space, you can use commercial software such as Partition Magic, or refer to these instructions on using QTParted, a free disk partitioning tool.

• Easier to use. SteadyState has a unified console that lets you control all the settings and options from a single interface. The SCT consisted of four separate, linked consoles. SteadyState also has three new security templates (high, medium, low) that make it easy for novices to use the software without making a specific decision about every setting. Finally, SteadyState includes the ability to export user profiles to other computers. Therefore, once you’ve configured SteadyState on one machine, it’s much easier to replicate those settings on other machines than it was with the Shared Computer Toolkit. Of course, if you have a copy of Symantec Ghost or a similar disk imaging product, you can also use that to roll out your configuration of SteadyState to multiple machines.

• More powerful. SteadyState contains more options than the SCT, allowing for greater granularity and control when deciding which programs and features users can access.

• Easier to update. SteadyState is better integrated with Windows Updates than the SCT. When scheduled updates are enabled in SteadyState, Automatic Updates are disabled, since having both on at the same time is redundant.

• More scalable. For server-based networks, the new group policy support for Windows Disk Protection means it can be managed in an Active Directory environment.

Upgrading from the Shared Computer Toolkit to SteadyState

There is no direct upgrade from the Shared Computer Toolkit to SteadyState. You have to uninstall the Shared Computer Toolkit before you install SteadyState. However, most of the user restrictions that you configured with the Shared Computer Toolkit will be retained after you uninstall it. Furthermore, SteadyState will recognize the changes and reflect them in its user interface.

If you created unallocated space in order to use the version of Windows Disk Protection that came with the SCT, SteadyState will not reclaim that space. If you have a lot of extra space on your hard drive, you can just leave the unallocated space as it is. If you need to reclaim some of that space, refer to our instructions for using QTParted.

Installing SteadyState

• As mentioned above, if you have the Shared Computer Toolkit, the PAC Tool, or a beta version of SteadState installed, be sure to remove them before installing SteadyState.

• SteadyState will install on Windows XP Service Pack 2 or later (Professional, Home or Tablet versions). 

• Your hard drive must be formatted using NTFS.

• When you download SteadyState, you’ll have to validate your copy of Windows using the Windows Genuine Advantage Validation Tool.

• The Windows Disk Protection feature requires a minimum of 4 GB of free space on your system partition for the cache it uses to save temporary changes to the hard drive. By default, the cache will use 50% of available disk space, up to a maximum of 40 GB.

• You must install SteadyState in an administrative account.

Learning More About SteadyState

The first three times you open SteadyState, a help window appears offering some suggestions about how to get started. Also, WebJunction is working on a document with step by step instructions for folks who are new to SteadyState and Public Access Computers. Furthermore, Microsoft has introductory and in-depth documentation. Below are links to specific resources:

• WebJunction’s documents about SteadyState and the Shared Computer Toolkit

• Microsoft’s SteadyState homepage, including the tool itself and links to additional resources.

• Microsoft’s Technical FAQ’s for Steady State.

• Microsoft’s SteadyState Handbook (in PDF form). 

• Microsoft support and discussion forum for SteadyState.

• And finally, for Windows 2000 computers, the Public Access Computer Security Tool is still available.

................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download