SteadyState Alternatives for Windows 7


Microsoft’s Windows SteadyState software makes locking down 32-bit Windows XP and Vista machines really easy. This is great for shared workstations used by visitors, clients, employees, or non-trusted users. It’s even beneficial for highly sensitive systems that require 24/7 uptime.

Windows SteadyState prevents users from playing with settings, running unnecessary programs, installing software, and offers numerous other restriction features. The full disk protection means a simple restart can revert any user changes. Best of all, SteadyState is completely free—truly helping out schools, libraries, and other organizations with limited budgets.

The bad news: there is no more SteadyState! As of January 1, 2011, Microsoft removed it from their downloads and active support for the product ends June 30, 2011.

Microsoft cites many of SteadyState’s features can be replicated by using native Windows 7 features and other free tools. However, most argue that this doesn’t come close to the simplicity of deploying and using SteadyState.

Now you’ll have to find another solution when setting up new public workstations. Plus you might even think about changing current workstations that use SteadyState to a new solution due to the lack of support and updates.

Using Windows 7 and Microsoft Features

One of the few benefits of using native Windows 7 features over SteadyState is that 64-bit systems are now supported, though you’ll find this in third-party solutions as well.

Here are the main components you can use to imitate the functionality of SteadyState in Windows 7:

  • Createnon-administrative user accounts: Naturally, this is the first line of defense to prevent access to most system settings, applications, and files. If you aren’t using Active Directory on a domain network or are creating an account for guests, you can create local default user profiles on the computer(s). Mandatory user profiles can be used to prevent permanent profile changes and eliminate privacy issues (such as browser cache). Any changes to mandatory user profiles are removed when logging off.
  • Group Policy settings: These can further restrict changes and functionality of user profiles, computer settings, and the interface. They can be implemented via Group Policy objects (GPOs) with Active Directory in Windows Server 2008 R2 or via the local Group Policy objects (LGPOs) on the individual workstations if not on a domain network.
  • AppLocker or Parental Controls: This feature lets you control which applications users can run with highly customizable rules via Group Policy settings. However, AppLocker is only offered in the Windows 7 Enterprise edition. In other editions, depending upon your particular implementation, you might be able to restrict programs (and other computer usage) with the Windows 7 Parental Controls feature.
  • User State Migration Tool (USMT) or Windows Easy Transfer: Once you have a user account configured with your desired settings, you can use these to export local the account, settings, and any personal files for distributing across multiple computers. IT administrators could use USMT, while average users should use the simpler Windows Easy Transfer utility.
  • Microsoft Deployment Toolkit (MDT) or Backup and Restore: Once you get Windows 7 configured just like you want it, you can use backup solutions to image the computer so you can restore it to your desired configuration if it becomes corrupted. IT administrators could use the MDT. Other users could use the more simplified Backup and Restore features built into all editions of Windows 7. You can setup regular backups of any personal files and/or create a system image which backups up the entire drive including Windows 7. When needed, you can restore backed up files and/or system images via the Control Panel. If Windows 7 won’t boot, you can use the pre-installed System Recovery Options or a system repair disc to restore the computer with a system image.

If you’re interested in piecing together your own solution with these native features, start with Microsoft’s Creating a Steady State by Using Microsoft Technologies article. They provide step-by-step instructions for some features and point you in the right direction for others. They even provide side-by-side comparisons of SteadyState restrictions and comparable Group Policy settings.

COMODO TimeMachine

If you find the native Windows 7 features (or another solution) give you enough user restrictions but would like automated system restore functionality, consider COMODO TimeMachine. It’s a 100% free solution that works with 32-bit and 64-bit editions of Windows 7, in addition to Windows Server 2003 & 2008, Windows XP, and Windows Vista.

COMODO TimeMachine lets you create and restore manual or automated full system snapshots. This gives you similar functionality as the disk protection feature of SteadyState. To save personal documents and files you can store them on a different (unprotected) drive or partition. If you do leave files on the protected drive/partition, you can still restore those files or folders from previous snapshots, or use the Synchronize feature. Like the system image functionality of Windows 7, you can even restore to previous snapshots without entering Windows in case the system becomes unbootable.


If want more of an out-of-box solution (and you have the budget for it), you might consider SiteKiosk. It’s a full-featured commercial kiosk solution that starts between $149 and $260 per PC. It can run on Windows XP (32-bit) and the 32-bit and 64-bit editions of Windows Vista and 7.

SiteKiosk offers restrictive functionality, crash detection and auto recovery, user session privacy, and customizable skins and browser designs. It even lets you take payments and supports touch screens, video cameras, and VoIP phones. The SiteRemote component gives numerous remote management, maintenance, and monitoring features, including alerts and reporting, remote desktop (VNC) access, file transferring, and software and hardware inventory.

You can evaluate SiteKiosk by downloading the demo.


If you don’t have the budget for a commercial solution and are deploying a number of workstations, you might consider OpenKiosk. It’s an open source project released under the GNU General Public License (GPL) and is free besides a nominal fee for the Windows client.

OpenKiosk replaces the standard Windows or Linux desktop with a controlled interface. It offers user authentication and centralized management designed for a multi-user network. Though there isn’t any disk protection features similar to what SteadyState offers, you could use an addition solution (such as COMODO TimeMachine) if you think it’s needed.

The NodeView component acts as the central server, which can be administered via a GUI locally or a Java Applet in a browser. The Client component sits between the KDE Linux or Windows operating system and is the interface that physically limits the usage. The KDE client is free, but the Windows client costs $70.00 for unlimited machines within an organization. You can evaluate the Windows client with their demo version.

One final tip: If you find a solution doesn’t offer adequate Internet filtering, consider using OpenDNS, which provides free and paid service.


Though you can’t use SteadyState to lockdown Windows 7, we discussed that most features can be replicated with native features and other Microsoft tools. Adding a third-party disk protection solution like COMODO TimeMachine can give you even more peace of mind. If you’re looking for a complete solution, consider commercial titles such as SiteKiosk. If the budget is a concern, look into OpenKiosk.

About The Author

Leave a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top