11.3. Configuring Windows SteadyState (for Domain-Joined Computers)
Before we continue, you may be asking yourself: why would I even need SteadyState in a domain-joined environment? Sure, it makes sense to have a way to restrict computers like we just did in a nondomain-joined environment.
But with the power of Group Policy, don't we have everything we need for a real lockdown? In fact, the answer is no. Group Policy doesn't make any consideration for the actual security or sanctity of the hard drive contents. Group Policy's goal is to deliver settings.
SteadyState's Windows Disk Protection is the real key here to preventing changes from any evil software from making their way (permanently) onto your hard drive. With that in mind, here are the ...