11.3. Configuring Windows SteadyState (for Domain-Joined Computers)

Before we continue, you may be asking yourself: why would I even need SteadyState in a domain-joined environment? Sure, it makes sense to have a way to restrict computers like we just did in a nondomain-joined environment.

But with the power of Group Policy, don't we have everything we need for a real lockdown? In fact, the answer is no. Group Policy doesn't make any consideration for the actual security or sanctity of the hard drive contents. Group Policy's goal is to deliver settings.

SteadyState's Windows Disk Protection is the real key here to preventing changes from any evil software from making their way (permanently) onto your hard drive. With that in mind, here are the ...

Get Creating the Secure Managed Desktop: Using Group Policy, SoftGrid, Microsoft Deployment Toolkit, and Other Management Tools now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.