We have several AT&T wireless netbooks that our warehouse uses in their trucks. These netbooks have 200MB/month wireless plans so the truck drivers that shuttle trailers around can use VPN to get into our network and pull a JDA green screen and get their work/inputs done in real time. Using these saved a ton of money in not having to implement a secure wireless outdoor WAN. And being able to do this saves our drivers a ton of time because they don’t have to tote paperwork inside to a computer and enter data throughout the day.
In the past our netbooks came in with Windows XP and we would use a program named SteadyState to lock these machines down so that the drivers won’t go over their limits playing on the internet. It’s a very cool program that’s easy to use and it lets you do everything from blocking specific programs from being run, to hiding access to drives, to removing command line access. And more. Machines can be locked down tightly and it’s been a big help. So a few weeks ago one of the first netbooks we bought broke. We ordered another – and props to AT&T was only $39. (Of course, they’ll get all their money with the 2 year contract…but that’s another tale)
So I pop it open and get ready to prep it and it’s running Windows 7 Starter edition. No downgrade option is available, so I just realize we’ll need to run this edition from now on out if we are going to continue with the netbooks. No problem. A quick install of SteadyState fails. It only works on XP and Vista it tells me. A quick search informs me that Steady State is no longer supported in Windows 7. I see irate user comments and then discover and download a 26-page doc entitled “Windows 7 : Creating a Steady State by Using Microsoft technologies”. This will do the trick, I think. Then I get busy with other things and put it all aside for several weeks.
Today, I’m back at it. The 26-page doc lets me know that “Even though Windows SteadyState does not support Windows 7, many of its features can be replicated by using native Windows 7 features and free tools from Microsoft”. Hot diggity. I see heading that are promising. But as I page through this and start trying some things I realize this just ain’t gonna work. I’m supposed to config group policies and manually tweak all the hidden little policies. To block apps I’m supposed to use AppLocker – but wait – that only works with Windows 7 Enterprise and Windows 7 Ultimate. Did I mention this is Windows 7 STARTER edition? So no app blocking. I’m supposed to download a Microsoft Deployment Toolkit and write scripts to, for one thing, “simulate the functionality of Windows Disk Protection”. Good grief. These are stand-alone netbooks, not joined to a network, and I just need a simple way to lock them down.
I try to set the compatibility of the SteadyState executable to run like it’s a previous version of Windows. It installs! Great…except now any profiles created and/or modified with SteadyState installed like this come back with a “the user profile service failed the logon” error message. Somehow the software is corrupting the user profiles. Back to the drawing board. Searching some more I discover a guy who used Orca to change the launch condition OS version variable in the SteadyState .msi installer file and it worked for him. Forgetting what Orca was I searched for that only to find that Microsoft won’t let you download a small helpful little tool just to get something done. No. You have to download the entire multi-gigabyte developer kit to get the little tool. Nah. So I find another little tool named “InstEd” that will let me modify the executable file. Install the new tool, modify launch condition (for those who see this and are in the same jam:
It is under LaunchCondition in the file
(MsiNTProductType = 1) AND ((VersionNT = 501 AND ServicePackLevel >= 2) OR (VersionNT >= 502 AND VersionNT <= 600))
Remove the ”and versionNT <=600” line – which is telling it Vista or below.)
Save the file and try to reinstall. Success! Sort of. This actually works with most of the functionality. Enough for me anyway – but should it really take this much time? Absurd.
