So I was looking for a list of settings I could use as a check sheet and couldn’t find one…

Windows SteadyState 2.5 – Settings

Global Computer Settings

Set Computer Restrictions

Privacy Settings

• Do not display user names in the “Log On to Windows” dialog box
• Prevent locked or roaming user profiles that cannot be found on the computer from logging on
• Do not cache copies of locked or roaming user profiles for users who have previously logged on to this computer

Security Settings

• Remove the Administrator user name from the Windows screen [If enabled]
• Remove the Shut Down and Turn Off options from the “Log On to Windows” dialog box and the Welcome screen
• Do not allow Windows to compute and store password using LAN Manager Hash values
• Do not store user names or passwords used to log on to Windows Live ID or the domain
• Prevent users from creating folders and file on drive C:
• Prevent users from opening Microsoft Office documents from within Internet Explorer
• Prevent write access to USB storage devices

Other Settings

• Turn on the Windows screen (Windows XP only)

Schedule Software Updates

Schedule Updates

• Use Windows SteadyState to automatically download and install updates:

Daily at 03:00

• Do not use Windows SteadyState to download and install updates.

Select Updates

• Security Program Updates [n/a]

[program list]

• Custom Updates

Custom Script: file name [Such as a script to update anti-virus]

Protect the Hard Disk

• Off
• On
• Remove all changes at restart
• Retain changes temporarily
• Retain all changes
• Do not warn the administrator about losing changes before log off, restart, or shut down.

User Settings – Local Accounts

General

General Settings

• Lock profile to prevent the user from making permanent changes

Session Timers

• Log off after 60 minutes of use
• Log off after 10 minutes idle
• Always display the session countdown
• Restart computer after log off

Windows Restrictions

Start Menu Restrictions

• Prevent right-click in the Start menu
• Allow only Classic Start menu
• Remove the control Panel, Printer and Network Settings from the Classic Start menu
• Remove the My Documents icon
• Remove the My Recent Documents icon
• Remove the My Pictures icon
• Remove the My Music icon
• Remove the Favorites icon
• Remove the My Network Places icon
• Remove the Frequently Used Program list
• Prevent the program in the All Users folder from appearing
• Remove the Control Panel icon
• Remove the Set Program Access and Default icon
• Remove the Network Connections (Connect To) icon
• Remove the Printers and Faxes icon
• Remove the Search icon (Windows XP only)
• Remove the Run icon
• Remove the Shut Down button
• Remove the Help and Support icon

General Restrictions

• Prevent right-click in Windows Explorer
• Prevent AutoPlay on CD, DVD, and USB drives
• Prevent access to Windows Explorer features: Folder Options, Customize Toolbar, and the Notification Area
• Prevent changes to Explorer’s advanced registry settings
• Use Control Panel Classic View
• Prevent access to the taskbar
• Prevent access to the command prompt
• Prevent access to the registry editor
• Prevent access to the Task Manager
• Prevent access to Microsoft Management Console utilities
• Prevent users from adding or removing printers
• Prevent users from locking the computer
• Prevent password changes (also requires the Control Panel icon to be removed)
• Remove CD and DVD burning features
• Disable keyboard shortcuts that use the Windows Logo key
• Allow only programs in the Program Files and Windows folders to run
• Disable System Tools and other management programs
• Disable Notepad and WordPad
• Remove the Recycle Bin icon
• Prevent users from saving files to the desktop

Block Drives

Feature Restrictions

Internet Explorer restrictions

• Prevent Internet access (except Web sites below)
• Prevent changes to Internet Explorer registry settings
• Prevent right-click in Internet Explorer
• Prevent printing
• Do not allow access to Favorites
• Disable AutoComplete
• Empty the Temporary Internet Files folder when Internet Explorer is closed
• Disable RSS Feeds (Internet Explorer 7 only)

Menu Options

• Remove View Source
• Remove Find Files
• Remove Theater Mode
• Remove Help menu
• Remove Internet Options
• Remove expanded New menu
• Remove General tab in Internet Options
• Remove Security tab in Internet Options
• Remove Privacy tab in Internet Options
• Remove Content tab in Internet Options
• Remove Connections tab in Internet Options
• Remove Programs tab in Internet Options
• Remove advanced tab in Internet Options
• Remove New Window menu option

Toolbar options

• Search (Internet Explorer 6 only)
• Folders (Internet Explorer 6 only)
• Edit
• Discussions (Internet Explorer 6 only)
• Encoding
• Size
• Full Screen
• Media (Internet Explorer 6 only)
• Print
• History (Internet Explorer 6 only)
• Tools (Internet Explorer 6 only) [needed to show any above]
• Third party extension buttons [uncheck to run; flash player-ish items]
• Command Bar (Internet Explorer 7 only) [needed to show any above]

Microsoft Office restrictions

• Prevent use of Visual Basic for Applications
• Disable macro shortcut keys
• Disable Macro menu items in the Tools menu
• Disable Add-ins
• Disable the Web toolbar (Office 2003/200/XP only)
• Disable the Location box (Office 2007 only)
• Disable the Detect and Repair command in the Help menu
• Prevent changes to Clip Organizer contents in Office 2007/2003/XP

Set Internet Explorer’s home page

Block Programs (Blocked Programs)

[Block the programs you don’t want the account to access.  Do not block all programs then allow the programs you want, you’ll likely miss some partner apps.]

User Settings – Group Policy

General Settings

• Set Internet Homepage (Internet Explorer only)
• Force logoff after specified number of minutes (SteadyState must be installed)
• Hide these specified drives in My Computer
• Prevent access to drives from My Computer
• Restart computer after log off

Start Menu Restrictions

• Prevent right-click in the Start menu
• Allow only Classic Start menu
• Remove the control Panel, Printer and Network Settings from the Classic Start menu
• Remove the My Documents icon
• Remove the My Recent Documents icon
• Remove the My Pictures icon
• Remove the My Music icon
• Remove the Favorites icon
• Remove the My Network Places icon
• Remove the Control Panel icon
• Remove the Set Program Access and Default icon
• Remove the Network Connections (Connect To) icon
• Remove the Printers and Faxes icon
• Remove the Search icon (Windows XP only)
• Remove the Run icon
• Remove the Frequently Used Program list
• Remove the Shut Down button

See Optional Restrictions, Additional Start Menu Restrictions, below

General Windows Restrictions

• Prevent right-click in Windows Explorer
• Prevent AutoPlay on CD, DVD, and USB drives
• Remove the Recycle Bin icon
• Prevent users from saving files to the desktop
• Prevent access to Windows Explorer features: Folder Options, Customize Toolbar, and the Notification Area
• Use Control Panel Classic View
• Prevent access to the taskbar
• Prevent access to the command prompt
• Prevent access to the registry editor
• Prevent access to the Task Manager
• Prevent access to Microsoft Management Console utilities
• Prevent users from adding or removing printers
• Prevent users from locking the computer
• Prevent password changes (also requires the Control Panel icon to be removed)
• Disable System Tools and other management programs
• Disable Notepad and WordPad

See Optional Restrictions, Additional General Windows Restrictions, below

The following are available for local users but not in Group Policy

• Prevent changes to Explorer’s advanced registry settings
• Allow only programs in the Program Files and Windows folders to run

Internet Explorer restrictions

• Prevent right-click in Internet Explorer
• Do not allow access to Favorites
• Disable AutoComplete
• Empty the Temporary Internet Files folder when Internet Explorer is closed
• Disable RSS Feeds (Internet Explorer 7 only)

See Optional Restrictions, Additional Internet Explorer Restrictions, below

The following are available for local users but not in Group Policy

• Prevent changes to Internet Explorer registry settings

Prevent access to some Internet Explorer menu choices (Menu Options above)

• Disable View Source
• Disable Find Files
• Disable Theater Mode
• Disable Help menu
• Disable Browser Options+
• Disable expanded New menu
• Disable General tab
• Disable Security tab
• Disable Content tab
• Disable Connections tab
• Disable Programs tab
• Remove Privacy tab
• Disable advanced tab
• Disable New Window menu option

The following are available for local users but not in Group Policy

• Remove Internet Options

Prevent access to some Internet Explorer toolbar buttons (Toolbar options above)

• Remove the Search Button (Internet Explorer 6 only)
• Remove the Folders Button (Internet Explorer 6 only)
• Remove the Tools Button (Internet Explorer 6 only) [needed to show any tool options]
• Remove the Edit Button
• Remove the Discussions Button (Internet Explorer 6 only)
• Remove the Encoding Button
• Remove the Size Button
• Remove the Full Screen Button
• Remove the Media Button (Internet Explorer 6 only)
• Remove the Print Button
• Remove the History Button (Internet Explorer 6 only)
• Third party extension buttons [uncheck to run; flash player-ish items]
• Command Bar (Internet Explorer 7 only) [needed to show any above]

Microsoft Office restrictions

• Prevent use of Visual Basic for Applications
• Disable macro shortcut keys
• Disable Macro Tools | Macro menu items
• Disable Add-ins
• Disable the Web toolbar (Office 2003/200/XP only)
• Disable the Location box (Office 2007 only)
• Disable the Detect and Repair command in the Help menu
• Prevent changes to Clip Organizer contents in Office 2007/2003/XP

Optional Restrictions

Additional Start Menu Restrictions

• Prevent the program in the All Users folder from appearing
• Remove the Help and Support icon

Additional General Windows Restrictions

• Remove the Shared documents folder from My Computer
• Remove CD and DVD burning features
• Disable keyboard shortcuts that use the Windows Logo key

Additional Internet Explorer Restrictions

• Prevent Internet access (except Web sites below)
• Prevent printing