Native Windows Features
Updated: September 22, 2010
Applies To: Windows 7
Microsoft developed Windows SteadyState when the Windows management features were less robust and mature than they are today. As an example, many businesses allowed users to log on to their computers with full administrative access, simply because most applications required full access to the computer, and restricting users’ accounts significantly limited their flexibility.
On the other hand, Windows 7 is a modern operating system that supports modern management features. Businesses can more easily deploy standard user accounts (accounts with limited access to the system’s files and settings) without limiting users’ productivity. This contributes significantly to your ability to simulate many Windows SteadyState features by using native Windows 7 features. Additionally, many Group Policy settings are available for restricting computer and user settings, and features like AppLocker™ allow businesses to control which applications users can run.
When users log on to computers as a member of the Administrators group, they can change any file or setting and access other users’ files on shared computers. Obviously, allowing users to log on to shared computers as a member of the Administrators group is not a best practice. When users log on to computers with standard user accounts, they cannot change system files or settings; therefore, standard user accounts protect the computer’s configuration from malicious or accidental changes. Additionally, users with standard user accounts cannot access other users’ files on a shared computer—protecting other users’ privacy.
Users with standard user accounts cannot change system settings or files, but this does not prevent them from using their older applications. Applications that are designed for Windows 7 should already work with standard user accounts. For older applications that are not compatible with standard user accounts, Windows 7 provides the ability to redirect an application’s system changes to a location within a user’s profile. The application believes it has full access to the system, even though it does not. Users can continue using older applications that are not compatible with standard user accounts without affecting other users on a shared computer.