Back to Public Labs
On to Part 2

Transcript of Kevin's interview the Microsoft's SteadyState Team, 05/17/07, 10 mins 57 secs

TechSoup's Kevin Lo sits down with Microsoft's development team to discuss the new features of SteadyState, version 2.0 of their free public access software formerly known as Shared Computing Toolkit. You will hear first hand on the new features from those to developed it, and other information you may will find relevant for your public access computers.

In this first part, you will hear about the new features of SteadyState, and some user tips to benefit from them.

---

RN: We should start with probably introducing ourselves, so as I said my name is Reshma (Nichani). I am the product manager for Windows SteadyState.

GV: I am Garrett Vargas, and I am the development manager from SteadyState.

RE: And I am Rob Elmer, the dev[elopment] lead for Windows SteadyState

TT: I am Thomas Tomasevic, and I'm the development and program manager for SteadyState.

EW: Hi, my name is Emily (Woo) and I am the launch manager for SteadyState.

KL: Thank you Emily, for bringing all these folks together so we can have a brief chat about what we can expect from this new development and this new product, or the latest and greatest shall we say

First question, and, I should introduce myself, I am Kevin Lo from TechSoup, And a lot of folks may have questions on what, is the biggest reason, that people should upgrade if they are already running Shared Computing Toolkit right now, could you just briefly talk about that?

TT: So, SteadyState is the next generation of the Shared Computing Toolkit as you said. And the benefit is from the added functionality and added reliability that we have. We came with a new generation of the product that includes multiple new improvements, higher reliability, more features that would be of use to end users, and ease of use.

RN: And to elaborate on what Thomas has mentioned. With our version one product we required a disk partition to start Windows Disk Protection, and with SteadyState you no longer require a disk partition. We have done a lot to centralize the management of the product altogether. So whereas everything before was running under multiple consoles everything is consolidated under one now, which is really great. And we are also giving the users the ability to import and export user accounts. The level of granularity and customization with respect to the users and user settings has definitely improved. But for the novice users we also have new templates that we've added so that, if you really don't know that you just want a general amount of security for your users’ account, say you are at school you can choose from our templates of high, medium, or low restrictions on Windows features and internet restrictions as well. So that's just a few of the improvements we have made. And it's a lot faster than version one.

KL: I noticed that we need at least 2 GB of space for the cache files for the disk protection can you elaborate on that, and how at least 50% of the disk must be free, that is the system disk, correct?

RE: Not exactly, when you enable disk protection, we require that there is 4 GB free on the system drive, and of that free space, half of it is for the cache file. So if you have 5 GB free then we will create a 2.5 GB cache file.

KL: So you are saying half of the free space available in the system partition will be used for the cache file.

RE: Right.

GV: With a minimum of 2 GB

KL: So, if someone has a 40 GB hard drive, with only 3 GB of free space, that probably would not work as well.

RE: Right. You can use the other features of SteadyState, you just can’t enable disk protection.

KL: So when disk protection kicks in, does it revert itself after the reboot, or on the logoff, of the session?

GV: Assuming that you have set the Windows Disk Protection to discard changes after reboot. We do have one mode called retain changes, for a certain date and time, and if you are using that mode of Windows Disk Protection, changes will be retained even across multiple reboots.

KL: And that feature is more useful in what circumstances?

GV: Well, we foresee that being useful for, in a school environment you would want to have changes persistent through the end of the week, so that students can come in and whatever changes they make that day and the next day will be there the following week, and it will revert back to its original state.

KL: So that feature can be set per time, is that what you are implying?

GV: Yes, that feature is "retain changes until" a specific date or time. When you enable that feature, you tell it until which date and time you want it to revert changes.

KL: So ostensibly we can say, retain changes through a course, a 3-week course for example.

GV: That's correct, we could do that.

KL: Content filtering technology, is something that many libraries or public access computer environments have. Can you talk a bit on how SteadyState may work with such technologies or software?

RE: We don't have any direct interface with them. So, as long as the technology applies to generalize Internet Explorer sessions, then it should work fine with SteadyState.

KL: So it would be advised then to not turn on, the, say limit certain sites on the SteadyState software, and just let the content filtering software do its job?

RE: Yes, the only time that it would be at odds is if the content filtering software installs itself as a proxy server, and you have to set IE (Internet Explorer) to use a certain proxy server. The way that we limit web sites is we change the proxy settings on IE, and that might conflict with our functions.

GV: And much content filtering software out there today is much more robust than what we provide. So if someone is using content filtering technology, it is probably best to continue using that for web site filtering.

KL: And same goes for firewall technologies? You mention that it does update for example, [and] it uses the built-in XP Service Pack 2 firewall, but you still would suggest folks installing a firewall option? regardless of SteadyState?

RE: Yes, we don't have any built-in support for firewall types, since that is built-in already.

KL: And, another concern for folks using this would be the anti-virus, antispyware technologies, and we notice in the [SteadyState] software, titles that you have tested is built-in to update. Could you comment on any other software that you may have come across using that feature?

GV: We have the ability for operators to specify a custom script, which are antivirus updates feature. So if they have a script that would update one of the other anti-virus programs that we don't provide in the box. Or even if they wanted to provide one for another type of software to get updates on a regular basis, they can do that.

TT: Just wanted to elaborate on that. Essentially there is one thing that needs to be remembered for SteadyState, and that is that WDP will wipe all the changes that occur either in the user mode, even in the administrative mode, if the administrator so chooses. So any of the updates that can occur as the function of the computer are at risk of being deleted if they are not specifically changed. So to remedy that issue or that feature what we do two things. One thing is that during every administrator session, at the end of the session, if Windows Disk Protection is enabled, and set to discard the changes, we will ask the administrator whether he wants to retain the changes or not, in case during the session the administrator has participated with the computer, and any downloads have occurred, he may choose to change to follow the update. So that is one way of applying all the manual update to any of the software applications running on the computer, windows included anti-virus included.

Another way of doing it is to do it the automatic update service. Automated updates allow unattended updates to occur. For those unattended updates to occur what you do is we put the computer in administrative unattended mode, during which the computer will go to look for Windows updates, Microsoft updates and some antivirus updates. What that means is that the during that timeframe the computer will automatically go and look for such. For an administrator to a specify a specify program, they can select Windows, which is offered by default, anti-virus programs for which we support one or two that we have had a chance to actually experience, but we also provide a custom script capability for which Garrett talked about, that allows one to create a custom script to start a download for another other program, anti-virus programs included. There is more information as to how to use anti-virus, where to place them how to execute them in our documentation, and other features.

KL: So when does this unattended update happen? Is it something you schedule?

TT: When you see the main screen when you log to the, or start the WSS (Windows SteadyState) application, you will have a choice to select automatic update features. In that screen, there is a subset of that screen, you will have a choice to use the automatic or manual features that are build into the software. If you choose automatic, you will have a choice to select whether you want to update Windows, Microsoft updates, as well as any other additional antivirus or custom applications you have created or you have script for.

KL: So what happens if someone, a restricted user, is logged on during the time that you scheduled an automatic update?

RE: They will get a warning 10 mins before update time, so they know it's coming, and then they'll be logged off.

KL: And of course ideally the librarians or administrators will know, not to have someone logged on.

RE: You can schedule these to start at 3 in the morning when it happens. You computer will automatically wake up, and run the update, if it has been suspended. That makes it pretty easy for an administrator to make the machine to do updates when nobody is around, so that it doesn't interfere with anybody's computer time.

KL: And of course it will go back to standby afterwards or will it be kept on?

RE: It will go back to standby.

KL: So when an update and a reboot is required for the update to be applied, it would prompt a user to reboot or it would reboot itself?

RE: The update software always requires several reboots, so that there is nothing dangerous in the WDP (Windows Disk Protection) cache. So we first do a reboot to get rid of any current content from the cache, and then we come back up, we run the updates, and then reboot one more time to commit those changes.