Windows SteadyState

[Toshiro]

Hi guys..

@ work, the manager installed Windows SteadyState on the computers.. and disabled everything.. -.-

(cause some people were on the internet while working..) So, a friend and me were talking to the manager (were having a break) and we told him that we're gonna try to bypass SteadyState. (with the steadystate account..NO admin account)

Anyone got an idea? :P

Internet doens't work, altho it has a connection to IE..

IE is blocked.. I could bypass it and open it =]

Now.. people know how to get on the www and / or bypassing steadystate? :P

(there's no alt/function/windows keys on the keyboard.. it's a MAC pc :P )

give a shought :D

edit;

Forgot to mention.. you can't insert cd/usb or anything.. PC is in a Macdonald case :P

[HX1]

Which OS? SteadyState basically Freezes the settings.. Each time you reboot its resets everything...

[DKT27]

My only advice would be to guess his password, enter his wife's name. :P

EDIT: It only works on XP and Vista. Windows 7 and 64 Bit is not supported.

[HX1]

TBH I have never seen a Ronald McDonald version of a PC... Have you tired using Windows Explorer to access a web address? and Is this system being used on a Corporate Network or INTRAnet... Possibly a portal.. ( Kind of odd that you can't access the Internet.. I mean it would become useless for anything but offline training.. )

Make sure you try to reach addresses that normally are regular addresses not MySpaz or FacialBook.. LOL

This may be a tough one.. BUT you never know.. if you had wireless you could see about hacking the network and scanning the systems for vulnerabilities.. Thing is that this may or may not be specific to circumventing SteadyState..

EDIT: This COULD be useful..

Based on my experience, SteadyState may not work properly on 64bit platform (either XP or Vista). You can delete the cache file from Safe Mode, and then check if the program can be removed. If the WDP file can be deleted, we can remove the program manually from registry and drive C.

1. Restart your computer and start pressing the F8 key on your keyboard. On a computer that is configured for booting to multiple Operating Systems, you can press the F8 key when you see the boot menu.

2. When the Windows Advanced Options menu appears, select Safe Mode, and then press Enter.

3. Log onto Windows by using the Administrator account or any user account with the Administrator privileges.

4. Delete the Cache.wdp file under drive C.

If the cache file cannot be found, let’s show hidden files with the following steps.

-----------------------

1. Open drive C: Click Organize menu-> Folders and search option.

2. Click the View tab. Under Hidden files and folders, click "Show hidden files and folders."

3. To display other hidden files, clear the "Hide protected operating system files (Recommended)" check box.

4. Click the "Hide extensions for known file types".

5. Click OK.

After that, delete related registry keys and files

-----------------------

1. Click Start and then Run.

2. Type in regedit and then click OK.

3. Navigate and delete the following two branches:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Computer Toolkit

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows SteadyState

4. Search and delete all Windows SteadyState related entries.

5. Delete files under C:\Program Files\Windows SteadyState

[Toshiro]

It's running Windows 7..

It's just a normal ACER PC.. but in a macdonald case :P

The thing is.. the manager is kinda of a pc geek himself :lol:

IE opens (managed that) + it's connected to the internet.. But it just can't freaking go to an adress :P

It's no intranet.. it's connected to the network of the MAC. Here in holland customers get free WI-FI.. that's where we tap it from =]

[HX1]

Wait is it running SteadyState on a MAC OSX, running Parallels? IF thats the case then it may or may not have any access at all depending upon the control you get from the MAC..

Found that thing again..

Delete C:\cache.WDP

In Task Manager

end processes Bubble.exe Sctsvc.exe

Delete Folder C:ProgramFiles\WindowsSteadyState

[Toshiro]

MAC = macdonald, srry.. it's late here :P

thnx for the tips, wiill try them next time I work.. (thursday :lol: )

Heath..there aren't any function keys.. can't press f8 :P

[HX1]

LOL.. I see ... no boot control.. also what he may be using is actually call Guest Mode in Windows 7 Just found that this a removed feature... as SteadyState is not compatible with 7 nor does Microsoft plan to..

Next would be to circumvent and elevate privileges to access Local Security Policy or Relative registry entries.. OR he is using something like Deep Freeze.. not for sure..but as of now I know its not supported on 7..

Wonder what he would do then..LOL.. Wonder what anybody would do..

[shought]

A list of stuff you can do would be nice ;)

(Install? Run (anything)? Inside IE: get into settings? Network adapter: get into settings?)

Is 'his' (admin) account able to visit a website? If no he blocked it using the router, which would make it extremely difficult.

Screenshots or descriptions of what you see when you enter an URL would be nice (instant 'can't find website'-message, long loading or something else?).

Sucks you can't do USB, portable Firefox could rule out any IE related setting...

@everyone is it possible to load a custom hosts file for a certain user account? If so you'll have to delete/rewrite it.

[Toshiro]

A list of stuff you can do would be nice ;)

(Install? Run (anything)?)

Go figure..

No USB/CD/DVD,

Active IE connection (like Windows Update) but can't surf on the web.

IE is blocked. I managed to open it, through the AV (MUHAHAH :evil: )

No alt/windows/function keys available.

Task Manager is available.

Can't go to "Computer" and Configuration screen.. (I could manage to do that tho..)

No flash/java.

UAC is enabled.. Need password tho..

edit:

-Will check for the host files..

-instant 'can't find website'-message

-The admin account can do everything... ;)

[Lite]

Windows is pretty fool proof.

Your best bet is to Cain & Abel the admin password :whistle: (bootable usb?/cd)

[shought]

The thing is you can't insert anything, so if he secured it properly you won't be able to get anywhere without the password (which is what Lite said).

Can you see anything 'odd' running (a screenshot of the running processes would do).

[HX1]

FAIL.. omg.. I cant believe it and you just said it.. FAIL.. :lmao: