Windows 7 native boot Virtual Hard Drive Differencing Disk as an alternative to Steady State.

I've have been working on a process to secure windows 7(enterprise or ultimate editions) public access computers using Microsoft virtual hard drives, group policy. I made significant head way with the process but the decision was made to utilize a commercial product for locking down our organizations PAC's. So, I'm left with a body of work that has great potential but is incomplete. I would like to propose a group project to complete work on the process collaboratively. Then open up the resulting process for the community as a way around the "Windows 7 Steady State" quandary. I have some of the documentations worked out and the idea is as follows: Install windows 7 on a single partition Using Windows 7 (e/u) create a VHD(Virtual Hard Drive) file(s) Using Windows 7 (e/u) create a Difference Disk using diskpart Using BCD modify the boot order options so the newly created difference disk is the default boot option ( This is the part I don't have worked out and definitely need help with) Using VHD mounting switches or scripting; have the differencing disk discard all changes on dismount/reboot or copy and rename VHD file(s) that the difference disks refer to a copy of the "master" VHD file The idea is that the original VHD file is the "master" and presumably write protected. A differently named copy of the "master" is then made and is referenced by the difference disk boot options and will be the active operating system during each session. Using VHD switches to discard changes or scripting another copy is made of the master during each session and will be renamed to the appropriate difference disk reference for the next session and the current difference disk file is deleted ( this is the bit where group input will help). Simply put; the desktop is always running a fresh copy of the master VHD file. So, that any user changes, malware, virus' become less of a risk. Additionally, any major updates or changes can be handled by updating a "master" VHD file once and copying it to the client machines. I think if we can complete this process the loss of Steady State functionality in windows 7 can be dealt with by group policy (either local or domain) and using VHD boot options. Thank you, David Sullivan david.sullivan@lib.de.us