Solved

Prevent bypass of config.sys/autoexec.bat

Posted on 1997-08-28
9
659 Views
Last Modified: 2013-12-27
Is there a way to prevent DOS 6.22 from allowing you to interrupt execution of config.sys/autoexec.bat by using F5/F8 key? DOS 5 and below didn't allow this.  I need to prevent unatteded computers in a school library from being molested. I have installed restrictions in PROGMAN.INI which only work after Windows has started. Any ideas?  Walt
0
Comment
Question by:waltbowman
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
9 Comments
 
LVL 2

Expert Comment

by:n3mtr
ID: 1600407
Save your points, this question has already been answered.
Goto this URL:
http://www.experts-exchange.com/topics/bin/ShowQ?qid=8630015458
They explain how to disable the boot keys(f5/f8) by editing the msdos.sys
And even how to stop it from comming up when windows didn't boot right last time.
0
 

Author Comment

by:waltbowman
ID: 1600408
Edited text of question
0
 

Author Comment

by:waltbowman
ID: 1600409
Question was edited to clarify that it is about DOS 6.22, not Win95.
0
Online Training Solution

Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action. Forget about retraining and skyrocket knowledge retention rates.

 
LVL 3

Expert Comment

by:khemicals
ID: 1600410
I don't know how to solve that problem but thought I would help you by letting you know of another way to bypass the system files... maybe you hvae fixed this but you will want to if you haven't already. When the system  says "starting ms-dos" if you press and hold the left shift key it will also bypass the system files.
-David
0
 
LVL 4

Accepted Solution

by:
johnt082197 earned 50 total points
ID: 1600411
In CONFIG.SYS, put the following line:
switches=/N
That stops users from being able to press F% or F8. (well.. they still can do it, but it has no effect :))
This other switch is interesting:
switches=/F  skips the 2 second delay after "Starting MD DOS" is displayed.
For more information about switches in config.sys, type "help switches" at the DOS prompt.
For more information about config.sys, type "help config.sys" at the DOS prompt.

That is the answer to your question, but I will go ahead and answer the next few you'd ask:
Q: How do I prevent users from booing off a floppy, therfore bypassping autoexec.bat and config.sys?
A: Go to your BIOS and set the boot drive sequence to C:,A:. That will force the computer to boot from C:, even if a floppy is present in the drive.

Q: How do I stop users from modifying this last setting?
A: Go to the BIOS and set a supervisor password. This password will not have to be entered to start the computer, just to access and/or modify the BIOS settings.
Q: How do I stop users from dropping to DOS from Windows?
A: I supposed you already know part of it: Edit the progman.ini and add the folling lines:
[Restrictions]
editlevel=4
Also delete the DOS Icon from the main group.
There is another setting in progman.ini that stops users from executing a file, but I can't remember it now. It's something like: "FileExecute=No" but my syntax is wrong.

Well... I guess that's about it. Let me know if you find the answer to that last one.
0
 

Author Comment

by:waltbowman
ID: 1600412
Works!!!  Thanks, John

Additional [Restrictions] in PROGMAN.INI:

NoFileMenu=1            Correct syntax of John's sugg.
NoSaveSettings=1        Screw-ups can't be saved.
NoRun=1                 Kinder/Gentler than NoFileMenu
NoExit=1                Can't quit Windows
NoBS                    Something I just made up

These are nice for keeping lesser hackers out but most word processors can import an ASCII text file and dump ALL these restrictions easily!  ...better than nothing.  Walt   (_|_)
0
 
LVL 4

Expert Comment

by:johnt082197
ID: 1600413
Well... There is something else...
Assuming they don't have access to the files manager, you can set the read only attribute to config.sys and autoexec.bat. That way, nobody couldn't change anything important
0
 

Author Comment

by:waltbowman
ID: 1600414
I have added read-only attribute to CONFIG.SYS, AUTOEXEC.BAT, all  *.GRP files, all *.INI files except CONTROL.INI(it gets mad).  In PROGMAN.INI I have put semicolons in front of all group files except Applicat.grp. Now nothing is on the Desktop except what we allow the students to run BUT all the *.GRP files are still there if I need to use them, I just remove the semicolon.
0
 
LVL 4

Expert Comment

by:johnt082197
ID: 1600415
I guess there's not much to add then. I'm pretty sure I could get in myself, but I'm not a student anymore :)
0

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

this article is a guided solution for most of the common server issues in server hardware tasks we are facing in our routine job works. the topics in the following article covered are, 1) dell hardware raidlevel (Perc) 2) adding HDD 3) how t…
Every server (virtual or physical) needs a console: and the console can be provided through hardware directly connected, software for remote connections, local connections, through a KVM, etc. This document explains the different types of consol…
This video Micro Tutorial shows how to password-protect PDF files with free software. Many software products can do this, such as Adobe Acrobat (but not Adobe Reader), Nuance PaperPort, and Nuance Power PDF, but they are not free products. This vide…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question