Prevent bypass of config.sys/autoexec.bat

Is there a way to prevent DOS 6.22 from allowing you to interrupt execution of config.sys/autoexec.bat by using F5/F8 key? DOS 5 and below didn't allow this.  I need to prevent unatteded computers in a school library from being molested. I have installed restrictions in PROGMAN.INI which only work after Windows has started. Any ideas?  Walt
waltbowmanAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

n3mtrCommented:
Save your points, this question has already been answered.
Goto this URL:
http://www.experts-exchange.com/topics/bin/ShowQ?qid=8630015458
They explain how to disable the boot keys(f5/f8) by editing the msdos.sys
And even how to stop it from comming up when windows didn't boot right last time.
0
waltbowmanAuthor Commented:
Edited text of question
0
waltbowmanAuthor Commented:
Question was edited to clarify that it is about DOS 6.22, not Win95.
0
ON-DEMAND: 10 Easy Ways to Lose a Password

Learn about the methods that hackers use to lift real, working credentials from even the most security-savvy employees in this on-demand webinar. We cover the importance of multi-factor authentication and how these solutions can better protect your business!

khemicalsCommented:
I don't know how to solve that problem but thought I would help you by letting you know of another way to bypass the system files... maybe you hvae fixed this but you will want to if you haven't already. When the system  says "starting ms-dos" if you press and hold the left shift key it will also bypass the system files.
-David
0
johnt082197Commented:
In CONFIG.SYS, put the following line:
switches=/N
That stops users from being able to press F% or F8. (well.. they still can do it, but it has no effect :))
This other switch is interesting:
switches=/F  skips the 2 second delay after "Starting MD DOS" is displayed.
For more information about switches in config.sys, type "help switches" at the DOS prompt.
For more information about config.sys, type "help config.sys" at the DOS prompt.

That is the answer to your question, but I will go ahead and answer the next few you'd ask:
Q: How do I prevent users from booing off a floppy, therfore bypassping autoexec.bat and config.sys?
A: Go to your BIOS and set the boot drive sequence to C:,A:. That will force the computer to boot from C:, even if a floppy is present in the drive.

Q: How do I stop users from modifying this last setting?
A: Go to the BIOS and set a supervisor password. This password will not have to be entered to start the computer, just to access and/or modify the BIOS settings.
Q: How do I stop users from dropping to DOS from Windows?
A: I supposed you already know part of it: Edit the progman.ini and add the folling lines:
[Restrictions]
editlevel=4
Also delete the DOS Icon from the main group.
There is another setting in progman.ini that stops users from executing a file, but I can't remember it now. It's something like: "FileExecute=No" but my syntax is wrong.

Well... I guess that's about it. Let me know if you find the answer to that last one.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
waltbowmanAuthor Commented:
Works!!!  Thanks, John

Additional [Restrictions] in PROGMAN.INI:

NoFileMenu=1            Correct syntax of John's sugg.
NoSaveSettings=1        Screw-ups can't be saved.
NoRun=1                 Kinder/Gentler than NoFileMenu
NoExit=1                Can't quit Windows
NoBS                    Something I just made up

These are nice for keeping lesser hackers out but most word processors can import an ASCII text file and dump ALL these restrictions easily!  ...better than nothing.  Walt   (_|_)
0
johnt082197Commented:
Well... There is something else...
Assuming they don't have access to the files manager, you can set the read only attribute to config.sys and autoexec.bat. That way, nobody couldn't change anything important
0
waltbowmanAuthor Commented:
I have added read-only attribute to CONFIG.SYS, AUTOEXEC.BAT, all  *.GRP files, all *.INI files except CONTROL.INI(it gets mad).  In PROGMAN.INI I have put semicolons in front of all group files except Applicat.grp. Now nothing is on the Desktop except what we allow the students to run BUT all the *.GRP files are still there if I need to use them, I just remove the semicolon.
0
johnt082197Commented:
I guess there's not much to add then. I'm pretty sure I could get in myself, but I'm not a student anymore :)
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Hardware

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.