?
Solved

Prevent bypass of config.sys/autoexec.bat

Posted on 1997-08-28
9
Medium Priority
?
673 Views
Last Modified: 2013-12-27
Is there a way to prevent DOS 6.22 from allowing you to interrupt execution of config.sys/autoexec.bat by using F5/F8 key? DOS 5 and below didn't allow this.  I need to prevent unatteded computers in a school library from being molested. I have installed restrictions in PROGMAN.INI which only work after Windows has started. Any ideas?  Walt
0
Comment
Question by:waltbowman
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
9 Comments
 
LVL 2

Expert Comment

by:n3mtr
ID: 1600407
Save your points, this question has already been answered.
Goto this URL:
http://www.experts-exchange.com/topics/bin/ShowQ?qid=8630015458
They explain how to disable the boot keys(f5/f8) by editing the msdos.sys
And even how to stop it from comming up when windows didn't boot right last time.
0
 

Author Comment

by:waltbowman
ID: 1600408
Edited text of question
0
 

Author Comment

by:waltbowman
ID: 1600409
Question was edited to clarify that it is about DOS 6.22, not Win95.
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 3

Expert Comment

by:khemicals
ID: 1600410
I don't know how to solve that problem but thought I would help you by letting you know of another way to bypass the system files... maybe you hvae fixed this but you will want to if you haven't already. When the system  says "starting ms-dos" if you press and hold the left shift key it will also bypass the system files.
-David
0
 
LVL 4

Accepted Solution

by:
johnt082197 earned 100 total points
ID: 1600411
In CONFIG.SYS, put the following line:
switches=/N
That stops users from being able to press F% or F8. (well.. they still can do it, but it has no effect :))
This other switch is interesting:
switches=/F  skips the 2 second delay after "Starting MD DOS" is displayed.
For more information about switches in config.sys, type "help switches" at the DOS prompt.
For more information about config.sys, type "help config.sys" at the DOS prompt.

That is the answer to your question, but I will go ahead and answer the next few you'd ask:
Q: How do I prevent users from booing off a floppy, therfore bypassping autoexec.bat and config.sys?
A: Go to your BIOS and set the boot drive sequence to C:,A:. That will force the computer to boot from C:, even if a floppy is present in the drive.

Q: How do I stop users from modifying this last setting?
A: Go to the BIOS and set a supervisor password. This password will not have to be entered to start the computer, just to access and/or modify the BIOS settings.
Q: How do I stop users from dropping to DOS from Windows?
A: I supposed you already know part of it: Edit the progman.ini and add the folling lines:
[Restrictions]
editlevel=4
Also delete the DOS Icon from the main group.
There is another setting in progman.ini that stops users from executing a file, but I can't remember it now. It's something like: "FileExecute=No" but my syntax is wrong.

Well... I guess that's about it. Let me know if you find the answer to that last one.
0
 

Author Comment

by:waltbowman
ID: 1600412
Works!!!  Thanks, John

Additional [Restrictions] in PROGMAN.INI:

NoFileMenu=1            Correct syntax of John's sugg.
NoSaveSettings=1        Screw-ups can't be saved.
NoRun=1                 Kinder/Gentler than NoFileMenu
NoExit=1                Can't quit Windows
NoBS                    Something I just made up

These are nice for keeping lesser hackers out but most word processors can import an ASCII text file and dump ALL these restrictions easily!  ...better than nothing.  Walt   (_|_)
0
 
LVL 4

Expert Comment

by:johnt082197
ID: 1600413
Well... There is something else...
Assuming they don't have access to the files manager, you can set the read only attribute to config.sys and autoexec.bat. That way, nobody couldn't change anything important
0
 

Author Comment

by:waltbowman
ID: 1600414
I have added read-only attribute to CONFIG.SYS, AUTOEXEC.BAT, all  *.GRP files, all *.INI files except CONTROL.INI(it gets mad).  In PROGMAN.INI I have put semicolons in front of all group files except Applicat.grp. Now nothing is on the Desktop except what we allow the students to run BUT all the *.GRP files are still there if I need to use them, I just remove the semicolon.
0
 
LVL 4

Expert Comment

by:johnt082197
ID: 1600415
I guess there's not much to add then. I'm pretty sure I could get in myself, but I'm not a student anymore :)
0

Featured Post

NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

pc, laptop  monitor connection configurations
This article will show how Aten was able to supply easy management and control for Artear's video walls and wide range display configurations of their newsroom.
This is my first video review of Microsoft Bookings, I will be doing a part two with a bit more information, but wanted to get this out to you folks.
Add bar graphs to Access queries using Unicode block characters. Graphs appear on every record in the color you want. Give life to numbers. Hopes this gives you ideas on visualizing your data in new ways ~ Create a calculated field in a query: …
Suggested Courses

764 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question