Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Prevent bypass of config.sys/autoexec.bat

Posted on 1997-08-28
9
Medium Priority
?
705 Views
Last Modified: 2013-12-27
Is there a way to prevent DOS 6.22 from allowing you to interrupt execution of config.sys/autoexec.bat by using F5/F8 key? DOS 5 and below didn't allow this.  I need to prevent unatteded computers in a school library from being molested. I have installed restrictions in PROGMAN.INI which only work after Windows has started. Any ideas?  Walt
0
Comment
Question by:waltbowman
9 Comments
 
LVL 2

Expert Comment

by:n3mtr
ID: 1600407
Save your points, this question has already been answered.
Goto this URL:
http://www.experts-exchange.com/topics/bin/ShowQ?qid=8630015458
They explain how to disable the boot keys(f5/f8) by editing the msdos.sys
And even how to stop it from comming up when windows didn't boot right last time.
0
 

Author Comment

by:waltbowman
ID: 1600408
Edited text of question
0
 

Author Comment

by:waltbowman
ID: 1600409
Question was edited to clarify that it is about DOS 6.22, not Win95.
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 3

Expert Comment

by:khemicals
ID: 1600410
I don't know how to solve that problem but thought I would help you by letting you know of another way to bypass the system files... maybe you hvae fixed this but you will want to if you haven't already. When the system  says "starting ms-dos" if you press and hold the left shift key it will also bypass the system files.
-David
0
 
LVL 4

Accepted Solution

by:
johnt082197 earned 100 total points
ID: 1600411
In CONFIG.SYS, put the following line:
switches=/N
That stops users from being able to press F% or F8. (well.. they still can do it, but it has no effect :))
This other switch is interesting:
switches=/F  skips the 2 second delay after "Starting MD DOS" is displayed.
For more information about switches in config.sys, type "help switches" at the DOS prompt.
For more information about config.sys, type "help config.sys" at the DOS prompt.

That is the answer to your question, but I will go ahead and answer the next few you'd ask:
Q: How do I prevent users from booing off a floppy, therfore bypassping autoexec.bat and config.sys?
A: Go to your BIOS and set the boot drive sequence to C:,A:. That will force the computer to boot from C:, even if a floppy is present in the drive.

Q: How do I stop users from modifying this last setting?
A: Go to the BIOS and set a supervisor password. This password will not have to be entered to start the computer, just to access and/or modify the BIOS settings.
Q: How do I stop users from dropping to DOS from Windows?
A: I supposed you already know part of it: Edit the progman.ini and add the folling lines:
[Restrictions]
editlevel=4
Also delete the DOS Icon from the main group.
There is another setting in progman.ini that stops users from executing a file, but I can't remember it now. It's something like: "FileExecute=No" but my syntax is wrong.

Well... I guess that's about it. Let me know if you find the answer to that last one.
0
 

Author Comment

by:waltbowman
ID: 1600412
Works!!!  Thanks, John

Additional [Restrictions] in PROGMAN.INI:

NoFileMenu=1            Correct syntax of John's sugg.
NoSaveSettings=1        Screw-ups can't be saved.
NoRun=1                 Kinder/Gentler than NoFileMenu
NoExit=1                Can't quit Windows
NoBS                    Something I just made up

These are nice for keeping lesser hackers out but most word processors can import an ASCII text file and dump ALL these restrictions easily!  ...better than nothing.  Walt   (_|_)
0
 
LVL 4

Expert Comment

by:johnt082197
ID: 1600413
Well... There is something else...
Assuming they don't have access to the files manager, you can set the read only attribute to config.sys and autoexec.bat. That way, nobody couldn't change anything important
0
 

Author Comment

by:waltbowman
ID: 1600414
I have added read-only attribute to CONFIG.SYS, AUTOEXEC.BAT, all  *.GRP files, all *.INI files except CONTROL.INI(it gets mad).  In PROGMAN.INI I have put semicolons in front of all group files except Applicat.grp. Now nothing is on the Desktop except what we allow the students to run BUT all the *.GRP files are still there if I need to use them, I just remove the semicolon.
0
 
LVL 4

Expert Comment

by:johnt082197
ID: 1600415
I guess there's not much to add then. I'm pretty sure I could get in myself, but I'm not a student anymore :)
0

Featured Post

Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Stuck in voice control mode on your Amazon Firestick?  Here is how to turn it off!!!
This paper addresses the security of Sennheiser DECT Contact Center and Office (CC&O) headsets. It describes the DECT security chain comprised of “Pairing”, “Per Call Authentication” and “Encryption”, which are all part of the standard DECT protocol.
this video summaries big data hadoop online training demo (http://onlineitguru.com/big-data-hadoop-online-training-placement.html) , and covers basics in big data hadoop .
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Suggested Courses
Course of the Month11 days, 10 hours left to enroll

564 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question