Solved

Prevent bypass of config.sys/autoexec.bat

Posted on 1997-08-28
9
592 Views
Last Modified: 2013-12-27
Is there a way to prevent DOS 6.22 from allowing you to interrupt execution of config.sys/autoexec.bat by using F5/F8 key? DOS 5 and below didn't allow this.  I need to prevent unatteded computers in a school library from being molested. I have installed restrictions in PROGMAN.INI which only work after Windows has started. Any ideas?  Walt
0
Comment
Question by:waltbowman
9 Comments
 
LVL 2

Expert Comment

by:n3mtr
ID: 1600407
Save your points, this question has already been answered.
Goto this URL:
http://www.experts-exchange.com/topics/bin/ShowQ?qid=8630015458
They explain how to disable the boot keys(f5/f8) by editing the msdos.sys
And even how to stop it from comming up when windows didn't boot right last time.
0
 

Author Comment

by:waltbowman
ID: 1600408
Edited text of question
0
 

Author Comment

by:waltbowman
ID: 1600409
Question was edited to clarify that it is about DOS 6.22, not Win95.
0
 
LVL 3

Expert Comment

by:khemicals
ID: 1600410
I don't know how to solve that problem but thought I would help you by letting you know of another way to bypass the system files... maybe you hvae fixed this but you will want to if you haven't already. When the system  says "starting ms-dos" if you press and hold the left shift key it will also bypass the system files.
-David
0
Get up to 2TB FREE CLOUD per backup license!

An exclusive Black Friday offer just for Expert Exchange audience! Buy any of our top-rated backup solutions & get up to 2TB free cloud per system! Perform local & cloud backup in the same step, and restore instantly—anytime, anywhere. Grab this deal now before it disappears!

 
LVL 4

Accepted Solution

by:
johnt082197 earned 50 total points
ID: 1600411
In CONFIG.SYS, put the following line:
switches=/N
That stops users from being able to press F% or F8. (well.. they still can do it, but it has no effect :))
This other switch is interesting:
switches=/F  skips the 2 second delay after "Starting MD DOS" is displayed.
For more information about switches in config.sys, type "help switches" at the DOS prompt.
For more information about config.sys, type "help config.sys" at the DOS prompt.

That is the answer to your question, but I will go ahead and answer the next few you'd ask:
Q: How do I prevent users from booing off a floppy, therfore bypassping autoexec.bat and config.sys?
A: Go to your BIOS and set the boot drive sequence to C:,A:. That will force the computer to boot from C:, even if a floppy is present in the drive.

Q: How do I stop users from modifying this last setting?
A: Go to the BIOS and set a supervisor password. This password will not have to be entered to start the computer, just to access and/or modify the BIOS settings.
Q: How do I stop users from dropping to DOS from Windows?
A: I supposed you already know part of it: Edit the progman.ini and add the folling lines:
[Restrictions]
editlevel=4
Also delete the DOS Icon from the main group.
There is another setting in progman.ini that stops users from executing a file, but I can't remember it now. It's something like: "FileExecute=No" but my syntax is wrong.

Well... I guess that's about it. Let me know if you find the answer to that last one.
0
 

Author Comment

by:waltbowman
ID: 1600412
Works!!!  Thanks, John

Additional [Restrictions] in PROGMAN.INI:

NoFileMenu=1            Correct syntax of John's sugg.
NoSaveSettings=1        Screw-ups can't be saved.
NoRun=1                 Kinder/Gentler than NoFileMenu
NoExit=1                Can't quit Windows
NoBS                    Something I just made up

These are nice for keeping lesser hackers out but most word processors can import an ASCII text file and dump ALL these restrictions easily!  ...better than nothing.  Walt   (_|_)
0
 
LVL 4

Expert Comment

by:johnt082197
ID: 1600413
Well... There is something else...
Assuming they don't have access to the files manager, you can set the read only attribute to config.sys and autoexec.bat. That way, nobody couldn't change anything important
0
 

Author Comment

by:waltbowman
ID: 1600414
I have added read-only attribute to CONFIG.SYS, AUTOEXEC.BAT, all  *.GRP files, all *.INI files except CONTROL.INI(it gets mad).  In PROGMAN.INI I have put semicolons in front of all group files except Applicat.grp. Now nothing is on the Desktop except what we allow the students to run BUT all the *.GRP files are still there if I need to use them, I just remove the semicolon.
0
 
LVL 4

Expert Comment

by:johnt082197
ID: 1600415
I guess there's not much to add then. I'm pretty sure I could get in myself, but I'm not a student anymore :)
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Is it worth it to buy an Echo? In a word, yes! For me it was definitely worth it. I use mine on a daily basis. Prologue & Privacy At first, I was very skeptical about the Amazon Echo. In general, I don't like voice assistants. I don't li…
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now