How to secure win 98

Posted on 2003-02-18
Medium Priority
Last Modified: 2010-05-18
how can i restrict anyone to enter password before logon to win98.
means nobody can enter without password.
Question by:hammad_hammad
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
LVL 44

Accepted Solution

CrazyOne earned 60 total points
ID: 7979965
See if this helps:


Force Users to Logon to Windows (Windows 9x/Me) Popular
Category: Home > Windows > Login and Authentication

Usually users can simply press 'Cancel' at the Windows logon box to bypass the login process and gain access to the local computer. This tweak will logout the user if the authentication fails or the user clicks Cancel.

Like all registry tweaks, this is for advanced users, please do not attempt to try this if you are not confident with the Windows registry and recovering from any subsequent problems.

Firstly, setup your computer for multiple users by using the 'Users' wizard in the Control Panel. Create a new user in addition to any existing users, then restart Windows and login as the new user (this will become your new default account).

While you are logged in open your registry and expand the [HKEY_USERS] key, there should be several sub-folders including ".DEFAULT", "Software" and a folder corresponding to the new username you created above.

Open the key listed below (if the 'Run' key does not already exist then create it), and create a new string value named "NoLogon", and set the value to equal "RUNDLL32 shell32,SHExitWindowsEx 0".

Log-off and now when you login using the new username you should gain access to the desktop, but when you press Cancel or enter the wrong password the desktop should partially load, and then the computer should return to the login screen.

Note: If you have problems with this tweak, press F8 while the "Starting Windows 98..." boot-up message is showing, and select Safe Mode. Then open your registry and delete the "NoLogon" key created above.

Note: Once this tweak has been implemented any subsequent users accounts that are created will inherit the 'NoLogon' value and therefore reboot when they login. To avoid this; when you first create a new user, open the key below for the newly created account name (e.g. [HKEY_USERS\jdoe]) and remove the 'NoLogon' value.

Key: [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\
Value Name: NoLogon
Data Type: REG_SZ (String Value)


The Crazy One
LVL 79

Expert Comment

ID: 7981310
G'day hammad_hammad
Following CrazyOne's excellent advice, there is an alternative.
 You can always password protect the BIOS so that the computer won't even boot to windows without a password.


Expert Comment

ID: 7986201
The problem with Windows 98 is that there is no real way to secure it.

Depends on how secure you want it to feel.

You can make windows 98 request a password to log on but it can be bypassed fairly easily with a little knoledge.

If you really need this machine to be secure I would either go for the Bios passowrd and if it allow also a Harddrive password.  but this will not allow any conectivity to the machine while it is off.

you could also encrypt your local files on the HD with PGP.

The best bet would be to upgrade to a flavour of NT, with NTFS filesystem.



Featured Post

Cyber Threats to Small Businesses (Part 2)

The evolving cybersecurity landscape presents SMBs with a host of new threats to their clients, their data, and their bottom line. In part 2 of this blog series, learn three quick processes Webroot’s CISO, Gary Hayslip, recommends to help small businesses beat modern threats.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The Cyber News Rundown brings you the latest happenings in cyber news weekly. Who am I? I’m Connor Madsen, a Webroot Threat Research Analyst, and a guy with a passion for all things security. Any more questions? Just ask.
What's worse than having your data encrypted by ransomware? Getting attacked by a so-called "wiper," which simply destroys the data and offers you no hope of ever seeing it again.
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
Suggested Courses

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question