Wanted: BIOS security

I know most people want to know how to crack passwords - I have the opposite problem..

Is it just me but are the BIOS passwords not working as much as they used to? Despite going in and setting either or both passwords I can still usually boot without being prompted.

I service a number of computers so this isn't an isolated incident and board-specific answers aren't what I'm after.

What has prompted this question is a particular customer who has a son who will insist on mucking things up: reinstalls, double or triple antivirus program installs, formats, different OSs - you name it, he will do it and then deny it. (Too many cousins marrying in that particular branch of the family). I even found the PSU blown and a hole in the metal big enough for a mouse! All a complete mystery, apart from a shifty looking son..

So, how to stop him from fiddling, given how easy it is to walk through user log on passwords? I need something more basic, such as a BIOS password, but as I said, they seem to be acting strangely these days. Any ideas?
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Bios passwords can be easily defeated by gaining access to the motherboard.  A case lock is in order if you are concerned about that.  Also, many BIOS systems allow chassis intrusion alerts.

What operating system are you running?
JohnDeckerAuthor Commented:
Well yes, you are right of course, though hopefully it will be news to the young lad and if all else fails a chassis lock would be the answer.

The OS is XP (Home or Pro depending on his most recent fiddle) and 98SE on another.
JohnDeckerAuthor Commented:
..but the point is that the BIOS passwords don't seem to do anything at all except protect the BIOS page - they used to stop the system from booting but that seems to be a thing of the past..
Amazon Web Services

Are you thinking about creating an Amazon Web Services account for your business? Not sure where to start? In this course you’ll get an overview of the history of AWS and take a tour of their user interface.

Salah Eddine ELMRABETTechnical Lead Manager (Owner)Commented:

Is your need to secure your operating system from adding/removing softwares change configurations, format...?? if so you can use Deep Freeze, it will help you protecting your hard disk using a password, without a password even if users make any changes, thoses changes disapear after the system reboot.

Check more about Deep Freeze here http://www.faronics.com/html/deepfreeze.asp

Best Regards,
JohnDeckerAuthor Commented:
I had a look at that and it looks pretty good, but wouldn't stop someone from just reformatting and installing a new OS. All I really want is for the BIOS password feature to work properly (and it's not just failing to work on one, it's on loads) - it was low level and effective. I suspect I'm not going to have any joy..
There is an extra setting in almost all motherboard bioses.  Its called a variation of "BIOS Password:"  and usually has options like "BIOS" and "System",  or "Setup" and "Boot".  This setting controls whether the password is applied during bootup, or just when you try to go into the bios.  

Use the same method to set your bios password, and then additionally set this setting.  If you tell me the model of motherboard, I could tell you exactly what the setting is and where to find it.

JohnDeckerAuthor Commented:
Tried this - if you look at the question closely "Despite going in and setting either or both passwords I can still usually boot without being prompted. I service a number of computers so this isn't an isolated incident and board-specific answers aren't what I'm after" Thanks though, it's always possible I've overlooked something simple.
A simple yet effective method I'm using today is to buy one of those removable hds (you can use a standard hd with the proper equipment installed in the pc).
Just remove the HD: the kid, worst case, will destroy the case ;)

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
JohnDeckerAuthor Commented:
Hmm - that's a thought. If I can get the woman to find a secure hiding place then it might be an option
My first idea was to hide the power cable  (worked for me more times i'd like to admit ;) ) but moving the HD is a better idea and cheaper than most other hw solutions.

JohnDeckerAuthor Commented:
I hadn't thought of hding the powercable but he's got heaps from all his fiddling.. I still like the cradle the best so far..
If you're able to at least protect the BIOS via a password and prevent it from being reset by locking the case, you could password encrypt the whole hard disk and prevent booting from any other device.  I really like the idea of an external disk (at the very least for a backup, if not as a boot device also).

I guess the question is, does your customer care more about the OS not getting trashed, or about the son using the computer when he's not allowed to (by, say, booting off a LiveCD)?
If he can boot off a LiveCD, he can format the HD :(
Rich RumbleSecurity SamuraiCommented:
With physical access, nothing you do can't be by-passed. Removing the HD is a good solution in this case, as long as the HD is then protected physically so he can't get at it. A bios password is easily reset, either using a jumper to short two pins on the Mobo, or removing the cmos battery, or a default factory set password (back-door) most mobo's have them. If he is so inclined to tinker, perhaps he can have his own HD to use. Using a boot-cd is an option, BUT if they want to keep any data on the PC however they will need a USB HD, Jazzdrive or other removable media they can store docs, favorites, etc... the son will likely overwrite or format any HD's inside the PC, so extrenal media would be an option.
JohnDeckerAuthor Commented:
I never thought this question would prove so interesting.. I expected someone to post a link to some fancy solution and that would be it! But it's nice to take a step back from technology sometimes and find a 'real world' solution.
The son would certainly be able to reset the BIOS and if he doesn't know it already it would surely only be a matter of time before he either did it or mucked things up trying.. so althoughtaht was my first idea it really was the best idea and not a perfect one (irrespective of whether or not the passwords would hold).
The son actually has his own PC - several in fact - but the moment even the slightest thing goes wrong on either of the other two in the house, he's in like Flynn, tinkering and stuffing things up. And the parents can't control it.
So far the removable drive is my favourite idea with the only drawback that eventually the son might might find where it is put.
I'll leave this open a wee bit longer. Thanks for the ideas.
JohnDeckerAuthor Commented:
Thanks all - I think the best solution is a physical one in the end.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.