Solved

Disable Booting from USB or CD When BIOS Doesn't Offer Option

Posted on 2010-09-15
16
925 Views
Last Modified: 2013-11-09
Hi folks!

We have a large number of workstations in our organization that I have just discovered do not, apparently, have an option in the BIOS to disable booting from devices such as USB flash drives, floppy drives, or CD/DVD drives. You can take the devices out of the default boot order so that they are not tried automatically, but anyone can hit F11 to access the boot menu during start up and manually pick one, introducing several security risks.

The PC's in question are all Systemax PC's using the AMI BIOS v.2.061.

The users of these PC's absolutely must have the ability to use CD's and DVD's, as well as flash drives, in the computers, so simply removing or disabling the devices altogether is not an option.

Is there any way at all to prevent booting from devices other than the hard drive if the BIOS does not offer such an option?

Thanks!

- Ithizar
0
Comment
Question by:Ithizar
  • 5
  • 2
  • 2
  • +3
16 Comments
 
LVL 3

Expert Comment

by:Nyradel
ID: 33686081
Are you able to disable the startup prompt in the bios and password protect it?
0
 
LVL 9

Expert Comment

by:ken2421
ID: 33686282
Set the hard drive in bios to first boot device and password the bios.

Ken
0
 

Author Comment

by:Ithizar
ID: 33692147
Even with the hard drive set as the first boot device, the BIOS offers the option to press F11 during the startup process to access a boot menu, which then lets you choose any boot device you want. There is no option in the BIOS that I can find to disable the ability to access that boot menu.
0
Create the perfect environment for any meeting

You might have a modern environment with all sorts of high-tech equipment, but what makes it worthwhile is how you seamlessly bring together the presentation with audio, video and lighting. The ATEN Control System provides integrated control and system automation.

 
LVL 7

Expert Comment

by:harryhelp
ID: 33704939
Have you enabled any supervisor password available?
0
 

Author Comment

by:Ithizar
ID: 33705338
The only password options are either an admin password, which only prevents you from entering the BIOS setup, or to require a password on all startups, even startups from the hard drive.
0
 
LVL 7

Expert Comment

by:harryhelp
ID: 33705362
The only thing I can think of is speaking to Systemax, or looking for a BIOS update.
0
 

Author Comment

by:Ithizar
ID: 33705640
I've tried updating to the latest version of the AMI BIOS and, unfortunately, it didn't add the option. I guess we can try contacting Systemax or MSI (the motherboard manufacturer). I was hoping maybe there was some option I wasn't thinking of.
0
 
LVL 50

Expert Comment

by:jcimarron
ID: 33706225
Ithizar--From http://discussions.virtualdr.com/showthread.php?t=233730
"The option to disable booting from the USB device was present in the Bios, but it only appeared when the device itself was connected to the PC."
0
 

Author Comment

by:Ithizar
ID: 33719084
That may apply to USB flash drives, but the floppy drive and CD-ROM drive are always present, and there is no option to prevent booting from them that I can find.
0
 
LVL 50

Expert Comment

by:jcimarron
ID: 33719495
Ithizar--Well, at least I got one out of three. :)
0
 
LVL 10

Accepted Solution

by:
Horn E. Towed earned 500 total points
ID: 33733965
The boot process is handled by the BIOS before anything else is loaded.

If there are no options in your current BIOS for regulating the boot options for CD/DVD or floppy then the only real option is to contact the motherboard manufacturer about a "security version" of the BIOS that has the option(s) to turn off/on booting from various hardware.

It's doubtful that this version exists, but it appears to be your only option with this motherboard.


0
 

Author Comment

by:Ithizar
ID: 33735386
That's kinda what I feared. Thanks everyone for your help!
0

Featured Post

Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Learn how to PXE Boot both BIOS & UEFI machines with DHCP Policies and Custom Vendor Classes
Many businesses neglect disaster recovery and treat it as an after-thought. I can tell you first hand that data will be lost, hard drives die, servers will be hacked, and careless (or malicious) employees can ruin your data.
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question