?
Solved

Disable Booting from USB or CD When BIOS Doesn't Offer Option

Posted on 2010-09-15
16
Medium Priority
?
949 Views
Last Modified: 2013-11-09
Hi folks!

We have a large number of workstations in our organization that I have just discovered do not, apparently, have an option in the BIOS to disable booting from devices such as USB flash drives, floppy drives, or CD/DVD drives. You can take the devices out of the default boot order so that they are not tried automatically, but anyone can hit F11 to access the boot menu during start up and manually pick one, introducing several security risks.

The PC's in question are all Systemax PC's using the AMI BIOS v.2.061.

The users of these PC's absolutely must have the ability to use CD's and DVD's, as well as flash drives, in the computers, so simply removing or disabling the devices altogether is not an option.

Is there any way at all to prevent booting from devices other than the hard drive if the BIOS does not offer such an option?

Thanks!

- Ithizar
0
Comment
Question by:Ithizar
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 2
  • 2
  • +3
16 Comments
 
LVL 3

Expert Comment

by:Nyradel
ID: 33686081
Are you able to disable the startup prompt in the bios and password protect it?
0
 
LVL 9

Expert Comment

by:ken2421
ID: 33686282
Set the hard drive in bios to first boot device and password the bios.

Ken
0
 

Author Comment

by:Ithizar
ID: 33692147
Even with the hard drive set as the first boot device, the BIOS offers the option to press F11 during the startup process to access a boot menu, which then lets you choose any boot device you want. There is no option in the BIOS that I can find to disable the ability to access that boot menu.
0
Video: Liquid Web Managed WordPress Comparisons

If you run run a WordPress, you understand the potential headaches you may face when updating your plugins and themes. Do you choose to update on the fly and risk taking down your site; or do you set up a staging, keep it in sync with your live site and use that to test updates?

 
LVL 7

Expert Comment

by:harryhelp
ID: 33704939
Have you enabled any supervisor password available?
0
 

Author Comment

by:Ithizar
ID: 33705338
The only password options are either an admin password, which only prevents you from entering the BIOS setup, or to require a password on all startups, even startups from the hard drive.
0
 
LVL 7

Expert Comment

by:harryhelp
ID: 33705362
The only thing I can think of is speaking to Systemax, or looking for a BIOS update.
0
 

Author Comment

by:Ithizar
ID: 33705640
I've tried updating to the latest version of the AMI BIOS and, unfortunately, it didn't add the option. I guess we can try contacting Systemax or MSI (the motherboard manufacturer). I was hoping maybe there was some option I wasn't thinking of.
0
 
LVL 50

Expert Comment

by:jcimarron
ID: 33706225
Ithizar--From http://discussions.virtualdr.com/showthread.php?t=233730
"The option to disable booting from the USB device was present in the Bios, but it only appeared when the device itself was connected to the PC."
0
 

Author Comment

by:Ithizar
ID: 33719084
That may apply to USB flash drives, but the floppy drive and CD-ROM drive are always present, and there is no option to prevent booting from them that I can find.
0
 
LVL 50

Expert Comment

by:jcimarron
ID: 33719495
Ithizar--Well, at least I got one out of three. :)
0
 
LVL 10

Accepted Solution

by:
Prester John earned 2000 total points
ID: 33733965
The boot process is handled by the BIOS before anything else is loaded.

If there are no options in your current BIOS for regulating the boot options for CD/DVD or floppy then the only real option is to contact the motherboard manufacturer about a "security version" of the BIOS that has the option(s) to turn off/on booting from various hardware.

It's doubtful that this version exists, but it appears to be your only option with this motherboard.


0
 

Author Comment

by:Ithizar
ID: 33735386
That's kinda what I feared. Thanks everyone for your help!
0

Featured Post

Get real performance insights from real users

Key features:
- Total Pages Views and Load times
- Top Pages Viewed and Load Times
- Real Time Site Page Build Performance
- Users’ Browser and Platform Performance
- Geographic User Breakdown
- And more

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

With the rising number of cyber attacks in recent years, keeping your personal data safe has become more important than ever. The tips outlined in this article will help you keep your identitfy safe.
What's worse than having your data encrypted by ransomware? Getting attacked by a so-called "wiper," which simply destroys the data and offers you no hope of ever seeing it again.
The Task Scheduler is a powerful tool that is built into Windows. It allows you to schedule tasks (actions) on a recurring basis, such as hourly, daily, weekly, monthly, at log on, at startup, on idle, etc. This video Micro Tutorial is a brief intro…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Suggested Courses

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question