Solved

Disable Booting from USB or CD When BIOS Doesn't Offer Option

Posted on 2010-09-15
16
915 Views
Last Modified: 2013-11-09
Hi folks!

We have a large number of workstations in our organization that I have just discovered do not, apparently, have an option in the BIOS to disable booting from devices such as USB flash drives, floppy drives, or CD/DVD drives. You can take the devices out of the default boot order so that they are not tried automatically, but anyone can hit F11 to access the boot menu during start up and manually pick one, introducing several security risks.

The PC's in question are all Systemax PC's using the AMI BIOS v.2.061.

The users of these PC's absolutely must have the ability to use CD's and DVD's, as well as flash drives, in the computers, so simply removing or disabling the devices altogether is not an option.

Is there any way at all to prevent booting from devices other than the hard drive if the BIOS does not offer such an option?

Thanks!

- Ithizar
0
Comment
Question by:Ithizar
  • 5
  • 2
  • 2
  • +3
16 Comments
 
LVL 3

Expert Comment

by:Nyradel
ID: 33686081
Are you able to disable the startup prompt in the bios and password protect it?
0
 
LVL 9

Expert Comment

by:ken2421
ID: 33686282
Set the hard drive in bios to first boot device and password the bios.

Ken
0
 

Author Comment

by:Ithizar
ID: 33692147
Even with the hard drive set as the first boot device, the BIOS offers the option to press F11 during the startup process to access a boot menu, which then lets you choose any boot device you want. There is no option in the BIOS that I can find to disable the ability to access that boot menu.
0
Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

 
LVL 7

Expert Comment

by:harryhelp
ID: 33704939
Have you enabled any supervisor password available?
0
 

Author Comment

by:Ithizar
ID: 33705338
The only password options are either an admin password, which only prevents you from entering the BIOS setup, or to require a password on all startups, even startups from the hard drive.
0
 
LVL 7

Expert Comment

by:harryhelp
ID: 33705362
The only thing I can think of is speaking to Systemax, or looking for a BIOS update.
0
 

Author Comment

by:Ithizar
ID: 33705640
I've tried updating to the latest version of the AMI BIOS and, unfortunately, it didn't add the option. I guess we can try contacting Systemax or MSI (the motherboard manufacturer). I was hoping maybe there was some option I wasn't thinking of.
0
 
LVL 50

Expert Comment

by:jcimarron
ID: 33706225
Ithizar--From http://discussions.virtualdr.com/showthread.php?t=233730
"The option to disable booting from the USB device was present in the Bios, but it only appeared when the device itself was connected to the PC."
0
 

Author Comment

by:Ithizar
ID: 33719084
That may apply to USB flash drives, but the floppy drive and CD-ROM drive are always present, and there is no option to prevent booting from them that I can find.
0
 
LVL 50

Expert Comment

by:jcimarron
ID: 33719495
Ithizar--Well, at least I got one out of three. :)
0
 
LVL 10

Accepted Solution

by:
Horn E. Towed earned 500 total points
ID: 33733965
The boot process is handled by the BIOS before anything else is loaded.

If there are no options in your current BIOS for regulating the boot options for CD/DVD or floppy then the only real option is to contact the motherboard manufacturer about a "security version" of the BIOS that has the option(s) to turn off/on booting from various hardware.

It's doubtful that this version exists, but it appears to be your only option with this motherboard.


0
 

Author Comment

by:Ithizar
ID: 33735386
That's kinda what I feared. Thanks everyone for your help!
0

Featured Post

Migrating Your Company's PCs

To keep pace with competitors, businesses must keep employees productive, and that means providing them with the latest technology. This document provides the tips and tricks you need to help you migrate an outdated PC fleet to new desktops, laptops, and tablets.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article outlines the process to identify and resolve account lockout in an Active Directory environment.
Data breaches are on the rise, and companies are preparing by boosting their cybersecurity budgets. According to the Cybersecurity Market Report (http://www.cybersecurityventures.com/cybersecurity-market-report), worldwide spending on cybersecurity …
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question