Safe mode with networking
I have students that are bypasing our AV/content filtering, etc. by booting into safemode with network support. Does anyone know if there is a way to prevent them from selecting safe mode?
0 Comments
[ + ] Show comments
Answers (1)
Answer Summary:
There's a few different ways you can do it, depending on the Windows version and what your security software will let you do. ______________________________________________ 1) One way is to physically alter the keyboard (any version) as suggested here: http://www.pcreview.co.uk/forums/disable-f8-and-safe-mode-windows-xp-boot-up-t145891.html An inelegant (but effective) method of preventing F8 access in this scenario is to modify the keyboard so that F8 is not usable. You can do this either by placing it within an enclosure that prevents someone from getting to the key or, you can pull the keycap and clip the lead for that key then replace the keycap. Assuming that someone of ill-intent doesn't hook up a different keyboard you are good to go and you don't eliminate your ability to administer the system. ______________________________________________ 2) Modifying NTLDR to disable F8 is another option. http://groups.google.com/group/microsoft.public.win2000.security/msg/9d9a240b519d43e9 ______________________________________________ 3) If you're running Windows 7, MS has a hotfix to block regular users from using Safe Mode. http://support.microsoft.com/kb/977542 A hotfix is available to block standard users from logging on to a Window 7-based or Windows Server 2008 R2-based computer in safe mode ______________________________________________ 4) Yet another option is to disable the boot menu completely, appears to be Windows Vista & 7 only. http://www.sevenforums.com/general-discussion/113354-how-do-i-disable-safe-mode.html With command: bcdedit /set {bootmgr} displaybootmenu no You can disable the whole bootmenu. ______________________________________________ 5) A final option (final for me, as I need to get some sleep) is to use a commercial product. http://www.disablesafemode.com/ You probably know that you can access the Advanced Boot Options menu by turning on the computer and pressing the F8 key before Windows starts. isableSafeMode will prevent this; nobody will be able to start your system in Safe Mode or in any other repairing/debugging mode ______________________________________________
There's a few different ways you can do it, depending on the Windows version and what your security software will let you do. ______________________________________________ 1) One way is to physically alter the keyboard (any version) as suggested here: http://www.pcreview.co.uk/forums/disable-f8-and-safe-mode-windows-xp-boot-up-t145891.html An inelegant (but effective) method of preventing F8 access in this scenario is to modify the keyboard so that F8 is not usable. You can do this either by placing it within an enclosure that prevents someone from getting to the key or, you can pull the keycap and clip the lead for that key then replace the keycap. Assuming that someone of ill-intent doesn't hook up a different keyboard you are good to go and you don't eliminate your ability to administer the system. ______________________________________________ 2) Modifying NTLDR to disable F8 is another option. http://groups.google.com/group/microsoft.public.win2000.security/msg/9d9a240b519d43e9 ______________________________________________ 3) If you're running Windows 7, MS has a hotfix to block regular users from using Safe Mode. http://support.microsoft.com/kb/977542 A hotfix is available to block standard users from logging on to a Window 7-based or Windows Server 2008 R2-based computer in safe mode ______________________________________________ 4) Yet another option is to disable the boot menu completely, appears to be Windows Vista & 7 only. http://www.sevenforums.com/general-discussion/113354-how-do-i-disable-safe-mode.html With command: bcdedit /set {bootmgr} displaybootmenu no You can disable the whole bootmenu. ______________________________________________ 5) A final option (final for me, as I need to get some sleep) is to use a commercial product. http://www.disablesafemode.com/ You probably know that you can access the Advanced Boot Options menu by turning on the computer and pressing the F8 key before Windows starts. isableSafeMode will prevent this; nobody will be able to start your system in Safe Mode or in any other repairing/debugging mode ______________________________________________
Please log in to answer
Posted by:
jverbosk
12 years ago
There's a few different ways you can do it, depending on the Windows version and what your security software will let you do.
______________________________________________
1) One way is to physically alter the keyboard (any version) as suggested here:
http://www.pcreview.co.uk/forums/disable-f8-and-safe-mode-windows-xp-boot-up-t145891.html
An inelegant (but effective) method of preventing F8 access in this scenario is to modify the keyboard so that F8 is not usable. You can do this either by placing it within an enclosure that prevents someone from getting to the key or, you can pull the keycap and clip the lead for that key then replace the keycap. Assuming that someone of ill-intent doesn't hook up a different keyboard you are good to go and you don't eliminate your ability to administer the system.
______________________________________________
2) Modifying NTLDR to disable F8 is another option.
http://groups.google.com/group/microsoft.public.win2000.security/msg/9d9a240b519d43e9
______________________________________________
3) If you're running Windows 7, MS has a hotfix to block regular users from using Safe Mode.
http://support.microsoft.com/kb/977542
A hotfix is available to block standard users from logging on to a Window 7-based or Windows Server 2008 R2-based computer in safe mode
______________________________________________
4) Yet another option is to disable the boot menu completely, appears to be Windows Vista & 7 only.
http://www.sevenforums.com/general-discussion/113354-how-do-i-disable-safe-mode.html
With command: bcdedit /set {bootmgr} displaybootmenu no
You can disable the whole bootmenu.
______________________________________________
5) A final option (final for me, as I need to get some sleep) is to use a commercial product.
http://www.disablesafemode.com/
You probably know that you can access the Advanced Boot Options menu by turning on the computer and pressing the F8 key before Windows starts. isableSafeMode will prevent this; nobody will be able to start your system in Safe Mode or in any other repairing/debugging mode
______________________________________________
Hope that helps!
John
______________________________________________
1) One way is to physically alter the keyboard (any version) as suggested here:
http://www.pcreview.co.uk/forums/disable-f8-and-safe-mode-windows-xp-boot-up-t145891.html
An inelegant (but effective) method of preventing F8 access in this scenario is to modify the keyboard so that F8 is not usable. You can do this either by placing it within an enclosure that prevents someone from getting to the key or, you can pull the keycap and clip the lead for that key then replace the keycap. Assuming that someone of ill-intent doesn't hook up a different keyboard you are good to go and you don't eliminate your ability to administer the system.
______________________________________________
2) Modifying NTLDR to disable F8 is another option.
http://groups.google.com/group/microsoft.public.win2000.security/msg/9d9a240b519d43e9
______________________________________________
3) If you're running Windows 7, MS has a hotfix to block regular users from using Safe Mode.
http://support.microsoft.com/kb/977542
A hotfix is available to block standard users from logging on to a Window 7-based or Windows Server 2008 R2-based computer in safe mode
______________________________________________
4) Yet another option is to disable the boot menu completely, appears to be Windows Vista & 7 only.
http://www.sevenforums.com/general-discussion/113354-how-do-i-disable-safe-mode.html
With command: bcdedit /set {bootmgr} displaybootmenu no
You can disable the whole bootmenu.
______________________________________________
5) A final option (final for me, as I need to get some sleep) is to use a commercial product.
http://www.disablesafemode.com/
You probably know that you can access the Advanced Boot Options menu by turning on the computer and pressing the F8 key before Windows starts. isableSafeMode will prevent this; nobody will be able to start your system in Safe Mode or in any other repairing/debugging mode
______________________________________________
Hope that helps!
John
Rating comments in this legacy AppDeploy message board thread won't reorder them,so that the conversation will remain readable.
