Sign in with
Sign up | Sign in
Your question

Prevent a user from entering safe mode

Last response: in Windows XP
Share
Anonymous
a b 8 Security
April 28, 2005 1:18:16 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

I am configuring my PC with Windows XP Professional and I would like a
specific user (without admin rights) not being able to enter "safe mode"

How can I prevent the user from entering "safe mode"? For example
allowing "safe mode" only for admin users.

Please, tell me if this is possible or if there is another alternative.

Thank you in advance.
Anonymous
a b 8 Security
April 29, 2005 4:36:01 AM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

lago wrote:
> I am configuring my PC with Windows XP Professional and I would like a
> specific user (without admin rights) not being able to enter "safe
> mode"
>
> How can I prevent the user from entering "safe mode"? For example
> allowing "safe mode" only for admin users.
>
> Please, tell me if this is possible or if there is another
> alternative.
>
> Thank you in advance.

I don't think this is possible. What is your goal? Make sure the users don't
know the built-in admin credentials (use a good password).
Anonymous
a b 8 Security
April 29, 2005 6:00:01 AM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

I want a user to run only a set of applications and I can do that after the
user has enter in normal mode by running a program, but I cannot do it when
the user enter in safe mode, and I don´t want the user to be able to change
its own password, for example.

Disabling f8 for entering in safe mode could be a reasonable solution, but
the methods I have found in different newsgroups are a bit aggressive (they
result in a blue screen when safe mode is selected).

Can you tell me other solution to prevent the user from operating in safe
mode?

"Lanwench [MVP - Exchange]" wrote:

> lago wrote:
> > I am configuring my PC with Windows XP Professional and I would like a
> > specific user (without admin rights) not being able to enter "safe
> > mode"
> >
> > How can I prevent the user from entering "safe mode"? For example
> > allowing "safe mode" only for admin users.
> >
> > Please, tell me if this is possible or if there is another
> > alternative.
> >
> > Thank you in advance.
>
> I don't think this is possible. What is your goal? Make sure the users don't
> know the built-in admin credentials (use a good password).
>
>
>
Related resources
April 29, 2005 9:47:05 AM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

lago wrote:

> I want a user to run only a set of applications and I can do that
> after the user has enter in normal mode by running a program, but I
> cannot do it when the user enter in safe mode, and I don´t want the
> user to be able to change its own password, for example.
>
> Disabling f8 for entering in safe mode could be a reasonable solution,
> but the methods I have found in different newsgroups are a bit
> aggressive (they result in a blue screen when safe mode is selected).
>
> Can you tell me other solution to prevent the user from operating in
> safe mode?
>
> "Lanwench [MVP - Exchange]" wrote:
>
>> lago wrote:
>> > I am configuring my PC with Windows XP Professional and I would
>> > like a specific user (without admin rights) not being able to enter
>> > "safe mode"
>> >
>> > How can I prevent the user from entering "safe mode"? For example
>> > allowing "safe mode" only for admin users.
>> >
>> > Please, tell me if this is possible or if there is another
>> > alternative.
>> >
>> > Thank you in advance.
>>
>> I don't think this is possible. What is your goal? Make sure the
>> users don't know the built-in admin credentials (use a good
>> password).

Better solution: put a BIOS password on the machine and make sure the
computer can only boot from the hard drive. If your users reboot into
Safe Mode (and one wonders why they would do this, but oh well), they
won't be able to start Windows without the BIOS password. Then your IT
and/or HR depts. can address the consequences of restarting a company
computer with the culprits.

Malke
--
Elephant Boy Computers
www.elephantboycomputers.com
"Don't Panic!"
MS-MVP Windows - Shell/User
Anonymous
a b 8 Security
April 29, 2005 1:19:48 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

This isn't correct, Malke. A BIOS password prevents the machine from even booting.

--
Doug Knox, MS-MVP Windows Media Center\Windows Powered Smart Display
Win 95/98/Me/XP Tweaks and Fixes
http://www.dougknox.com
--------------------------------
Per user Group Policy Restrictions for XP Home and XP Pro
http://www.dougknox.com/xp/utils/xp_securityconsole.htm
--------------------------------
Please reply only to the newsgroup so all may benefit.
Unsolicited e-mail is not answered.

"Malke" <notreally@invalid.com> wrote in message news:%23jo%23MmLTFHA.3980@TK2MSFTNGP12.phx.gbl...
> lago wrote:
>
>> I want a user to run only a set of applications and I can do that
>> after the user has enter in normal mode by running a program, but I
>> cannot do it when the user enter in safe mode, and I don´t want the
>> user to be able to change its own password, for example.
>>
>> Disabling f8 for entering in safe mode could be a reasonable solution,
>> but the methods I have found in different newsgroups are a bit
>> aggressive (they result in a blue screen when safe mode is selected).
>>
>> Can you tell me other solution to prevent the user from operating in
>> safe mode?
>>
>> "Lanwench [MVP - Exchange]" wrote:
>>
>>> lago wrote:
>>> > I am configuring my PC with Windows XP Professional and I would
>>> > like a specific user (without admin rights) not being able to enter
>>> > "safe mode"
>>> >
>>> > How can I prevent the user from entering "safe mode"? For example
>>> > allowing "safe mode" only for admin users.
>>> >
>>> > Please, tell me if this is possible or if there is another
>>> > alternative.
>>> >
>>> > Thank you in advance.
>>>
>>> I don't think this is possible. What is your goal? Make sure the
>>> users don't know the built-in admin credentials (use a good
>>> password).
>
> Better solution: put a BIOS password on the machine and make sure the
> computer can only boot from the hard drive. If your users reboot into
> Safe Mode (and one wonders why they would do this, but oh well), they
> won't be able to start Windows without the BIOS password. Then your IT
> and/or HR depts. can address the consequences of restarting a company
> computer with the culprits.
>
> Malke
> --
> Elephant Boy Computers
> www.elephantboycomputers.com
> "Don't Panic!"
> MS-MVP Windows - Shell/User
April 29, 2005 1:19:49 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Doug Knox MS-MVP wrote:

> This isn't correct, Malke. A BIOS password prevents the machine from
> even booting.
>
That's what I meant to happen, Doug. If the users decide to reboot into
Safe Mode, they'll be stuck and have to call the IT Dept. for help. The
consequences can then be made unpleasant enough that the users won't
try to get around company policy again.

Malke
--
Elephant Boy Computers
www.elephantboycomputers.com
"Don't Panic!"
MS-MVP Windows - Shell/User
Anonymous
a b 8 Security
April 29, 2005 9:04:25 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Malke wrote:

> Doug Knox MS-MVP wrote:
>
>> This isn't correct, Malke. A BIOS password prevents the machine from
>> even booting.
>>
>
> That's what I meant to happen, Doug. If the users decide to reboot into
> Safe Mode, they'll be stuck and have to call the IT Dept. for help. The
> consequences can then be made unpleasant enough that the users won't
> try to get around company policy again.
Hi,

I can't see how a BIOS password is able to differentiate between an
ordinary boot and a safe mode boot?



--
torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway
Administration scripting examples and an ONLINE version of
the 1328 page Scripting Guide:
http://www.microsoft.com/technet/scriptcenter/default.m...
April 29, 2005 9:04:26 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Torgeir Bakken (MVP) wrote:

> Malke wrote:
>
>> Doug Knox MS-MVP wrote:
>>
>>> This isn't correct, Malke. A BIOS password prevents the machine
>>> from even booting.
>>>
>>
>> That's what I meant to happen, Doug. If the users decide to reboot
>> into Safe Mode, they'll be stuck and have to call the IT Dept. for
>> help. The consequences can then be made unpleasant enough that the
>> users won't try to get around company policy again.
> Hi,
>
> I can't see how a BIOS password is able to differentiate between an
> ordinary boot and a safe mode boot?
>
>
>
Maybe I'm just not expressing myself well. In order to get into Safe
Mode, the computer has to be rebooted. The BIOS password would prevent
the user who was rebooting (presumably against company policy) from
starting Windows in any shape or form. Then they would have to call IT.
Of course it would not be pleasant for the user. I was assuming that in
an office environment the workstations were not normally turned off.

However, since the OP hasn't come back, who knows what the situation was
or what they really wanted?

Malke
--
Elephant Boy Computers
www.elephantboycomputers.com
"Don't Panic!"
MS-MVP Windows - Shell/User
Anonymous
a b 8 Security
May 1, 2005 5:52:57 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

But that would prevent the user from rebooting at any time. And I don't recall seeing any corporate environment where rebooting was forbidden. Just think of the nightmare that would cause when the monthly security updates are pushed out. IT would have to go to every computer in the business and enter a password after the update.

--
Doug Knox, MS-MVP Windows Media Center\Windows Powered Smart Display
Win 95/98/Me/XP Tweaks and Fixes
http://www.dougknox.com
--------------------------------
Per user Group Policy Restrictions for XP Home and XP Pro
http://www.dougknox.com/xp/utils/xp_securityconsole.htm
--------------------------------
Please reply only to the newsgroup so all may benefit.
Unsolicited e-mail is not answered.

"Malke" <notreally@invalid.com> wrote in message news:eWCfa9LTFHA.3544@TK2MSFTNGP12.phx.gbl...
> Doug Knox MS-MVP wrote:
>
>> This isn't correct, Malke. A BIOS password prevents the machine from
>> even booting.
>>
> That's what I meant to happen, Doug. If the users decide to reboot into
> Safe Mode, they'll be stuck and have to call the IT Dept. for help. The
> consequences can then be made unpleasant enough that the users won't
> try to get around company policy again.
>
> Malke
> --
> Elephant Boy Computers
> www.elephantboycomputers.com
> "Don't Panic!"
> MS-MVP Windows - Shell/User
Anonymous
a b 8 Security
May 9, 2005 5:13:03 AM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Thank you for your suggestions, but as you have pointed out a BIOS password
does not solve my problem, because the limited user shouldn't need any
password to operate with his applications, but shouldn't be allowed to do
anything else

"Doug Knox MS-MVP" wrote:

> But that would prevent the user from rebooting at any time. And I don't recall seeing any corporate environment where rebooting was forbidden. Just think of the nightmare that would cause when the monthly security updates are pushed out. IT would have to go to every computer in the business and enter a password after the update.
>
> --
> Doug Knox, MS-MVP Windows Media Center\Windows Powered Smart Display
> Win 95/98/Me/XP Tweaks and Fixes
> http://www.dougknox.com
> --------------------------------
> Per user Group Policy Restrictions for XP Home and XP Pro
> http://www.dougknox.com/xp/utils/xp_securityconsole.htm
> --------------------------------
> Please reply only to the newsgroup so all may benefit.
> Unsolicited e-mail is not answered.
>
> "Malke" <notreally@invalid.com> wrote in message news:eWCfa9LTFHA.3544@TK2MSFTNGP12.phx.gbl...
> > Doug Knox MS-MVP wrote:
> >
> >> This isn't correct, Malke. A BIOS password prevents the machine from
> >> even booting.
> >>
> > That's what I meant to happen, Doug. If the users decide to reboot into
> > Safe Mode, they'll be stuck and have to call the IT Dept. for help. The
> > consequences can then be made unpleasant enough that the users won't
> > try to get around company policy again.
> >
> > Malke
> > --
> > Elephant Boy Computers
> > www.elephantboycomputers.com
> > "Don't Panic!"
> > MS-MVP Windows - Shell/User
>
!