Child Proofing

[adammaxwell]

I work at a local school fixing and handling their computers, and i can not figure out how to stop the children getting into the settings and changing screens and passwords in windows 95. Is there anyway to hide or restrict access, so these chidren can not change the settings.<br>
thanx

 

[rycamor]

Others, correct me if I'm wrong, but anyone who knows Windows 95 can just reboot, hit F8, boot to a DOS prompt and find the password file easily.<br>
<br>
But I believe there is some add-on software somewhere to encrypt the password file and/or lock the desktop.<br>
<br>
Your best bet is to use Windows NT, and grant very limited rights to the standard user. NT lets you restrict access to ANY files or folders on the system.

 

[Spammy]

You can remove the ability to boot into safe mode or to a DOS prompt by editing the msdos.sys in the root directory. Set the BootKeys=no. You can also change the boot order in the BIOS to C only and password protect them to prevent booting to a DOS boot disk. Poledit is a utility that comes in the 9x cdrom that allows you to limit settings on individual computers, it isn't super secure, but it stops lots of little changes and people without some experience. <br>
<br>
You can purchase third-party products such as WinClass and Fortress. I don't remember who makes these programs, but they are pretty good. WinClass is more strict and almost impossible to disable/remove it without destroying Windows

 

[Mardawg]

In addition to editing the msdos.sys file you can create a user profile that locks out many functions such as the run command and others security holes. It will not be perfect, but it could prove to be what you need.

 

[Alt255]

Use Spammy and Mardawgs suggestions and then create two batch files; one to back up the registry and desktop and one to restore them. I haven't tried these yet but they should work.... you won't be able to STOP the children but you can undo most of their mischief.<br>
You will need pkzip and pkunzip (shareware) to try these.<br>
-------------------------------<br>
REM Batchfile to backup current settings<br>
REM Make sure you have booted to the command prompt and that Windows was functioning normally when you left it<br>
@echo off<br>
cd \windows<br>
REM backup the registry<br>
regedit /e mybackup.reg<br>
REM backup some passwords<br>
pkzip -r pwl.zip *.pwl<br>
REM backup some INIs<br>
pkzip -r ini.zip *.ini<br>
cd desktop<br>
REM backup the desktop<br>
pkzip -r mybackup.zip<br>
(if there are more than one user profiles you should go into the profiles folder and do the same command)<br>
-----------------------------------<br>
REM Batchfile to restore the settings<br>
@echo off<br>
cd \windows<br>
REM restore the registry<br>
regedit /c mybackup.reg<br>
REM restore some passwords<br>
pkunzip -d pwl.zip<br>
REM restore some INIs<br>
pkunzip -d ini.zip<br>
cd desktop<br>
REM restore the desktop<br>
pkunzip -d mybackup.zip<br>
<br>
Just make sure that the system is all-correct before you back it up. You will need to run the backup batch after installing new software or making any changes you want to "stick".<br>
<br>
I hope this helps.<br>

 

[mckarl]

i think i may be missing the point here, but are you talking about the startup/logon screen?? <br>
<br>
if you are, the password file *.pwl (find it in quick search) is the place to look for.<br>
<br>
search "*.pwl" and you will find the list of all the usernames. If the files are removed, the user (kid) can gain root/admin access and make up his own password. 9X are not good for security, NT is much better, schools never realy thought of it, maybe cos of all the other little bits NT has, EG NET SEND commands... well anyhow. <br>
<br>
Take this for example. <br>
As a kid, i used to (still am a kid) go into dixons/currys and the screen saver password was on. <br>
Heres how i cocked the zombies.<br>
<br>
REBOOT<br>
<br>
click cancel on the logon screen<br>
<br>
SEARCH FOR "*.pwl"<br>
<br>
REMOVE ALL FILES<br>
<br>
REBOOT<br>
<br>
++ HAVE FUN ++<br>
<br>
Try it...<br>
<br>
mmm.... in fact... i'm going now... hahahaha... heheheheheh ... hahahahaha... DOH!!<br>
<br>
<br>
Karl. <br>
<br>
any probs mc_karl@yahoo.com<br>
<br>
<br>
<br>

 

[Alt255]

Hey, Karl, I've been trying to decrypt a .pwl to find a "lost" password but I can't find the key. Is it in the .pwl or dohs Windows store it somewhere else? I can't delete the file because I'll lose the password. I didn't want to format the hard drive but, if it will let me play my silly games, I'm willing to give it a shot. Will fdisk reveal the password? Will I get the password if I run a screwdriver across the surface of the motherboard?<br>
<br>
Just curious. After all, if I can't use it, is there a reason I shouldn't destroy it?<br>
<br>
Just curious. Just joking. We're here to provide solutions, not suggest ways to cause problems.<br>

 

[Alt255]

Addendum: There is a fairly easy "hack" that prevents users from using the BootKeys function. If you have a binary editor, such as Norton's Diskedit, remove the SHR attributes from C:\IO.SYS, open it with the editor, search for "BOOTKEYS" and replace the string with "RESTRICT". Open C:\MSDOS.SYS with any editor and add the line "Restrict=0".<br>
Any subsequent attempt to add BootKeys=1 to MSDOS.SYS will render an "INVALID FUNCTION: BOOTKEYS=1" error and a normal "uncontrolled" boot to Windows.<br>
Change the restrict line to Restrict=1 if you need to access the Windows boot menu.<br>
You could, of course, use any legal 8-digit string to replace "BOOTKEYS".... but "FORMAT_C" might not convey an appropriate message to the users.<br>

 

[Alt255]

Of course, deleting MSDOS.SYS makes the discussion meaningless.<br>
<br>
Go to NT if you want a "real" solution.<br>
Sorry. Go to Linex.<br>
Sorry. There are only the solutions you apply.<br>

 

[robherc]

adammaxwell-<br>
<br>
&nbsp;&nbsp;&nbsp;&nbsp;I work very closely with a school computer 'handyman' I'll check with him & see what security program he's using as I already know the flaws in it & can very much help you make workarounds for them (1st lworkaround: GET BOE [Back Orifice Eliminator]...I've rendered a few of the systems useless while testing Back Orifice on them). Other than that, I'm sorry, but there aren't many easy outs except for the time-tried MSDOS file handling methods....make sure you password protect your F2 BIOS/CMOS setup first....that's the _most_ crucial loophole to close up!<br>
<br>
<br>
Alt255-<br>
<br>
&nbsp;&nbsp;&nbsp;&nbsp;Umm.....rough day? (Linux, does ;-)<br>
<br>
<br>
-robherc<br>
robherc@netzero.net