hi, i was wondering if there was a way to disable safe mode or password protect access to it? we have some systems at a school that we would like to monitor with some monitoring software. unfortunately we have discovered that if the system is started in safe mode, it completely bypasses the monitoring software. any thoughts??
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
disable safe mode
- Thread starter spizotfl
- Start date
How do I disable Safe Mode? (NT, 2000, XP)
Windows NT, 2000 and XP do not have any easy way to disable Safe Mode. However, there is a way to 'break' safe mode temporarily.
Doing this is not recommended. Proceed at your own risk!
Click on the Start Button
Select Run
Type in "regedit" and hit OK
Expand the left hand side to HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SafeBoot
Under SafeBoot, you should now see Minimal and Network. Click on them and hit F2 to rename them to "Minimal-" and "Network-", respectively.
This should cause Windows to crash the next time it is booted into Safe Mode."
Windows NT, 2000 and XP do not have any easy way to disable Safe Mode. However, there is a way to 'break' safe mode temporarily.
Doing this is not recommended. Proceed at your own risk!
Click on the Start Button
Select Run
Type in "regedit" and hit OK
Expand the left hand side to HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SafeBoot
Under SafeBoot, you should now see Minimal and Network. Click on them and hit F2 to rename them to "Minimal-" and "Network-", respectively.
This should cause Windows to crash the next time it is booted into Safe Mode."
- Thread starter
- #3
Make sure you have an Administrator Password set and not just entry via a blank password. This will not prevent them using their own password however. Options within Safe Mode will be limited to any users just by the nature of Safe Mode itself.
Short of glueing the F8 key, I don't know what else you can do.
Why wont your monitoring software work in Safe Mode? Perhaps it would be easier to find some monitoring program that will work in Safe Mode?
Short of glueing the F8 key, I don't know what else you can do.
Why wont your monitoring software work in Safe Mode? Perhaps it would be easier to find some monitoring program that will work in Safe Mode?
- Thread starter
- #5
Why wont your monitoring software work in Safe Mode? Perhaps it would be easier to find some monitoring program that will work in Safe Mode?"
Most programs don't work in safe mode, especially monitoring ones as they tend to require network access etc etc.
Stu..
Only the truly stupid believe they know everything.
Stu.. 2004
Most programs don't work in safe mode, especially monitoring ones as they tend to require network access etc etc.
Stu..
Only the truly stupid believe they know everything.
Stu.. 2004
The whole point of safe mode is that it won't load any third party applications. I can't even think how you would write software to force itself to load, except by trojaning itself onto a system file. And you wouldn't catch me installing that on my network.
How are they logging on? Local account or domain logins? If it's a domian login, set a login script that merely fires off your monitoring software, if possible. Then again, if it's a service, Windows may prevent that service from being started, so you're back in the same boat.
My personal preference would be to write a quick VB script that is fired off from the logon script. It would check the value of the "SAFEBOOT_OPTION" environment variable, and if present (meaning the system is in safemode), I would grab the currently logged in user (%username% environment variable) and email that to myself, and then immediately issue a "shutdown -t 2 -c "Safemode is not allowed here."" command.
That'll stop them from using safemode with network access, and it tells me whose accounts to go lock.
How are they logging on? Local account or domain logins? If it's a domian login, set a login script that merely fires off your monitoring software, if possible. Then again, if it's a service, Windows may prevent that service from being started, so you're back in the same boat.
My personal preference would be to write a quick VB script that is fired off from the logon script. It would check the value of the "SAFEBOOT_OPTION" environment variable, and if present (meaning the system is in safemode), I would grab the currently logged in user (%username% environment variable) and email that to myself, and then immediately issue a "shutdown -t 2 -c "Safemode is not allowed here."" command.
That'll stop them from using safemode with network access, and it tells me whose accounts to go lock.
- Thread starter
- #8
Or course a dedicated hacker would bring their own keyboard. An alternative is NOT to shut down, but simply lock the machine with [window-key]L, and have a password. Wasteful of energy, but you can set the machine to hybernate.
![[yinyang]](/data/assets/smilies/yinyang.gif "[yinyang] [yinyang]")
Madawc Williams (East Anglia, UK). Using Windows XP & Crystal 10
Madawc Williams (East Anglia, UK). Using Windows XP & Crystal 10 - Thread starter
- #11
Here's a quick, simple example. This doesn't do any emailing, but it does capture the username, which you could then use to do whatever you wanted.
save it as a .vbs file to test it
Code:
Set WMIService = GetObject("winmgmts:\\.\root\cimv2")
Set Items = WMIService.ExecQuery("Select * from Win32_Environment")
safemode = false
For Each SubItems in Items
if subitems.name = "SAFEBOOT_OPTION" then
safemode = True
end if
if subitems.name = "lib" then
username = subItems.Username
end if
Next
if safemode = True then
msgbox "We caught you " & username
set objShell = CreateObject("WScript.Shell")
objShell.run "shutdown -s -t 1", 1, False
end ifsave it as a .vbs file to test it
- Thread starter
- #13
should this script work in 2000? i copied it and jumped into safemode. when i ran it i got the error:
The system cannot find the file specified.
Line: 18
Char: 4
Code: 80070002
Sourcenull)
objShell.run "shutdown -s -t 1", 1, False
looks like line 18.
also, is there a way to test for safemode with networking? i think in the end, that is probably what i need to do without i just didn't think it through.
thanks for the help and suggestions
The system cannot find the file specified.
Line: 18
Char: 4
Code: 80070002
Source
null)objShell.run "shutdown -s -t 1", 1, False
looks like line 18.
also, is there a way to test for safemode with networking? i think in the end, that is probably what i need to do without i just didn't think it through.
thanks for the help and suggestions
ah, no shutdown command in Win2k? I thought it had it.
To check for network enabled safemode, you'd want to look at the value of safeboot_option. "Network" or "minimal". Minimal being normal safemode.
Ok, if there is no DOS shutdown command, we can do it with WMI script. The code would then look like this:
Probably the better way to do it anyway.
To check for network enabled safemode, you'd want to look at the value of safeboot_option. "Network" or "minimal". Minimal being normal safemode.
Ok, if there is no DOS shutdown command, we can do it with WMI script. The code would then look like this:
Code:
Set WMIService = GetObject("winmgmts:\\.\root\cimv2")
Set Items = WMIService.ExecQuery("Select * from Win32_Environment")
safemode = false
For Each SubItems in Items
if SubItems.Name = "SAFEBOOT_OPTION" and SubItems.VariableValue = "Network" then
safemode = True
end if
if subitems.name = "lib" then
username = subItems.Username
end if
Next
if safemode = True then
msgbox "We caught you " & username
Set OpSysSet = WMIService.ExecQuery("select * from Win32_OperatingSystem where Primary=true")
For each OpSys in OpSysSet
OpSys.Shutdown()
next
end if- Thread starter
- #15
- Status
Similar threads
- Locked
- Question
