+ Post New Thread
Results 1 to 13 of 13
Windows Thread, Kids messing in DOS prompt after F8 safe mode with networking... in Technical; Have some students doing some testing for me..... They have discovered (and I have verified) that if they boot into ...
  1. #1
    kennysarmy's Avatar
    Join Date
    Oct 2005
    Location
    UK
    Posts
    1,286
    Thank Post
    80
    Thanked 45 Times in 31 Posts
    Rep Power
    30

    Kids messing in DOS prompt after F8 safe mode with networking...

    Have some students doing some testing for me.....

    They have discovered (and I have verified) that if they boot into safe mode with networking by pressing f8 they can then use the "Windows Help and Support" window that is open by default to click "Diagnostic tools to use in safe mode" - one of which is "Click to open Command Prompt".

    They have then been able to hunt around and find security groups etc.

    I am not sure what damage they could cause if any - but would rather block this hole if possible.

    Could I create a policy that prevents HelpPane.exe from running in my security group policy.

    Does anyone block the F8 options? or edit them somehow so kids cannot mess?

  2. #2

    DaveP's Avatar
    Join Date
    Oct 2006
    Location
    Can't talk now: The mother-ship is calling!
    Posts
    8,781
    Thank Post
    351
    Thanked 1,274 Times in 870 Posts
    Blog Entries
    4
    Rep Power
    1126
    Haven't seen this problem myself so a quick Google of the topic gives this page as the second result:

    Link: Microsoft: Windows XP Pro - disable safe mode

    Doing this is not recommended. Proceed at your own risk!

    Click on the Start Button
    Select Run
    Type in "regedit" and hit OK
    Expand the left hand side to HKEY_LOCAL_MACHINE\System\CurrentControlSet\Contro l\SafeBoot
    Under SafeBoot, you should now see Minimal and Network. Click on them and hit F2 to rename them to "Minimal-" and "Network-", respectively.
    This should cause Windows to crash the next time it is booted into Safe Mode."
    If you can quickly redeploy your stations [Imaging/Rebuilding] I suppose you could experiment with theis technique on one machine to see how it works out for you?
    Last edited by DaveP; 15th March 2011 at 07:04 PM. Reason: Correct spelling mistake.

  3. #3

    Michael's Avatar
    Join Date
    Dec 2005
    Location
    Birmingham
    Posts
    9,262
    Thank Post
    242
    Thanked 1,568 Times in 1,250 Posts
    Rep Power
    340
    When the kids are pressing F8 and going into Safe Mode, how are they logging in? Correct me if I am wrong, but I don't think you can logon to a domain from Safe Mode.

    A simple solution is to rename the local administrator account and you can do this via a GPO:

    Computer Config > Windows Settings > Security Settings > Local Policies > Security Options -

    Accounts: Rename administrator account
    Accounts: Rename guest account

    In 2008 Server you can also change the administrator password completely using GPP (Group Policy Preference). Another alternative (what I normally do) is make these changes just before you take an image. It's all done for you from the start

  4. #4


    Join Date
    Feb 2007
    Location
    51.405546, -0.510212
    Posts
    8,758
    Thank Post
    221
    Thanked 2,630 Times in 1,938 Posts
    Rep Power
    779
    You could do what RM do on CC3 and disable the mouse and keyboard while in Safe Mode. Microsoft even have a KB article which mentions this.

    DisableSafeModeMouseAndKeyboard.reg
    Code:
    Windows Registry Editor Version 5.00
    
    ; Delete mouse driver for safe mode
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\SafeBoot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
    
    ; Delete keyboard driver for safe mode
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\SafeBoot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
    EnableSafeModeMouseAndKeyboard.reg
    Code:
    Windows Registry Editor Version 5.00
    
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
    @="Mouse"
    
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
    @="Mouse"
    
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
    @="Mouse"
    
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\SafeBoot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
    @="Mouse"
    
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
    @="Keyboard"
    
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
    @="Keyboard"
    
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
    @="Keyboard"
    
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\SafeBoot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
    @="Keyboard"

    DisableSafeModeMouseAndKeyboard.vbs
    Code:
    On Error Resume next
    
    Dim WSHShell
    Set WSHShell = WScript.CreateObject("WScript.Shell")
    
    ' Delete mouse driver for safe mode
    WSHShell.RegDelete "HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}\"
    WSHShell.RegDelete "HKLM\SYSTEM\ControlSet002\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}\"
    WSHShell.RegDelete "HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}\"
    WSHShell.RegDelete "HKLM\SYSTEM\ControlSet002\Control\SafeBoot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}\"
    
    ' Delete keyboard driver for safe mode
    WSHShell.RegDelete "HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}\"
    WSHShell.RegDelete "HKLM\SYSTEM\ControlSet002\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}\"
    WSHShell.RegDelete "HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}\"
    WSHShell.RegDelete "HKLM\SYSTEM\ControlSet002\Control\SafeBoot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}\"
    
    Set WSHShell = Nothing
    Last edited by Arthur; 15th March 2011 at 10:27 PM.

  5. Thanks to Arthur from:

    Michael (15th March 2011)

  6. #5

    Michael's Avatar
    Join Date
    Dec 2005
    Location
    Birmingham
    Posts
    9,262
    Thank Post
    242
    Thanked 1,568 Times in 1,250 Posts
    Rep Power
    340
    Nice little script you have there Arthur

  7. #6
    kennysarmy's Avatar
    Join Date
    Oct 2005
    Location
    UK
    Posts
    1,286
    Thank Post
    80
    Thanked 45 Times in 31 Posts
    Rep Power
    30
    Quote Originally Posted by Michael View Post
    When the kids are pressing F8 and going into Safe Mode, how are they logging in? Correct me if I am wrong, but I don't think you can logon to a domain from Safe Mode.

    A simple solution is to rename the local administrator account and you can do this via a GPO:

    Computer Config > Windows Settings > Security Settings > Local Policies > Security Options -

    Accounts: Rename administrator account
    Accounts: Rename guest account

    In 2008 Server you can also change the administrator password completely using GPP (Group Policy Preference). Another alternative (what I normally do) is make these changes just before you take an image. It's all done for you from the start
    If we boot in to safe mode with networking we are able to logon on our test windows 7 pc.
    Last edited by kennysarmy; 15th March 2011 at 07:44 PM.

  8. #7
    kennysarmy's Avatar
    Join Date
    Oct 2005
    Location
    UK
    Posts
    1,286
    Thank Post
    80
    Thanked 45 Times in 31 Posts
    Rep Power
    30
    There is another thread I have found on this topic:
    Disable F8 Now!!!

    However that suggests the keys to edit are in the currentcontrolset - your script and reg files edit the set001 and 002 - do you know why the difference?

  9. #8

    Michael's Avatar
    Join Date
    Dec 2005
    Location
    Birmingham
    Posts
    9,262
    Thank Post
    242
    Thanked 1,568 Times in 1,250 Posts
    Rep Power
    340
    Quote Originally Posted by kennysarmy View Post
    If we boot in to safe mode with networking we are able to logon on our test windows 7 pc.
    I'm a little surprised by this, as the built in administrator account in Windows Vista is disabled by default. You can only logon with a user who's a member of the local administrator group. I have no reason to believe Windows 7 is any different.

    The built in administrator account can be re-enabled, but of course you need to be logged in with another local administrator account to perform the net user command.

    Windows XP on the other hand always has an administrator account created and in most cases with a blank password.

  10. #9


    Join Date
    Feb 2007
    Location
    51.405546, -0.510212
    Posts
    8,758
    Thank Post
    221
    Thanked 2,630 Times in 1,938 Posts
    Rep Power
    779
    Quote Originally Posted by kennysarmy View Post
    However that suggests the keys to edit are in the currentcontrolset - your script and reg files edit the set001 and 002 - do you know why the difference?
    By editing ControlSet001 and 002 you are effectively editing CurrentControlSet anyway.

  11. #10
    kennysarmy's Avatar
    Join Date
    Oct 2005
    Location
    UK
    Posts
    1,286
    Thank Post
    80
    Thanked 45 Times in 31 Posts
    Rep Power
    30
    Quote Originally Posted by Michael View Post
    I'm a little surprised by this, as the built in administrator account in Windows Vista is disabled by default. You can only logon with a user who's a member of the local administrator group. I have no reason to believe Windows 7 is any different.

    The built in administrator account can be re-enabled, but of course you need to be logged in with another local administrator account to perform the net user command.

    Windows XP on the other hand always has an administrator account created and in most cases with a blank password.
    I don't think this has anything to do with administrator accounts....the little darlings are logging in with their normal domain account - which seems possible if you boot using F8 in to safe mode WITH networking.....

    Thanks.

  12. #11
    enjay's Avatar
    Join Date
    Apr 2007
    Location
    Reading, Berkshire, UK
    Posts
    4,485
    Thank Post
    282
    Thanked 196 Times in 167 Posts
    Rep Power
    75
    Possibly missing something here, but if they're logging in, won't GPOs kick in and prevent things like command prompt from running anyway? Or does Safe Mode bypass GPOs?

  13. #12
    Marci's Avatar
    Join Date
    Jun 2008
    Location
    Wakefield, West Yorkshire
    Posts
    888
    Thank Post
    84
    Thanked 234 Times in 193 Posts
    Rep Power
    82
    Reading around a bit, Local Policies are applied in SafeMode with networking under Win7, but Group Policies aren't.
    (eg: Restrict access to Safe Mode)

  14. #13

    Join Date
    Dec 2005
    Posts
    524
    Thank Post
    34
    Thanked 87 Times in 77 Posts
    Rep Power
    39
    we are looking into this at the moment...

    our plan is just to delete the minimal and network reg folders completely

    this makes the computers restart when you choose safemode hehe

    if we need safemode back for admin purposes we can just merge the keys back in

SHARE:
+ Post New Thread

Similar Threads

  1. Replies: 4
    Last Post: 23rd April 2013, 10:26 AM
  2. Disable Safe Mode
    By ptotham in forum Windows 7
    Replies: 6
    Last Post: 15th November 2011, 02:39 PM
  3. Kids bypassing dos restrictions
    By mrbios in forum Windows
    Replies: 9
    Last Post: 30th January 2009, 07:58 PM
  4. Replies: 5
    Last Post: 15th November 2008, 05:23 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •