Had an interesting security team requirement today to stop kiosk PCs being
booted into safe mode, as they had an automatic logon configured for them.
In safe mode the policies wouldn't be applied, allowing the automatically
logged-on user to potentially have access to some shares they shouldn't.

It turns out you can do this, if you change the permissions on the two
Registry keys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network

and then rename them

If you then try to F8 boot to safe mode, the machine will crash....not
pretty, but effective

The reason they were OK with this approach was that these PCs would be
re-imaged and replaced if they developed any sort of problem, rather than
actually troubleshooting the issue.

Just thought I'd share in case anyone has the same requirement and doesn't
know how to do it - this was on Windows 7 desktops.

Cheers,



-- 
*James Rankin*
Technical Consultant (ACA, CCA, MCTS)
http://appsensebigot.blogspot.co.uk

Reply via email to