Had an interesting security team requirement today to stop kiosk PCs being booted into safe mode, as they had an automatic logon configured for them. In safe mode the policies wouldn't be applied, allowing the automatically logged-on user to potentially have access to some shares they shouldn't.
It turns out you can do this, if you change the permissions on the two Registry keys HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network and then rename them If you then try to F8 boot to safe mode, the machine will crash....not pretty, but effective The reason they were OK with this approach was that these PCs would be re-imaged and replaced if they developed any sort of problem, rather than actually troubleshooting the issue. Just thought I'd share in case anyone has the same requirement and doesn't know how to do it - this was on Windows 7 desktops. Cheers, -- *James Rankin* Technical Consultant (ACA, CCA, MCTS) http://appsensebigot.blogspot.co.uk
