Page 1 of 2 12 LastLast
Results 1 to 10 of 14

Thread: Boot Device List

  1. #1
    Gonzo District BOFH westin's Avatar
    Join Date
    Jan 2006
    Location
    SW MO
    Posts
    1,187

    Boot Device List

    Hey Folks,

    I have been trying to figure out a way to prevent people from booting off of CDs, USB devices, etc. [For reasons which should be pretty obvious ] The machine I am currently working with is a Dell Optiplex. I have gone into the BIOS, and disabled all items in the boot sequence, except for the SATA HDD, and set the administrator password [to prevent changes in Setup]. Even with this set, you can still tap F12, which brings up a list of devices, and choose which one to boot from. I inserted a linux live cd, and was able to boot from it with no problems.

    Does anyone know of a way to prevent users from accessing the boot device listing? I have been searching around, but have not found anything yet. I will edit this post if I find the answer before anyone responds.

    Thanks in advance.

    Edit:

    The closest thing I have found so far, is to turn off the message that says 'Press F12 for boot device list'. Though if you already know which key to press, or mash enough keys, you can still get to it...
    Last edited by westin; July 21st, 2009 at 08:15 PM.
    \"Those of us that had been up all night were in no mood for coffee and donuts, we wanted strong drink.\"

    -HST

  2. #2
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    Hi westin,

    Obviously this is a BIOS issue, and may well be peculiar to Dell. My wife has a Dimension 8100 which also has the F12 option (F2 = setup, F12 = boot selection menu). I have mentioned in other posts that OEMs tend to have their own versions of BIOS which are presumably designed to minimise and simplify their support activity.

    I guess that this is an easy way to get into the recovery partition/CD

    I have just booted up one of my home-built boxes, and this option is not there and F12 does nothing.

    I am wondering if this has something to do with the fact that Dells ship with the ESXi hypervisor virtualisation product ("and not many people know that" )

    You might try this:

    REMOVE ALL EXTERNAL USB STORAGE DEVICES

    THEN:-

    1. Boot to setup (F2)
    2. Go to "Integrated Devices"
    3. Select SD Card or Internal USB Port (depends on your model)
    4. Toggle to "disabled"
    5. Reboot

    If that works, please blame MsMittens
    Last edited by nihil; July 22nd, 2009 at 09:59 AM.

  3. #3
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401
    Quote Originally Posted by nihil View Post
    I have just booted up one of my home-built boxes, and this option is not there and F12 does nothing.
    Try F10 or F11. A lot of BIOS manufacturers have this option.
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  4. #4
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    Try F10 or F11. A lot of BIOS manufacturers have this option.
    No, no response with those either. It is a home built box with a Gigabyte MoBo and a P4 2.26GHz single core, booting XP Pro, which I guess makes it about 6 or 7 years old.The BIOS is Award 6.0 PG, dated 17 May 2002. My wife's is a Dell, which is a couple of years older and has the F12 functionality.

    I seem to recall that if this function is there, you also have an option in the BIOS to "Disable boot menu on startup" or something along those lines?

    AS westin specifically mentioned Dell, it made me think of the ESXi recovery mechanism that uses onboard SD Flash or USB memory.

  5. #5
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401
    Quote Originally Posted by nihil View Post
    I seem to recall that if this function is there, you also have an option in the BIOS to "Disable boot menu on startup" or something along those lines?
    Yeah, something like that. I've also seen "Alternative boot options".
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  6. #6
    Gonzo District BOFH westin's Avatar
    Join Date
    Jan 2006
    Location
    SW MO
    Posts
    1,187
    Thanks for the response nihil. I will give that a shot. I just don't want the kiddos in the school here booting BackTrack, Knoppix STD, OWASP, etc...

    I have noticed the boot menu on IBM/Lenovo machines as well. I am sure that several other manufacturers have something similar.

    Thanks again for the help, I will let you know what happens.

    Update:

    I didn't see either SD Card or Internal USB. It did have 'USB Controller'. I switched that setting to 'No Boot'. This option appears to disable booting from USB devices, but will still allow booting from CD. Getting closer.
    Last edited by westin; July 22nd, 2009 at 03:39 PM.
    \"Those of us that had been up all night were in no mood for coffee and donuts, we wanted strong drink.\"

    -HST

  7. #7
    disable a IDE port or remove power\cable from cd-device.

  8. #8
    Gonzo District BOFH westin's Avatar
    Join Date
    Jan 2006
    Location
    SW MO
    Posts
    1,187
    Quote Originally Posted by Linen0ise View Post
    disable a IDE port or remove power\cable from cd-device.
    That would be ideal, but unfortunately some of the classes have instructional CDs/DVDs that they watch.

    I appreciate the suggestion though...
    \"Those of us that had been up all night were in no mood for coffee and donuts, we wanted strong drink.\"

    -HST

  9. #9
    Quote Originally Posted by westin View Post
    That would be ideal, but unfortunately some of the classes have instructional CDs/DVDs that they watch.

    I appreciate the suggestion though...
    lol.... Disable the devices and put those cd's on a local server with a desktop shortcut. Otherwise you have a no-win situation. They still have access to the primary partition including everyone's documents and settings. A hacker just needs to take a snapshot of the original partition before creating their personal partition; restoring the magic numbers will pwn you everytime.
    Last edited by Linen0ise; July 22nd, 2009 at 05:39 PM.

  10. #10
    Gonzo District BOFH westin's Avatar
    Join Date
    Jan 2006
    Location
    SW MO
    Posts
    1,187
    Quote Originally Posted by Linen0ise View Post
    lol.... Disable the devices and put those cd's on a local server with a desktop shortcut. Otherwise you have a no-win situation. They still have access to the primary partition including everyone's documents and settings. A hacker just needs to take a snapshot of the original partition before creating their personal partition; restoring the magic numbers will pwn you everytime.
    Thanks again for the suggestions

    I may give that a try. It will be painful, as some of the classes [credit recovery for example] have 30-45 cds that they use throughout the year. And the business classes like to burn their projects to CD... but we can probably work around that... though if anyone has any suggestions that would be easier to implement, I am all ears.
    \"Those of us that had been up all night were in no mood for coffee and donuts, we wanted strong drink.\"

    -HST

Similar Threads

  1. Linux connection problem
    By aura2 in forum General Computer Discussions
    Replies: 7
    Last Post: December 21st, 2005, 09:37 AM
  2. Tutorial: Linux Installation -- RedHat 7.x -- i386 Arch.
    By MrLinus in forum Other Tutorials Forum
    Replies: 3
    Last Post: December 10th, 2003, 02:16 PM
  3. Newbies, list of many words definitions.
    By -DaRK-RaiDeR- in forum Newbie Security Questions
    Replies: 9
    Last Post: December 14th, 2002, 08:38 PM
  4. Solaris Hardening
    By R0n1n in forum *nix Security Discussions
    Replies: 3
    Last Post: November 20th, 2002, 02:20 PM
  5. Why is NT/2k so much more stable? Part 2/5
    By xmaddness in forum Other Tutorials Forum
    Replies: 1
    Last Post: July 23rd, 2002, 12:00 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •