|
Blake Coverett wrote:
disabling those via software
By using the Windows service floplock.exe see Q185704 , the source code is supplied, you can disable the floppy, COM ports and I believe the CD. These can be done in the BIOS as well, of course, which can then be password protected.
100% security is not possible, but using an industrial enclosure, which has floppy, CD, and power switch behind a lockable panel, plus the case itself being locked, the box then securly fastened to an imovable object. Plus monitoring the PC on the network for a reboot.
"Committee--a group of men who individually can do nothing but as a group decide that nothing can be done." - Fred Allen
|
|
|
|
|
Ted Ferenc wrote:
By using the Windows service floplock.exe see Q185704 , the source code is supplied, you can disable the floppy, COM ports and I believe the CD. These can be done in the BIOS as well, of course, which can then be password protected.
Floplock does not disable the floppy or anything else at boot time, only after Windows is entirely booted and user-mode services are running.
The BIOS, and passwords on it I already addressed in my last post. It is of no use unless the hardware is physically secured.
Ted Ferenc wrote:
100% security is not possible, but using an industrial enclosure, which has floppy, CD, and power switch behind a lockable panel, plus the case itself being locked, the box then securly fastened to an imovable object. Plus monitoring the PC on the network for a reboot.
*grins* Thank you, that was exactly what I said in the first place. It is not a hard problem to solve in hardware, but it can not be solved in software.
-Blake
|
|
|
|
|
Blake Coverett wrote:
solve in hardware,
Perhaps we should start some flame wars about the insecurity of a stand alone Windws PCs
After all, if you simply steal the PC or hard drive, that is an effective way of breaking security. But disabling BIOS and floppy, CD serial port, USB ports does go a long way to making it secure.
I have always said I can easily guarantee totally security on a PC!! Simply remove the power cable!
"Committee--a group of men who individually can do nothing but as a group decide that nothing can be done." - Fred Allen
|
|
|
|
|
Ted Ferenc wrote:
about the insecurity of a stand alone Windws PCs
No, you miss the point. All of what I said about boot time security and physical access to the machine applies regardless of the operating system installed on the machine. This has been a well understood fact in security circles before there was a Windows.
-Blake
|
|
|
|
|
Blake Coverett wrote:
boot time security
I totally agree, you just need on OS that does not and can not boot from a disk. even that could be argued is not 100% secure.
"Committee--a group of men who individually can do nothing but as a group decide that nothing can be done." - Fred Allen
|
|
|
|
|
How can I reinstall the Windows XP Boot loader. My laptop currentl dool boots linux and windows. I'm using Lilo as my bootloader. I'm removing linux from my laptop so I need to reinstall the windows boot loader. fdisk is missing from XP so I assume there is a new way
Jared
jparsons@jparsons.org
www.prism.gatech.edu/~gte477n
|
|
|
|
|
Can you install just the bootloader? The best way it just to remove Lilo and it should default back to the XP bootloader. In fact, I think that's the only thing I learned how to do in Linux
|
|
|
|
|
|
That's how I got XP to boot back using Mandrake 9.X just simply removed Lilo..There may be a restore previous flag I'm not sure but I do know thats how I did it.
|
|
|
|
|
jparsons wrote:
How can I reinstall the Windows XP Boot loader. My laptop currentl dool boots linux and windows. I'm using Lilo as my bootloader. I'm removing linux from my laptop so I need to reinstall the windows boot loader. fdisk is missing from XP so I assume there is a new way
Going from hazy memory, but here goes. Boot from your XP CD, go into the recovery console and run fixmbr. There is some other fix* program you may have to run as well. HTH.
Michael Martin
Australia
"I suspect I will be impressed though, I am easy."
- Paul Watson 21/09/2003
|
|
|
|
|
|
All knowing gurus,
I have a rather strange question... I have an XP desktop machine connected to ADSL via it's LAN, and a 386 laptop, with no network card, only a modem, and Windows 3.11 (nostalgia! ). I would like to get the laptop online, so I've tried setting up XP's dial up server, and Trumpet Winsock on the 3.11 machine. I have some freaky equipment (an old ISDN Quattrovox, if you must know ) between the two computers' modems, to act like an outside line. All good so far... But when I try and dial up on the 3.11 machine it dials and makes all the noises then falls flat when it's trying to authenticate. What could be the problem? And if I can get it to dial up, will the laptop be able to surf the internet, or will it only see the XP machine? This is mainly a fun (geeky?) experiment with a laptop someone gave to me today instead of throwing away, so it's not critical that it works...
Thanks in advance
If I sound a bit incoherent, i'm almost falling asleep
Paul
That demands capital punishment!! Death by a herd of marauding Bobs! - Ryan Binns
modified 18-Jul-18 11:59am.
|
|
|
|
|
IIRC, Trumpet Winsock always was buggy, and its TCP/IP stack had some serious problems on following standards.
Why don't you remove Windows 3.11 from the 386 machine and use a Linux (if you have only 4MB RAM maybe at runlevel 2 to save some memory)? This way you could use your old machine with a modern OS.
Trying to make bits uncopyable is like trying to make water not wet.
-- Bruce Schneier
By the way, dog_spawn isn't a nickname - it is my name with an underscore instead of a space. -- dog_spawn
|
|
|
|
|
Daniel Turini wrote:
Linux
I'll maybe do that as a last resort
Paul
That demands capital punishment!! Death by a herd of marauding Bobs! - Ryan Binns
modified 18-Jul-18 11:59am.
|
|
|
|
|
Got Office XP SP2 with the Level1Add and Level1Remove registry keys that tell Outlook what file types to block and which to allow through. When I click on an attachment I get a dialog where my only choices are to Save to disk or Cancel.
On the machines at work I get the choice to Open the file or Save the file to disk. Does anyone know how to make this option available on my home machine? Is it anything to do with the Level1Add/Level1Remove registry keys?
Yes I could just remove them and test it, but I am way to busy trying to make the client machie mention in the thread below work without me having to extract all his data and then reinstall the machine. Cause he ain't got all the disks for the software he has on it and will be pissed off when most of his sh*t ain't there.
Michael Martin
Australia
"I suspect I will be impressed though, I am easy."
- Paul Watson 21/09/2003
|
|
|
|
|
AFAIK, in IE, this is regulated by opening explorer (the shell, not the browser), going to Tools/Folder Options/File Types.
Wait a decade for Windows XP process all the stupid registry and then select the extension you want to change. Click on Advanced and check/uncheck the "Confirm open after download".
I don't know if this will help, but it would be my first try.
Trying to make bits uncopyable is like trying to make water not wet.
-- Bruce Schneier
By the way, dog_spawn isn't a nickname - it is my name with an underscore instead of a space. -- dog_spawn
|
|
|
|
|
Fixing a client's machine which is a Pentium II 333MHz, 160MB RAM running Windows 2000 Professional. It had a virus and finally wouldn't boot with an error after the memory check of HDD not found.
When I got it home and plugged it all into my test bench I found that the virus had already been removed by NAV 2003 and since I had found this out that the HDD was indeed found.
To get in I had to blow away the Administrator password using the magic floppy I mentioned to Michael Barnhart below.
So, the boss had already quoted this bloke 4 hours if the HDD wasn't stuffed. So I thought I would earn a bit of extra pocket money and clean up Windows for him so it didn't fall back in my lap in a few weeks.
I updated NAV and scanned again, nothing. Applied all Windows Updates (bar SP4) and all was well. The CD-ROM was stuffed so I could ionstall SP4 from the CD I have. So I installed off the Windows Update site and went to bed. Got up this morning to find it was waiting for me to click restart, which I dutifully did.
It got passed the moving white line at the bottom of the screen, passed the Windows 2000 Professional bitmap thingy, went black just before you get the login dialog and WHAM.....BSOD.
STOP: 0x0000001E (0xC0000005, 0x80462147, 0x00000000, 0x00006396)
Address 80462147 based at 80400000, DateStamp 3ee6c002 - ntoskrnl.exe
KMODE_EXCEPTION_NOT_HANDLED Google and Microsoft (TechNet, MSDN etc.) haven't been my friend in this case. Besides telling I shouldn't have applied SP4 from the Windows Update site, does anyone have an answer for me on how I can fix this?
I haven't yet tried going into Safe Mode, I didn't have time before having to go to work and will see if this at least works when I get home.
<EDIT>
It works when I boot to Safe Mode with and without Network support. I will be systematically removing hardware device drivers and the devices themselves, such as sound card, modem etc. Upon closer inspection I notice that the Login Dialog box appears for a fraction of a second before the BSOD.
I did notice that it had a Logitech driver loaded even though I didn't have a Logitech mouse. I removed the driver and the problem is still there. Thanks for the mouse advice to whoever it was, as I have forgotten for the moment.
RAM is fine as is the CD-ROM as I have had Knoppix running a treat on the system. I am beginning to get the sh*ts with this machine real bad.
My next step is to download the latest and greatest video drivers (Tseng Labs ET6000), remove the video card in Device Manager, try and boot up again and then install the driver.
</EDIT>
Michael Martin
Australia
"I suspect I will be impressed though, I am easy."
- Paul Watson 21/09/2003
|
|
|
|
|
Y'day only I installed SP4 on my home machine.
Already few things are not working properly..
Ex: Right click on any folder in the explorer and select "Properties" menu item and I get nothing...
"Whidbey"..."Orcas"...Roadmap This signature was created by "Code Project Quoter".
|
|
|
|
|
Are you sure you have admin rights ?
Regardz
Colin J Davies
* WARNING * This could be addictive The minion's version of "Catch "
It's a real shame that people as stupid as you can work out how to use a computer. said by Christian Graus in the Soapbox
|
|
|
|
|
|
Straight from Microsoft:
Bug Check 0x1E: KMODE_EXCEPTION_NOT_HANDLED
Resolving the Problem:
If you are not equipped to debug this problem, you should use some basic troubleshooting techniques. If a driver is identified in the bug check message, disable the driver or check with the manufacturer for driver updates. Try changing video adapters. Check with your hardware vendor for any BIOS updates. Disable BIOS memory options such as caching or shadowing.
MY OPINION:
If these basic techniques don't work out for you, then you have a bigger problem in your hands. The next step is doing kernel debugging. Do you know how to hook up another system using a serial null modem cable and hooking up a debugger like WinDBG with it? If so, then you would be able to see what driver caused the problem. Then you need to somehow disable that driver or update it with a newer working version of the driver. A boot floppy might come in handy at that point.
|
|
|
|
|
You might want to get a file called (ntoskrnl.exe) from the SP4 CD (just search for it, it's in there somewhere) and put the new one instead of the one that your system currently has. Note that it is a protected file so you may have to copy in DOS mode. (Copying in windows wouldn't have an effect)
|
|
|
|
|
I think that error can come from a big variety of stuff.
1. Bad drivers after windows installs its own.
2. Bad RAM cards (Switch them around)
3. Something in the BIOS like shadow memory (who needs it) or a bad cache.
4. I'd uninstall/unplug that CD
(Also some of those errors are like 'random') maybe it will only happen 6 out of 7 boots
I had problem's about 6 months ago with ntoskrnl. A local business wanted to have there own startup and windows OS messages, so I resource hacked it. Unsure what went wrong but I ended up needing to FDISK and use PM.
Regardz
Colin J Davies
* WARNING * This could be addictive The minion's version of "Catch "
It's a real shame that people as stupid as you can work out how to use a computer. said by Christian Graus in the Soapbox
|
|
|
|
|
ColinDavies wrote:
so I resource hacked it
Cool...what kind of things did you change, I know the startup screens can be changed, other than that ??
ColinDavies wrote:
Unsure what went wrong but I ended up needing to FDISK and use PM.
May be they hash the resource size to double check if something is changed or the total hash of the file...
Regards,
Kannan
|
|
|
|
|
Sure the startup screen, the little loading slider graphic, and the shutdown screen (I think). You must stick with 16 colors out of 256 (I think) and there is another dll that has to be modded, to get windows not to refer back to your old ntoskrnl.exe.
The business wanted it to place security warnings for users etc.
Regardz
Colin J Davies
* WARNING * This could be addictive The minion's version of "Catch "
It's a real shame that people as stupid as you can work out how to use a computer. said by Christian Graus in the Soapbox
|
|
|
|