Jump to content

Any way to password protect or hide Windows Pe boot option?


passmaster16

Recommended Posts

Hi,

With the help of this forum, I have Windows PE set up as a boot option in my boot.ini file. My goal was to have this option available to our techs when they have to reghost a PC. My concern now is the Windows PE is not password protected. Now when it boots up, the server portion is obviously password protected but this does nothing to stop somebody from booting to PE to copy data over from the local drive. Is there anyway to password protect WinPE itself so that a password must be entered when PE is booted? Or if that is not possible, is there a way to hide the WIndows PE boot option in the boot.ini? I know that I could totally remove it and simply copy down the boot.ini with the option in it but it really defeats the purpose of what I am trying to do here. Is there any way to hide the option like how Windows uses the F8 key to display safe mode or how some PC vendors use other F keys to display a recovery menu?

Any ideas?

Thanks

Link to comment
Share on other sites


Does it really matter?

If anyone you dont trust can get access to the server they could boot from a pe cd or a knoppix cd or erd commander or a dos floppy with ntfs or ......

The basic point is that is anyone can get physical access to the server, they own it. In worst case the can always install an extra xp/server2003 on it to read the data

Link to comment
Share on other sites

Or if that is not possible, is there a way to hide the WIndows PE boot option in the boot.ini?

To password protect the booting process you might need a bootmanager like XOSL or the like.

If you just want to "hide" the entry in boot.ini, simply edit it from:

[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows PE"

to

[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
C:\CMDCONS\BOOTSECT.DAT=

reference:

http://myitforum.com/articles/14/view.asp?id=8808

You won't "see" last entry when booting, but if you use the down arrow key, you will able to select the "empty" line.

jaclaz

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...