XP SP 2 Safe mode, stopping a Limited user deleting Process Guard files.

Hi all,

I wonder if someone might help me please with PG V 3.150.

The answer to this maybe contained somewhere here already however I am tired of looking for it.

I have found that a Limited user can do the following to disable PG all together.

Boot into safe mode F8
Login as a Limited user.
Run explorer.
Delete the Process Guard directory
Reeboot.

Thus no more PG.

As a means around this I thought I would hide the program in the Administrators folder, however in safe mode this is open to examination, copy and deletion which is interesting in itself. For this reason I have renamed safe mode spy mode!

Can somebody help please, I am trying to use PG as a Parental/Spouse Control and know she wont, but the little buggers will find this problem as I have done pretty quickly.

Regards

JB

 

I think is nothing you can do once they are in safe mode, as all PG's protections aren't loaded. However, you can try to stop them getting there in the first place .

1. Logged in as an admin, goto user accounts (in control panel)
2. Select "Change the way users log on or off"
3. Enable "Use the Welcome screen" and apply

This can only be changed from an admin account and should restrict the accounts available to use safemode to admin accounts. BUT it also shows all users allowed to log in (ie, you don't have to 'remember' spelling of username) so 'hidden' local accounts are more difficult / not possible to create.

I don't know how reliable this method is, but i use it all the time (i prefer the look of the welcome screen), and whenever i boot into safemode, my limited accounts are not displayed.

Remember to search for posts regarding running PG from a limited account

 

Thanks,

You are correct, however I have found that 2 entries of CTRL + ALT + DEL will take you to the original log in screen.

Perhaps someone from PG may have something to add to this? What about getting PG running in safe mode, even if it had to be installed in safe mode!

 

This seems a brutally easy way to get round PG.
No answer as yet from DC.

 

Anything you try could all be in vain.

The little buggers could simply boot with a Bart PE disc and delete anything they wanted to or format the hard drive if they felt like it.

So it doesn't really seem worthwhile modifying PG to run in safe mode.

 

Not really anything you can do about a physical attack at all sorry. Its just completely impractical because of boot CD attacks. Even if you use a BIOS password and disable CD booting they will break that by pulling the battery out and reset jumper. Its pointless to try, put a physical lock on it.

PG WILL NOT run in Safe Mode, it could but then Safe Mode is not a working way to remove PG in case of problems. Safe Mode is not meant to be protected and is unlikely to be protected - you can't do much while in there. We won't be making it run in Safe Mode unless there is a really good reason, and a really good way to make it work and more secure somehow. I dont see that happening ever..