XP SP 2 Safe mode, stopping a Limited user deleting Process Guard files.

Discussion in 'ProcessGuard' started by John Bailey, Feb 13, 2006.

Thread Status:
Not open for further replies.
  1. John Bailey

    John Bailey Registered Member

    Joined:
    Feb 13, 2006
    Posts:
    4
    Hi all,

    I wonder if someone might help me please with PG V 3.150.

    The answer to this maybe contained somewhere here already however I am tired of looking for it.

    I have found that a Limited user can do the following to disable PG all together.

    Boot into safe mode F8
    Login as a Limited user.
    Run explorer.
    Delete the Process Guard directory
    Reeboot.

    Thus no more PG.

    As a means around this I thought I would hide the program in the Administrators folder, however in safe mode this is open to examination, copy and deletion which is interesting in itself. For this reason I have renamed safe mode spy mode!

    Can somebody help please, I am trying to use PG as a Parental/Spouse Control and know she wont, but the little buggers will find this problem as I have done pretty quickly.

    Regards

    JB
     
  2. some made up name

    some made up name Registered Member

    Joined:
    Jan 31, 2006
    Posts:
    60
    I think is nothing you can do once they are in safe mode, as all PG's protections aren't loaded. However, you can try to stop them getting there in the first place .

    1. Logged in as an admin, goto user accounts (in control panel)
    2. Select "Change the way users log on or off"
    3. Enable "Use the Welcome screen" and apply

    This can only be changed from an admin account and should restrict the accounts available to use safemode to admin accounts. BUT it also shows all users allowed to log in (ie, you don't have to 'remember' spelling of username) so 'hidden' local accounts are more difficult / not possible to create.

    I don't know how reliable this method is, but i use it all the time (i prefer the look of the welcome screen), and whenever i boot into safemode, my limited accounts are not displayed.

    Remember to search for posts regarding running PG from a limited account ;)
     
  3. John Bailey

    John Bailey Registered Member

    Joined:
    Feb 13, 2006
    Posts:
    4
    Thanks,

    You are correct, however I have found that 2 entries of CTRL + ALT + DEL will take you to the original log in screen.

    Perhaps someone from PG may have something to add to this? What about getting PG running in safe mode, even if it had to be installed in safe mode!
     
  4. Joliet Jake

    Joliet Jake Registered Member

    Joined:
    Mar 1, 2005
    Posts:
    911
    Location:
    Scotland
    This seems a brutally easy way to get round PG.
    No answer as yet from DC.
     
  5. SpikeyB

    SpikeyB Registered Member

    Joined:
    Mar 20, 2005
    Posts:
    478
    Anything you try could all be in vain.

    The little buggers could simply boot with a Bart PE disc and delete anything they wanted to or format the hard drive if they felt like it.

    So it doesn't really seem worthwhile modifying PG to run in safe mode.
     
  6. Gavin - DiamondCS

    Gavin - DiamondCS Former DCS Moderator

    Joined:
    Feb 10, 2002
    Posts:
    2,080
    Location:
    Perth, Western Australia
    Not really anything you can do about a physical attack at all sorry. Its just completely impractical because of boot CD attacks. Even if you use a BIOS password and disable CD booting they will break that by pulling the battery out and reset jumper. Its pointless to try, put a physical lock on it.

    PG WILL NOT run in Safe Mode, it could but then Safe Mode is not a working way to remove PG in case of problems. Safe Mode is not meant to be protected and is unlikely to be protected - you can't do much while in there. We won't be making it run in Safe Mode unless there is a really good reason, and a really good way to make it work and more secure somehow. I dont see that happening ever..
     
Thread Status:
Not open for further replies.