Creating Read-Only Boot Volume for Windows 2000

  • Thread starter Thread starter CHANGE USERNAME TO westes
  • Start date Start date
C

CHANGE USERNAME TO westes

Is there any instructions available on how to create a read-only system
volume for Windows 2000? I have a machine we want to use as a network
sniffer outside a firewall. These days it takes about 30 minutes for such
a machine to get infected by a virus or have an intruder start doing things
on the box. I am hoping to get a secure system configured and then
somehow transferred to a read-only media like a CD. The temp directories
and page files could be on a separate writable device.

If there is a site that publishes instructions on how to do this, I would
appreciate the reference.
 
Is there any instructions available on how to create a read-only system
volume for Windows 2000? I have a machine we want to use as a network
sniffer outside a firewall. These days it takes about 30 minutes for such
a machine to get infected by a virus or have an intruder start doing things
on the box. I am hoping to get a secure system configured and then
somehow transferred to a read-only media like a CD. The temp directories
and page files could be on a separate writable device.
Click to expand...

You should be able to use a Startup diskette for this purpose or, in
principle,
follow the instructions for creating one.

A startup diskette is essentially a "System volume" (MS terminology and what
I presumed you meant above on first reading) so just making it (hardware)
read
only should work.

Ok, maybe you meant "boot volume".....your subject and body disagreed.

You cannot use a read only Boot volume with Windows -- the Boot volume is
the Winnt (Windows or equivalent) containing drive. Stuff in there has to
change sometimes. (But not always. <grin>)

I doubt that even with very careful work you could alter that completely.

Although not technically a complete solution, you might consider just using
a
combination of "read-only" (old DOS attribute) and "NTFS permissions" so
that
even Admins cannot write to system files (without removing them from some
"Deny-Write" group.)

Even Admins must respect permissions in most cases. System account too.

While I can think of ways that might get around this, I am pretty sure that
no
current virus/Trojan is smart enough to bother.

(BTW, don't tell anybody about this since I use this method and don't want
everyone to find out. <grin>)
 
Back
Top