Disabling CD writing ability???

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Hi - we run a W2K server based network, with a range of desktop OS's from W9x
to WXP Prof.

I need to diable CD writers from being used to prevent unauthorised data
'theft' and was looking for advise on best way to achive this?

Also on laptops which often have combined CD/DVD/CDRW is there any way of
disabling the CD-RW ability without losing the play facility? I guess you
can remove specific CD burning software - but what about CDRW ability in XP
for example?

HELP !!!!
 
'a finger in the dike' comes to mind. sounds like another management edict
with no thought. how about users emailing data, ftping to someone, post to
web site via http, usb memory stick drives, floppies, zip drives, or just
plain printing it and walking out??? or just walking out with their
laptop?!?!
 
Rod said:
Hi - we run a W2K server based network, with a range of desktop OS's
from W9x to WXP Prof.

I need to diable CD writers from being used to prevent unauthorised
data 'theft' and was looking for advise on best way to achive this?

Also on laptops which often have combined CD/DVD/CDRW is there any
way of disabling the CD-RW ability without losing the play facility?
I guess you can remove specific CD burning software - but what about
CDRW ability in XP for example?

HELP !!!!
Click to expand...

In addition to the other post:
Given that you have mentioned that you have Win9x computers, you can't
really control this anyway.

But you can use group policies for denying access to USB drives, CD burners,
etc on Win2k/XP....and don't give those users local admin rights.
 
I don't know of a reliable way to do that with the operating system. You can
use Group Policy user configuration/administrative templates/ Windows
components/Windows Explorer to try and hide or prevent access to drives for
W2K/XP Pro computers. Some burning programs need administrator rights. You
may also want to look into disabling services such as the Imapi cd-burning
service or whatever service that the cdrom is using to burn cdroms. Note
that while your idea has some merit users may also use methods such as email
or USB drives if they want to steal data. Laptop users in particular will be
hard to control. They could copy their while hard drive onto a desktop
computer. --- Steve
 
Hi,

As addition to everything that others said, there are quite a few operating
systems (e.g. Knoppix) that will enable users to boot directly from CD
bypassing every policy you can set on computer... All user needs to do is
insert CD into computer and reboot (and set BIOS to boot from CD). Once the
OS loads he/she is administrator (root) on that computer and can do just
about anything on the computer/network...

Mike
 
Miha said:
Hi,

As addition to everything that others said, there are quite a few
operating systems (e.g. Knoppix) that will enable users to boot
directly from CD bypassing every policy you can set on computer...
All user needs to do is insert CD into computer and reboot (and set
BIOS to boot from CD). Once the OS loads he/she is administrator
(root) on that computer and can do just about anything on the
computer/network...
Click to expand...

BIOS password may help. :-)
 
Miha said:
Hi,

It may for as long as people don't get a hold of tips/links like these :-)

How to Bypass BIOS Passwords
http://labmice.techtarget.com/articles/BIOS_hack.htm

HOW TO BYPASS BIOS PASSWORDS
http://www.elfqrin.com/docs/biospw.html

BIOS Generic Passwords
http://www.5starsupport.com/info/biospw.htm

How to Bypass BIOS Passwords
http://www.uktsupport.co.uk/reference/biosp.htm
Click to expand...
Hi

But you can make it a bit harder in some cases:

Be sure that the BIOS doesn't have a back door password.

If a desktop, put a lock on the cabinet that is not easy to pick (at
least then people need to steal the computer or do a "break-in" to
access the computer/BIOS setup)

If a laptop, buy one with a "tamper proof" BIOS (and preferable one
that have a hard disk password setting, like IBM and Dell). E.g. Dell
laptops, you cannot reset the BIOS password with a motherboard switch,
and it remembers the password even if you remove the internal battery,
the only way to get past a unknown password is to replace a chip on
the motherboard, or contact Dell with proof of purchase, and they can
help you using a Dell admin password that is a combination of a
challenge/request system that is hashed with the service tag of the
computer.
 
Back
Top