Tech Line

So Long, Safe Mode Boot!

Here’s how to disable the Windows Safe Mode boot menu.

Chris: Do you know of a registry hack to disable the F8 Windows safe mode booting menu? I would think you could disable it for security reasons. Can this be done on a Windows XP system used as a kiosk? I’ve done some Googling, but had no success.
— Dennis

Tech Help—Just An
E-Mail Away

Got a Windows, Exchange or virtualization question or need troubleshooting help? Or maybe you want a better explanation than provided in the manuals? Describe your dilemma in an e-mail to the MCPmag.com editors at mailto:editor@mcpmag.com; the best questions get answered in this column and garner the questioner with a nifty MCPmag.com baseball-style cap.

When you send your questions, please include your full first and last name, location, certifications (if any) with your message. (If you prefer to remain anonymous, specify this in your message, but submit the requested information for verification purposes.)

Dennis, short of breaking the F5 and F8 keys on the keyboard, this is a bit of a challenge. However, I did some checking around and did find a solution to your problem. It’s not the Registry that needs to be modified, but rather the ntldr file.

To do this, you’ll need a binary/hex file editor, such as the 010 Editor. To edit the ntldr file, you first need to unhide the Windows system files on the Windows XP system. To do this, open Windows Explorer, click Tools, and then select Folder Options. In the Folder Options dialog box, click the View menu, click the Show Hidden Files and Folders radio button, and finally clear the Hide Protected Operating System Files checkbox. Then click OK to apply the changes. Next, locate the C:\ntldr file and remove the Read Only attribute (right-click file, select Properties, and clear the Read-only checkbox).

Now you can open the file up in the 010 Editor, or your preferred editing tool. With the file opened in the Binary/Hex editor, search for the Hex value "CD 16 0F 85 09." When the value is located, replace it with "CD 16 90 90 90." To make this change using the 010 Editor, follow these steps:

  1. Open the ntldr file in 010 Editor.
  2. Click the Search menu and select Find.
  3. In the Find dialog box, click the Type menu and select Hex Bytes (h).
  4. In the value field, enter CD 16 0F 85 09. Then click Find All.
  5. The found value should now appear in the bottom pane of the 010 Editor window. Click on the CD 16 0F 85 09 value, and then hit Ctrl+R on the keyboard.
  6. Now locate the Value field in the Replace With portion of the Replace dialog box and enter CD 16 90 90 90. Then click the Replace button.
  7. If you receive a warning message that no more occurrences exist, click OK. Then click Close to exit from the Replace dialog box.
  8. You should now see the new value, (CD 16 90 90 90), displayed in the lower pane of the 010 Editor window.
  9. You can now close the editor. When prompted to save the changes to the ntldr file, click Yes. Then reboot the system.

Now if you hit F8 to interrupt the boot sequence, you’ll see the Safe Mode boot options but no keystrokes will be accepted. Instead, you’ll have to sit and wait 30 seconds for the Safe Mode boot options to timeout and for Windows to start normally. Anyone now trying to access safe mode will have 30 seconds to bang on the keyboard and turn red while they wait.

Keep in mind that if ntldr is updated via a service pack or patch that you’ll need to repeat this process to again disable Safe Mode boots.

Note: I received some help on this one from the newsgroup contributions of Walter Schulz. While I don’t have much to offer Walter as thanks, since The Sopranos have returned to television, I figured I’d offer him a Mafia name, courtesy of Gangstaname.com. Thanks again, Tito the Fist!

About the Author

Chris Wolf is a Microsoft MVP for Windows --Virtual Machine and is a MCSE, MCT, and CCNA. He's a Senior Analyst for Burton Group who specializes in the areas of virtualization solutions, high availability, storage and enterprise management. Chris is the author of Virtualization: From the Desktop to the Enterprise (Apress), Troubleshooting Microsoft Technologies (Addison Wesley), and a contributor to the Windows Server 2003 Deployment Kit (Microsoft Press).learningstore-20/">Troubleshooting Microsoft Technologies (Addison Wesley) and a contributor to the Windows Server 2003 Deployment Kit (Microsoft Press).

comments powered by Disqus

SharePoint Watch

Sign up for our newsletter.

I agree to this site's Privacy Policy.