15
I'm using the "Time Limit" feature of Windows Live Family safety.
I've placed a time restriction on my computer from 12 AM to 4 AM. However if someone changes the BIOS time, the Windows time will be automatically updated making "Time Limit" useless.
How can I prevent Windows 7 from reading the BIOS time?
Serious
Posted 2011-08-01T23:31:08.560
Reputation: 1 465
30
Rather than preventing it reading the BIOS time, the easiest option would be to set a BIOS password and not disclose it to anyone who might make any changes. While there are ways around that, my guess would be that your average family member isn't going to know how to do that.
Paul
Posted 2011-08-01T23:31:08.560
Reputation: 4 434
Some BIOS don't protect time control behind the BIOS password. Interestingly enough. – music2myear – 2016-12-09T20:18:36.343
Thanx for the answer. This seems the best solution. – Serious – 2011-08-02T07:15:45.870
Can the BIOS be written to from within Windows? I thought some tools could, or do those always need Admin access? – Konerak – 2011-08-02T17:42:01.270
@Konerak In general, the answer is no. Some proprietary programs made by motherboard manufacturers may read the BIOS of that specific motherboard and may change some settings, but it's mostly limited to one particular motherboard series and available settings are usually related to overclocking. – AndrejaKo – 2011-08-03T12:25:27.967
@AndrejaKo: Well motherboard manufacturer BIOS flashing programs which work within Windows are very common these days, and they would reset settings as well. However, the user would need admin access to use them. – paradroid – 2011-08-09T16:33:29.187
16
Your operating system isn't running when the computer is turned off, so Windows has to read the hardware clock in order to get an accurate time. Otherwise, the Windows clock would "stop" every time you turned off your computer. Think of it with a metaphor: You can stand there counting "one-Mississippi two-Mississippi" etc to keep track of time, but if you fall asleep then when you wake up you'll need to look at a clock in order to know what time it is then, otherwise you'd just have to pick up from where you were before and you'd be off by the amount of time you were asleep.
Instead, you need to set a BIOS password to prevent people tampering with the BIOS time. Set an "Administration" password and that password will be necessary in order to change BIOS settings. The BIOS password can be reset by means of physically moving a jumper on the motherboard, this is one of the primary reasons that computer cases come with lock loops. If you really want to secure the machine, then you'll need to buy an inexpensive padlock and throw it through that loop.
jcrawfordor
Posted 2011-08-01T23:31:08.560
Reputation: 15 203
Thanks for an informative reply. I have not thought about that. Now I have realized preventing Windows from reading BIOS time is not a solution. I will cause more problems. – Serious – 2011-08-02T07:19:58.067
9
You would need to secure the BIOS with a password. In addition, it is set through the clock applet in the Systray, of course. You need to protect both.
To prohibit changing this, you can open Control Panel>All Control Panel Items>Administrative Tools>Local Security Policy.
Then go to Local Policies>User Rights Assignment, and change the "Change the system time" right to only those users you want to have that right.
If They are administrators, they will be able to change this back if they are smart enough, so they technically cannot be administrators if you want this to work.
KCotreau
Posted 2011-08-01T23:31:08.560
Reputation: 24 985
Well the BIOS time is obviously called when the machine is started as well. so if it was changed they could still have access until the time is updated from the internet. The full solution would be to lock the BIOS setup with a password as well. – paradroid – 2011-08-02T00:17:13.220
@paradroid You are correct, of course. I was thrown by my NTP resetting the time regardless of BIOS changes. I tested by turning off my wireless card, and then doing it, and clearly a BIOS call changed it. So clearly, he needs to protect both avenues of changing the clock. – KCotreau – 2011-08-02T00:32:34.317
I was already using a limited account. Now I have set up BIOS password. – Serious – 2011-08-02T07:30:13.067
1
If someone is savvy enough to change the BIOS time then they will probably get around any other restrictions you might place. Consider non-technological solutions.
[made more vague to satisfy moderators]
Sparr
Posted 2011-08-01T23:31:08.560
Reputation: 911
0
Some people might have bios problems related to battery which indeed resets windows time, and is not synched with NTP Server.
Some might start windows with wrong bios time, and it takes certainly long time before windows realize what to do.
A service program that can run on Windows called time synch can be used, from where you can set time to synchroinze as low as each minute. As well half an hour or more.
Download: https://www.speed-soft.de/software/time_sync/details/download.php?language=en
Dealazer
Posted 2011-08-01T23:31:08.560
Reputation: 17
0
Joining the computer to a domain can solve this - it will have the server time.
I think you can also install a NTP client for Windows, so it does not matter if they change the BIOS time as long as they are logging in as regular users.
The NTP should synchronize the time before the login if your restrictions apply to login.
Good luck!!
Dragos
Posted 2011-08-01T23:31:08.560
Reputation: 1 189
1He wants to run this in his home... setting up active directory in a home environment is not at all practical. Besides, NTP was already mentioned above as not a good solution because it won't sync if the time difference is too large. – nhinkle – 2011-08-02T18:18:02.357
0
Not recommended: It was mentioned in a question about BIOS protection(maybe someone can find the question):
You can password protect your BIOS then epoxy it.
Some BIOS'es can still be reset through a short circuit but not as easily as pulling the battery out.
Dragos
Posted 2011-08-01T23:31:08.560
Reputation: 1 189
Usually the reset jumper is right next to the battery and it will usually change time to default, which may or may not be helpful. Either way, it will remove the password. Also gluing the chip which is is a socket is extremely dangerous practice and for that idea, I give -1 vote. The BIOS chip is usually replaceable for a reason and glued chip could mean motherboard replacement is case of a bad flash. – AndrejaKo – 2011-08-03T12:31:50.320
I don't recommend the solution! The jumpers can also be glued. There are scenarios in which this can be applied. – Dragos – 2011-08-03T12:57:46.173
Then I'll remove the down-vote. Also if we're going in that direction, it would be much safer to remove jumpers and manually short contacts. That would be even more difficult to circumvent. – AndrejaKo – 2011-08-03T14:23:45.360
2How would it get its time? – soandos – 2011-08-01T23:37:37.357
7Don't like your kids using your computer after a good night out on the town? I hope that all you're using is the time restriction feature, and none of that privacy invading stuff. – Breakthrough – 2011-08-02T00:46:25.673
2soandos: Doesn’t Windows have the ability to use NTP servers? – Michael Trausch – 2011-08-02T03:07:44.127
3@Breakthrough privacy and parenting are two things which don't always go well together – Kos – 2011-08-02T08:03:45.283
@Michael: It does, but it will refuse to sync if the time difference is too big (around 24 hours), for security reasons. – user1686 – 2011-08-02T12:23:41.567
1If your kids are smart enough to change the BIOS time then they are smart enough to get around any other restrictions you might place. How about you actually talk to them about the rules you've set and the consequences of breaking them, instead of just making them more annoying to break? – Sparr – 2011-08-02T05:03:15.407
1An amusing example of how it can so often be a wild goose chase to look for technological solutions to social problems. You want your children to not use the computer at night, and rapidly you are already at the stage of using epoxy to glue microchips together. The irony is that your children could still run rings around you and all of the answers here given so far with nothing more than an ordinary DOS boot disc. (Old versions of MS-DOS even defaulted to prompting the user to enter the current time, at startup.) – JdeBP – 2011-08-04T12:12:59.847