Hi
I want to disable F8 key in wimdows 2000 server or denie acess to all users to go to safe mode except administrator can I get the sollution for this question

Well you don't want to disable the F8 key, in case you need to get into safemode.

There is some discussion on the topic here:

Security: safe mode disable...?

But you really don't want to disable safe mode. It seems that it's very hard to put any barriers in place that someone who knows what they're doing can't get around.

You can just get computer lock that can startup when windows starts and sets a pass on your screen and you got to enter the pass to access the PC but I never tried to do it in safemode

The problem with disabling safemode is that as soon as you do so, you WILL need to access it. And blocking access for specific people is hard, if not impossible, as there are always fairly easy ways around protection measures.

you can do this but I don't recommend it

Using BOOT.INI Startup Switches (Windows NT/2000/XP) Popular
Windows NT, 2000 and XP use a configuration file called BOOT.INI to control how the operating system is booted and any startup options. By modifying the startup switches you can manage the boot process including booting Windows in Safe mode, creating a log file, or disabling the splash screen.

Open you the root partition of your hard drive (normally C:\) and find the file called "BOOT.INI". You may need to enable hidden files under Folder > Options.
Right-click on the file, select Properties and uncheck "Read-only" then click OK. You may like to make a backup of the file at this point to allow you to restore if you experience problems.

Open the file in Notepad and under the [operating systems] section you will find a list of all the installed operating systems. For example:

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Micro soft Windows XP Home Edition" /fastdetect

To enable or disable startup options simply change or add any of the switches listed below to the default command-line. For example you could add "/SOS" to the command-line above to display the splash screen and view the drivers being loaded.

/3GB - New to Service Pack 3. This causes the split between user and system portions of the Windows NT map to become 3GB for user applications, 1GB for System. To take advantage of this the system must be part of the NT Enterprise suite and the application must be flagged as a 3GB aware application.

/BASEVIDEO - The computer starts up using the standard VGA video driver. Use this if you have installed a graphics driver that is not working.

/BAUDRATE - Specifies the baud rate to be used for debugging. If you do not set the baud rate, the default baud rate is 9600 if a modem is attached, and 19200 for a null-modem cable.

/BOOTLOG - Makes 2000 write a log of the boot to the file %SystemRoot%\NTBTLOG.TXT Windows 2000/XP Only.

/BURNMEMORY=x - Makes NT forget about the given amount of memory in MB. If /burnmemory=64 was given then 64MB of memory would be unavailable.

/CRASHDEBUG - The debugger is loaded when you start Windows NT, but remains inactive unless a Kernel error occurs. This mode is useful if you are experiencing random, unpredictable Kernel errors.

/DEBUG - The debugger is loaded when you start Windows NT, and can be activated at any time by a host debugger connected to the computer. This is the mode to use when you are debugging problems that are regularly reproducible.

/DEBUGPORT=comx - Specifies the com port to use for debugging, where x is the communications port that you want to use.

/FASTDETECT - Specifying FASTDETECT causes NTDETECT to skip parallel and serial device enumeration for a boot into Win2K, whereas omitting the switch has NTDETECT perform enumeration for a boot into NT 4.0. Win2K setup automatically recognizes dual-boot configurations and sets this switch for BOOT.INI lines that specify a Win2K boot. Windows 2000/XP Only.

/HAL=<hal> - Allows you to override the HAL used, for example using a checked version.

/INTAFFINITY - Sets the multiprocessor HAL (HALMPS.DLL) to set interrupt affinities such that only the highest numbered processor in an SMP will receive interrupts. Without the switch the HAL defaults to its normal behavior of letting all processors receive interrupts. Windows 2000/XP Only.

/KERNEL=<kernel> - Same as above but for the kernel.

/MAXMEM:n - Specifies the maximum amount of RAM that Windows NT can use. This switch is useful if you suspect a memory chip is bad.

/NODEBUG - No debugging information is being used.

/NOGUIBOOT - When this option is specified the VGA video driver responsible for presenting bit mapped graphics during Win2K's boot process is not initialized. The driver is used to display boot progress information, as well as to print the Blue Screen crash screen, so disabling it will disable Win2K's ability to do those things as well. Windows 2000/XP only.

/NOSERIALMICE=[COMx | COMx,y,z... ] - Disables serial mouse detection of the specified COM port(s). Use this switch if you have a component other than a mouse attached to a serial port during the startup sequence. If you use /NOSERIALMICE without specifying a COM port, serial mouse detection is disabled on all COM ports.

/NUMPROC=n - Only enables the first n processors on a multiple processor system.

/ONECPU - Only use the first CPU in a multiple processor system.

/PCILOCK - Stops Windows NT from dynamically assigning IO/IRQ resources to PCI devices and leaves the devices configured by the BIOS.

/SAFEBOOT - This is an automatic switch which NTLDR should complete for you when you use the F8 menu to perform a safe boot. Following the colon in the option you must specify one of three additional switches: MINIMAL, NETWORK, or DSREPAIR. The MINIMAL and NETWORK flags correspond to safe boot with no network and safe boot with network support. The safe boot is a boot where Windows 2000/XP only loads drivers and services that are specified by name or group in the Minimal or Network Registry keys under HKLM\System\CurrentControlSet\Control\SafeBoot. The DSREPAIR (Directory Services Repair) switch causes NT to boot into a mode where it restores the Active Directory from a backup medium you present. An additional option that you can append is "(ALTERNATESHELL)". This tells NT to use the program specified by HKLM\System\CurrentControlSet\SafeBoot\AlternateSh ell as the graphical shell, rather than to use the default which is Explorer. Windows 2000/XP only.

/SOS - Displays the driver names while they are being loaded. Use this switch if Windows NT won't start up and you think a driver is missing. This option is configured by default on the [VGA] option on the boot menu.

/WIN95 - This switch is only pertinent on a triple-boot system that has DOS, Win9x and Windows NT installed. Specifying the /WIN95 switch directs NTLDR to boot the Win9x boot sector stored in BOOTSECT.W40. See Microsoft KB Article Q157992 for more information.

/WIN95DOS - This switch is only pertinent on a triple-boot system that has DOS, Win9x and Windows NT installed. Specifying the /WIN95DOS switch directs NTLDR to boot the DOS boot sector stored in BOOTSECT.DOS. See Microsoft KB Article Q157992 for more information.

/YEAR= - Specifying this value causes NT/Windows 2000 core time function to ignore the year that the computer's real-time clock reports and instead use the one indicated. Thus, the year used in the switch affects every piece of software on the system, including the NT kernel. Example: /YEAR=2005. Note: this option is only available on NT 4.0 Service Pack 4 and Windows 2000/XP.
Save the file and restart Windows for the change to take effect.

Jahn could you post your source?

Using BOOT.INI Startup Switches (Windows NT/2000/XP) at Registry Guide for Windows

How to Disable F5 and F8 During Startup in MS-DOS

That second one seems like it would work: Now how can you open safemode if you need to without F8?

I think will be reinstalling the whole os

which is = to formating your hard drive and losing every thing on it if you don't have a backup

one more thing there is another way you can get to safemode if you don't press f8

You can reboot into safe mode if you need to can't you? Or was that only windows 98 or something?

You can get into safemode when windows is in the loading screen and you shutit down wait until it goes back to loading screen and it will ask you if you want to start in safemode unless you change how your PC starts

Yes but it asks you to go into safe mode because you've possibly damaged the PC. Shutting down the PC when it's booting up is not safe.

Yes when it asks go in safemode it will be the same as pressing f8

Yes but possibly damaging your computer is not exactly desirable.

I got here from a Google search and ended up to this thread -- which didn't really solve my problem, but I felt like posting to see if anybody has used this application or knows anything about it:

NOSafeMode – The LEGAL and ELEGANT way to disable F8 and Advanced Boot Options in Windows NT™ based Operating Systems (Including Windows 2000™, Windows XP™ and Windows Vista™)

Or any other Legal alternatives (hopefully that don't involve hacking/gluing/breaking/altering the OS too much), are more than welcome.