First of all, you could lock the startup disk control panel, that will stop most ( computer illiterate) idiots, but after that, this is a gaping security hole. I wish i had an answer, but i 've put about 5 minutes of thought to this and have come up with nothing. I've heard stuff about the next gen of macs coming with a switch on the inside that will disable the bootdisk/change admin passward capabilities. Mabey OS X server version has something that stops this?
You may be able to use OF to bind the C key to do something else other than starting from the CD. I remember that I used OF to bind the spacebar to booting Linux, so it's not totally out of the question - I don't remember <i>how</i> it's done, but I'm sure it's on some website somewhere.
Actually, now that I think about it, this caused holding the C key down to start up from a CD to not work...so maybe this really is the best bet.
I don't understand what the deal is here, NO machine is secure if you have physical access to it. NT tried to encrypt the drive so you had to go thrugh the OS to use the data, but that was weak. The key to a secure machine is to make sure no one gets to it.
I had this discussion with several guys last year as they were talking about OS security, and the end result is that physical access to the machine means you own it. You can lock a machine closed so that no one can get its parts. But if someone comes in with a boot floppy / CD there is no real security. This is part of the reason for the client server model. Keep private stuff on the machine in the locked closet. It's the only form of security that's worth a damn. Without physical security of the server, there is no security. It's not like you can put all of your data in 2's and 3's instead of 1's and 0's to keep people from using it.
Having had the priveledge of working on a network of exceptionally well maintained Sun boxes, the solution is not in my opinion on the box. The ability to net boot and modifying an install whether netbooted or not to access compny specific data ond resources form the network makes the individual computer just a box. In order for you to do anything you have to get onto the network, in order for you you to get on the network you need username and password. (to write there anyway)
The box is not special in a netbootable and netwerk centric computing environment. All you need to do is lock down the bax so no one steals your hardware. The reasons for PC's needing other security measures is an artifact of their inability to take vital system resources from a network mapped drive.
The only way to keep someone from installing their own OS is to keep them from mounting media. The only reason you need to be concerned about this is if you don't set up your network for proper security. The box is not the enemy. It's just a box. If Apple starts introducing "you own this but you can't boot it" security, I think that'd just suck. That is not what I would call user friendly. Although security is often the antithesis of convenience, I see adding BIOS type security as messing up the user experience while providing no good security of its own.
Technically I am, though it's OSX Server 1.2 (old pre-aqua one)
There's no way I know of to disable booting from the CD or from the option key trick. If you must have the server in an unlocked room, then remove CD, buy yourself a Firewire external burner for those times you need to install stuff, and lock the keyboard and drive in a drawer somewhere. Still though, that wouldn't prevent someone from bringing in their own drive, and keyboard. You'd have to also disable restart and shutdown in the login dialog, and leave it on that screen. Of course to reboot or shut down at that point you need to run terminal and do it cli.
Hell. Look at 9.2.1 and below. Even if you have a program installed. Just hold Shift to turn off extensions at start-up. Well the really only way around your problem would be either a firmware tweak or cut off access to all drives (CD, Zip, etc) Fully install all programs so you don't need to insert a CD or anything. Just have a floppy drive hooked to it. You can't fit any real OS on a floppy. People have brought up this fact before. I know there is an option in System Prefs to disable the Restart and Shut Down buttons but that is only on the login screen.
Just password protect the firmware. then noone except you can boot the computer, to CD or any other medium. there has been this security available for some time. it is the same security that PCs can give you by password protecting the BIOS.
go to the firmware prompt, and setenv security-mode full
there are two security modes, full and command. if you set it to full, then any use of the firmware prompt requires a password. if you set it to command, then people can boot, but only the default boot device. you cannot specify a boot device without a password when security-mode is command.
however, i think you can still boot from cd by holding c. so i suggest turning auto-boot to false, then if a user wants to reboot, he can type the boot command, but cannot specify, for example, the cdrom drive for booting. horrible that the user has to see this command line? perhaps.
if you forget your OF password, you are SOL. with sun machines, they tell you you have to send it in to get the nvram reset, but you can purchase new nvram chips. with apple i think you d have a hard time finding such a chip, and i don t know whether they will let you send it in to get fixed.
zapping the pram does not reset the password, although it might change auto-boot back to true, at which point holding c or t for target mode might let the wily cs student get full access to your disk. i will try it soon. my g4 has no cdrom drive presently, but i ll let you know.
as far as this method being horrible? it s about the same horribleness as password protecting your BIOS with a PC, and sun, who has been making high end secure servers for 15 years, uses the exact same open firmware forth monitor that apple uses. i guess the only difference with apple is the whole 'hold down c' or 'hold down t' thing. if we could disable that feature, then we could set the OF to auto-boot, lock the OSX startup disk control panel, password protect the BIOS and set security-mode to command, and our system would be safe.