Regaining control over a PC completely locked down with the FrontFace Lockdown Tool

The FrontFace Lockdown Tool offers numerous options for the protection of a PC, especially for kiosk applications (e.g. lock CTRL+ALT+DEL, lock Task Manager, set a custom Windows shell, etc.). Some of those settings and particular combinations can protect the PC from unauthorized manipulation, yet at the same time can block you as administrator, meaning that you cannot change or undo the PC's configuration afterwards.

These instructions describe what to do to access the PC as administrator and undo settings even after applying the security settings with the FrontFace Lockdown Tool.

In case you have activated the setting "Automatic Login without Password", you can press and hold the SHIFT key while Windows starts. This prevents the automatic login sequence and allows you to log in using a different (not locked down) user account in order to start the Lockdown Tool and then disable any settings that lock your system.

Before changing the computer's configuration with the FrontFace Lockdown Tool, you should create a system restore point (you will also be able to select this in the 'apply settings' dialog of the FrontFace Lockdown Tool). This will allow you to reset the PC entirely to its previous state if needed.

You should also create a bootable system disc (on a USB device) in order to be able to start Windows repair options. Alternatively, you can also use a system media ("Windows CD/DVD").

To undo any changes made with the FrontFace Lockdown Tool, you need to start the FrontFace Lockdown Tool again, deactivate the appropriate settings and apply the new configuration. The challenge lies in finding a way of restarting the FrontFace Lockdown Tool after having locked down the computer entirely. If you cannot find any other option to start the FrontFace Lockdown Tool, follow these steps:

  1. Insert the bootable recovery disc und change the booting order in the computer's BIOS (depending on BIOS, press either F2 or DEL upon booting) so that the PC will be booted from the recovery disc.
  2. In the Windows Boot Menu select "Command prompt" (usually in the sub-menu "Troubleshooting > Advanced Options").
  3. Enter the following into the command line:

    bcdedit /enum

    This gives you an overview of all installed Windows versions on your computer.
    Find the "identifier" of the Windows installation in question, usually named {default} or {current}.
    Now enter the two lines below to force the command line mode when booting up next:
     
    bcdedit /set "{default}" safeboot minimal
    bcdedit /set "{default}" safebootalternateshell yes

    (If necessary, replace default with the name of the respective Windows installation!)
  4. Remove the recovery disc and reboot the PC by entering

    shutdown /r

  5. Once the PC has been rebooted, a window with the command line should be displayed. Insert the media with the FrontFace Lockdown Tool on it and start it from the command line ("lockdown.exe"). You can also start the FrontFace Lockdown Tool directly if you have installed it on your computer.
  6. Now undo those changes you made in the FrontFace Lockdown Tool that blocked access to the PC and apply the new configuration. Make absolutely sure to click NO when you are asked whether you would like to reboot the PC.
  7. Open the menu "System Information" in the FrontFace Lockdown Tool and click on the link "Command line (CMD.EXE)". Enter the lines below to undo the changes made to booting configurations in step 3:
     
    bcdedit /deletevalue "{default}" safeboot
    bcdedit /deletevalue "{default}" safebootalternateshell

  8. Reboot the PC by clicking "Reboot" in the FrontFace Lockdown Tool.
  9. Now you will be able to access your computer as usual and lock it down with the FrontFace Lockdown Tool again if required.
  10. Should this procedure fail or should problems occur, you can also choose to reset your PC to a previous system restore point in the repair options of the backup disc. Such a backup point has been created before applying the configuration via the FrontFace Lockdown Tool and saved with the label "FrontFace Lockdown Tool". If you opt for this method, you will lose all changes (e.g. installations of new programs) made AFTER applying the configuration via the FrontFace Lockdown Tool since the entire PC system will be reset to an earlier state.
Last modified: 2021-12-10 15:15