I have an application that when run, restarts the computer immediately after it finishes. I would like to prevent this application from being able to restart the computer, leaving me able to restart the computer when I desire to. I am running Windows 7 x64 Home Premium, with the group policy editor installed. The application is a BIOS update program. What it does is it places the BIOS.rom image on the computer (I do not know if it is a temp file or stored in memory only), somehow signals the BIOS to enter a management mode on the next boot, then immediately restarts the computer to flash it. What I would like to do is to prevent the restart so that I can locate and alter the contents of the flash image (I am not actually modding the BIOS, just the ME firmware), then restart the system to flash the altered image. I already have the image I want to flash on instead, I just need the means to flash it. Specifics: When run, the exec causes a UAC popup for allowing the application to make changes to the computer. Upon finishing, it appears to to use the forced shutdown mode (ex. shutdown -r -f) since I have tried to block the shutdown with applications multiple times, but it shuts down immediately as if I had nothing running. I used the group policy editor to disable running command scripts, but it did not help. I used the task manager to kill the process less than a second before it finished executing, but I could not find a BIOS image present on the system (I did not test to see if management mode was entered on restart). I tried putting the program in a .bat with "shutdown -a" on the next line, but the command window would say that there was no restart to abort, so there is no delay on the restart. I tried to rename shutdown.exe so that it could not be called, with the idea being that I could rename it back or run the modified name myself when I did want to restart. I found the .exe in syswow64, but even as admin, I couldn't do anything to it. So then I went into an NTFS enabled DOS to rename it. Shutdown.exe, along with many other system files, were then missing from the syswow64 folder. I went back to windows, and shutdown.exe was missing there too, but the system was fully capable of restarting despite the .exe no longer being listed. I did a search and found shutdown.exe located in C:\Windows\winsxs\amd64_microsoft-windows-shutdown-event-tracker_31bf3856ad364e35_6.1.7600.16385_none_5ec90957e1a8fe95. Again, it was not editable even as admin. The version located there is slightly larger than the version I found in syswow64 earlier. Trying to find that folder in DOS would be an absolute nightmare with how many "amd64_microsoft_windows..." folders there are, or would "rename C:\Windows\winsxs\*\shutdown.exe shutdowne.exe" work in DOS? I feel like it's the wrong file anyway so I haven't tried. There are also 4 smaller "shutdown.exe.mui" files located elsewhere in the windows folder. I really don't know the significance of any of these files. This is very frustrating because I feel like simply preventing a restart should not be this difficult. Do you have any ideas on what I can try? I'll even throw on XP to do this if necessary if it cannot be done in 7. The BIOS exec cannot be run in DOS or linux.