Video Screencast Help

Password protect PXE

Created: 13 Aug 2008 • Updated: 22 May 2010 | 4 comments

Is their anyway to password protect PXE...

 

I want to allow my IT staff to image anywhere in our building.

 

But I do not want just anyone to accidentally reimage their PC.

 

We are currently using the 3com pxe that came with GSS.

 

 

 

Discussion Filed Under:

Comments 4 CommentsJump to latest comment

EdT's picture

Do you have a password protected BIOS ?

It would seem to me that the most secure way of limiting what users can get up to, is to modify the bios boot options to disable any devices that you don't want the user to have access to.

If your issue has been solved, please use the "Mark as Solution" link on the most relevant thread.

dbunch's picture

We do use the Bios password, but that will really not work in our environment..

 

We have approximately 3000 machines and that means we would have to depend on the person setting up the machine, to turn off the PXE boot after they image it.

geemail's picture

I would like to know if this is possible as well.  I would also like to know if anyone has a way to use a pxe boot menu with a WinPE boot image.

Lev Gimelfarb's picture

After BIOS (which do not support what you want), the next step in PXE loading is the PXE boot loader. However, modifying the bootloader requires knowledge of assembly and some low-level system programming, so I wouldn't go there to add password protection functionality.

 

I think the easiest solution is to modify the scripts running in pre-OS, such as WinPE, and add any custom authentication logic you require. In this instance you would want some logic to check some user-entered credentials and based on some validation either do or do not launch Ghost for imaging. Basically, scripts allow you to customise the pre-OS execution to your liking.

 

Of course, the downside is that, in case of WinPE, the whole large image has to be downloaded into RAM before password-prompting logic even appears. But it does solve the problem of users "accidentally" imaging their machines.

 

Hope this helps.