Pxe Boot menu - lock users from pressing F8 options

When building your pre-boot environment PXE option, there are options to diable the keyboard for input. Depending on which version of DS you have of course. I have also found "obscurity" to work for us. Simply change the prompt text in the "PXE Configuration Utility" to say "Press [F10]..." and set the time-out to "0". Even if they see the prompt, they try to press the wrong key :)

The only "good" way is to use the keyboard/input lockout option in teh Boot Disc option through. And even then... there are ways to get around such things.

Hi Cat,

At the PXE boot stage (where you see the F8 option) there isn't any facility password locking. If you only require an automation boot for re-building computers for error/new kit, then a good option would be to set computers to boot off disk first. In order to build/rebuild the computer the techy would interrupt the boot process to manually select the boot device.

There are various password protection capabilities built into various BIOSes which you might want to look into to stop the users doing this themselves.

If however you PXE booting is required 'as standard' then your options are limited if you want to be able to keep zero-touch imaging capability. You see, if you start putting in password protection within the automation images, then you won't be able to automatically do anything -someone will always have to be there to type in the password!

NKX's solution of disabling the keyboard/mouse options in automation is best, and his obscuring of the function key to press certainly frustrate users (hey, and perhaps your technical staff??!!).

It is also good practice to have automation use a limited account when it maps drives. Its common practice to give this account read only access to the express share, and then full write access your image and temp folders. For more peace of mind, you could create an image uploads area, separate from downloads, so that this user only has full rights over the downloads area. If you worry about people breaking into automation, this will provide some peace of mind that even if they do the damage they can do is very limited.

Kind Regards,
Ian./

We currently use a password during the drive mapping phase.  We manily do this because we have multiple sites, and that was the easiest way to use the same PXE option at every site.  If you have multiple PXE servers, turning on MAC Filter can help and just have the PXE server read from a PXEServiceMac.csv file so you dont have to modify the PXE configuration all the time.  The only pain would be if maintaining this file and getting the MAC address.  I am planning to use this so we can remotely deploy computers that are already in the DS, so I can just copy and paste the MAC address from the DS Computer Properties.

Two ways to do this.

First
PXE Configuration tool. Set the timeout period from 3 seconds to 0 seconds. So only schedules jobs will be displayed.

Second
PXE Configuration Tool> DS server tab. Only service clients with DS jobs. So PXE will not listed to this clients if no jobs are assigned.

Hope one of this works for u.

Nelson

Hi all thanks for all the useful suggestions, at this stage I have set the boot menu to display F10, I have tried to lock out the keyboard but for some strange reason I was still able to interrupt the script BTW we use dos boot disks.

I'll progressively test the other suggestions but as we have 3000 lab PC's which we are rebuilding regularly we do not want to turn off the pxe boot option. We also find sometimes we do need to press F8 even when a job has gone to computers as they don't launch into new or managed node automatically  (another issue in itself).

Depending on your environment if you know who will be imaging when you could just turn off the PXE service on the DS most of the time. Well it crashes alot anyways. ):