International About LANDesk| Partners| Contact Us
Up to Documents in OS Deployment

How to Password Protect the PXE Boot F8 Menu Options?

VERSION 3 Published

Created on: Apr 17, 2008 1:28 PM by Watticus - Last Modified:  May 9, 2008 10:47 AM by Watticus

Description

It may not be desired to provide any user who has the ability to reboot a workstation the ability to image the workstation. This is

especially true in Library and School environments.

 

Also, both the Windows Pre-Execution Environment (WinPE) and Linux (LinuxPE) boot environments are powerful operating systems. Allowing

any user to be able to PXE boot to these operating systems may be considered a security risk.

 

Resolution

To password protect the PXE Boot Menu on an LDMS 8.7 SP3 core or later, do the following steps:

 

  1. Go to Tools | Distribution | OS Deployment and select the All Other Scripts folder.

  2. A button on the toolbar will activate with the mouseover popup "Build the secure PXE Representative Deployment scripts".

  3. Click this button, and fill out the name of the PXE Representative Deployment Script, and the password that will be used to protect the F8 Menu.

  4. Schedule the script, and install the PXE Representative.

  5. PXE boot the desired target machine.

  6. Select the desired boot option from the F8 menu.

  7. A new window will come up to confirm the selection, hit enter to confirm.

  8. A password box will now be displayed to authenticate.

  9. Once authenticated, the TFTP download will begin and the boot environment will load.

 

NOTE:

 

Enabling this option will require a user to authenticate at the machine being PXE booted. This means that if a machine is placed in

the PXE Holding queue and rebooted, it will not enter a managed state until authenticated at the physical machine. This will also affect the

ability to use the PXE server for Provisioning tasks that use the PXE Representative for loading the boot environment.

 

The LANDesk OSD vboot process does not utilize PXE and is therefore not affected with the above configuration.

Average User Rating
(1 rating)




Comments (3)
Apr 21, 2008 9:17 PM Click to view Dan Pixley's profile Dan Pixley says:

We've set up DHCP scope options as per step number 4. in this document on droppedpackets: http://www.droppedpackets.org/Members/jjpk01/pxe-rep-modifications/use-the-lande sk-pxe-service-on-a-single-machine-with-dhcp-scope-options/?searchterm=dhcp

 

This has the effect of bypassing the F8 menu. It also has the effect of not allowing the above steps to work for password protecting the PXE menu. Is there a way to password protect the PXE menu while using the DHCP Scope options? The purpose of using the DHCP scope options is to have a single PXE Representative for multiple subnets.
Apr 24, 2008 3:44 PM Click to view Watticus's profile Watticus says: in response to: Dan Pixley

Unfortunately, the above method from droppedpackets is not a supported configuration for the LANDesk PXE Representative and there is currently not a process to enable password protection for a Rep in that configuration.
Apr 30, 2008 5:31 PM Click to view Dan Pixley's profile Dan Pixley says: in response to: Watticus

Although this configuration is not supported by LANDesk, the answer to my above question is to change "Option 67" on the DHCP server to be "x86pc\undi\wpemenu\pxelinux.0".

More Like This

  • Retrieving data ...

More by Watticus

View Watticus's profile
LANDesk Community powered by Jive Software's Clearspace ®                                                                        Subscribe| Legal Notices| Investor Relations| Privacy Policy © 2007 LANDesk Software