• Home  / 
  • Password Protecting your Windows PE 2.1 Images

Password Protecting your Windows PE 2.1 Images

By arwidmark / August 30, 2008

As you probably know, WDS doesn’t provide any security for it’s native boot images (Windows PE 2.x). However, by adding pxelinux and vesamenu.c32 to WDS, you can add that feature. Here is how…

 

  1. Download and extract syslinux from http://www.kernel.org/pub/linux/utils/boot/syslinux/syslinux-3.71.zip (it contains pxelinux) 
     
  2. Copy the syslinux-3.71\com32\menu\vesamenu.c32 to your WDS Server, D:\RemoteInstall\Boot\x64 and D:\RemoteInstall\Boot\x86 
     
  3. Copy the syslinux-3.71\core\pxelinux.o to your WDS Server, D:\RemoteInstall\Boot\x64 and D:\RemoteInstall\Boot\x86, rename it to pxelinux.com 
     
  4. Download a nice background image (http://www.deployvista.com/Portals/0/DeploymentBackground.png), and save it in D:\RemoteInstall\Boot\x64 and D:\RemoteInstall\Boot\x86  
     
  5. In the D:\RemoteInstall\Boot\x64 and D:\RemoteInstall\Boot\x86 folders, make a copy of pxeboot.n12 and rename it to pxeboot.0 
     
  6. Configure WDS to use the pxelinux.com boot file (Server properties, Boot tab) 
     
  7. In the D:\RemoteInstall\Boot\x64 and D:\RemoteInstall\Boot\x86 folders, create a subfolder called pxelinux.cfg 
     
  8. In the D:\RemoteInstall\Boot\x64\pxelinux.cfg and D:\RemoteInstall\Boot\x86\pxelinux.cfg folders, create a file named default with the following settings
     
    DEFAULT      vesamenu.c32
    PROMPT       0
    NOESCAPE     0
    ALLOWOPTIONS 0
    # Timeout in units of 1/10 s
    TIMEOUT 300
    MENU WIDTH 40
    MENU MARGIN 0
    MENU ROWS 12
    MENU TIMEOUTROW 14
    MENU HSHIFT 5
    MENU VSHIFT 2
    MENU COLOR BORDER 30;44       #00000000 #00000000 none
    MENU COLOR TABMSG 1;36;44     #00000000 #00000000 none
    MENU COLOR TITLE 1;36;44     #00000000 #00000000 none
    MENU COLOR SEL   30;47       #40000000 #20ffffff
    MENU BACKGROUND DeploymentBackground.png

    MENU TITLE PXE Boot menu
    MENU WIDTH 80
    MENU MARGIN 18
    MENU ROWS 4

    LABEL wds
     MENU       DEFAULT
     MENU PASSWD P@ssw0rd
     MENU       LABEL Windows Deployment Services
     KERNEL     pxeboot.0

    LABEL local
     MENU LABEL Boot from Harddisk
     LOCALBOOT 0 

 

About the author

arwidmark

kungcocos - March 22, 2009

In Windows 2008 R2 you don´t have the option to choose a bootfile. You can however rename the the pxelinux.com file to pxeboot.n12 to make it boot.

Zepman - May 7, 2009

This solution worked almost as expected. Here is the problem that I ran into. When the system loads into the Linux boot menu the default menu item is set to boot from pxeboot.0 after 30 seconds. If the user hits enter or arrows/pages up/down prior to the time out then the user is prompted for the password that is set in the default file. However, if the user lets the time expire then Windows Deployment Services is automatically selected and loads the pxeboot.0 with out entering the password. I changed the default selection to be the Local Hard Drive so that the user must manually select Windows Deployment Services to insure that the user must enter the password.

LABEL local
MENU DEFAULT
MENU LABEL Boot from Harddisk
LOCALBOOT 0

LABEL wds
MENU PASSWD P@ssw0rd
MENU LABEL Windows Deployment Services
KERNEL pxeboot.0

Comments are closed