Leave the CDs in the Office

There are few things more aggravating than going out to a coworker's office to work on their computer and finding that to fix it you need a CD that is sitting in your office. If you have ever experienced that, or would simply like to no longer need to tote that book of CDs with you every day, then this article is for you.

Even though I work in an environment where the desktop is dominated by Windows, there are several Linux-based tools that are used on a regular basis. These include tools for blanking a Windows password, destroying all the data on a hard drive, repartitioning a hard drive, and testing memory. The nice thing is that all of these tools natively boot via SYSLINUX (aka ISOLINUX), which means they can also be booted via PXE over the network. All that is required is a little time, a place on your network to store the files, and some free software. Interested? Good, let's make it happen.

First, configure a TFTP server on the same server that you want to store files on. Naturally, Linux is preferred here but a Windows server (not desktop) will work fine too via TFTPD32 or the like. Once that is setup we need something to serve out to our clients so lets download the latest version of SYSLINUX from kernel.org and copy the following files from it to our TFTP root:

• core\pxelinux.0
  Be sure to actually use THIS version of pxelinux.0 as several Linux distros have modified theirs and somewhat broken it (details here).
• com32\menu\vesamenu.c32

Now that these files are in place we need to make one more server-side configuration -- we need to set two DHCP options:

1. next-server = IP-ADDRESS-OR-FQDN-OF-YOUR-TFTP-SERVER
2. filename = /pxelinux.0

** If your network uses MS DHCP then these are set in Options 66 & 67.

The first of these tells clients where to find your TFTP server and the second tells them what file to request. Pxelinux.0 loads into memory then boots. The kicker is that we need to tell it what to do and that requires a plain text file named default (no extension) that is placed inside a folder called pxelinux.cfg, which, in turn, is in your TFTP root. So, thus far our directory structure should look like this:

/                      # (the TFTP root)
/pxelinux.0
/vesamenu.c32
/pxelinux.cfg/
/pxelinux.cfg/default

The file default contains your boot menu entries and can call other files if you are like me and want to separate out static menu configuration information and sub-menus. To get started, open "default" in your favorite text editor and enter the following:

DEFAULT vesamenu.c32
PROMPT 0
MENU INCLUDE pxelinux.cfg/pxe.conf
NOESCAPE 1

TIMEOUT 300
ONTIMEOUT localboot
MENU AUTOBOOT Normal booting will start in # seconds

LABEL localboot
MENU LABEL ^1. Boot from Local Hard Drive
LOCALBOOT 0

LABEL memtest
MENU LABEL ^2. Run Memtest86+ v4
kernel memtest/memtest

LABEL ntpasswd
MENU LABEL ^3. Blank a Windows Password
TEXT HELP
Runs Offline NT Password & Registry Editor
ENDTEXT
kernel ntpasswd/vmlinuz
append rw vga=1 initrd=ntpasswd/initrd.cgz,ntpasswd/scsi.cgz

LABEL dban
MENU LABEL ^4. Launch Darik's Boot and Nuke
TEXT HELP
Use this to remove ALL data from a PC.
ENDTEXT
KERNEL memdisk/memdisk
APPEND iso initrd=memdisk/iso/dban-beta.2006042900_i386.iso

Save that file and now create the file pxelinux.cfg/pxe.conf and enter the following:

MENU TITLE Choose from the below options:
menu color border 30;44 #ffffffff #00000000 std

NOESCAPE 1
ALLOWOPTIONS 0
PROMPT 0
menu width 80
menu rows 14
MENU TABMSGROW 24
MENU MARGIN 14
MENU VSHIFT 6

This is all info that never changes and just takes up a lot of room in default so I moved it to a separate file.

Now for the fun stuff...

As you can see from the menu we are setting up Memtest86+ to test a computer's RAM, Offline NT Password & Registry Editor, and Darik's Boot and Nuke for wiping hard drives. The partitioning tool I mentioned earlier is Gnome Partition Editor, a.k.a. GPartEd. Making gparted available via PXE is documented on their site but requires a bit more work than these three tools do. To setup Memtest86+ download the latest pre-compiled binary from their site and copy the contained file to a folder named memtest in your TFTP root. Rename the binary to memtest, otherwise it will fail to boot. Ntpasswd is similarly simple. Just download the bootable CD image from their site, mount the .iso, and copy the following files to ntpasswd in your TFTP root:

• vmlinuz
• initrd.cgz
• scsi.cgz

Booting DBAN requires chainloading its ISO via memdisk, which is provided by the SYSLINUX package in a folder by the same name. Copy it to a folder named memdisk in the TFTP root, create a folder inside of there called iso, and save your dban disk image in there. So, thus far our directory structure should look like this:

/                    # (the TFTP root)
/pxelinux.0
/vesamenu.c32
/pxelinux.cfg/
/pxelinux.cfg/default
/pxelinux.cfg/pxe.conf
/memtest/memtest
/ntpasswd/vmlinuz
/ntpasswd/initrd.cgz
/ntpasswd/scsi.cgz
/memdisk/memdisk
/memdisk/iso/dban-beta.2006042900_i386.iso

That's it -- everything is now setup. Hook a computer or virtual machine (with bridged networking) up to the network and reboot. Generally you press F12 to get a boot menu which will have your network adapter listed as an option (if not, look for a setting to enable it with PXE in the BIOS). Select your NIC and you should rapidly be greeted by a blue menu showing the options we just setup. The numbers in the menu are hot keys because we put the ^ symbol before them in the menu. If you do not pick anything within 30 seconds your computer will boot to its local hard drive automatically.

As a final note, there are many other tools that can be added to this boot menu and menu options can be protected via a plain text or encrypted password to keep users from messing up their computers. For example, I set this menu up where I work and it includes the following options:

1. Local boot
2. Symantec Ghost 2.5.1 (these all use a WinPE environment)

• Regular Ghost Client
• Ghost Console Client
• Windows 7 Enterprise x86 Installer (via a network share)

3. Memtest86+
4. ntpasswd
5. DBAN
6. Ultimate Boot CD for Windows
7. Knoppix DVD (terminal server client environment)
8. GPartEd
9. Older Ghost Servers

• A Ghost 2.0 server

10. Ubuntu internet based installers

• 8.04 LTS amd64
• 8.04 LTS x86
• 9.04 amd64
• 9.04 x86
• 9.10 amd64
• 9.10 x86

11. Gentoo

• Gentoo amd64 minimal cd11.
• Gentoo x86 minimal cd

I hope you all find this as helpful in your day-to-day activities as it has been for me.