Leave the CDs in the Office

There are few things more aggravating than going out to a coworker's office to work on their computer and finding that to fix it you need a CD that is sitting in your office. If you have ever experienced that, or would simply like to no longer need to tote that book of CDs with you every day, then this article is for you.

Even though I work in an environment where the desktop is dominated by Windows, there are several Linux-based tools that are used on a regular basis. These include tools for blanking a Windows password, destroying all the data on a hard drive, repartitioning a hard drive, and testing memory. The nice thing is that all of these tools natively boot via SYSLINUX (aka ISOLINUX), which means they can also be booted via PXE over the network. All that is required is a little time, a place on your network to store the files, and some free software. Interested? Good, let's make it happen.

First, configure a TFTP server on the same server that you want to store files on. Naturally, Linux is preferred here but a Windows server (not desktop) will work fine too via TFTPD32 or the like. Once that is setup we need something to serve out to our clients so lets download the latest version of SYSLINUX from kernel.org and copy the following files from it to our TFTP root:

  • core\pxelinux.0
    Be sure to actually use THIS version of pxelinux.0 as several Linux distros have modified theirs and somewhat broken it (details here).
  • com32\menu\vesamenu.c32

Now that these files are in place we need to make one more server-side configuration -- we need to set two DHCP options:

2. filename = /pxelinux.0

** If your network uses MS DHCP then these are set in Options 66 & 67.

The first of these tells clients where to find your TFTP server and the second tells them what file to request. Pxelinux.0 loads into memory then boots. The kicker is that we need to tell it what to do and that requires a plain text file named default (no extension) that is placed inside a folder called pxelinux.cfg, which, in turn, is in your TFTP root. So, thus far our directory structure should look like this:

/                      # (the TFTP root)

The file default contains your boot menu entries and can call other files if you are like me and want to separate out static menu configuration information and sub-menus. To get started, open "default" in your favorite text editor and enter the following:

DEFAULT vesamenu.c32
MENU INCLUDE pxelinux.cfg/pxe.conf

ONTIMEOUT localboot
MENU AUTOBOOT Normal booting will start in # seconds

LABEL localboot
MENU LABEL ^1. Boot from Local Hard Drive

LABEL memtest
MENU LABEL ^2. Run Memtest86+ v4
kernel memtest/memtest

LABEL ntpasswd
MENU LABEL ^3. Blank a Windows Password
Runs Offline NT Password & Registry Editor
kernel ntpasswd/vmlinuz
append rw vga=1 initrd=ntpasswd/initrd.cgz,ntpasswd/scsi.cgz

LABEL dban
MENU LABEL ^4. Launch Darik's Boot and Nuke
Use this to remove ALL data from a PC.
KERNEL memdisk/memdisk
APPEND iso initrd=memdisk/iso/dban-beta.2006042900_i386.iso

Save that file and now create the file pxelinux.cfg/pxe.conf and enter the following:

MENU TITLE Choose from the below options:
menu color border 30;44 #ffffffff #00000000 std

menu width 80
menu rows 14

This is all info that never changes and just takes up a lot of room in default so I moved it to a separate file.

Now for the fun stuff...

As you can see from the menu we are setting up Memtest86+ to test a computer's RAM, Offline NT Password & Registry Editor, and Darik's Boot and Nuke for wiping hard drives. The partitioning tool I mentioned earlier is Gnome Partition Editor, a.k.a. GPartEd. Making gparted available via PXE is documented on their site but requires a bit more work than these three tools do. To setup Memtest86+ download the latest pre-compiled binary from their site and copy the contained file to a folder named memtest in your TFTP root. Rename the binary to memtest, otherwise it will fail to boot. Ntpasswd is similarly simple. Just download the bootable CD image from their site, mount the .iso, and copy the following files to ntpasswd in your TFTP root:

  • vmlinuz
  • initrd.cgz
  • scsi.cgz

Booting DBAN requires chainloading its ISO via memdisk, which is provided by the SYSLINUX package in a folder by the same name. Copy it to a folder named memdisk in the TFTP root, create a folder inside of there called iso, and save your dban disk image in there. So, thus far our directory structure should look like this:

/                    # (the TFTP root)

That's it -- everything is now setup. Hook a computer or virtual machine (with bridged networking) up to the network and reboot. Generally you press F12 to get a boot menu which will have your network adapter listed as an option (if not, look for a setting to enable it with PXE in the BIOS). Select your NIC and you should rapidly be greeted by a blue menu showing the options we just setup. The numbers in the menu are hot keys because we put the ^ symbol before them in the menu. If you do not pick anything within 30 seconds your computer will boot to its local hard drive automatically.

As a final note, there are many other tools that can be added to this boot menu and menu options can be protected via a plain text or encrypted password to keep users from messing up their computers. For example, I set this menu up where I work and it includes the following options:

1. Local boot
2. Symantec Ghost 2.5.1 (these all use a WinPE environment)

  • Regular Ghost Client
  • Ghost Console Client
  • Windows 7 Enterprise x86 Installer (via a network share)

3. Memtest86+
4. ntpasswd
6. Ultimate Boot CD for Windows
7. Knoppix DVD (terminal server client environment)
8. GPartEd
9. Older Ghost Servers

  • A Ghost 2.0 server

10. Ubuntu internet based installers

  • 8.04 LTS amd64
  • 8.04 LTS x86
  • 9.04 amd64
  • 9.04 x86
  • 9.10 amd64
  • 9.10 x86

11. Gentoo

  • Gentoo amd64 minimal cd11.
  • Gentoo x86 minimal cd

I hope you all find this as helpful in your day-to-day activities as it has been for me.


Gene Liverman is a Systems Administrator of *nix and VMware at a university.


Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

Aye but

PJ's picture

To aggravate means to make worse. Aggravting means making worse. It does NOT mean annoying.

Other than that.... good post.

Well, it's annoying enough to

Don Costello's picture

Well, it's annoying enough to have to go out to the user's desktop. Not having your CD toolbox is aggravating because it makes the annoying situation worse... :).


Mitch Frazier's picture

Although some dislike the usage, it can be used that way:

1 obsolete a : to make heavy : burden b : increase
2 : to make worse, more serious, or more severe : intensify unpleasantly
3 a : to rouse to displeasure or anger by usually persistent and often petty goading b : to produce inflammation in

See 3a. Taken from: www.merriam-webster.com/dictionary/aggravate

Mitch Frazier is an Associate Editor for Linux Journal.

Live USBs

InaTux's picture

CD's are on death road, walking the seemingly endless road until Music and Software are no longer sold on them, and they begin to disappear.

All you really need is a 4GB LiveUSB to get the job done. Mostly all computer hardware made in the last five years can boot from a USB flash drive, and many GNU/Linux distributions can be installed to USB thumb drives. You can actually place GRUB on the master boot record for the USB drive and have multiple distributions installed to choose from at boot. Debian/Ubuntu, Live gParted, and BackTrack, are all useful.

Also, we sell LiveUSB drives, if anyone is interested.

Bootable USBs are nice and I

Gene Liverman's picture

Bootable USBs are nice and I have used them for many things but they still fall subject to the same main issue as a CD... you have to remember to take the USB stick with you and it can only be used in one place at a time. By putting those same utils on the network you get to free yourself from toting around yet another item, plus you can use it simultaneously on multiple computers.

Gene Liverman is a Systems Administrator of *nix and VMware at a university.


InaTux's picture

Putting utilities on a network (Internet I suppose, because on a local network the concept isn't as useful) would make running them from a dial-up connection almost impossible.


burndata's picture

comon.. look at the date.. 2010 my friend.. please I think dialup convo should be regarded as taboo. move someonewhere with broadband or just remind us of your drip drip drip data flow.

Other PXE bootables

jhansonxi's picture

There are versions of Damn Small Linux and Parted Magic that boot entirely over TFTP using a huge initrd image. This works but in the case of my server I have to split Parted Magic's image into smaller chunks else it hits the maximum transfer size and fails to load. There is a script at the Parted Magic site that does this easily.

I would like to get Mandriva, Fedora, and OpenSUSE booting with PXE over NFS or HTTP some day.

"I would like to get

Gene Liverman's picture

"I would like to get Mandriva, Fedora, and OpenSUSE booting with PXE over NFS or HTTP some day."

Are you talking about getting them to install via PXE or more of a thin client setup that boots via PXE?

Gene Liverman is a Systems Administrator of *nix and VMware at a university.

PXE over NFS

Don Calabro's picture

We boot OpenSuSE with PXE over NFS in our production environment at work. Sort of a smart thin client.

Ideally both. With Ubuntu I

jhansonxi's picture

Ideally both. With Ubuntu I can boot LiveCD ISOs and install from them. The LiveCD "desktop" installers don't support RAID/LVM2/dm-crypt and have a 512MB+ memory requirement. For installations that don't meet these requirements I boot the "alternate" ISOs which have a text-mode interface. In the past I also had a full Ubuntu repository mirror that could install everything but removed it because the bandwidth requirements were too large.

ntpasswd in the domain

Anonymous's picture

Of course I don't think I'll put ntpasswd out there on my domain network. I know it only exposes local passwords, not domain, but I still don't want to put the ability to clear the local admin password just an F12 away...

Securing ntpasswd

Gene Liverman's picture

That same concern is why we decided to take advantage of the ability to add an encrypted password to all the menu entries that could mess up a computer. It adds a lot of piece-of-mind value to the setup.

Gene Liverman is a Systems Administrator of *nix and VMware at a university.

Great article

S Daniel's picture

I'm even going to set this up at home.

Alternatively, the iodd

Anonymous's picture

Alternatively, the iodd Virtual Rom is a USB 2.5" HDD caddy that has firmware that allows ISOs on a FAT32 filesystem to appear as a USB optical device.

Re: iodd Virtual Rom

Gene Liverman's picture

Thanks for the info on the iodd Virtual Rom. I think I am going to look into getting one of these to use at home or any other time that I am tinkering.

Gene Liverman is a Systems Administrator of *nix and VMware at a university.

Beautiful!! great use.

Anonymous's picture

I don't come across many articles that jump out at me, but for someone who still carries CDs, now thumb drives, but not zip discs or floppies, this is an elegant way to keep those items updated and available on the company net. Thanks.