How to Implement DBAN in a WDS Server
Short instructive to implement DBAN in a Windows Server box with WDS implemented via PXELinux....
How to implement DBAN in a WDS server Objective: The purpose of this document is to provide a guide to boot a DBAN image from the WDS server, in order to erase the HDD in a safer way.
Advantages of having DBAN in the WDS menu: Normally the DBAN is installed onto a pen drive and local team boots from it in each wor kstation they want to erase securely. If there is a need to perform this task in bulk, it will be time consuming, by booting DBAN from the WDS just a network connection to the deploy VLAN is needed, after the machine boots the process run automatically without any user intervention.
Administrator access to a WDS server. Windows server 2012 R2 with MDT 201 3 installed. (Not tested but should work on other OS versions).
Download the DBAN ISO from website website..
Download syslinux-6.03 from here here..
What are we doing? (Technical details): WDS relies on PXE (Pre-execution (Pre-exec ution environment) to display a menu which let you select over a different set of .wim files to deploy the desired image. There is no way to modify the PXE from Windows and it’s only managed by GUI, this means that if we want to deploy an OS which is not compressed in a .wim file we simply can’t. What we will do is adding some files in some path of the WDS server to boot a Linux kernel (Syslinux), later on we will modify a configuration file which basically contains a menu to select what do we want to do (i.e. Boot locally, run DBAN kernel, run WDS and deploy images normally, etc.),
finally we will force the WDS se rver to use the Syslinux (which is also a PXE) so when the workstations boot from network they will use this environment instead of the Windows one.
Procedure: 1) Logon to the WDS server and open this share: \\WDS\REMIST:
2) Open the following folders Boot\x86 and Boot\x64:
3) Make a copy of the following files (pxeboot.n12 and abortpxe.com) and paste it in the same folder, after that rename that files so they look like this: (pxeboot.n12 pxeboot.0; abortpxe.com abortpxe.0)
4) After that extract the Syslinux .zip file locally and copy the following files to the WDS serve r (Copying in the desktop is fine, then we c an copy to the \\WDS \REMINST folder): libutil.c32 libcom32.c32 ldlinux.c32 chain.c32 pxelinux.0 vesamenu.c32 a.
If you look for these files in syslinux folder you may find 3 copies of them, be sure to select the one corresponding to BIOS and not to UEFI. Just in case I made a bundle for you: Bundle
5) After copying these files to each of the \\WDS\REMINST folders (\boot\x86 and \boot\x64) rename pxelinux.0 to pxelinux.com, your folder should look like this (I sorted t he folder by creation date to see what has been actually changed):
6) Create 2 new folders in each of the \\WDS\REMINST folders, the names shall be Linux and pxelinux.cfg
7) In pxelinux.cfg folder we will put our menu and the graphics configuration file, so now create 2 blank text files and name them like t his: “default” and “graphics.conf ”. ”. Note that “default” file file hasn’t hasn’t got any got any kind of extension!!!
8) Open the default file with notepad and paste this:
DEFAULT vesamenu.c32 PROMPT 0 MENU TITLE PXE Boot Menu (x64) MENU INCLUDE pxelinux.cfg/graphics.conf pxelinux.cfg/graphics.conf MENU AUTOBOOT Starting Local System in 8 seconds # Option 1 - Exit PXE L inux & boot normally LABEL bootlocal menu label ^Boot Normally localboot 0 timeout 80 TOTALTIMEOUT 9000 # Option 2 - Run WDS LABEL wds MENU LABEL ^Windows Deployment Services menu default KERNEL pxeboot.0 # Option 3 - Run DBAN LABEL DBAN
MENU LABEL ^DBAN-Autonuke KERNEL /Linux/dban/dban.bzi /Linux/dban/dban.bzi APPEND nuke="dwipe --autonuke" --autonuke" # Option 4 - Exit PXE L inux LABEL Abort MENU LABEL E^xit KERNEL abortpxe.0 Basically we’re giving 4 options, 1) To deploy from t he local HDD, 2) To run WDS, this should lead you to the Windows WDS menu m enu where you select the image you want to deploy, 3) Run DBAN, 4) Exit this menu. Feel fre e to modify the menu as you wish, this will set you the option to run the WDS menu by default after 8 seconds. 9) Now open the graphics.conf file and paste this: MENU MARGIN 10 MENU ROWS 16 MENU TABMSGROW 21 MENU TIMEOUTROW 26 MENU COLOR BORDER 30;44 #00000000 #00000000 none MENU COLOR SCROLLBAR 30;44 #00000000 #00000000 none MENU COLOR TITLE 0 #00269B #00000000 none MENU COLOR SEL 30;47 #40000000 #20ffffff MENU BACKGROUND background.jpg NOESCAPE 0 ALLOWOPTIONS 0 10) Create a folder within the brand new Linux folder and name it dban, then extract the content of the DBAN .iso there, it should look like this:
11) Open a command prompt as admin and run the following commands: wdsutil /set-server /bootprogram:boot\x86\pxelinux.com /architecture:x86 wdsutil /set-server /N12bootprogram:boot\x86\pxelinux.com /architecture:x86 wdsutil /set-server /bootprogram:boot\x64\pxelinux.com /architecture:x64 wdsutil /set-server /N12bootprogram:boot\x64\pxelinux.com /architecture:x64 12) Finally connect a computer to the deploy VLA N, boot from the NIC and you’ll see a menu to choose what do you want to do.
References: https://thommck.wordpress.com/2011/09/09/deep-dive-combining-windows-deployment-servicespxelinux-for-the-ultimate-network-boot/ http://www.servercobra.com/pxe-boot-dban/