/build/static/layout/Breadcrumb_cap_w.png
06/07/2019 244 views

Hi guys,


My techies complained that they need to manually configure BIOS settings before starting deployments. (lazy monkeys...)


Dell Laptops come in with factory BIOS settings e.g.:

- secure boot enabled

- UEFI network stack turned off.


--> this makes PXE booting out of the box impossible for us.


question 1: is there already a way to PXE boot into K2 with Secure boot enabled?

I see that there's still an open uservoice with the request:

https://kace.uservoice.com/forums/82717-sda-k2000/suggestions/17791252-uefi-secure-boot

--> guess it's planned for release 7?


So until then, to reduce user errors, I'm creating a multiplatform BIOS package with cctk and included it with KBEM.

Plan is that my techies only have to check UEFI network stack and Secure Boot in BIOS, then PXE boot into the manipulated KBE.

I've created a Custom Deployment that my techies can run. The Custom Deployment contains 2 pre-install tasks:



6hlj3ur1jp231.png


  1. first task runs the cctk -i <config> command (--> the config file also sets a one-time pxe boot for the next reboot (so techies don't have to press f12 - pxe boot) like I said, they're really lazy)

  2. second task runs: x:wpeutil reboot to reboot the machine.


While the tasks execute properly, the reboot task stays In Progress on K2:



8jb16ckmjp231.png


Is there a way to make this task flag as completed?

Or any alternatives for the scenario above?


How do you guys handle this?


edit: I've thought about deploying command configure on all devices, being able to send updated configurations (like pwds) seem handy but I'm trying not to bloat my image. So I'm looking for a different approach.


thanks

Answer Summary:
2 Comments   [ + ] Show comments

Comments

  • it looks like is not reporting back to the SDA...

    What if you reboot using a classic Windows command and not using wpeutil (PE tool)?

    something like:

    'shutdown /r /t 30'

    I'm adding 30 seconds to give it time to report back about the task being executed properly...
  • Hi Channeler,

    Thanks for the reply.

    These 2 steps are pre-installation tasks that I run as Custom Deployment before we deploy our scripted installation.

    I think shutdown.exe isn't included in X:
    If I dir *.exe in X:\Windows\System32 it is not listed.

    I'm going to fiddle around a bit more and see what I can do.

    thanks.

Answer Chosen by the Author

1

You can try checking "Force continue on Errors" and the CCTK script should then complete.  You just have to make sure the deployment really does what you want because now it will go thru even if it did not do the tasks correctly.

Have you tried to run the CCTK task as a midlevel in your scripted install?  I use custom deployments images and configure the bios at mid level.  I store my Wims on windows shares thru out the organizations sites.


As a Scripted you should be able to do this:



Answered 06/12/2019 by: SMal.tmcc
Red Belt

  • Also forgot to mention you can zip the C|C directory up and make that a portable application that you can attach to any level application task and call it that way if you do not have it in the boot env. You can also use the zip to run SMA scripts with to save installing C|C if you do not want to
  • Made it a mid-level task and works as intended. Thanks!

All Answers

1

Are you imaging these?  Why make a boot to set pxe boot??????????

If you spend enough $$$$ Dell will set the bios how you want it


If not:

All they need to do is set network first in the boot order while they are already in the bios to disable secure boot and do the other changes.

You can then create a task to switch it back to hdd first as one of your steps


We reimage and replace machines in the classrooms every year, this is what we do.


On new machines they have to disable secure boot and setup network booting, and bios password.... Reboot and hit f12 choose pxe boot.

On the boot menu have the default KBE to boot and other KBE's (one for each image) that are configured for an auto deployment. 

We have a password for the PXE menu to prevent someone from f12ing and nuking a machine by reimaging.

You use the KBEM to create these custom KBEs to autoboot.

Our lazy monkeys  can just press a couple of buttons put in a password and move on

They boot into the PXE menu, choose an auto-deploy boot that will image the machine and enter pxe password. They do not have to touch it again till complete. 

We have them set the bios PW to start and then I call that password in the SDA tasks that reconfigure the bios.  Keeps others out of the bios.  We use a SMA script to change the password at least yearly


On existing machines we use the SMA and run WOL and then run a script that changes the bios boot order to pxe first and then reboots the machine.

On the SDA we create auto deployments for the machines and using the SMA labels to assign the correct image to the machines. 


Any that fail to WOL we send tech to. They turn it on and manually f12 and those take off imaging.


You can push C|C with either SMA or SDA

You can create a portable version you zip and attach to tasks then it deletes when finished

You can compile the C|C commands into an EXE


They do not need to be techs to start images, we use student workers from media services to help in the summer they just need to be able to follow simple directions, so if your techs bitch about having to do menial work tell them you can replace them for less $$$
Answered 06/07/2019 by: SMal.tmcc
Red Belt

  • I agree with this guy.... You don't have to be a tech to perform the settings.

    DELL can ship your devices with whatever BIOS version and config you want, for a fee...
  • Hi Smal,

    Thanks for the reply.

    We need to (re)deploy about +-50 laptops monthly. (re-image spare devices, new employees,...)

    For the new devices, they need to boot into BIOS and set:
    Disable Secure Boot
    Enable UEFI network stack

    Then they F12 to UEFi PXE boot and select the KBE where C|C is included.

    Now they use the Custom Deployment I created with the cctk configuration + reboot tasks. The configuration also sets a one time pxe boot so they can grab a coffee while its running and come back to a PXE booted device that is ready to start our Scripted Installation.
    --> This one-time pxe boot does not require to enter the admin pwd when PXE booting. After that one-time boot, everything is pwd protected to boot except the HDD.

    So issue here is: the reboot task is not reporting back as completed to the SDA. This is making the startnet.cmd fail from time to time. (Fixed if I delete the In Progress custom deployment -> which has actually completed succesfully)
    and run startnet.cmd again.

    I do have some options:
    - Figure out the pre-install reboot task and how to make it pass succesfully.
    - Remove the reboot task from the custom deployment and let them click some extra buttons.
    - Spend some $$$, I'll contact our Dell account mgr and ask for some details.

    Thanks for your detailed answer.
  • This content is currently hidden from public view.
    Reason: Removed by member request For more information, visit our FAQ's.