lunes, 30 de diciembre de 2019

PXE configuration for Secure UEFI, UEFI and Legacy BIOS in a Windows DHCP Server


Hi.

I'm going to detail how to configure PXE boot in a Windows DHCP server role having Secure UEFI, UEFI or Legacy BIOS as boot mode.

1. Create Custom Vendor Classes with your DHCP Policy

1.1 Right click on IPV4 - Click on Define Vendor Classes

2. DHCP 
win- q4da4mukrq6 
Display Statistics... 
New Scope... 
New Superscope... 
New Multicast Scope... 
Configure Failover... 
Replicate Failover Scopes... 
Define User Classes... 
Define Vendor Classes... 
Reconcile All Scopes... 
Set Predefined Options... 
View 
Refresh 
Export List... 
Properties 
Help

1.2 Click Add and field it with next information:
  • DisplayName: PXEClient (UEFI x64)
  • Description: PXEClient:Arch:00007
  • ASCII: PXEClient:Arch:00007
1.3 Click Add again and field it with next information
  • DisplayName: PXEClient (UEFI x86)
  • Description: PXEClient:Arch:00006
  • ASCII: PXEClient:Arch:00006
1.4 Click add for last time and field it with next information
  • DisplayName: PXEClient (BIOS x86 & x64)
  • Description: PXEClient:Arch:00000
  • ASCII: PXEClient:Arch:00000
Example:
DHCP 
win- q4da4mukrq6 
IPv4 
scope [192.168.00 192.168.1x 
Server Options 
Policies 
Filters 
Available classes 
Name 
Contents of DHCP Server 
scope [192.168.0.0] 
Server Options 
Policies 
Filters 
Status 
Active 
Remove 
Descriptior 
Microsoft Windows 20 
Microsoft Windows 98 
Microsoft Options 
DHCP Vendor Classes 
Microsoft vendor-specific option 
Microsoft vendor-specific option 
Microsoft vendor-specific optiotm 
New Class 
Display name: 
PXECliant 
PXECliantkch 00007 
0000 
0010 
so 
74 
30 
63 
30 
PXEC1ien 
t Arch : O 
30 
Binary 
45 43 sc 
41 72 63 
30 37

2. Create DHCP Policies

2.1 Right Click on Policies and click on New Policy

win- q4da4mukrq6 
Pv4 
scope [192.168.00 
Server Options 
Polic 
Filters 
New Policy... 
Deactivate 
View 
Refresh 
Export List... 
Help

You have to create few policies, the information needed is:

Policy 1. 
2.1.1 Field Policy Name: PXEClient (UEFI x64) and Description: Boot File UEFI x64
2.1.2 Click on Add
2.1.3 Choose Value: PXEClient (UEFI x64), click on append wildcard(*)
2.1.4 Click on Add and Next
2.1.5 Leave DHCP Standard Options
2.1.6 Click on 066 Boot server host name and field it with the IP of your Deployment Server.
2.1.7 Click on 067 Bootfile Name field with: EFI\Boot\bootx64.efi
2.1.8 Click on Next and Finish.

Policy 2.
2.1.9 Repeat points 2.1.1 to 2.1.8 with this information:
  • 2.1.1 PXEClient (BIOS x86 & x64), Boot File BIOS x86 & x64
  • 2.1.3 PXEClient (BIOS x86 & 64), append wildcard (*)
  • 2.1.6 066 Boot server host name: IP fo your server
  • 2.1.7 067 Bootfile Name: boot\pxeboot.n12 
Policy 3.
2.2.0 Repeat points 2.1.1 to 2.1.8 with this information:
  • 2.1.1 PXEClient (UEFI X86), Boot File UEFI x86
  • 2.1.3 PXEClient (UEFI x86), append wildcard (*)
  • 2.1.6 066 Boot server host name: IP fo your server
  • 2.1.7 067 Bootfile Name:  EFI\Boot\bootia32.efi
Example:


DHCP Poli Confi u ration Wizard 
Policy IP 
This feature allows you to distributa configurable settings (IP address. DHCP options) to 
clients based on certain condtions vendor class. user class. MAC address. etc) 
This wizard will guide you setting up a naw policy Provide a nama Volp Phone 
Configuration Polic•,') and description NT P Server option for Volp Phones) for your 
Policy Name 
PXECliant 
UEFIx641 
Back







DHCP Policy Configuration Wizard 
Coriiw•e for ttE policy 
A policy consists of ona or mora condtions and a set of configuration settings (options. IP 
Address) that are disthbuted to the cliant The DHCP server dalivarz these specific 
settings to clients that match these condtions 
A policy wth condtions based on fully qualified domain name can have 
configuration settings for DNS but not for options or IP address ranges 
in this view. 
More Actions 
Add/Edit Condition 
Specify a condition for the policy being configured Select a criteria. operator 
and values for the condtion 
Vendor Class 
Criteria : 
Value(s) 
Value PXEClient (UEFIx64) 
r Prefix wildcard O 
Append 
PXECliant (LIEFI x64)• 
r AND 
OR



DHCP Policy Configuration Wizard 
Coriiw•e for policy 
f the conditions specified in the policy match a client request the settings will be 
applied 
Vendor class 
Available 
065 N Servarz 
DHCP Standard Options 
066 800t Server Host Name 
067 800tfIIe Name 
Data entry 
String valua 
192 1680254 
A list of IP addresses indicati 
TFTP boot server host name 
800tflIa Nama



DHCP Policy Configuration Wizard 
Coriiw•e for policy 
f the conditions specified in the policy match a client request the settings will be 
applied 
Vendor class 
Available 
065 N Servers 
DHCP Standard Options 
066 800t Server Host Name 
067 800tflIa Nama 
Data entry 
String valua 
afi 
A list of IP addresses indi 
T FTP boot server host nama 
800tfiIe Name



HCP Poli 
nfigurati 
Wiza 
A naw policy will be created wth the following properties To configure DNS settings. 
view properties of the policy and click the DNS tab 
PXECliant (LIEF' 
Description 800t file Ll EFI x64 
Conditions O R of 
Condtions 
Vendor Class 
800t Sarver Host Name 
800tflIa Nama 
Equals 
Vendor Class 
Value 
PXECliant (LIEFI 
192 1680254 
EF \Boot Ibootx6