Windows XP Remote Reimage

From richud.com
Jump to navigation Jump to search

If you have RPC access to a PC it is quite easy to reimage it remotely.

This example applies to a working WinXP machine but can be easily altered for say Windows 7 or Vista .

Steps

  • Copy the needed files to the machine
  • Modify/replace the boot.ini for grldr (XP)
  • Reboot the pc, the XP bootloader chainloads the grldr bootloader which chainloads gPxe bootloader.
  • gPXE then obtains IP info and boots 'something' off the network, either via PXE, HTTP or FTP (or iSCSI or AoE etc.)


Main script

A bit of decoration :) {{#fileanchor: remote-reimage.bat}} 

@echo off

echo         _       __              __                          
echo   _____(_)_____/ /_  __  ______/ / _________  ____ ___      
echo  / ___/ // ___/ __ \/ / / / __  / / ___/ __ \/ __ `__ \     RMDC
echo / /  / // /__/ / / / /_/ / /_/ /_/ /__/ /_/ / / / / / /     Clonemod Remote
echo/_/  /_/ \___/_/ /_/\__,_/\__,_/(_)___/\____/_/ /_/ /_/      V1 server side
echo.

echo ---=== Last updated 07-April-2011 ===---
echo.


Test the machine given is alive AND connectable via RPC, it no hostname passed on command line it will prompt for one. {{#fileanchor: remote-reimage.bat}} 

SETLOCAL ENABLEDELAYEDEXPANSION
:start
if [%1] == [] (
 SET /P h=Please enter computer hostname and press enter: 
) ELSE (
 set h=%1
)


if [!h!] == [] (
 goto start
) ELSE (
 goto test
)
goto end

:test
   echo Ping testing !h!...
   ping -n 2 -l 1 -f -w 20 !h! >nul
   if !errorlevel! neq 0 (
    set f=Cannot ping host & call:fail
   ) else ( 
    echo RPC testing !h!...
    net use \\!h! /persistent:no >nul
    if !errorlevel! neq 0 (
     set f=No RPC connection, non-domain or WMI broken & call:fail
    ) else ( 
     net use \\!h! /d >nul
     echo Machine !h! alive and connectable!
     call:main
    )
   )
goto end


This copies the files to the remote machine, (boot.ini needs its attributes changing) and reboots it, so grldr will load and do the business. {{#fileanchor: remote-reimage.bat}} 

:main
 echo Copying files...
 copy /y "%~dp0gpxe-1.0.1+-gpxe.lkrn" "\\!h!\c$" >nul
 attrib -r -h -s "\\!h!\c$\boot.ini" >nul
 copy /y "%~dp0boot.ini" "\\!h!\c$" >nul
 copy /y "%~dp0grldr" "\\!h!\c$" >nul
 copy /y "%~dp0menu.lst" "\\!h!\c$" >nul
 shutdown /r /t 1 /f /m \\!h!
 echo PC,!h!,OK >> "%~dp0clonemodremote-result.csv"
goto end

:fail
echo PC:!h!, Failure:!f!
echo PC,!h!,FAIL,!f! >> "%~dp0clonemodremote-result.csv"
goto end

:end

[{{#filelink: remote-reimage.bat}} Download the entire script HERE (all parts above)]

boot.ini

This is a typical modified Windows XP boot.ini script for windows' ntldr bootloader with grldr set as the default option {{#fileanchor: boot.ini}} 

[boot loader]
timeout=0
default=C:\grldr
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
C:\grldr="CloneMod v3"

[{{#filelink: boot.ini}} Download the entire script HERE]

grldr

grldr is a bootloader and is part of grub4dos 0.4.5b which is latest version at time of writing. (You cannot use syslinux etc. as they cannot read files on NTFS) (can ntldr boot gPXE directly? test!)

grldr menu

Simple menu.lst, grldr uses this to boot the gPXE kernel gpxe-1.0.1+-gpxe.lkrn {{#fileanchor: menu.lst}} 

default 0 
foreground=FFFFFF
background=000000
timeout 0

title CloneMod V3
find --set-root /gpxe-1.0.1+-gpxe.lkrn
kernel /gpxe-1.0.1+-gpxe.lkrn

[{{#filelink: menu.lst}} Download the entire script HERE]

gPXE

gPXE script

gPXE script to embed when building on rom-o-matic.

In this example its booting my new Cyclone imaging system, kernel and initramfs via HTTP 

dhcp net0
set 210:string http://xxx.xxx.xx.x/pxe/
kernel ${210:string}cyclone/bzImage loglevel=3 vga=788 spath=cyclone/system runinit=cyclone.sh serveraddr=xxx.xxx.xx.x snum=2 imgmode=Auto label=NoLabel
initrd ${210:string}cyclone/initramfs.cp.lzma
boot

In this example you would boot to the default PXE menu as if doing a normal PXE boot, allbeit using the drivers in the gPXE kernel, rather than using the target machines undi. 

dhcp net0 
set 209:string pxelinux.cfg/default 
set 210:string http://xxx.xxx.xx.x/pxe/ 
chain ${210:string}pxelinux.0

Or (on my specially modified Belkin router running lighty on a different port to built in webserver) 

dhcp net0 
set 209:string pxelinux.cfg/default 
set 210:string http://192.168.2.1:81/
chain ${210:string}pxelinux.0

gPXE kernel

To create the gPXE kernel in rom-o-matic do this, leave the rest as default. 

1)Choose an output format (in this case a kernel) > .lkrn
5)Customize image configuration options: > paste/modify suitable script (above) into the textarea 'Embedded script' near the bottom

Log

Very simple output csv log from bat script, in the example called clonemodremote-result.csv 

PC,ua-0119,FAIL,Cannot ping host  
PC,143.210.11.78,OK 
PC,po-0033,OK 
PC,hs-0140,OK 
PC,it-1648,OK


Windows 7

Windows 7 / Vista

With Vista / Win7 as the target machine, you will need to use the bootmgr bootloader instead of ntldr.

Bootmgr cannot directly boot grldr (like ntldr can) and can only boot an MBR (grldr.mbr), which in turn loads grldr. Rather than repeat everything, the info is here about halfway down the page.

See Also

Retrieved from "https://www.richud.com/w/index.php?title=Windows_XP_Remote_Reimage&oldid=859"