Windows XP Remote Reimage

Jump to: navigation, search

If you have RPC access to a PC it is quite easy to reimage it remotely.

This example applies to a working WinXP machine but can be easily altered for say Windows 7 or Vista .


  • Copy the needed files to the machine
  • Modify/replace the boot.ini for grldr (XP)
  • Reboot the pc, the XP bootloader chainloads the grldr bootloader which chainloads gPxe bootloader.
  • gPXE then obtains IP info and boots 'something' off the network, either via PXE, HTTP or FTP (or iSCSI or AoE etc.)

Main script

A bit of decoration :)

@echo off
echo         _       __              __                          
echo   _____(_)_____/ /_  __  ______/ / _________  ____ ___      
echo  / ___/ // ___/ __ \/ / / / __  / / ___/ __ \/ __ `__ \     RMDC
echo / /  / // /__/ / / / /_/ / /_/ /_/ /__/ /_/ / / / / / /     Clonemod Remote
echo/_/  /_/ \___/_/ /_/\__,_/\__,_/(_)___/\____/_/ /_/ /_/      V1 server side
echo ---=== Last updated 07-April-2011 ===---

Test the machine given is alive AND connectable via RPC, it no hostname passed on command line it will prompt for one.

if [%1] == [] (
 SET /P h=Please enter computer hostname and press enter: 
) ELSE (
 set h=%1
if [!h!] == [] (
 goto start
) ELSE (
 goto test
goto end
   echo Ping testing !h!...
   ping -n 2 -l 1 -f -w 20 !h! >nul
   if !errorlevel! neq 0 (
    set f=Cannot ping host & call:fail
   ) else ( 
    echo RPC testing !h!...
    net use \\!h! /persistent:no >nul
    if !errorlevel! neq 0 (
     set f=No RPC connection, non-domain or WMI broken & call:fail
    ) else ( 
     net use \\!h! /d >nul
     echo Machine !h! alive and connectable!
goto end

This copies the files to the remote machine, (boot.ini needs its attributes changing) and reboots it, so grldr will load and do the business.

 echo Copying files...
 copy /y "%~dp0gpxe-1.0.1+-gpxe.lkrn" "\\!h!\c$" >nul
 attrib -r -h -s "\\!h!\c$\boot.ini" >nul
 copy /y "%~dp0boot.ini" "\\!h!\c$" >nul
 copy /y "%~dp0grldr" "\\!h!\c$" >nul
 copy /y "%~dp0menu.lst" "\\!h!\c$" >nul
 shutdown /r /t 1 /f /m \\!h!
 echo PC,!h!,OK >> "%~dp0clonemodremote-result.csv"
goto end
echo PC:!h!, Failure:!f!
echo PC,!h!,FAIL,!f! >> "%~dp0clonemodremote-result.csv"
goto end

Download the entire script HERE (all parts above)


This is a typical modified Windows XP boot.ini script for windows' ntldr bootloader with grldr set as the default option

[boot loader]
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
C:\grldr="CloneMod v3"

Download the entire script HERE


grldr is a bootloader and is part of grub4dos 0.4.5b which is latest version at time of writing. (You cannot use syslinux etc. as they cannot read files on NTFS) (can ntldr boot gPXE directly? test!)

grldr menu

Simple menu.lst, grldr uses this to boot the gPXE kernel gpxe-1.0.1+-gpxe.lkrn

default 0 
timeout 0
title CloneMod V3
find --set-root /gpxe-1.0.1+-gpxe.lkrn
kernel /gpxe-1.0.1+-gpxe.lkrn

Download the entire script HERE


gPXE script

gPXE script to embed when building on rom-o-matic.

In this example its booting my new Cyclone imaging system, kernel and initramfs via HTTP

dhcp net0
set 210:string
kernel ${210:string}cyclone/bzImage loglevel=3 vga=788 spath=cyclone/system snum=2 imgmode=Auto label=NoLabel
initrd ${210:string}cyclone/initramfs.cp.lzma

In this example you would boot to the default PXE menu as if doing a normal PXE boot, allbeit using the drivers in the gPXE kernel, rather than using the target machines undi.

dhcp net0 
set 209:string pxelinux.cfg/default 
set 210:string 
chain ${210:string}pxelinux.0

Or (on my specially modified Belkin router running lighty on a different port to built in webserver)

dhcp net0 
set 209:string pxelinux.cfg/default 
set 210:string
chain ${210:string}pxelinux.0

gPXE kernel

To create the gPXE kernel in rom-o-matic do this, leave the rest as default.

1)Choose an output format (in this case a kernel) > .lkrn
5)Customize image configuration options: > paste/modify suitable script (above) into the textarea 'Embedded script' near the bottom


Very simple output csv log from bat script, in the example called clonemodremote-result.csv

PC,ua-0119,FAIL,Cannot ping host  

Windows 7

Windows 7 / Vista

With Vista / Win7 as the target machine, you will need to use the bootmgr bootloader instead of ntldr.

Bootmgr cannot directly boot grldr (like ntldr can) and can only boot an MBR (grldr.mbr), which in turn loads grldr. Rather than repeat everything, the info is here about halfway down the page.

See Also