RE: [MDT-OSD] Enable command support using prestart command?

[Andreas Hammarskjöld]

Might be other apps hard coded to use that though... so proper testing is in 
order.

//A

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Dave West
Sent: den 27 juli 2016 16:09
To: ms...@lists.myitforum.com; mdtosd@lists.myitforum.com
Subject: [mssms] RE: [MDT-OSD] Enable command support using prestart command?

We are using BitLocker on some systems, but others we just want to be able to 
use diskpart to clean the disk or gather log files for investigating deployment 
issues.

Replacing cmd.exe is an interesting idea, thank you :)

Dave

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Andreas Hammarskjöld
Sent: 26 July 2016 18:28
To: mdtosd@lists.myitforum.com<mailto:mdtosd@lists.myitforum.com>; 
ms...@lists.myitforum.com<mailto:ms...@lists.myitforum.com>
Subject: [mssms] RE: [MDT-OSD] Enable command support using prestart command?

Although I agree with Keith, if it's just a matter of "hiding" it then how 
about replacing cmd.exe with your own app prompting for a pwd?

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Keith Garner (Hotmail)
Sent: den 26 juli 2016 18:43
To: mdtosd@lists.myitforum.com<mailto:mdtosd@lists.myitforum.com>; 
ms...@lists.myitforum.com<mailto:ms...@lists.myitforum.com>
Subject: RE: [MDT-OSD] Enable command support using prestart command?

If you are concerned about unauthorized access to the file system, then you 
should be using BitLocker.
Everything else is a hack.

-k

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Dave West
Sent: Tuesday, July 26, 2016 2:22 AM
To: ms...@lists.myitforum.com<mailto:ms...@lists.myitforum.com>; 
mdtosd@lists.myitforum.com<mailto:mdtosd@lists.myitforum.com>
Subject: [MDT-OSD] Enable command support using prestart command?

I am wondering if anyone knows a way of enabling command support in WinPE on 
the fly using the prestart command?

The reason is that we have PXE enabled and as PXE does not require a password 
to boot (although we do require a BIOS password to boot from anything other 
than local disk) we don't want to enable command support in the PXE boot image 
as this could allow unauthorised access to the file system.

We are using the prestart command to run bginfo to display the system and 
network information and I notice that the prestart command is only initiated 
after the password is entered into the OSD wizard.

I was thinking we could use this 'authentication' to also enable the command 
support after the wizard password has been entered as it is very useful for our 
support engineers to have command line access.

P.S. I don't want to simply launch a command prompt as the support engineers 
will need to remember to close it otherwise WinPE will not reboot, we just want 
the 'F8' option enabled on the fly.

Any thoughts would be appreciated.

Dave West
Senior Operations Analyst

Technology and Information Services | 1 Kirkby Place | Plymouth University | 
Drake Circus | Plymouth | PL4 8AA | UK
Tel: 01752 587247<tel://+44752587247/> | Email: 
dave.w...@plymouth.ac.uk<mailto:dave.w...@plymouth.ac.uk>

________________________________
[http://www.plymouth.ac.uk/images/email_footer.gif]<http://www.plymouth.ac.uk/worldclass>

This email and any files with it are confidential and intended solely for the 
use of the recipient to whom it is addressed. If you are not the intended 
recipient then copying, distribution or other use of the information contained 
is strictly prohibited and you should not rely on it. If you have received this 
email in error please let the sender know immediately and delete it from your 
system(s). Internet emails are not necessarily secure. While we take every 
care, Plymouth University accepts no responsibility for viruses and it is your 
responsibility to scan emails and their attachments. Plymouth University does 
not accept responsibility for any changes made after it was sent. Nothing in 
this email or its attachments constitutes an order for goods or services unless 
accompanied by an official order form.

________________________________
[http://www.plymouth.ac.uk/images/email_footer.gif]<http://www.plymouth.ac.uk/worldclass>

This email and any files with it are confidential and intended solely for the 
use of the recipient to whom it is addressed. If you are not the intended 
recipient then copying, distribution or other use of the information contained 
is strictly prohibited and you should not rely on it. If you have received this 
email in error please let the sender know immediately and delete it from your 
system(s). Internet emails are not necessarily secure. While we take every 
care, Plymouth University accepts no responsibility for viruses and it is your 
responsibility to scan emails and their attachments. Plymouth University does 
not accept responsibility for any changes made after it was sent. Nothing in 
this email or its attachments constitutes an order for goods or services unless 
accompanied by an official order form.