Weekly Tip 69

Dell – Disable Booting from All UEFI Devices (expect HDD)

Note: the commands listed here are for Dell models only.

UEFI makes it a little more difficult to prevent  someone from booting to PXE, USB drives, and CD/DVDs. In legacy mode, you can simply turn these off. Due to the dynamic nature of UEFI, you cannot completely disable these options from one screen in the BIOS. With these four commands (there are two for PXE), you can successfully disable everything expect for the hard drive.

To set up, you need to install Dell Command | Configure on a reference machine. Copy the X86_64 folder from the installation directory to the other machines that you manage. This can be done with any desktop management application, such as ConfigMgr. For the purposes of the exercise, I will copy the X86_64 directory to C:\cctk\X86_64. Modify the commands accordingly. If you have a password set on your BIOS, you will need to add “–valsetuppwd=<password>” to the commands.

It may not show up well on the webpage, but there are double dashes:

Capture

PXE:

C:\cctk\X86_64\cctk.exe –embnic1=onnopxe

UEFI PXE Stack:

C:\cctk\X86_64\cctk.exe –uefinwstack=disable

For CD/DVD’s, you must enable secure boot. There’s no other way to disable booting from CD/DVD. Command:

C:\cctk\X86_64\cctk.exe –secureboot=enable

USB Drives:

C:\cctk\X86_64\cctk.exe –usbemunousbboot=enable

One note on the command for USB drives – there’s no way to re-enable booting from USB from a command. This will have to be done manually from the BIOS. The same is true for Secure Boot – it CANNOT be disabled via a command.

Disclaimer

All content provided on this blog is for information purposes only. Windows Management Experts, Inc makes no representation as to accuracy or completeness of any information on this site. Windows Management Experts, Inc will not be liable for any errors or omission in this information nor for the availability of this information. It is highly recommended that you consult one of our technical consultants, should you need any further assistance.

Share:

Facebook
Twitter
LinkedIn

Contact Us

=
On Key

More Posts

WME Cybersecurity Briefings No. 014
Cyber Security

WME Security Briefing 14 June 2024

LightSpy Spyware’s macOS Variant Detected with Advanced Surveillance Capabilities Overview Findings reveal a previously undocumented macOS variant of the LightSpy spyware. It was initially thought to target only iOS users. This spyware utilizes a plugin-based system

Read More »
WME Cybersecurity Briefings No. 013
Cyber Security

WME Security Briefing 10 June 2024

CISA Urges Patching of Actively Exploited Linux Kernel Vulnerability Overview CISA just issued an urgent advisory concerning a newly discovered security flaw in the Linux kernel. The flaw is being actively exploited to affect the netfilter component of

Read More »
3 Things to Consider Before You Enable Copilot for Microsoft 365
Microsoft Copilot

3 Things to Consider Before You Enable Copilot for Microsoft 365

In today’s digital landscape, any productivity tool that streamlines workflow and boosts performance is a pleasant addition. With its AI-powered productivity-enhancing capabilities, Microsoft Copilot has emerged as a game-changer for employees, particularly for organizations using Microsoft

Read More »
WME Cybersecurity Briefings No. 012
Cyber Security

WME Security Briefing 03 June 2024

Moroccan Cybercrime Group Exploits Gift Card Systems for Major Financial Gains Overview: Storm-0539, also called Atlas Lion, is a Moroccan cybercrime group that executes advanced email and SMS phishing attacks. They are committing fraud by utilizing

Read More »
Be assured of everything

Get WME Services

Stay ahead of the competition with our Professional IT offerings.

=