I have a very unique situation that I don't think very many people have come across and could use some expertise. Through my work we have a program in which you can buy a laptop to use as your main work PC and pay for it from your paycheck. Once it has been paid off you now own that laptop and can no longer use it from work and must purchase a new laptop from the provider. I noticed that at very low levels I was blocked from doing certain things, I was unable to use GPEdit.msc to configure certain items as well I cannot disable any remote management services, block any remote VNC ports/Cisco ports and the list goes on. I re-installed windows dozens of times/linux you name it, got a new hard drive/ram, zero'd this drive and this restrictions remain. I came to the realization that WinPE is pre-installed, the hard drive is secured, firmware is loaded at the BIOS post, Intel ME and other various remote management items are enabled etc. So I did what any sane person would do, I asked my IT to remove it from my now personal laptop. They were very defensive and almost seem angry at me for suggesting it, although never said it was/wasn't them, but also offered no assistance.
I compared the Wim.boot files from my personal laptop, to the newly obtained work laptop and they both have the same hash. The plot started to thicken when I noticed all of my home PC's were now suffering from the same limitations, unable to disable IPV6, ICMP, close ports and un-removable drivers that point to a Citrix Xen hyperviser. My browsing is slow as it is being proxied, my entire machines are being backed up using massive amounts of data and the list goes on. I dismissed it at first thinking I must be crazy, maybe this is how windows is, maybe it's the NSA or Bad Bios. I am fairly confident at this point seeing as how all my PC's have the same identical non descriptive unsigned drivers and the same open ports and the same traffic that this is occurring.(Azure)
I have spent a vast amount of time trying to resolve this, over a year. Since it is unlikely that any corporation would do this I find it very difficult to find answers on how to resolve the issue. I imagine that it is a custom EFI/Memtest/PXE/SMBIOS drivers that is the root cause of all of this. I am sure for someone with expertise in setting this up would find it easy to reverse. I find myself very close in some situations but always at the last point I am restricted from making the changes I desire.
So far I have tried:
-Installing linux and coreboot, cannot enter real mode/do not have access to kernel write
-Using the WMIC/CLI is always restored upon re-installation of windows (forces EMS setup)
-Using an MS-DOS disc to flash the bios (flashes, then flashes back or retains existing settings)
-Use various PE tools, external boot managers/configurators
-Zero my drives (will flash at a black screen with "_" if no internet connected, once connected boots relatively quickly into POST)
-New hard drives, OS from official DVD
I think I get close but my knowledge of the subject allows me to miss the answer in front of my eyes. Is there anyone who has experience with PE and loading firmware drivers at boot? Or maybe flashing intel network cards to network boot? I am unsure of all the ways that this can be accomplished but it seems no matter what I do the settings remain unchanged. Sorry for the long winded story, unsure of what other details may be helpful. Let me know.