Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win PE/SMBIOS/Firmware on boot


  • Please log in to reply
1 reply to this topic

#1 Newgonhowzter

Newgonhowzter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:52 AM

Posted 20 July 2015 - 10:45 PM

Hi There,

I have a very unique situation that I don't think very many people have come across and could use some expertise. Through my work we have a program in which you can buy a  laptop to use as your main work PC and pay for it from your paycheck. Once it has been paid off you now own that laptop and can no longer use it from work and must purchase a new laptop from the provider. I noticed that at very low levels I was blocked from doing certain things, I was unable to use GPEdit.msc to configure certain items as well I cannot disable any remote management services, block any remote VNC ports/Cisco ports and the list goes on. I re-installed windows dozens of times/linux you name it, got a new hard drive/ram, zero'd this drive and this restrictions remain. I came to the realization that WinPE is pre-installed, the hard drive is secured, firmware is loaded at the BIOS post, Intel ME and other various remote management items are enabled etc. So I did what any sane person would do, I asked my IT to remove it from my now personal laptop. They were very defensive and almost seem angry at me for suggesting it, although never said it was/wasn't them, but also offered no assistance. 

I compared the Wim.boot files from my personal laptop, to the newly obtained work laptop and they both have the same hash. The plot started to thicken when I noticed all of my home PC's were now suffering from the same limitations, unable to disable IPV6, ICMP, close ports and un-removable drivers that point to a Citrix Xen hyperviser. My browsing is slow as it is being proxied, my entire machines are being backed up using massive amounts of data and the list goes on. I dismissed it at first thinking I must be crazy, maybe this is how windows is, maybe it's the NSA or Bad Bios. I am fairly confident at this point seeing as how all my PC's have the same identical non descriptive unsigned drivers and the same open ports and the same traffic that this is occurring.(Azure)

I have spent a vast amount of time trying to resolve this, over a year. Since it is unlikely that any corporation would do this I find it very difficult to find answers on how to resolve the issue. I imagine that it is a custom EFI/Memtest/PXE/SMBIOS drivers that is the root cause of all of this. I am sure for someone with expertise in setting this up would find it easy to reverse. I find myself very close in some situations but always at the last point I am restricted from making the changes I desire. 

So far I have tried:

-Installing  linux and coreboot, cannot enter real mode/do not have access to kernel write

-Using the WMIC/CLI is always restored upon re-installation of windows (forces EMS setup)

-Using an MS-DOS disc to flash the bios (flashes, then flashes back or retains existing settings)

-Use various PE tools, external boot managers/configurators

-Zero my drives (will flash at a black screen with "_" if no internet connected, once connected boots relatively quickly into POST)

-New hard drives, OS from official DVD


I think I get close but my knowledge of the subject allows me to miss the answer in front of my eyes. Is there anyone who has experience with PE and loading firmware drivers at boot? Or maybe flashing intel network cards to network boot? I am unsure of all the ways that this can be accomplished but it seems no matter what I do the settings remain unchanged. Sorry for the long winded story, unsure of what other details may be helpful. Let me know.

Thanks.

 

 



BC AdBot (Login to Remove)

 


m

#2 Chris Cosgrove

Chris Cosgrove

  • Moderator
  • 5,978 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:02:52 PM

Posted 23 July 2015 - 06:40 PM

This is a novel slant on 'BYOD' - make the worker bees buy the devices they must use at work !

 

Given your description of what you have done it seems to me the most likely home of your problems is in the BIOS and since these are ICs soldered to the mobo you can't just change them.

 

However you raise the possibility that expertise in flashing network cards might be an answer. If you believe this is a likely possibility send me a PM - click on the flag then on 'Send me a message' in the top right hand corner of my profile page - and I will  move this topic to the 'Networking' section.

 

Chris Cosgrove






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users