Welcome to our peer-to-peer forums, where owners help owners. Need help now? Visit eSupport here.

English Community

Software and Operating SystemEnterprise Client Management
All Forum Topics
Options

19 Posts

11-26-2020

Poland

15 Signins

85 Page Views

  • Posts: 19
  • Registered: ‎11-26-2020
  • Location: Poland
  • Views: 85
  • Message 1 of 11

Disable network boot in BIOS

2020-11-27, 8:59 AM

Hi,

Another one from the BIOS adventures ;)

There's a request to disable NetworkBoot on managed devices.

Most obvious value for NetworkBoot seems to be NODEV but since there is no official documentation on that I’d appreciate help here..

Does NODEV  mean ‘no device’?

The tricky part is that this value isn’t available on all models being in estate..

I was thinking on configuring dummy setting ATAPICD1, which would not be used since there isn’t built-in CD available on those devices.

 

Would that work?

 

Reply
Answer
Options

1951 Posts

03-03-2016

United States of America

3977 Signins

47692 Page Views

  • Posts: 1951
  • Registered: ‎03-03-2016
  • Location: United States of America
  • Views: 47692

Re:Disable network boot in BIOS

2020-12-03, 17:55 PM

@ W M

First to address the NODEV option.

This option is provided as a place holder for the BootOrder.  The WMI command needs "something" to define if someone wanted to remove all BIOS Boot Options, the method to set this setting will not allow blank/null values.  This option may be used if an administrator wanted to allow the Windows Boot Manager to be the ONLY boot option.

To set the Boot Order on the devices you are asking about, I advise to use the ThinkBIOS Config Tool found here to evaluate and create your list of approved devices to boot from and output to the .ini file.

The list needed for the ThinkPad BootOrder setting is an inclusive list, meaning any devices not listed will be excluded.  The ThinkCentre formatting may be different when defining boot order.

For example on the T490s with the N2JET92W (1.70 ) BIOS installed:

BootOrder,USBHDD:OtherHDD:NVMe0:HDD0

allows only the devices listed to booted from and prevents booting to the following: HDD1, HDD2, HDD3, HDD4, PXEBOOT, ATAPICD0, ATAPICD1, ATAPICD2, USBFDD, USBCD, OtherCD, NVMe1, and LENOVOCLOUD.

Across ThinkPad models and series, I have seen PCILAN, PXEBOOT, HTTPSBOOT, and LENOVOCLOUD included as some of the network boot options.  PCILAN and PXEBOOT will be the same thing just different names.  HTTPSBOOT and LENOVOCLOUD are two different options but they too will network boot.  Since you are trying to exclude all network booting, I wanted to include this info too.

I hope this helps you get going in the right direction for setting your preferred boot order.

TLawson

Reply

Replies(10)
Options

1951 Posts

03-03-2016

United States of America

3977 Signins

47692 Page Views

  • Posts: 1951
  • Registered: ‎03-03-2016
  • Location: United States of America
  • Views: 47692
  • Message 2 of 11

Re:Disable network boot in BIOS

2020-11-27, 16:04 PM

@ W M

What model are you seeing this on?

TLawson

Reply
Options

19 Posts

11-26-2020

Poland

15 Signins

85 Page Views

  • Posts: 19
  • Registered: ‎11-26-2020
  • Location: Poland
  • Views: 85
  • Message 3 of 11

Re:Disable network boot in BIOS

2020-11-27, 18:45 PM

@tlawson  

There are couple of models, among them: T480s, T490s, T580, T590, P1 and X1 Yoga..

What difference does that make regarding my question?

ATAPICD[x] is available on all models, NODEV only on few.

Reply
Options

28 Posts

04-08-2019

Netherlands

45 Signins

535 Page Views

  • Posts: 28
  • Registered: ‎04-08-2019
  • Location: Netherlands
  • Views: 535
  • Message 4 of 11

Re:Disable network boot in BIOS

2020-11-27, 18:53 PM

https://thinkdeploy.blogspot.com/2016/08/the-think-bios-config-tool.html

Reply
Options

19 Posts

11-26-2020

Poland

15 Signins

85 Page Views

  • Posts: 19
  • Registered: ‎11-26-2020
  • Location: Poland
  • Views: 85
  • Message 5 of 11

Re:Disable network boot in BIOS

2020-11-30, 16:17 PM

Thanks for the link, the tool is known but this is another response that doesn't answer my question :)

There are two things:

1. What is the meaning of value NODEV?

2. Will setting ATAPICD1 as value for NetworkBoot work properly?

Reply
Options

1951 Posts

03-03-2016

United States of America

3977 Signins

47692 Page Views

  • Posts: 1951
  • Registered: ‎03-03-2016
  • Location: United States of America
  • Views: 47692
  • Message 6 of 11

Re:Disable network boot in BIOS

2020-11-30, 17:25 PM

@ W M wrote:

What difference does that make regarding my question?

If we know the models, we can review them and test to help you get your answer.  Since you also state

@ W M wrote:

[...] NODEV only on few.

It is nice to be able see that option as a setting, and go off the above requested model list to see how that plays into a potential solution.

 

TLawson

Reply
Options

19 Posts

11-26-2020

Poland

15 Signins

85 Page Views

  • Posts: 19
  • Registered: ‎11-26-2020
  • Location: Poland
  • Views: 85
  • Message 7 of 11

Re:Disable network boot in BIOS

2020-12-02, 9:43 AM

@tlawson  

I am sorry but I am not following you here..

Where's the model dependency applying to explanation on what NODEV option means?

I understand ATAPICD, NVME etc, so can you confirm if that's 'no device'?

 

The models were provided in my earlier response, they are: T480s, T490s, T580, T590, P1 and X1 Yoga (3rd gen).

What additional information would you need?

 

Aim of the exercise is to disable the ability to boot the device via the network (no PXE etc).

Reply
Answer
Options

1951 Posts

03-03-2016

United States of America

3977 Signins

47692 Page Views

  • Posts: 1951
  • Registered: ‎03-03-2016
  • Location: United States of America
  • Views: 47692
  • Message 8 of 11

Re:Disable network boot in BIOS

2020-12-03, 17:55 PM

@ W M

First to address the NODEV option.

This option is provided as a place holder for the BootOrder.  The WMI command needs "something" to define if someone wanted to remove all BIOS Boot Options, the method to set this setting will not allow blank/null values.  This option may be used if an administrator wanted to allow the Windows Boot Manager to be the ONLY boot option.

To set the Boot Order on the devices you are asking about, I advise to use the ThinkBIOS Config Tool found here to evaluate and create your list of approved devices to boot from and output to the .ini file.

The list needed for the ThinkPad BootOrder setting is an inclusive list, meaning any devices not listed will be excluded.  The ThinkCentre formatting may be different when defining boot order.

For example on the T490s with the N2JET92W (1.70 ) BIOS installed:

BootOrder,USBHDD:OtherHDD:NVMe0:HDD0

allows only the devices listed to booted from and prevents booting to the following: HDD1, HDD2, HDD3, HDD4, PXEBOOT, ATAPICD0, ATAPICD1, ATAPICD2, USBFDD, USBCD, OtherCD, NVMe1, and LENOVOCLOUD.

Across ThinkPad models and series, I have seen PCILAN, PXEBOOT, HTTPSBOOT, and LENOVOCLOUD included as some of the network boot options.  PCILAN and PXEBOOT will be the same thing just different names.  HTTPSBOOT and LENOVOCLOUD are two different options but they too will network boot.  Since you are trying to exclude all network booting, I wanted to include this info too.

I hope this helps you get going in the right direction for setting your preferred boot order.

TLawson

0 person found this solution to be helpful.

This helped me too

Reply
Options

19 Posts

11-26-2020

Poland

15 Signins

85 Page Views

  • Posts: 19
  • Registered: ‎11-26-2020
  • Location: Poland
  • Views: 85
  • Message 9 of 11

Re:Disable network boot in BIOS

2020-12-04, 13:35 PM

Thank you @tlawson  

Your explanation confirms that NODEV could be an option here :)

What we have tested meanwhile was setting HDD0 as value for NetworkBoot.

Expected result is there - using F12 ends up with black screen on the device returning to boot menu after a while.

What is interesting is that on T490s there's prompt for password where at the test L560 I'm using,  no prompt appears ;)

 

Having this said, I believe it is OK to close this topic, do you agree?

Reply
Options

1951 Posts

03-03-2016

United States of America

3977 Signins

47692 Page Views

  • Posts: 1951
  • Registered: ‎03-03-2016
  • Location: United States of America
  • Views: 47692
  • Message 10 of 11

Re:Disable network boot in BIOS

2020-12-04, 13:50 PM

@ W M

I was testing NODEV with the BOOTORDER and did not test with the NETWORKBOOT option.  Upon attempting to set that via WMI, I was unable to set that setting.

I believe your usage of the HDD0 would work best.

TLawson

Reply
Forum Home

Community Guidelines

Please review our Guidelines before posting.

Learn More

Check out current deals!

Go Shop
X

Save

X

Delete

X

No, I don’t want to share ideas Yes, I agree to these terms

Most Liked Authors

(Last 7 days)

View All