Batch – Windows – Set Computer to Boot to WinPE

email me

I created this—to work with a custom boot.wim—to automatically boot to WinPE and run a set of commands. Those commands were to erase the contents of the hard drive; to be used to remotely wipe machines.

You will need to modify a boot.wim and add any code for formatting in the startnet.cmd. The boot.wim will be delivered as part of your package, or already exist on a hidden drive partition (best option for speed). Basically, you’re telling the computer to change the boot menu and point to your modified boot.wim, force a reboot, boot to WinPE, and then execute the list of commands in the startnet.cmd.

 

Deployed using desktop management software (tested in LANDesk and SCCM)

deploy.cmd

@echo off
color 0a
title Administrative Boot Loader

setlocal

:: USE THE FOLLOWING SET OF COMMANDS TO CREATE A RAMDISKOPTIONS
:: OBJECT IN THE BCD STORE. THE STRING "{RAMDISKOPTIONS}" IS THE
:: WELL-KNOWN NAME FOR THE OBJECT'S GUID.

:: SET LOCAL STORE
set bcdstore=C:\boot\bcd

:: RAMDISK OPTION
\\%computername%\c$\windows\system32\bcdedit.exe /create {ramdiskoptions} /d "Retire Utility"
\\%computername%\c$\windows\system32\bcdedit.exe /set {ramdiskoptions} ramdisksdidevice partition=c:
\\%computername%\c$\windows\system32\bcdedit.exe /set {ramdiskoptions} ramdisksdipath \boot\boot.sdi

:: CREATE A NEW BOOT ENTRY FOR RETIRE UTILITY
bcdedit.exe -create /d "Retire Utility" /application OSLOADER
for /f "tokens=3" %%A in ('\\%computername%\c$\windows\system32\bcdedit.exe -create /d "Retire Utility" /application OSLOADER') do set guid1=%%A
echo The GUID is %guid1%

:: SET WHERE THE LOCAL RETIRE BOOT.WIM IS LOCATED
\\%computername%\c$\windows\system32\bcdedit.exe /set %guid1% device ramdisk=[C:]\boot\retire\boot.wim,{ramdiskoptions}
\\%computername%\c$\windows\system32\bcdedit.exe /set %guid1% path \windows\system32\boot\winload.exe
\\%computername%\c$\windows\system32\bcdedit.exe /set %guid1% osdevice ramdisk=[C:]\boot\retire\boot.wim,{ramdiskoptions}

:: CREATE A BOOT ENTRY FOR WINDOWS
\\%computername%\c$\windows\system32\bcdedit.exe /set %guid1% systemroot \Windows
\\%computername%\c$\windows\system32\bcdedit.exe /set %guid1% winpe yes
\\%computername%\c$\windows\system32\bcdedit.exe /set %guid1% detecthal yes
\\%computername%\c$\windows\system32\bcdedit.exe /displayorder %guid1% /addlast

:: THIS SETS BOOT TO BE DEFAULT
\\%computername%\c$\windows\system32\bcdedit.exe /default %guid1%

:: SETS TIME TO 1 SECOND
\\%computername%\c$\windows\system32\bcdedit.exe /timeout 1

endlocal

:: EXIT WITH SUCCESS
shutdown /r /f /t 0
exit /b 0

 

Next

Once WinPE loads, startnet.cmd launches. In that file, I diskpart the machine with government standard formatting.

 

Notes

If this is a BitLocked drive, you could blow away the TPM BIOS settings. Erase those settings using the deploy.cmd script. I would add that portion to the beginning of the script. So the very first thing that happens—before the reboot—is the data on the drive becomes permanently inaccessible, online or offline.