How to implement DBAN in a WDS server

Objective:
The purpose of this document is to provide a guide to boot a DBAN image from the WDS server, in order
to erase the HDD in a safer way.

Advantages of having DBAN in the WDS menu:

Normally the DBAN is installed onto a pen drive and local team boots from it in each workstation they
want to erase securely. If there is a need to perform this task in bulk, it will be time consuming, by
booting DBAN from the WDS just a network connection to the deploy VLAN is needed, after the machine
boots the process run automatically without any user intervention.

Pre-requisites:

Administrator access to a WDS server.

Windows server 2012 R2 with MDT 2013 installed. (Not tested but should work on other OS
versions).

Download the DBAN ISO from website.

Download syslinux-6.03 from here.

What are we doing? (Technical details):

WDS relies on PXE (Pre-execution environment) to display a menu which let you select over a different
set of .wim files to deploy the desired image. There is no way to modify the PXE from Windows and its
only managed by GUI, this means that if we want to deploy an OS which is not compressed in a .wim file
we simply cant. What we will do is adding some files in some path of the WDS server to boot a Linux
kernel (Syslinux), later on we will modify a configuration file which basically contains a menu to select
what do we want to do (i.e. Boot locally, run DBAN kernel, run WDS and deploy images normally, etc.),

finally we will force the WDS server to use the Syslinux (which is also a PXE) so when the workstations
boot from network they will use this environment instead of the Windows one.

Procedure:
1) Logon to the WDS server and open this share: \\WDS\REMIST:

2) Open the following folders Boot\x86 and Boot\x64:

3) Make a copy of the following files (pxeboot.n12 and abortpxe.com) and paste it in the same
folder, after that rename that files so they look like this: (pxeboot.n12 pxeboot.0;
abortpxe.com abortpxe.0)

4) After that extract the Syslinux .zip file locally and copy the following files to the WDS server
(Copying in the desktop is fine, then we can copy to the \\WDS\REMINST folder):
libutil.c32
libcom32.c32
ldlinux.c32
chain.c32
pxelinux.0
vesamenu.c32
a. If you look for these files in syslinux folder you may find 3 copies of them, be sure to
select the one corresponding to BIOS and not to UEFI. Just in case I made a bundle for
you: Bundle

5) After copying these files to each of the \\WDS\REMINST folders (\boot\x86 and \boot\x64)
rename pxelinux.0 to pxelinux.com, your folder should look like this (I sorted the folder by
creation date to see what has been actually changed):

6) Create 2 new folders in each of the \\WDS\REMINST folders, the names shall be Linux and
pxelinux.cfg

7) In pxelinux.cfg folder we will put our menu and the graphics configuration file, so now create 2
blank text files and name them like this: default and graphics.conf. Note that default file
hasnt got any kind of extension!!!

8) Open the default file with notepad and paste this:

DEFAULT vesamenu.c32
PROMPT
0
MENU TITLE PXE Boot Menu (x64)
MENU INCLUDE pxelinux.cfg/graphics.conf
MENU AUTOBOOT Starting Local System in 8 seconds
# Option 1 - Exit PXE Linux & boot normally
LABEL bootlocal
menu label ^Boot Normally
localboot 0
timeout 80
TOTALTIMEOUT 9000
# Option 2 - Run WDS
LABEL wds
MENU LABEL ^Windows Deployment Services
menu default
KERNEL pxeboot.0
# Option 3 - Run DBAN
LABEL DBAN

MENU LABEL ^DBAN-Autonuke

KERNEL /Linux/dban/dban.bzi
APPEND nuke="dwipe --autonuke"
# Option 4 - Exit PXE Linux
LABEL Abort
MENU LABEL E^xit
KERNEL abortpxe.0
Basically were giving 4 options, 1) To deploy from the local HDD, 2) To run WDS, this should
lead you to the Windows WDS menu where you select the image you want to deploy, 3) Run
DBAN, 4) Exit this menu. Feel free to modify the menu as you wish, this will set you the
option to run the WDS menu by default after 8 seconds.
9) Now open the graphics.conf file and paste this:
MENU MARGIN 10
MENU ROWS 16
MENU TABMSGROW 21
MENU TIMEOUTROW 26
MENU COLOR BORDER 30;44 #00000000 #00000000 none
MENU COLOR SCROLLBAR 30;44 #00000000 #00000000 none
MENU COLOR TITLE 0 #00269B #00000000 none
MENU COLOR SEL 30;47 #40000000 #20ffffff
MENU BACKGROUND background.jpg
NOESCAPE 0
ALLOWOPTIONS 0
10) Create a folder within the brand new Linux folder and name it dban, then extract the content of
the DBAN .iso there, it should look like this:

11) Open a command prompt as admin and run the following commands:
wdsutil /set-server /bootprogram:boot\x86\pxelinux.com /architecture:x86
wdsutil /set-server /N12bootprogram:boot\x86\pxelinux.com /architecture:x86
wdsutil /set-server /bootprogram:boot\x64\pxelinux.com /architecture:x64
wdsutil /set-server /N12bootprogram:boot\x64\pxelinux.com /architecture:x64
12) Finally connect a computer to the deploy VLAN, boot from the NIC and youll see a menu to
choose what do you want to do.

References:
https://thommck.wordpress.com/2011/09/09/deep-dive-combining-windows-deployment-servicespxelinux-for-the-ultimate-network-boot/
http://www.servercobra.com/pxe-boot-dban/