Following on from my last post here’s another method you can implement to protect specific clients in your environment.
There is a documented but seemingly little known setting in the registry of the PXE Service Point Role in Configuration Manager. MACIgnoreListFile allows you to have a list of MAC addresses which will be explicitly rejected if they try and boot via PXE.
The setting is documented here: http://technet.microsoft.com/en-us/library/cc431378.aspx but I thought i would share this simple trick with you to further protect vital computers from accidental rebuilds.
For 32 bit servers create a string value called MACIgnoreListFile at
For 64 bit servers, the value needs to be created under the WOW6432Node at
A small difference but a crucial one if you want the setting to take affect.
Create the value pointing to a text file that lists all the MACs you wish to protect. Looking something like this
Now, restart the WDS service so that the MAC file is read in correctly. You will see this in the SMSPXE.log on the PXE Service Point.
It seems that you will need to restart the WDS service every time you make a change to the exclusion list.
You will be able to see in the SMSPXE.log any attempts from these excluded PCs at PXE booting
The client itself will continue to retry, hence multiple entries in the log file above, before timing out and booting to the next available device.
This post was contributed by Rob York, a Premier Field Engineer with Microsoft Premier Field Engineering, UK.