[Vol-users] Re: OT: Using netsh to set ip address of an interface on winfe/winpe 4.0.

George M. Garner Jr. ggarner_online at gmgsystemsinc.com
Thu Jun 20 12:21:50 CDT 2013


To follow up on this question, it looks like the dhcp, ikeext, lmhosts 
and netbt services all need to be running to enumerate and set a static 
IP address on an interface. Without those services the nics don't even 
get enumerated.  Rather ironic that you need the dhcp service in order 
to avoid using the dhcp service.

However, you can initialize WinPE and set the static IP address before 
plugging the network adapter in.  Then once the static IP has been set 
these services can all be turned off (using net stop).  The DHCP service 
continues to broadcast IPv6 solicitations unless you also set a v6 
static IP on the adapter.

There is also a registry key to turn off LLMR broadcasts (also a noisy 
feature):

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient
\EnableMulticast

IPv6 can be disabled using the 
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\ServicesTCPIP6\Parameters\DisabledComponents 
same as for regular Windows.  IPv6 emits a lot of traffic, particularly 
if you don't have an IPv6 infrastructure.

Firewall connection and dropped packet logging also can be enabled 
though getting it to work right is an involved process.

Thanks to the connection logging I was able to see the winpe IKEEXT 
service try to start a conversation with a potentially infected host (on 
my test network), which might be fatal in real life.

Hope this helps someone.

Regards,

George.


More information about the Vol-users mailing list