Can PXE boot of Hyper-V VMs be disabled?

virtualization hyper-v boot windows-server-2012-r2 pxe-boot

17,854

Use Powershell to Remove Network Boot Devices from the Boot Order

You can use PowerShell to strip the Network BootTypes from the VMs boot order.

Extract the Current Boot Order

Using Powershell you can use this command to extract the current boot order:

$old_boot_order = Get-VMFirmware -VMName testvm -ComputerName MyHyperVHost `
                  | Select-Object -ExpandProperty BootOrder

If you inspect $old_boot_order You should see the list of boot devices for testvm. Something like this:

enter image description here

Strip the Network Boot Devices

You can strip the boot devices from the boot list with the Network BootType using this command:

$new_boot_order = $old_boot_order | Where-Object { $_.BootType -ne "Network" }

Inspecting $new_boot_order should look something like this with no more Network boot devices:

enter image description here

Set the New Boot Order

To set the new boot order for the VM use this command:

Set-VMFirmware -VMName testvm -ComputerName MyHyperVHost -BootOrder $new_boot_order

Confirm the New Boot Order

To confirm what you did use that first Get-VMFirmware command again:

Get-VMFirmware -VMName testvm -ComputerName MyHyperVHost `
| Select-Object -ExpandProperty BootOrder

Beware: If you use both PowerShell and Hyper-V manager to make changes to the boot order, PowerShell may report erroneous (out-of-date) boot order. See also this technet thread.

17,854

alx9r

Updated on September 18, 2022

Comments

alx9r over 1 year
Hyper-V virtual machines have the ability to PXE boot. Obviously, PXE boot raises some security concerns. The problem is, unlike a typical physical machine's firmware, there isn't an obvious way to disable PXE boot altogether.

Hyper-V manager shows each of the VM's network adapters in Settings=>Firmware=>Boot Order:

You can move a network adapter to the bottom of the boot order, but you can't remove it altogether from that screen. So if, for some reason, Hyper-V can't boot from any of the other drives, the VM still tries to PXE boot and shows this screen:

I've scoured Settings=>Network Adapter for a way to disable PXE boot to no avail.

So my questions are:
1. How do you disable PXE boot in a Hyper-V VM?
2. If you can't disable PXE boot, is there a good reason why?
I'm using Windows Server 2012 R2
- Admin almost 10 years
  
  Regarding your concerns about PXE > The implementation of PXE in a corporate environment may raise > concerns about security. This document shows why these concerns are > mostly unfounded. www-01.ibm.com/support/docview.wss?uid=swg21247020
nelaaro over 5 years

What do you do if Get-VMFirmware : The Generation 1 virtual machine or snapshot "ubuntu504" does not support the VMFirmware cmdlets
LuxZg over 3 years

@nelaaro I know I'm 2 years late, but I've added an answer for the likes of you and me that still use Gen1
theking2 almost 3 years

I like that, but get an error on a gen1 VM. Invalid Parameter (0x80041008) FullyQualifiedErrorId : InvalidParameter,Microsoft.HyperV.PowerShell.Commands.Se tVMBios
LuxZg almost 3 years

Hm, didn't see anything like that. Which OS version do you use? And which Powershell version? Also, make sure to have Hyper-V management installed. By the looks of it it seems as if your device doesn't recognize command. (I will assume you did not copy paste error, as there is a space mid command)