Can PXE boot of Hyper-V VMs be disabled?

boot virtualization hyper-v windows-server-2012-r2 pxe-boot

Hyper-V virtual machines have the ability to PXE boot. Obviously, PXE boot raises some security concerns. The problem is, unlike a typical physical machine's firmware, there isn't an obvious way to disable PXE boot altogether.

Hyper-V manager shows each of the VM's network adapters in Settings=>Firmware=>Boot Order:

enter image description here

You can move a network adapter to the bottom of the boot order, but you can't remove it altogether from that screen. So if, for some reason, Hyper-V can't boot from any of the other drives, the VM still tries to PXE boot and shows this screen:

enter image description here

I've scoured Settings=>Network Adapter for a way to disable PXE boot to no avail.

So my questions are:

  1. How do you disable PXE boot in a Hyper-V VM?
  2. If you can't disable PXE boot, is there a good reason why?

I'm using Windows Server 2012 R2


Solution 1:

Use Powershell to Remove Network Boot Devices from the Boot Order

You can use PowerShell to strip the Network BootTypes from the VMs boot order.

Extract the Current Boot Order

Using Powershell you can use this command to extract the current boot order:

$old_boot_order = Get-VMFirmware -VMName testvm -ComputerName MyHyperVHost `
                  | Select-Object -ExpandProperty BootOrder

If you inspect $old_boot_order You should see the list of boot devices for testvm. Something like this:

enter image description here

Strip the Network Boot Devices

You can strip the boot devices from the boot list with the Network BootType using this command:

$new_boot_order = $old_boot_order | Where-Object { $_.BootType -ne "Network" }

Inspecting $new_boot_order should look something like this with no more Network boot devices:

enter image description here

Set the New Boot Order

To set the new boot order for the VM use this command:

Set-VMFirmware -VMName testvm -ComputerName MyHyperVHost -BootOrder $new_boot_order

Confirm the New Boot Order

To confirm what you did use that first Get-VMFirmware command again:

Get-VMFirmware -VMName testvm -ComputerName MyHyperVHost `
| Select-Object -ExpandProperty BootOrder

Beware: If you use both PowerShell and Hyper-V manager to make changes to the boot order, PowerShell may report erroneous (out-of-date) boot order. See also this technet thread.

Related

How can I change Qemu KVM machine architecture from 440fx to q35 with virsh edit or virt-manager
Why do some host volumes in Docker containers give the error "too many levels of symbolic links"?
Unable to open WireShark in CentOS 6.5
The impact of Apache graceful restarts and user experience
Forwarding Ports on Centos 7
OpenVPN don't start: --cert fails with 'client.crt': No such file or directory
su: /bin/bash: Resource temporarily unavailable
Map IP to another IP
Installed new version of php but Apache still using the old version
htop res & virt colors
Tomcat Parallel Deployment, automatically undeploy old applications
How to specify different hosts for different playbooks in one ansible script