No iPXE SecureBoot is certainly hurting us right now.

All of our machines have SecureBoot enabled.  Unfortunately, you can only disable that from the BIOS console of the system itself.  PXE UEFI SecureBoot doesn't exist.  Our campus is closed.  Has anyone devised a workaround?

2 Comments   [ + ] Show comments
  • If these are Dell machines you can use the Dell Command Configure Took Kit (CCTK.exe) to configure Bios settings through Windows. I just started to use this to configure WOL settings for some computers, but there are settings to enable or disable secure boot.

    I did run into some difficulty with some older computers whose bios did not seem to be compatible with the newest version of the Command Configure utility, but if the computer shipped with Windows 8 or above they seemed to be compatible.

    Also, you can check if Secure Boot is enabled with the powershell commamd:


    This will return True or False. - JordanNolan 1 year ago
  • Latest version of CCTK.exe only has options to enable SecureBoot. From the website, "NOTE: You cannot disable secure boot using the Dell Command | Configure user interface. One of the methods of disabling secureboot is from the BIOS setup screen." - RD94 1 year ago
    • That message has been in CCTK since version 3.0 or 4.0. That's telling you, you can only do it from Shell or PowerShell Scripts.

      That means, not via clicks, but via CLI works fine. - Channeler 1 year ago
      • Everytime I try it from the shell, --secureboot=disable, or secureboot=disabled, I get a...

        "Invalid Argument for the provided option 'SecureBoot' SecureBoot: If enabled, BIOS should only perform Secure Boot authentication and boot in UEFI mode without loading Compatibility Support Module (CSM). BIOS refers to this setting to decide on the POST behavior. You can disable this feature from BIOS setup screen. Arguments: Enabled."

        If I'm doing something wrong, please enlighten me. - RD94 1 year ago

Answers (1)

Posted by: Channeler 1 year ago
Red Belt

You install the Software (either Windows or if it's a KBE, you install it into the KBE (WinPE) (Read the KACE Admin guide).

Then you use a shell command to query info.

For example, this is a DELL Precision M3800 with Secure Boot Disabled:

I would recommend testing READ\Query commands first like these ^^, to make sure it works!
Sometimes, new models are not compatible with CCTK...  Make sure you are an admin.

Once I confirmed I can pull values from the BIOS, I used a Write Sentence:



Hopefully this is clear enough, in regards the Graphic Console, no idea.... I only learned the CLI, it's possible the UI has less options.

  • Well, this is good information to help someone ENABLE SecureBoot with the CLI. But, as in my OP, the goal I'm seeking is to DISABLE SecureBoot programatically, either by CLI or script. - RD94 1 year ago

Don't be a Stranger!

Sign up today to participate, stay informed, earn points and establish a reputation for yourself!

Sign up! or login


This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ