Bink posted an interesting article last week about a possible security vulnerability in WDS during client deployment. The issue is that some organisations allow ordinary non-admin users to build their own PC’s using the PXE boot and the WDS client. The machine builds but the user has no input as to what is installed and has no admin rights. But, if you press the right key sequence while the Windows PE (WDS) client is running, the user can launch command prompt with complete access on the system so they can do what they want on the system.
There’s a fix at the end of the article to dscribe how you can disable the command prompt for your boot clients in WDS. It looks like they copied this from a Microsoft KB article.
Credit: Bink