UPDATE September 16th, 2020 – The scripts included in these downloads are currently outdated. I plan to update this post soon with the latest script versions.
Now that I have working BIOS management scripts for Dell, HP, and Lenovo, I figured I would put them all together in a few example task sequences. This post will also act as a hub for my BIOS management posts.
Current BIOS Management Posts
Dell BIOS Password Management
Dell BIOS Settings Management
HP BIOS Password Management
HP BIOS Settings Management
Lenovo BIOS Password Management
Lenovo BIOS Settings Management
Example Task Sequences
My original goal with these scripts was to manage BIOS settings and passwords in a task sequence without needing to download any content. However, after using the scripts for awhile, I’ve seen where it can still make sense to have the scripts in a package. So I’ve decided to make two different example task sequences available. Both task sequences run the same steps, the only difference is the amount of content required.
The minimal content task sequence makes use of the option to embed a PowerShell script directly into the Run PowerShell Script step. The only outside content required in this task sequence is the files needed to install the Dell BIOS Provider PowerShell module.
The full content task sequence runs the PowerShell scripts from a package. The scripts also point to CSV files located in the same package.
Each of the example task sequence downloads contains 3 separate task sequences.
- Nested – BIOS – Set Password Variables – This task sequence is used to set variables that will be supplied to the BIOS management scripts.
- Nested – BIOS – Manage Passwords – This task sequence is used to set, change, or clear the BIOS password on devices.
- Nested – BIOS – Manage Settings – This task sequence is used to set BIOS settings on devices.
These task sequences are meant to be run as nested task sequences in a parent deploy task sequence.
Additional Notes
In the Manage Passwords task sequence, I have the steps attempting to set the BIOS password and check it against 6 old passwords. If that many old passwords are not required, simply remove the variables and disable any of the extra steps. For HP and Lenovo, ensure that the SMSTSPasswordRetry switch is not set if the script will not be run again.
At the top of the BIOS settings task sequence, there is a “Collect System Information” step. I put this step here, as some of the settings groups depend on variables set by it. Normally this step would be run near the top of the parent task sequence, so feel free to move it. As long as it runs before the BIOS settings task sequence, it should be fine.
These task sequences are just examples and have not been extensively tested. I’m sure there are changes and optimizations that could be made. If you have suggestions or questions, feel free to send me a message on Twitter @ConfigJon.