HP BIOS Password Management

This post was updated on May 25th, 2026 and covers script version 2.3.0. This script is now available in two variants. This post covers the WMI-based variant (Manage-HPBiosPasswords-WMI.ps1), which talks directly to the HP WMI interface and has no module dependencies. There is also a variant built on the HP Client Management Script Library: HP BIOS Password Management (HPCMSL). In my last blog post, (Lenovo BIOS Password Management), I talked about managing Lenovo BIOS passwords with PowerShell. I liked how that process worked, so I decided to create a similar process to handle HP BIOS passwords. Once again, the goal was to have a script that could automatically set, change, or clear BIOS passwords while providing logging and optional user prompts. In this post, I’ll cover the basics of how the script works and some limitations of the script. ...

July 18, 2019 · 12 min

Lenovo BIOS Password Management

This post was updated on June 2nd, 2026 and covers script version 2.3.0. This post discusses how to manage Lenovo BIOS passwords using WMI. My goal was to have a script that could change or clear existing passwords and could display a prompt to the screen when manual intervention was required. In this post, I’ll cover the basics of how the script works. I’ll also talk about some limitations of the script and some areas it could be improved in the future. ...

July 8, 2019 · 16 min

Windows Customizations with PowerShell

This post was updated on June 18th, 2026. This post has been rewritten from the ground up. The original version of this solution was a Configuration Manager task sequence script driven by a Parameters.ini file. It worked, but it was built for a Windows 10 task-sequence world, and a lot of its customizations were applied as policies that locked the setting so the user could no longer change it. The modern version is a complete redesign for Windows 11 and Intune/Autopilot. It is a Win32 app that runs during the Autopilot device Enrollment Status Page and applies a curated set of customizations as defaults that a non-admin user can still change. This post covers the high-level concepts. The full setting list and the deeper implementation details live in the docs in the GitHub repo, so I won’t duplicate all of that here. ...

June 26, 2019 · 5 min

Create and Print a Word Document with PowerShell

I was working with a client that had a requirement where each computer that was deployed needed to be paired with a physical document that had information about the computer. The solution I used to automate this process was to use a PowerShell script to take information from a running task sequence, then write and print a Word document. Here is a high level outline of the process. Information about the computer and deployment is collected by a PowerShell script during the task sequence The same PowerShell script then copies that information to a network share as a CSV file A separate computer or server has a Windows Scheduled Task set to run a second PowerShell script on a schedule The second PowerShell script takes any CSV files in the network location as input. It uses the data from the CSV files to build a Word document and then sends that document to a printer. This is the script that runs during the task sequence to collect information and write it to a CSV file on a network share. This example script is collecting the Serial Number, Asset Tag, and Computer Model. ...

April 25, 2019 · 4 min

Update Compliance Log Analytics Queries

Lately I have been helping many people with moving their update workloads from Configuration Manager and WSUS to Windows Update for Business. The one thing I get the most questions about with the move to Windows Update for Business is how to monitor update compliance. The computers are now pointing to the internet for updates, and as a result, no longer report update compliance information to Configuration Manager or WSUS. The answer to this is the Update Compliance solution in Azure Log Analytics. ...

April 10, 2019 · 5 min

Management Point Root CA Trust Issue (HTTP 403)

I was setting up a Configuration Manager environment in HTTPS mode and I was running into issues with the server selecting a client authentication certificate. I was seeing these messages in the MPControl.log. I was seeing this message in the IIS log. I was getting a 2148204809 error which translates to A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider. That told me something was wrong with the root CA trust. Some searching online brought up a few useful posts on the subject. ...

April 6, 2019 · 1 min

Microsoft LAPS Step by Step - Part 1

Warning This post is kept for historical reference. Microsoft LAPS (the standalone “Local Administrator Password Solution” described here) is no longer supported. For new deployments and ongoing management, use Windows LAPS, which is built into Windows and Windows Server. ...

April 2, 2019 · 7 min

Microsoft LAPS Step by Step - Part 2

Warning This post is kept for historical reference. Microsoft LAPS (the standalone “Local Administrator Password Solution” described here) is no longer supported. For new deployments and ongoing management, use Windows LAPS, which is built into Windows and Windows Server. ...

April 2, 2019 · 7 min

Create Configuration Manager Antimalware Policies with PowerShell

As I spend time working in many different Configuration Manager environments, I find myself regularly needing to create Antimalware Policies. Most of the settings in the antimalware policies can be configured quickly, however the setting that always takes me the most time is the Exclusion Settings. There needs to be different policies with different exclusion settings for different types of devices. Each of these separate policies have 3 different areas for adding file paths, file types, and processes. And for some reason, unknown to me, the dialog window for adding exclusions has a 260 character limit. This means that even if all the exclusion settings are in a list, you can’t just copy the whole list in at once. All this adds up to make this process time consuming and inconsistent. ...

March 24, 2019 · 4 min

Create Windows Firewall Rules for AppData Executables

I was recently deploying an application that required Windows Firewall rules to be created for an executable that ran from each user’s AppData folder. The way I accomplished this was to use a combination of PowerShell scripts and the Windows Task Scheduler. I created two PowerShell scripts for this solution. Create_Scheduled_Task.ps1 and Create_Firewall_Rules.ps1. The Create_Scheduled_Task.ps1 script copies the Create_Firewall_Rules.ps1 script to a subfolder in C:\Users\Public and creates a scheduled task to run that script each time a user logs onto the computer. You will need to set the $appName, $scriptName, and $folderPath variables. ...

March 14, 2019 · 3 min