SCCM or Landesk automate Lenovo Bios Settings

Published 09-04-2017 00:00:00

Today i wanna share my scripts i use to set the Lenovo Bios automatically from a generated CSV export. There are 4 scripts…

  • Export all settings to a CSV file on the local disk
  • Export all settings to the registry (good for later verification after the osd did run
  • check if a password is set and if its the correct password
  • write the configuration to the actual machine

check-password.ps1

Usage: .\check-password.ps1 -password mypass

<#
0 - No passwords set
1 - Power on password set
2 - Supervisor password set
3 - Power on password and Supervisor password set
4 - User HDD or User HDD and Master password set
5 - Power on password and (User HDD or User HDD and Master password) set
6 - Supervisor password and (User HDD or User HDD and Master password) set
7 - Power on password, Supervisor password, and (User HDD or User HDD and Master password) set
#>

param(
    [Parameter(Mandatory=$true,Position=1)]
    [string]$password
)


$passwordState = (Get-WmiObject -Class Lenovo_BiosPasswordSettings -Namespace root\wmi).PasswordState
# Write-Host "Current Bios Password StatusCode (2 = Password Set): " , $passwordState , "`n"

If ($passwordState -EQ 2) {
    New-ItemProperty -Path HKLM:\Software\MyCompany\ImageW10 -Name CV_Bios_Password_Set -Value "1" -Force -PropertyType "String"
    $passwordStateSave = (Get-WmiObject -class Lenovo_SaveBiosSettings -namespace root\wmi).SaveBiosSettings("$password,ascii,us").return
    # Write-Host "Can we write to the Bios?: " , $passwordStateSave , "`n"
    If ($passwordStateSave -EQ "Success") { 
	New-ItemProperty -Path HKLM:\Software\MyCompany\ImageW10 -Name CV_Bios_correct_Password_Set -Value "1" -Force -PropertyType "String" 
	}
    else { 
	New-ItemProperty -Path HKLM:\Software\MyCompany\ImageW10 -Name CV_Bios_correct_Password_Set -Value "0" -Force -PropertyType "String" 
	}
else { 
New-ItemProperty -Path HKLM:\Software\MyCompany\ImageW10 -Name CV_Bios_Password_Set -Value "0" -Force -PropertyType "String" 
}
}
exit 0

export-settings-to-csv.ps1

Usage: .\export-settings-to-csv.ps1

$Temp = $env:temp
$ComputerName = gc env:computername
$Date = get-date
$Model = (Get-ItemProperty "HKLM:\SOFTWARE\MyCompany\ImageW10").CV_modelName

$foldercreated = "C:\Maintenance\BIOS\"
If(!(test-path $foldercreated))
{
    New-Item -ItemType Directory -Force -Path $foldercreated
}

$BIOS_Col = gwmi win32_bios 
foreach ($objItem in $BIOS_Col) {
      $BIOS_Ver = $objItem.SMBIOSBIOSVersion 
}


$BIOS_WMI = gwmi -class Lenovo_BiosSetting -namespace root\wmi  | select currentsetting | Where {$_.CurrentSetting -ne ""} |
            select @{label = "Name"; expression = {$_.currentsetting.split(",")[0]}}, 
                   @{label = "Active value"; expression = {$_.currentsetting.split(",*;[")[1]}},
                   @{label = "Optional value"; expression = {$_.currentsetting.split(":*]")[1]}} | select -Skip 1 | ConvertTo-Csv -Delimiter "`t"



# $BIOS_WMI | Format-Table -AutoSize select | select -Skip 1
$BIOS_WMI | select -Skip 1 | Out-File -FilePath $($foldercreated + $Model + ".csv") -Encoding unknown -Force

export-settings-to-registry.ps1

Usage: .\export-settings-to-registry.ps1

$Temp = $env:temp
$ComputerName = gc env:computername
$Date = get-date
$Model = (Get-ItemProperty "HKLM:\SOFTWARE\MyCompany\ImageW10").CV_modelName

$BIOS_Col = gwmi win32_bios 
foreach ($objItem in $BIOS_Col) {
      $BIOS_Ver = $objItem.SMBIOSBIOSVersion 
	  
}


$BIOS_WMI = gwmi -class Lenovo_BiosSetting -namespace root\wmi  | select currentsetting | Where {$_.CurrentSetting -ne ""} |
            select @{label = "Name"; expression = {$_.currentsetting.split(",")[0]}}, 
                   @{label = "Active value"; expression = {$_.currentsetting.split(",*;[")[1]}} | select -Skip 1 | ConvertTo-Csv -Delimiter "`t"

				   
#$BIOS_WMI | Format-Table -AutoSize select | select -Skip 1


Foreach ($value in $BIOS_WMI) {
$arr = $value -split "`t" -replace '"', "" -replace ' ', ""
$value1 = $arr[0]
$value2 = $arr[1]

New-ItemProperty -Path HKLM:\Software\SCOR\ImageW10 -Name ("CV_Bios_" + $value1) -Value $value2 -Force -PropertyType "String"
#Write-Host $BIOS_WMI.Name #$BIOS_WMI.'Active value'
}

write-config.ps1

Usage: .\check-password.ps1 -password mypass -config bios-settings\ThinkCentre_M900.csv

param(
    [Parameter(Mandatory=$true)]
    [string]$config,
    [string]$password
)


$scriptPath = split-path -parent $MyInvocation.MyCommand.Definition

####Debug Uncomment
#$password = "MySuperSecurePWforMyCompany"
#$config = "bios-settings\ThinkCentre_M900.csv"


#Set Full Path
$config = $scriptPath + "\" + $config


#CSV Property's
$settings = Import-Csv -Delimiter "`t" -Header Name,'Active Value' $config | Select-Object *,@{Name='Password';Expression={$password}} | Select-Object *,@{Name='Encoding';Expression={'ascii'}} | Select-Object *,@{Name='CountryCode';Expression={'us'}}
                                                         

foreach($setting in $settings | select -Skip 1)
{
    $allvarstogether = $setting.Name + "," + $setting.'Active Value' + "," + $setting.Password + "," + $setting.Encoding + "," + $setting.CountryCode
    #$allvarstogether2 = $setting.Name.replace(' ' , '').replace('#' , '') + "," + $setting.'Active Value' + "," + $setting.Password + "," + $setting.Encoding + "," + $setting.CountryCode
    $Response = (gwmi -class Lenovo_SetBiosSetting -namespace root\wmi).SetBiosSetting("$allvarstogether").return
    #$Response = (gwmi -class Lenovo_SetBiosSetting -namespace root\wmi).SetBiosSetting("$allvarstogether2").return
	$Response = (gwmi -class Lenovo_SaveBiosSettings -namespace root\wmi).SaveBiosSettings("$password,ascii,us").return

    #write-output ($allvarstogether.replace(' ' , ''))
}

Hope this helps anyone that has to do the same job :-)