# Check if password is set
Get-WmiObject -Namespace root/hp/InstrumentedBIOS -Class HP_BIOSSetting | Where-Object Name -eq "Setup Password").IsSet
# Set password
(Get-WmiObject -Namespace root/hp/InstrumentedBIOS -Class HP_BIOSSettingInterface).SetBIOSSetting("Setup Password","<utf-16/>" + "NewPassword","<utf-16/>")
# Change password
(Get-WmiObject -Namespace root/hp/InstrumentedBIOS -Class HP_BIOSSettingInterface).SetBIOSSetting("Setup Password","<utf-16/>" + "NewPassword","<utf-16/>" + "OldPassword")
# Clear password
(Get-WmiObject -Namespace root/hp/InstrumentedBIOS -Class HP_BIOSSettingInterface).SetBIOSSetting("Setup Password","<utf-16/>","<utf-16/>" + "OldPassword")
Thursday, December 5, 2019
CI to Check HP BIOS settings
# Check-BIOSSetting.ps1
# by Mark Randol - randoltech.blogspot.com
# Checks the setting for the BIOS item in $BIOSItem
# Against the desired state in $DesiredValue
# If good returns the exact text in $DesiredValue
# If bad returns the string from BIOS
# If item is not found retruns $BIOSItem not found in BIOS settings.
# If script properly runs but is indeterminent then returns Error (should never happen)
$BIOSItem = "Boot Mode"
$DesiredValue = "*UEFI Native (Without CSM)"
$OutputString = "Error"
$ItemValue = (Get-WmiObject -Namespace root\HP\InstrumentedBIOS -Class HP_BIOSEnumeration | Where-Object Name -eq $BIOSItem).Value
if ($ItemValue) {
$CheckString = (($DesiredValue.Replace("*","\*")).Replace("(","\(")).Replace(")","\)")
if ($ItemValue -match $CheckString) {
$OutputString = $DesiredValue
}
else {
$OutputString = $ItemValue
}
}
else {
$OutputString = "$BIOSItem not found in BIOS settings."
}
Write-Output $OutputString
----------------------------------
Remediation Script:
(Get-WmiObject -Namespace root\HP\InstrumentedBIOS -Class HP_BIOSSettingInterface).SetBIOSSetting("TPM Device","Available","<utf-16/>" + "YourBIOSPasswordHere")
# by Mark Randol - randoltech.blogspot.com
# Checks the setting for the BIOS item in $BIOSItem
# Against the desired state in $DesiredValue
# If good returns the exact text in $DesiredValue
# If bad returns the string from BIOS
# If item is not found retruns $BIOSItem not found in BIOS settings.
# If script properly runs but is indeterminent then returns Error (should never happen)
$BIOSItem = "Boot Mode"
$DesiredValue = "*UEFI Native (Without CSM)"
$OutputString = "Error"
$ItemValue = (Get-WmiObject -Namespace root\HP\InstrumentedBIOS -Class HP_BIOSEnumeration | Where-Object Name -eq $BIOSItem).Value
if ($ItemValue) {
$CheckString = (($DesiredValue.Replace("*","\*")).Replace("(","\(")).Replace(")","\)")
if ($ItemValue -match $CheckString) {
$OutputString = $DesiredValue
}
else {
$OutputString = $ItemValue
}
}
else {
$OutputString = "$BIOSItem not found in BIOS settings."
}
Write-Output $OutputString
----------------------------------
Remediation Script:
(Get-WmiObject -Namespace root\HP\InstrumentedBIOS -Class HP_BIOSSettingInterface).SetBIOSSetting("TPM Device","Available","<utf-16/>" + "YourBIOSPasswordHere")
Subscribe to:
Posts (Atom)