Overview

This post provides a PowerShell script that creates an SCCM package to reset the BIOS administrator password to default settings on Windows 10 systems. This action ensures compliance with security policies by standardizing the BIOS password across systems.

Instructions

  1. Copy the provided PowerShell script to a location on your SCCM server.
  2. Adjust the script variables such as $SCCMServer, $SiteCode, and $PackageSourcePath to fit your environment.
  3. Run the script in PowerShell to create the SCCM package for BIOS admin reinitialization.
  4. Distribute the package to the appropriate distribution points within SCCM.
  5. Monitor the deployment to ensure that the BIOS administrator password is reset on all targeted systems.

What the Script Does

This PowerShell script automates the creation of an SCCM package that resets the BIOS administrator password to default settings. The script installs the necessary module, sets the BIOS passwords, and prepares the package for distribution through SCCM.

PowerShell Script

# Define Variables
$SCCMServer = "\\YourSCCMServer"
$SiteCode = "YourSiteCode"
$ScriptName = "BIOS-Admin-Reinitialize"
$ScriptDescription = "Resets the BIOS administrator password to default settings on Windows 10 systems."
$PackageSourcePath = "C:\Scripts\$ScriptName"

# Load SCCM PowerShell Module
Import-Module "$($Env:SMS_ADMIN_UI_PATH)\..\ConfigurationManager.psd1" -Force

# Connect to the SCCM Site
cd "$SiteCode`:"

# Check if a package with the same name exists and delete it
$ExistingPackages = Get-CMPackage -Name $ScriptName -ErrorAction SilentlyContinue

if ($ExistingPackages) {
    foreach ($Package in $ExistingPackages) {
        Remove-CMPackage -Id $Package.PackageID -Force
    }
}

# Create the Package Source Directory if it does not exist
if (!(Test-Path -Path $PackageSourcePath)) {
    New-Item -ItemType Directory -Path $PackageSourcePath -Force
}

# Create the PowerShell script
$ScriptContent = @'
# Resets the BIOS administrator password to default settings
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
Install-PackageProvider -Name NuGet -RequiredVersion 2.8.5.201 -Force
install-module DellBiosProvider -force -skippublishercheck
Import-Module DellBIOSProvider
Set-Item DellSmbios:\Security\AdminPassword -value "" -Password "Sh3lt@n"
Set-Item DellSmbios:\Security\SystemPassword -value "" -Password "Sh3lt@n"
Set-Item -Path DellSmbios:\Security\HDDPassword -value "" -Password "Sh3lt@n"
Set-Item -Path DellSmbios:\Security\HDDPassword -value "" -Password "H@rv3y?"
Set-Item DellSmbios:\Security\SystemPassword -value "" -Password "H@rv3y?"
'@

$ScriptPath = "$PackageSourcePath\BIOS-Admin-Reinitialize.ps1"
Set-Content -Path $ScriptPath -Value $ScriptContent

# Create the SCCM Package
$Package = New-CMPackage `
    -Name $ScriptName `
    -Description $ScriptDescription `
    -Path $PackageSourcePath

# Create a Program for the Package
$Program = New-CMProgram `
    -PackageName $ScriptName `
    -StandardProgramName $ScriptName `
    -CommandLine "powershell.exe -ExecutionPolicy Bypass -File BIOS-Admin-Reinitialize.ps1" `
    -ProgramRunType "WhetherOrNotUserIsLoggedOn"

# Distribute the Package to the Distribution Point but do not deploy
Start-CMContentDistribution `
    -PackageName $ScriptName `
    -DistributionPointName "YourDistributionPointName"

Explanation

This script ensures that the BIOS administrator password is reset to default settings on all targeted systems, maintaining compliance with organizational security policies. The script also handles the necessary module installations and package creation for SCCM distribution.

Tags:

#BIOS #Security #PowerShell #SCCM