man walking under cave during daytime

Creating an SCCM Package for BIOS Admin Unlock

Overview

This post provides a that creates an SCCM package to remove the administrative password from the BIOS, enabling authorized configuration changes. This script is particularly useful for scenarios where the BIOS needs to be accessed for maintenance or updates.

Instructions

  1. Copy the provided to a location on your SCCM server.
  2. Adjust the script variables such as $SCCMServer, $SiteCode, and $PackageSourcePath to fit your environment.
  3. Run the script in PowerShell to create the SCCM package for BIOS admin unlock.
  4. Distribute the package to the appropriate distribution points within SCCM.
  5. Monitor the deployment to ensure that the BIOS administrative password is removed on all targeted systems.

What the Script Does

This PowerShell script automates the creation of an SCCM package that removes the BIOS administrative password, providing access for authorized users to make configuration changes. The script includes a function to handle the password removal process securely.

PowerShell Script

# Define Variables
$SCCMServer = "\\YourSCCMServer"
$SiteCode = "YourSiteCode"
$ScriptName = "BIOS-Admin-Unlock"
$ScriptDescription = "Removes the administrative password from the BIOS, providing access for authorized configuration changes."
$PackageSourcePath = "C:\Scripts\$ScriptName"
# Load SCCM PowerShell Module
Import-Module "$($Env:SMS_ADMIN_UI_PATH)\..\ConfigurationManager.psd1" -Force
# Connect to the SCCM Site
cd "$SiteCode`:"
# Check if a package with the same name exists and delete it
$ExistingPackages = Get-CMPackage -Name $ScriptName -ErrorAction SilentlyContinue
if ($ExistingPackages) {
    foreach ($Package in $ExistingPackages) {
        Remove-CMPackage -Id $Package.PackageID -Force
    }
}
# Create the Package Source Directory if it does not exist
if (!(Test-Path -Path $PackageSourcePath)) {
    New-Item -ItemType Directory -Path $PackageSourcePath -Force
}
# Create the PowerShell script
$ScriptContent = @'
# Removes the administrative password from the BIOS
Import-Module DellBiosProvider
Function Clear-DellAdminPassword {
    BEGIN {}
    PROCESS {
        Set-Item DellSmbios:\Security\AdminPassword -value "" -password "Sh3lt@n" -ErrorVariable ev
        if ($ev){
            Write-Warning "$ev Error occurred in $($ev.InvocationInfo.ScriptName)"
        }
    }
    END {}
}
'@
$ScriptPath = "$PackageSourcePath\BIOS-Admin-Unlock.ps1"
Set-Content -Path $ScriptPath -Value $ScriptContent
# Create the SCCM Package
$Package = New-CMPackage `
    -Name $ScriptName `
    -Description $ScriptDescription `
    -Path $PackageSourcePath
# Create a Program for the Package
$Program = New-CMProgram `
    -PackageName $ScriptName `
    -StandardProgramName $ScriptName `
    -CommandLine "powershell.exe -ExecutionPolicy Bypass -File BIOS-Admin-Unlock.ps1" `
    -ProgramRunType "WhetherOrNotUserIsLoggedOn"
# Distribute the Package to the Distribution Point but do not deploy
Start-CMContentDistribution `
    -PackageName $ScriptName `
    -DistributionPointName "YourDistributionPointName"

Explanation

This script removes the administrative password from the BIOS, enabling authorized users to make necessary configuration changes. It is packaged and distributed via SCCM, ensuring consistent application across all targeted systems.

Tags:

#BIOS #AdminUnlock #PowerShell #SCCM

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

WordPress Cookie Plugin by Real Cookie Banner