Initial Commit

2025-04-09 23:17:45 -05:00
parent 1941a2f386
commit f201c3a8aa
31 changed files with 1402 additions and 0 deletions
--- a/Set-PCBIOSPassword.ps1
+++ b/Set-PCBIOSPassword.ps1
@@ -0,0 +1,98 @@
+# Script to set BIOS password on a plethora of WKS systems.
+# Technolog Networks, 2024-09-15
+# iRaven
+
+
+# Import BIOS password credential file.
+. "\\berrypunch.technolog.net\PSCredentials$\Credentials-BIOSPasswords.ps1"
+# Domain Credentials to be used
+. "\\berrypunch.technolog.net\PSCredentials$\Credentials-WKSDeploy.ps1"
+# Computer OU in AD
+$ADCompOU = ([adsisearcher]"(&(objectClass=computer)(sAMAccountName=$CompName$))").FindOne().GetDirectoryEntry().distinguishedName
+
+Function Get-PCManu { # Gets computer manufacturer from WMI query.
+    # Check if HP
+    If (Get-WmiObject -Query "SELECT * FROM Win32_ComputerSystem WHERE Manufacturer LIKE '%Hewlett-Packard%'") {
+        Write-Host "Vendor detected as HP"
+        return "HP"
+    }
+    elseif (Get-WmiObject -Query "SELECT * FROM Win32_ComputerSystem WHERE Manufacturer LIKE '%Dell%'") {
+        Write-Host "Vendor detected as Dell"
+        return "Dell"
+    }
+    elseif (Get-WmiObject -Query "SELECT * FROM Win32_ComputerSystem WHERE Manufacturer LIKE '%Lenovo%'") {
+        Write-Host "Vendor detected as LenOwO"
+        return "Lenowo"
+    }
+}
+
+Function Set-HPBIOSPW {
+    #Connect to the HP_BIOSSetting WMI class
+    $BIOSSettings = Get-WmiObject -Namespace root/hp/InstrumentedBIOS -Class HP_BIOSSetting
+    $BIOSInterface = Get-WmiObject -Namespace root/hp/InstrumentedBIOS -Class HP_BIOSSettingInterface
+    
+    #Check the status of the setup password, this returns a 1 or 0
+    Write-Host "[HP] Getting status of BIOS Setup Password"
+    $BIOSPasswordSet = ($BIOSSettings | Where-Object Name -eq "Setup Password").IsSet
+    if ($BIOSPasswordSet -eq 0) { # Check if pw is not set
+        Write-Host "[HP] Setup Password does not exist. Setting to current password."
+        # Set the new (current) BIOS password from var
+        $BIOSInterface.SetBIOSSetting("Setup Password","<utf-16/>" + "$WKSBIOSPassword","<utf-16/>")
+    }
+    elseif ($BIOSPasswordSet -eq 1) { # if password is already set
+        Write-Host "[HP] Setup Password already exists!"
+        Write-Host "[HP] Trying old password list then setting to the new one..."
+        # Try different ones before the current one to set it to current password.
+        # put for loop here
+        $arrayindex=0
+        while ($arrayindex -lt $OldBIOSPasswords.count) {
+            while (Get-Item -Path DellSmbios:\Security\IsAdminPasswordSet | Select-Object -ExpandProperty CurrentValue) {
+                Set-Item -Path DellSmbios:\Security\AdminPassword "" -Password $OldBIOSPasswords[$arrayindex]
+            }
+        $arrayindex++
+        }
+        Write-Host "[HP] Lock was picked open. Setting to the new/current password."
+        # After this finishes, set the new (current) password.
+        $BIOSInterface.SetBIOSSetting("Setup Password","<utf-16/>" + "$WKSBIOSPassword","<utf-16/>" + "OldPassword")    
+    }
+
+}
+
+Function Set-DellBIOSPW {
+    # Check DellBIOSProvider module status
+    try {
+        Import-Module DellBIOSProvider
+    } catch {
+        Write-Host "[Dell] DellBIOSProvider module not installed, installing from PSGallery."
+        Install-Module -Name DellBIOSProvider -Scope AllUsers -Force
+        Import-Module DellBIOSProvider
+    }
+    # Check the status of the setup password, this returns True or False (yay)
+    Write-Host "[Dell] Getting value of Admin Password status."
+    $BIOSPasswordSet = (Get-Item -Path DellSmbios:\Security\IsAdminPasswordSet | Select-Object -ExpandProperty CurrentValue)
+    if (!$BIOSPasswordSet) {
+        # Set the new (current) BIOS password from var
+        Set-Item -Path DellSmbios:\Security\AdminPassword $WKSBIOSPassword
+        Write-Host "[Dell] BIOS Admin Password was set."
+    }
+    elseif ($BIOSPasswordSet) {
+        # Try different old passwords before setting it to the new/current password.
+        Write-Host "[Dell] BIOS Admin password is already set!"
+        Write-Host "[Dell] Trying old password list then setting to the new one..."
+        $arrayindex=0
+        while ($arrayindex -lt $OldBIOSPasswords.count) {
+            while (Get-Item -Path DellSmbios:\Security\IsAdminPasswordSet | Select-Object -ExpandProperty CurrentValue) {
+                Set-Item -Path DellSmbios:\Security\AdminPassword "" -Password $OldBIOSPasswords[$arrayindex]
+            }
+        $arrayindex++
+        }
+        Write-Host "[Dell] Lock was picked open. Setting to the new/current password."
+        # After this finishes, set the new (current) password.
+        Set-Item -Path DellSmbios:\Security\AdminPassword $WKSBIOSPassword  
+    }
+
+}
+
+Function Set-LenovoBIOSPW {
+    $BIOSPasswordSet = (Get-WmiObject -Namespace root\wmi -Class Lenovo_BiosPasswordSettings).PasswordState
+}