# Script to set BIOS password on a plethora of WKS systems.
# Technolog Networks, 2024-09-15
# iRaven
# Import BIOS password credential file.
. "\\berrypunch.technolog.net\PSCredentials$\Credentials-BIOSPasswords.ps1"
# Domain Credentials to be used
. "\\berrypunch.technolog.net\PSCredentials$\Credentials-WKSDeploy.ps1"
# Computer OU in AD
$ADCompOU = ([adsisearcher]"(&(objectClass=computer)(sAMAccountName=$CompName$))").FindOne().GetDirectoryEntry().distinguishedName
Function Get-PCManu { # Gets computer manufacturer from WMI query.
# Check if HP
If (Get-WmiObject -Query "SELECT * FROM Win32_ComputerSystem WHERE Manufacturer LIKE '%Hewlett-Packard%'") {
Write-Host "Vendor detected as HP"
return "HP"
}
elseif (Get-WmiObject -Query "SELECT * FROM Win32_ComputerSystem WHERE Manufacturer LIKE '%Dell%'") {
Write-Host "Vendor detected as Dell"
return "Dell"
}
elseif (Get-WmiObject -Query "SELECT * FROM Win32_ComputerSystem WHERE Manufacturer LIKE '%Lenovo%'") {
Write-Host "Vendor detected as LenOwO"
return "Lenowo"
}
}
Function Set-HPBIOSPW {
#Connect to the HP_BIOSSetting WMI class
$BIOSSettings = Get-WmiObject -Namespace root/hp/InstrumentedBIOS -Class HP_BIOSSetting
$BIOSInterface = Get-WmiObject -Namespace root/hp/InstrumentedBIOS -Class HP_BIOSSettingInterface
#Check the status of the setup password, this returns a 1 or 0
Write-Host "[HP] Getting status of BIOS Setup Password"
$BIOSPasswordSet = ($BIOSSettings | Where-Object Name -eq "Setup Password").IsSet
if ($BIOSPasswordSet -eq 0) { # Check if pw is not set
Write-Host "[HP] Setup Password does not exist. Setting to current password."
# Set the new (current) BIOS password from var
$BIOSInterface.SetBIOSSetting("Setup Password","" + "$WKSBIOSPassword","")
}
elseif ($BIOSPasswordSet -eq 1) { # if password is already set
Write-Host "[HP] Setup Password already exists!"
Write-Host "[HP] Trying old password list then setting to the new one..."
# Try different ones before the current one to set it to current password.
# put for loop here
$arrayindex=0
while ($arrayindex -lt $OldBIOSPasswords.count) {
while (Get-Item -Path DellSmbios:\Security\IsAdminPasswordSet | Select-Object -ExpandProperty CurrentValue) {
Set-Item -Path DellSmbios:\Security\AdminPassword "" -Password $OldBIOSPasswords[$arrayindex]
}
$arrayindex++
}
Write-Host "[HP] Lock was picked open. Setting to the new/current password."
# After this finishes, set the new (current) password.
$BIOSInterface.SetBIOSSetting("Setup Password","" + "$WKSBIOSPassword","" + "OldPassword")
}
}
Function Set-DellBIOSPW {
# Check DellBIOSProvider module status
try {
Import-Module DellBIOSProvider
} catch {
Write-Host "[Dell] DellBIOSProvider module not installed, installing from PSGallery."
Install-Module -Name DellBIOSProvider -Scope AllUsers -Force
Import-Module DellBIOSProvider
}
# Check the status of the setup password, this returns True or False (yay)
Write-Host "[Dell] Getting value of Admin Password status."
$BIOSPasswordSet = (Get-Item -Path DellSmbios:\Security\IsAdminPasswordSet | Select-Object -ExpandProperty CurrentValue)
if (!$BIOSPasswordSet) {
# Set the new (current) BIOS password from var
Set-Item -Path DellSmbios:\Security\AdminPassword $WKSBIOSPassword
Write-Host "[Dell] BIOS Admin Password was set."
}
elseif ($BIOSPasswordSet) {
# Try different old passwords before setting it to the new/current password.
Write-Host "[Dell] BIOS Admin password is already set!"
Write-Host "[Dell] Trying old password list then setting to the new one..."
$arrayindex=0
while ($arrayindex -lt $OldBIOSPasswords.count) {
while (Get-Item -Path DellSmbios:\Security\IsAdminPasswordSet | Select-Object -ExpandProperty CurrentValue) {
Set-Item -Path DellSmbios:\Security\AdminPassword "" -Password $OldBIOSPasswords[$arrayindex]
}
$arrayindex++
}
Write-Host "[Dell] Lock was picked open. Setting to the new/current password."
# After this finishes, set the new (current) password.
Set-Item -Path DellSmbios:\Security\AdminPassword $WKSBIOSPassword
}
}
Function Set-LenovoBIOSPW {
$BIOSPasswordSet = (Get-WmiObject -Namespace root\wmi -Class Lenovo_BiosPasswordSettings).PasswordState
}