98 lines
4.6 KiB
PowerShell
98 lines
4.6 KiB
PowerShell
# Script to set BIOS password on a plethora of WKS systems.
|
|
# Technolog Networks, 2024-09-15
|
|
# iRaven
|
|
|
|
|
|
# Import BIOS password credential file.
|
|
. "\\berrypunch.technolog.net\PSCredentials$\Credentials-BIOSPasswords.ps1"
|
|
# Domain Credentials to be used
|
|
. "\\berrypunch.technolog.net\PSCredentials$\Credentials-WKSDeploy.ps1"
|
|
# Computer OU in AD
|
|
$ADCompOU = ([adsisearcher]"(&(objectClass=computer)(sAMAccountName=$CompName$))").FindOne().GetDirectoryEntry().distinguishedName
|
|
|
|
Function Get-PCManu { # Gets computer manufacturer from WMI query.
|
|
# Check if HP
|
|
If (Get-WmiObject -Query "SELECT * FROM Win32_ComputerSystem WHERE Manufacturer LIKE '%Hewlett-Packard%'") {
|
|
Write-Host "Vendor detected as HP"
|
|
return "HP"
|
|
}
|
|
elseif (Get-WmiObject -Query "SELECT * FROM Win32_ComputerSystem WHERE Manufacturer LIKE '%Dell%'") {
|
|
Write-Host "Vendor detected as Dell"
|
|
return "Dell"
|
|
}
|
|
elseif (Get-WmiObject -Query "SELECT * FROM Win32_ComputerSystem WHERE Manufacturer LIKE '%Lenovo%'") {
|
|
Write-Host "Vendor detected as LenOwO"
|
|
return "Lenowo"
|
|
}
|
|
}
|
|
|
|
Function Set-HPBIOSPW {
|
|
#Connect to the HP_BIOSSetting WMI class
|
|
$BIOSSettings = Get-WmiObject -Namespace root/hp/InstrumentedBIOS -Class HP_BIOSSetting
|
|
$BIOSInterface = Get-WmiObject -Namespace root/hp/InstrumentedBIOS -Class HP_BIOSSettingInterface
|
|
|
|
#Check the status of the setup password, this returns a 1 or 0
|
|
Write-Host "[HP] Getting status of BIOS Setup Password"
|
|
$BIOSPasswordSet = ($BIOSSettings | Where-Object Name -eq "Setup Password").IsSet
|
|
if ($BIOSPasswordSet -eq 0) { # Check if pw is not set
|
|
Write-Host "[HP] Setup Password does not exist. Setting to current password."
|
|
# Set the new (current) BIOS password from var
|
|
$BIOSInterface.SetBIOSSetting("Setup Password","<utf-16/>" + "$WKSBIOSPassword","<utf-16/>")
|
|
}
|
|
elseif ($BIOSPasswordSet -eq 1) { # if password is already set
|
|
Write-Host "[HP] Setup Password already exists!"
|
|
Write-Host "[HP] Trying old password list then setting to the new one..."
|
|
# Try different ones before the current one to set it to current password.
|
|
# put for loop here
|
|
$arrayindex=0
|
|
while ($arrayindex -lt $OldBIOSPasswords.count) {
|
|
while (Get-Item -Path DellSmbios:\Security\IsAdminPasswordSet | Select-Object -ExpandProperty CurrentValue) {
|
|
Set-Item -Path DellSmbios:\Security\AdminPassword "" -Password $OldBIOSPasswords[$arrayindex]
|
|
}
|
|
$arrayindex++
|
|
}
|
|
Write-Host "[HP] Lock was picked open. Setting to the new/current password."
|
|
# After this finishes, set the new (current) password.
|
|
$BIOSInterface.SetBIOSSetting("Setup Password","<utf-16/>" + "$WKSBIOSPassword","<utf-16/>" + "OldPassword")
|
|
}
|
|
|
|
}
|
|
|
|
Function Set-DellBIOSPW {
|
|
# Check DellBIOSProvider module status
|
|
try {
|
|
Import-Module DellBIOSProvider
|
|
} catch {
|
|
Write-Host "[Dell] DellBIOSProvider module not installed, installing from PSGallery."
|
|
Install-Module -Name DellBIOSProvider -Scope AllUsers -Force
|
|
Import-Module DellBIOSProvider
|
|
}
|
|
# Check the status of the setup password, this returns True or False (yay)
|
|
Write-Host "[Dell] Getting value of Admin Password status."
|
|
$BIOSPasswordSet = (Get-Item -Path DellSmbios:\Security\IsAdminPasswordSet | Select-Object -ExpandProperty CurrentValue)
|
|
if (!$BIOSPasswordSet) {
|
|
# Set the new (current) BIOS password from var
|
|
Set-Item -Path DellSmbios:\Security\AdminPassword $WKSBIOSPassword
|
|
Write-Host "[Dell] BIOS Admin Password was set."
|
|
}
|
|
elseif ($BIOSPasswordSet) {
|
|
# Try different old passwords before setting it to the new/current password.
|
|
Write-Host "[Dell] BIOS Admin password is already set!"
|
|
Write-Host "[Dell] Trying old password list then setting to the new one..."
|
|
$arrayindex=0
|
|
while ($arrayindex -lt $OldBIOSPasswords.count) {
|
|
while (Get-Item -Path DellSmbios:\Security\IsAdminPasswordSet | Select-Object -ExpandProperty CurrentValue) {
|
|
Set-Item -Path DellSmbios:\Security\AdminPassword "" -Password $OldBIOSPasswords[$arrayindex]
|
|
}
|
|
$arrayindex++
|
|
}
|
|
Write-Host "[Dell] Lock was picked open. Setting to the new/current password."
|
|
# After this finishes, set the new (current) password.
|
|
Set-Item -Path DellSmbios:\Security\AdminPassword $WKSBIOSPassword
|
|
}
|
|
|
|
}
|
|
|
|
Function Set-LenovoBIOSPW {
|
|
$BIOSPasswordSet = (Get-WmiObject -Namespace root\wmi -Class Lenovo_BiosPasswordSettings).PasswordState
|
|
} |