Reading and Writing to Dell BIOS with PowerShell

22 Feb

Just a quick PowerShell script to set the BIOS admin password for Dell machines.

For deeper configuration, you can then use Dell Command Configure Wizard, which I will cover later, but as an initial setting I this script does the job.

In an attempt to emulate LAPS, each machine has its own unique BIOS password which is a shortened version of the hash of the serial number. Not ideal, but it stops them all being exactly the same, but wouldn’t take a genius to work it out (so my code below is NOT what I’m actively using, just in case!)

$delldetails = gwmi win32_bios
$dellserial = $delldetails.SerialNumber

function get-hash([string]$textToHash) {
    $hasher = new-object System.Security.Cryptography.MD5CryptoServiceProvider
    $toHash = [System.Text.Encoding]::UTF8.GetBytes($textToHash)
    $hashByteArray = $hasher.ComputeHash($toHash)
    foreach($byte in $hashByteArray)
    {
      $result += "{0:X2}" -f $byte
    }
    #write-host $result.SubString(0,6).ToLower();
    #write-host $result
    return $result;
 }

$newpass = get-hash $dellserial

if(Get-WmiObject -Class:Win32_ComputerSystem -Filter:"Manufacturer LIKE 'Dell%'"){

    #Check module is installed
    if (Get-Module -ListAvailable -Name DellBIOSProvider) {
        #Module exists
    } else {
        #Module does not exist
        Install-Module -Name DellBIOSProvider -Force
    }

    #Read-DellBIOSPassword
    $passset = Get-Item -Path DellSmbios:\Security\IsAdminPasswordSet

    #Set password if required
    if($passset.CurrentValue){
        #Password set, maybe do some further checking here...
    }
    else{
        Set-Item -Path DellSmbios:\Security\AdminPassword "$newpass"
    }

}

References: