none
Script to find all computers with password BIOS enabled

    Question

  • Hi Everybody,

    I'm a beginner with scripting and I'm trying to create a script that gives me the following information from all my computers in our network.

    I'd like to search all computers that have the BIOS password set up in the system. I know there's a script that search other configurations but I didn't find anywhere that find out the password enabled.

    We need to know it just to keep our computers in safe without installing any third application here. All our computers has Windows XP installed.

    Cheers,


    MCP - MCDST

    Friday, June 29, 2012 11:36 AM

Answers

  • Hey Veiga

    I think you should download "HP Client Management Interface" - they have a reference guide for what you can do. :)

    http://h20331.www2.hp.com/hpsub/cache/284014-0-0-225-121.html
    ftp://ftp.hp.com/pub/softpaq/sp29501-30000/sp29792.exe

    THey have some examples you can look at, it's kinda neat, but not without problems, i haven't studied if it is possible to look at bios password set/not set.

    It works like Kristof says :)

    Kind Regards
    Morten Leth

    Tuesday, July 03, 2012 11:21 AM

All replies

  • Check BIOSCharacteristics (bits 40-63) here:http://msdn.microsoft.com/en-us/library/windows/desktop/aa394077(v=vs.85).aspx then call the vendor.

    Some vendors have utilities to read the BIOs data.  It is not part of Windows.


    ¯\_(ツ)_/¯

    Friday, June 29, 2012 12:12 PM
  • I've talked to HP team and the guys told me there's no application or software that makes it.


    MCP - MCDST

    Friday, June 29, 2012 1:42 PM
  • I've talked to HP team and the guys told me there's no application or software that makes it.


    MCP - MCDST

    On HP Homepage I can see that a password has been set.  It is available there but not in WMI or anywhere else.  You cannot se or set the password from teh system.  It can only be done physically at the console.  With ILO on HP and on Dell we can actually access the BIOs and teh password.  You must have ILO installed to do it.


    ¯\_(ツ)_/¯

    Friday, June 29, 2012 2:05 PM
  • Please,

    Could send me the link because I can't find it on HP Homepage

    Cheers


    MCP - MCDST

    Friday, June 29, 2012 2:56 PM
  • Please,

    Could send me the link because I can't find it on HP Homepage

    Cheers


    MCP - MCDST

    HP HomePage is part of HP Management insalled on all high end HP servers.  Consumer systems do not have this.    It is hatefully referred to as HPMHP.  I say that because it is a dog of an apache server applocation that really needs to be upgraded but tose littel hardware guys at HP love apache because they can run it on Windows and Unix.


    ¯\_(ツ)_/¯

    Friday, June 29, 2012 3:13 PM
  • I know this doesn't really help you, because you need a solution for HP. But I know that it IS actually possible for Dell Systems, when you have the Dell "OpenManage Client Instrumentation" software installed. It creates a WMI namespace containing all sorts of neat settings and data. Such as: 

    select * from CIM_BIOSPassword

    There's an attribute called "isSet" (True/False). Which probably means what we think it means. If it's the case, you could easily read the value to detect if a password has been set or not.


    I don't know if HP has a similar software package.

    Tuesday, July 03, 2012 9:26 AM
  • Hey Veiga

    I think you should download "HP Client Management Interface" - they have a reference guide for what you can do. :)

    http://h20331.www2.hp.com/hpsub/cache/284014-0-0-225-121.html
    ftp://ftp.hp.com/pub/softpaq/sp29501-30000/sp29792.exe

    THey have some examples you can look at, it's kinda neat, but not without problems, i haven't studied if it is possible to look at bios password set/not set.

    It works like Kristof says :)

    Kind Regards
    Morten Leth

    Tuesday, July 03, 2012 11:21 AM
  • Both HP and Dell have not implelmented teh CIM_BIOSPassword class.  This is a formal calss that has only recently been defined.

    I checled numerous new HP servers with teh management clist installed and none have this class.  I did the same with newer Dell servers and they, also, do not implement this class.

    The HP Bios instumentaion is the same kit that comes with some HP client sysems like newer laptops and workstaions.  No consumer level machines support this package and no servers support the BIOS password class which is called HP_BIOSPassword.

    I suspect the same is true of Dell and IBM.  Most vendors use ILO for BIOs access on servers for security and also to force customers to spend the money on ILO.

    It certainly would be nice to have report of BIOS security but that is no goifg to be possible.


    ¯\_(ツ)_/¯


    • Edited by jrv Tuesday, July 03, 2012 12:51 PM
    Tuesday, July 03, 2012 12:21 PM
  • You'll need to install version 8 of OMCI for your dell servers.

    V7 works in the root\dellomci namespace, v8 works with root\dcim\sysman, where you'll find the cim_biospassword class. I've checked 2 systems, both of them have the values I'm talking about (implemented / filled in).

    Unless we're not talking about the same thing :-)
    Tuesday, July 03, 2012 12:38 PM
  • A little more info:

    It seems that with Dell yo can use a password to change BIOS settings via WMI.  Tuisi uses a separate method which is only available on the very newest Dell workstations.  This sis not teh same password as the one used to lock the bIOS on most systems but a newer spec that allows WMI managenment of teh BIOS>  I manage a bunch of Dell systems and even sysetms built less than a year ago do not have thiss BIOS/chipset version.

    Both Dell and HP are slowly manuevering to full BIOs managebility via WMI. I thoink we are waiting for teh OPen Group to complete the newest management spec which is due later this year.


    ¯\_(ツ)_/¯

    Tuesday, July 03, 2012 1:26 PM
  • As there has been no activity in this thread for a few days, we assume the issue is resolved. We will mark it as "answered" to assist others in similar situations. If you disagree, please reply with further information. You can unmark the answer if you wish. If a reply helped answer your question, please mark it as the answer.


    Richard Mueller - MVP Directory Services

    Saturday, July 14, 2012 10:38 PM
    Moderator