-
×InformationNeed Windows 11 help?Check documents on compatibility, FAQs, upgrade information and available fixes.
Windows 11 Support Center. -
-
×InformationNeed Windows 11 help?Check documents on compatibility, FAQs, upgrade information and available fixes.
Windows 11 Support Center. -
- HP Community
- Archived Topics
- Software Archive
- How to automate silently updating password-protected BIOS?

Create an account on the HP Community to personalize your profile and ask a question

01-02-2014 12:21 PM
We used HPqflash to deploy the original BIOS and then biosconfigutility to do fo replicated setup to configure settings and apply a BIOS password to brand new laptops last year. It worked fine on the brand new laptops out of the box.
Now these laptops are starting to be returned and reassigned to new users and we are reimaging them.
The automated process to update the BIOS to the new version F.46 will not work because of the BIOS password applied on these previously-used laptops. We have to manually remove the password before we can run our image deployment process or else it fails when it gets to the point where it attempts to upgrade the BIOS.
How can we best get around this? Can we run HPQFlash and an automated way to enter the password if the BIOS is password protected or is there a way to use the biosconfigutility to clear the password, then rerun the hpflash to update the bios and then run biosconfigutility again to reapply the password?
What is the best method to get around this problem?
P.S. This thread has been moevd from Client Automation Standard Forum to HP PC Client Management. - Hp Forum Moderator
02-13-2014
11:31 PM
- last edited on
08-14-2020
12:58 PM
by
JessikaV
A forum focused on PC client management topics such as SSM and BCU has recently been added to the HP Community forums.
Topics also include HP's Client Catalog, Client Integration Kit for Microsoft System Center, Microsoft's MDT and HP Driver Packs
SSM can update the BIOS on the target system.
-Install SSM
-Create a filestore with the BIOS updates
-Create the SSM database using SSM's admin mode.
Admin mode is accessed by running without any command
line parameters or by selecting it from Windows start menu
Using the Admin mode in the latest version of SSM also allows
the creation of an encrypted BIOS password file.
Run SSM with command line
ssm.exe c:\filestore /accept /cspwdfile:"filename"
where c:\filestore is the path to the softpaqs
where /cspwdfile is the path & filename of
the encrypted password file
SSM will compare the BIOS details between the target system
and the filestore database and update systems as needed.
It is important to note that any time a SoftPaq is added or
removed from the filestore directory, the database must be updated.
The database can be update using the command line
ssm.exe /am_bld_db
Get the latest version of SSM for encrypted BIOS password support. It is available at
www.hp.com/go/clientmanagement
Select the HP CMS Download Library from the menu under "Resources"
Richard
I work for HP but am not a company spokesperson. Participation in the community forums is voluntary.
02-13-2014 11:38 PM
---- Clearing the BIOS setup password using BIOS Config Utility ( BCU )
This process REQUIRES the user provide old BIOS password.
It will not clear or erase the password on a system in which the password is unkown.
For BCU version 2.60.13 or earlier:
BIOSConfigUtility.exe /cspwd:"CurrentPassword" /nspwd:""
where /cspwd contains the current password.
It is best to enclose the password in quotes.
where /nspwd is the new password and this is set to null using a PAIR of double quotes.
Note regarding BIOS setup passwords:
First - placing a password in a .CMD or .BAT file is strongly discouraged.
Next - It is important to note that if attempting to SET, CLEAR or PASS the password using a .CMD or.BAT file, that standard command line enviroment (DOS style) rules apply.
Use of the percent sign (%) or caret (^) as part of the password may cause unwanted results in a batch file.
I have not explored if there are any side effects of Command Extensions being enabled that would affect other special characters use in this circumstance.
My best recommendation is to leave passwords out of batch files.
For BCU version 3.0.3.1 or later:
BIOSConfigUtility.exe /cspwdfile:"CurrentPasswordFileName" /nspwd:""
where /cspwdfile contains the name of the file containing the current encrypted password.
Enclose the path & filename in quotes.
where /nspwd is the new password and this is set to null using a PAIR of double quotes.
Using this version will allow using a task or batch to set or clear the password without concern for special characters.
With this method, the password should only be limited by BIOS policy and/or BIOS requirements.
The password is encrypted with HPQPswd.exe.
It is available at www.hp.com/go/clientmanagement
Select the HP CMS Download Library from the menu under "Resources"
Richard
I work for HP but am not a company spokesperson. Participation in the community forums is voluntary.
