cancel
Showing results for 
Search instead for 
Did you mean: 
ArchivedThis topic has been archived. Information and links in this thread may no longer be available or relevant. If you have a question create a new topic by clicking here and select the appropriate board.
dv3-user
Level 3
46 19 0 4
Message 1 of 3
5,747
Flag Post

How to automate silently updating password-protected BIOS?

HP Recommended

We used HPqflash to deploy the original BIOS and then biosconfigutility to do fo replicated setup to configure settings and apply a BIOS password to brand new laptops last year.  It worked fine on the brand new laptops out of the box.

Now these laptops are starting to be returned and reassigned to new users and we are reimaging them.

 

The automated process to update the BIOS to the new version F.46 will not work because of the BIOS password applied on these previously-used laptops.  We have to manually remove the password before we can run our image deployment process or else it fails when it gets to the point where it attempts to upgrade the BIOS.

 

How can we best get around this?  Can we run HPQFlash and an automated way to enter the password if the BIOS is password protected or is there a way to use the biosconfigutility to clear the password, then rerun the hpflash to update the bios and then run biosconfigutility again to reapply the password?

 

What is the best method to get around this problem?

 

 

P.S. This thread has been moevd from Client Automation Standard Forum to HP PC Client Management. - Hp Forum Moderator

 

0 Kudos
2 REPLIES 2
richard429
Level 4
103 99 4 4
Message 2 of 3
Flag Post
HP Recommended

A forum focused on PC client management topics such as SSM and BCU has recently been added to the HP Community forums. 

Topics also include HP's Client Catalog, Client Integration Kit for Microsoft System Center, Microsoft's MDT and HP Driver Packs

https://h30434.www3.hp.com/t5/Business-PCs-Workstations-and-Point-of-Sale-Systems/bd-p/Business-PC-W...

 

 

SSM can update the BIOS on the target system.

 

-Install SSM

-Create a filestore with the BIOS updates

-Create the SSM database using SSM's admin mode.

          Admin mode is accessed by running without any command

          line parameters or by selecting it from Windows start menu

 

        Using the Admin mode in the latest version of SSM also allows

        the creation of an encrypted BIOS password file.

 

Run SSM with command line

        ssm.exe c:\filestore /accept /cspwdfile:"filename"

 

where c:\filestore       is the path to the softpaqs

where /cspwdfile        is the path & filename of

the encrypted password file

 

 

SSM will compare the BIOS details between the target system

and the filestore database and update systems as needed.

 

It is important to note that any time a SoftPaq is added or

removed from the filestore directory, the database must be updated.

 

The database can be update using the command line

    ssm.exe /am_bld_db

 

 

Get the latest version of SSM for encrypted BIOS password support.  It is available at

        www.hp.com/go/clientmanagement


Select the HP CMS Download Library from the menu under "Resources"

 

Richard

I work for HP but am not a company spokesperson.  Participation in the community forums is voluntary.

 

 

0 Kudos
richard429
Level 4
103 99 4 4
Message 3 of 3
Flag Post
HP Recommended

---- Clearing the BIOS setup password using BIOS Config Utility ( BCU )

 

This process REQUIRES the user provide old BIOS password.

It will not clear or erase the password on a system in which the password is unkown.

 

For BCU version 2.60.13 or earlier:

        BIOSConfigUtility.exe /cspwd:"CurrentPassword"  /nspwd:""

 

where /cspwd contains the current password. 

It is best to enclose the password in quotes.

 

where /nspwd is the new password and this is set to null using a PAIR of double quotes.

 

Note regarding BIOS setup passwords:

        First - placing a password in a .CMD or .BAT file is strongly discouraged.

        Next - It is important to note that if attempting to SET, CLEAR or PASS the password using a .CMD or.BAT file, that standard command line enviroment (DOS style) rules apply.

 

Use of the percent sign (%) or caret (^) as part of the password may cause unwanted results in a batch file.

I have not explored if there are any side effects of Command Extensions being enabled that would affect other special characters use in this circumstance.

My best recommendation is to leave passwords out of batch files.

 

 

For BCU version 3.0.3.1 or later:

        BIOSConfigUtility.exe /cspwdfile:"CurrentPasswordFileName"  /nspwd:""

 

where /cspwdfile contains the name of the file containing the current encrypted password.

 

Enclose the path & filename in quotes.

 

where /nspwd is the new password and this is set to null using a PAIR of double quotes.

 

Using this version will allow using a task or batch to set or clear the password without concern for special characters.

 

With this method, the password should only be limited by BIOS policy and/or BIOS requirements.

 

 

The password is encrypted with HPQPswd.exe.

It is available at www.hp.com/go/clientmanagement

Select the HP CMS Download Library from the menu under "Resources"

 

 

Richard

I work for HP but am not a company spokesperson.  Participation in the community forums is voluntary.

 

0 Kudos
ArchivedThis topic has been archived. Information and links in this thread may no longer be available or relevant. If you have a question create a new topic by clicking here and select the appropriate board.
† The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation