Read and Write BIOS settings to Lenovo computers

Intro

 

As I often say, if you can automate things you have time to do more fun stuff.
And in windows deployment from SCCM/MDT i’ts always nice to even automate BIOS settings.

Lenovo have been smart in this way. Instead of using special tools, like HP and Dell, you can use WMI methods instead.

This might not be the best coding ever, but you might get the idea here….

Reading settings

The easiest way is probably to sett BIOS as you want it, boot up in Windows or Windows PE with powershell support in it and run this script.

ForEach($Obj in $BiosSettings){
    if ($Obj.CurrentSetting -ne "") {
        Write-Host $Obj.CurrentSetting.replace(",",";")
        $stream.WriteLine($Obj.CurrentSetting.replace(",",";"))
    }
}
$stream.close()

This will output all the BIOS settings in a textfile in the same directory as the script. You can easily change the values and/or remove values you don’t want to change.

Writing settings

$SettingsFile = "Settings.txt"
$SettingsObj = ""
$SettingsObj = Get-Content $PSScriptRoot\$SettingsFile
$BiosPass='mypassword'
$PasswordState = (gwmi -class Lenovo_BiosPasswordSettings -namespace root\wmi).PasswordState

function Set-LenovoBiosSettingsValues
{
    Param( [string]$WMIObj, [string]$WMIValue )

    If ($PasswordIsSet -eq $false) {
        (gwmi -class Lenovo_SetBiosSetting –namespace root\wmi).SetBiosSetting("$WMIObj,$WMIValue")
    }
    Else {
     (gwmi -class Lenovo_SetBiosSetting -namespace root\wmi).SetBiosSetting("$WMIObj,$WMIValue,$BiosPass,ascii,us")
    }

    gwmi -class Lenovo_BiosSetting -namespace root\wmi | Where-Object {$_.CurrentSetting.split(",",[StringSplitOptions]::RemoveEmptyEntries) -eq "$WMIObj"} |
    Format-List CurrentSetting
}

function Set-LenovoBiosSettings {

    #Check if BIOS password is set
    If ($PasswordState -eq '0') {
        $PasswordIsSet = $false
        Write-Host "BIOS password not set"
        }
    Else {
        $PasswordIsSet = $true
        Write-Host "BIOS password is set"
    }

    foreach ($setting in $SettingsObj) {
        $Sobj = ""
        $Svar1 = ""
        $Svar2 = ""
        $Sobj = $Setting -split ';'
        $Svar1,$Svar2=$Sobj

        Write-Host "Sets ""$Svar1"" to ""$Svar2"""
        Set-LenovoBiosSettingsValues -WMIObj $Svar1 -WMIValue $Svar2
    }
    #Saves the bios-settings
    Write-Host "Saving settings"
    (gwmi -class Lenovo_SaveBiosSettings -namespace root\wmi).SaveBiosSettings("$BiosPass,ascii,us")
}

# Start writing settings
Set-LenovoBiosSettings

There are some shortcomings with the way Lenovo has implemented this, some settings cannot be made.
For an example you cannot sett a BIOS password if there aren’t any allready. So you can only change password.
And you cannot set “PhysicalPresenceForTpmClear” to Disable. But only change from Disable to Enable.

Links

You you want to read more about this, you can read the offical documentation and maybe find other things you can do via the wmi.

https://support.lenovo.com/se/sv/solutions/ht100612

 

Leave a Reply

Your email address will not be published. Required fields are marked *