crt
1 month ago
9 changed files with 2040 additions and 0 deletions
-
570HP/Install-HPCMSL.ps1
-
710HP/Manage-HPBiosPasswords.ps1
-
513HP/Manage-HPBiosSettings.ps1
-
61HP/Settings_CSV_General.csv
-
14HP/Settings_CSV_SecureBoot.csv
-
19HP/Settings_CSV_TPM.csv
-
104HP/Settings_InScript_All.txt
-
29HP/bruteforce.ps1
-
20HP/passlist.ps1
@ -0,0 +1,570 @@ |
|||
<# |
|||
.DESCRIPTION |
|||
Install the HP Client Management Script Library PowerShell modules |
|||
|
|||
.PARAMETER ModulePath |
|||
Specify the location of the HPCMSL modules source files. This parameter should be specified when the script is running in WinPE or when the system does not have internet access |
|||
|
|||
.PARAMETER LogFile |
|||
Specify the name of the log file along with the full path where it will be stored. The file must have a .log extension. During a task sequence the path will always be set to _SMSTSLogPath |
|||
|
|||
.EXAMPLE |
|||
Running in a full Windows OS and installing from the internet |
|||
Install-HPCMSL.ps1 |
|||
|
|||
Running in WinPE or offline |
|||
Install-HPCMSL.ps1 -ModulePath HPCMSL |
|||
|
|||
.NOTES |
|||
Created by: Jon Anderson (@ConfigJon) |
|||
Reference: https://www.configjon.com/installing-the-hp-client-management-script-library\ |
|||
Modified: 2020-09-17 |
|||
|
|||
.CHANGELOG |
|||
2020-09-14 - Added a LogFile parameter. Changed the default log path in full Windows to $ENV:ProgramData\ConfigJonScripts\HP. |
|||
Created a new function (Stop-Script) to consolidate some duplicate code and improve error reporting. Made a number of minor formatting and syntax changes |
|||
2020-09-17 - Improved the log file path configuration |
|||
#> |
|||
|
|||
#Parameters =================================================================================================================== |
|||
|
|||
param( |
|||
[ValidateScript({ |
|||
if(!($_ | Test-Path)) |
|||
{ |
|||
throw "The ModulePath folder path does not exist" |
|||
} |
|||
if(!($_ | Test-Path -PathType Container)) |
|||
{ |
|||
throw "The ModulePath argument must be a folder path" |
|||
} |
|||
return $true |
|||
})] |
|||
[Parameter(Mandatory=$false)][System.IO.DirectoryInfo]$ModulePath, |
|||
[Parameter(DontShow)][Switch]$Rerun, |
|||
[Parameter(Mandatory=$false)][ValidateScript({ |
|||
if($_ -notmatch "(\.log)") |
|||
{ |
|||
throw "The file specified in the LogFile paramter must be a .log file" |
|||
} |
|||
return $true |
|||
})] |
|||
[System.IO.FileInfo]$LogFile = "$ENV:ProgramData\ConfigJonScripts\HP\Install-HPCMSL.log" |
|||
) |
|||
|
|||
#Functions ==================================================================================================================== |
|||
|
|||
Function Get-TaskSequenceStatus |
|||
{ |
|||
#Determine if a task sequence is currently running |
|||
try |
|||
{ |
|||
$TSEnv = New-Object -ComObject Microsoft.SMS.TSEnvironment |
|||
} |
|||
catch{} |
|||
if($NULL -eq $TSEnv) |
|||
{ |
|||
return $False |
|||
} |
|||
else |
|||
{ |
|||
try |
|||
{ |
|||
$SMSTSType = $TSEnv.Value("_SMSTSType") |
|||
} |
|||
catch{} |
|||
if($NULL -eq $SMSTSType) |
|||
{ |
|||
return $False |
|||
} |
|||
else |
|||
{ |
|||
return $True |
|||
} |
|||
} |
|||
} |
|||
|
|||
Function Stop-Script |
|||
{ |
|||
#Write an error to the log file and terminate the script |
|||
|
|||
param( |
|||
[Parameter(Mandatory=$true)][ValidateNotNullOrEmpty()][String]$ErrorMessage, |
|||
[Parameter(Mandatory=$false)][ValidateNotNullOrEmpty()][String]$Exception |
|||
) |
|||
Write-LogEntry -Value $ErrorMessage -Severity 3 |
|||
if($Exception) |
|||
{ |
|||
Write-LogEntry -Value "Exception Message: $Exception" -Severity 3 |
|||
} |
|||
throw $ErrorMessage |
|||
} |
|||
|
|||
Function Install-HPCMSLLocal |
|||
{ |
|||
#Install the HPCMSL from local source files |
|||
|
|||
param( |
|||
[parameter(Mandatory = $true)][ValidateNotNullOrEmpty()][String]$InstallPath, |
|||
[parameter(Mandatory = $true)][ValidateNotNullOrEmpty()][String]$ModulePath, |
|||
[parameter(Mandatory = $true)][ValidateNotNullOrEmpty()][String]$ModuleName, |
|||
[parameter(Mandatory = $false)][ValidateNotNullOrEmpty()][String]$Version |
|||
) |
|||
Write-LogEntry -Value "Install the $ModuleName module from $ModulePath" -Severity 1 |
|||
$Error.Clear() |
|||
try |
|||
{ |
|||
Copy-Item $ModulePath -Destination "$InstallPath\WindowsPowerShell\Modules" -Recurse -Force | Out-Null |
|||
} |
|||
catch |
|||
{ |
|||
Write-LogEntry -Value "Failed to copy the $ModuleName module from $ModulePath to $InstallPath\WindowsPowerShell\Modules" -Severity 3 |
|||
} |
|||
if(!($Error)) |
|||
{ |
|||
if($NULL -ne $Version) |
|||
{ |
|||
Write-LogEntry -Value "Successfully installed $ModuleName module version $Version" -Severity 1 |
|||
} |
|||
else |
|||
{ |
|||
Write-LogEntry -Value "Successfully installed the $ModuleName module" -Severity 1 |
|||
} |
|||
} |
|||
} |
|||
|
|||
Function Install-HPCMSLRemote |
|||
{ |
|||
#Install the HPCMSL from the PowerShell Gallery |
|||
|
|||
param( |
|||
[parameter(Mandatory = $false)][ValidateNotNullOrEmpty()][String]$Version |
|||
) |
|||
Write-LogEntry -Value "Install the HPCMSL module from the PowerShell Gallery" -Severity 1 |
|||
$Error.Clear() |
|||
try |
|||
{ |
|||
Install-Module -Name HPCMSL -Force -AcceptLicense |
|||
} |
|||
catch |
|||
{ |
|||
Stop-Script -ErrorMessage "Unable to install the HPCMSL module from the PowerShell Gallery" |
|||
} |
|||
if(!($Error)) |
|||
{ |
|||
if($NULL -ne $Version) |
|||
{ |
|||
Write-LogEntry -Value "Successfully installed HPCMSL module version $Version" -Severity 1 |
|||
} |
|||
else |
|||
{ |
|||
Write-LogEntry -Value "Successfully installed the HPCMSL module" -Severity 1 |
|||
} |
|||
} |
|||
} |
|||
|
|||
Function Update-NuGet |
|||
{ |
|||
#Update the NuGet package provider |
|||
|
|||
#Check if the NuGet package provider is installed |
|||
$Nuget = Get-PackageProvider | Where-Object Name -eq "NuGet" |
|||
#If NuGet is installed, ensure it is the current version |
|||
if($Nuget) |
|||
{ |
|||
$Major = $Nuget.Version | Select-Object -ExpandProperty Major |
|||
$Minor = $Nuget.Version | Select-Object -ExpandProperty Minor |
|||
$Build = $Nuget.Version | Select-Object -ExpandProperty Build |
|||
$Revision = $Nuget.Version | Select-Object -ExpandProperty Revision |
|||
$NugetLocalVersion = "$($Major)." + "$($Minor)." + "$($Build)." + "$($Revision)" |
|||
$NugetWebVersion = Find-PackageProvider NuGet | Select-Object -ExpandProperty Version |
|||
if($NugetLocalVersion -ge $NugetWebVersion) |
|||
{ |
|||
Write-LogEntry -Value "The latest version of the NuGet package provider ($NugetLocalVersion) is already installed" -Severity 1 |
|||
} |
|||
#If the currently installed version of NuGet is outdated, update it from the internet |
|||
else |
|||
{ |
|||
Write-LogEntry -Value "Updating the NuGet package provider" -Severity 1 |
|||
$Error.Clear() |
|||
try |
|||
{ |
|||
Install-PackageProvider -Name "NuGet" -Force -Confirm:$False | Out-Null |
|||
} |
|||
catch |
|||
{ |
|||
Write-LogEntry -Value "Unable to update the NuGet package provider" -Severity 3 |
|||
} |
|||
if(!($Error)) |
|||
{ |
|||
Write-LogEntry -Value "Successfully updated the NuGet package provider to version $NugetWebVersion" -Severity 1 |
|||
} |
|||
} |
|||
} |
|||
#If NuGet is not installed, install it from the internet |
|||
else |
|||
{ |
|||
Write-LogEntry -Value "Update the NuGet package provider" -Severity 1 |
|||
$Error.Clear() |
|||
try |
|||
{ |
|||
Install-PackageProvider -Name "NuGet" -Force -Confirm:$False | Out-Null |
|||
} |
|||
catch |
|||
{ |
|||
Write-LogEntry -Value "Unable to update the NuGet package provider" -Severity 3 |
|||
} |
|||
if(!($Error)) |
|||
{ |
|||
Write-LogEntry -Value "Successfully updated the NuGet package provider" -Severity 1 |
|||
} |
|||
} |
|||
} |
|||
|
|||
Function Update-PowerShellGet |
|||
{ |
|||
#Update the PowerShellGet module |
|||
|
|||
Import-Module -Name PowerShellGet -Force |
|||
$PsGetVersion = Get-Module PowerShellGet | Select-Object -ExpandProperty Version |
|||
$PsGetVersionFull = "$($PsGetVersion.Major)." + "$($PsGetVersion.Minor)." + "$($PsGetVersion.Build)" |
|||
$PsGetVersionWeb = Find-Package -Name PowerShellGet | Select-Object -ExpandProperty Version |
|||
if($PsGetVersionFull -ge $PsGetVersionWeb) |
|||
{ |
|||
Write-LogEntry -Value "The latest version of the PowerShellGet module ($PsGetVersionFull) is already installed" -Severity 1 |
|||
} |
|||
#If the currently installed version of the PowerShellGet module is outdated, update it from the internet |
|||
else |
|||
{ |
|||
Write-LogEntry -Value "Updating the PowerShellGet module" -Severity 1 |
|||
$Error.Clear() |
|||
try |
|||
{ |
|||
Remove-Module -Name PowerShellGet -Force #Unload the current version of the PowerShellGet module |
|||
Install-Module -Name PowerShellGet -Force #Install the latest version of the PowerShellGet module |
|||
} |
|||
catch |
|||
{ |
|||
Write-LogEntry -Value "Unable to update the PowerShellGet module" -Severity 3 |
|||
} |
|||
if(!($Error)) |
|||
{ |
|||
Write-LogEntry -Value "Successfully updated the PowerShellGet module to version $PsGetVersionWeb" -Severity 1 |
|||
#Re-launch the script in a new session to detect the new PowerShellGet module version |
|||
Start-Process -FilePath "$Env:WinDir\system32\WindowsPowerShell\v1.0\powershell.exe" -ArgumentList "-NoProfile -ExecutionPolicy Bypass -File $ScriptPath -Rerun" -Wait -PassThru |
|||
exit |
|||
} |
|||
} |
|||
} |
|||
|
|||
Function Write-LogEntry |
|||
{ |
|||
#Write data to a CMTrace compatible log file. (Credit to SCConfigMgr - https://www.scconfigmgr.com/) |
|||
|
|||
param( |
|||
[parameter(Mandatory = $true, HelpMessage = "Value added to the log file.")] |
|||
[ValidateNotNullOrEmpty()] |
|||
[string]$Value, |
|||
[parameter(Mandatory = $true, HelpMessage = "Severity for the log entry. 1 for Informational, 2 for Warning and 3 for Error.")] |
|||
[ValidateNotNullOrEmpty()] |
|||
[ValidateSet("1", "2", "3")] |
|||
[string]$Severity, |
|||
[parameter(Mandatory = $false, HelpMessage = "Name of the log file that the entry will written to.")] |
|||
[ValidateNotNullOrEmpty()] |
|||
[string]$FileName = ($script:LogFile | Split-Path -Leaf) |
|||
) |
|||
#Determine log file location |
|||
$LogFilePath = Join-Path -Path $LogsDirectory -ChildPath $FileName |
|||
#Construct time stamp for log entry |
|||
if(-not(Test-Path -Path 'variable:global:TimezoneBias')) |
|||
{ |
|||
[string]$global:TimezoneBias = [System.TimeZoneInfo]::Local.GetUtcOffset((Get-Date)).TotalMinutes |
|||
if($TimezoneBias -match "^-") |
|||
{ |
|||
$TimezoneBias = $TimezoneBias.Replace('-', '+') |
|||
} |
|||
else |
|||
{ |
|||
$TimezoneBias = '-' + $TimezoneBias |
|||
} |
|||
} |
|||
$Time = -join @((Get-Date -Format "HH:mm:ss.fff"), $TimezoneBias) |
|||
#Construct date for log entry |
|||
$Date = (Get-Date -Format "MM-dd-yyyy") |
|||
#Construct context for log entry |
|||
$Context = $([System.Security.Principal.WindowsIdentity]::GetCurrent().Name) |
|||
#Construct final log entry |
|||
$LogText = "<![LOG[$($Value)]LOG]!><time=""$($Time)"" date=""$($Date)"" component=""Install-HPCMSL"" context=""$($Context)"" type=""$($Severity)"" thread=""$($PID)"" file="""">" |
|||
#Add value to log file |
|||
try |
|||
{ |
|||
Out-File -InputObject $LogText -Append -NoClobber -Encoding Default -FilePath $LogFilePath -ErrorAction Stop |
|||
} |
|||
catch [System.Exception] |
|||
{ |
|||
Write-Warning -Message "Unable to append log entry to $FileName file. Error message at line $($_.InvocationInfo.ScriptLineNumber): $($_.Exception.Message)" |
|||
} |
|||
} |
|||
|
|||
#Main program ================================================================================================================= |
|||
|
|||
#Set the names of the HPCMSL modules |
|||
$HPModules = ("HP.ClientManagement","HP.Firmware","HP.Private","HP.Repo","HP.Sinks","HP.Softpaq","HP.Utility","HPCMSL") |
|||
|
|||
#Get the path to the script (Used if the script needs to be re-launched) |
|||
$ScriptPath = $MyInvocation.MyCommand |
|||
|
|||
#Configure Logging and task sequence variables |
|||
if(Get-TaskSequenceStatus) |
|||
{ |
|||
$TSEnv = New-Object -COMObject Microsoft.SMS.TSEnvironment |
|||
$LogsDirectory = $TSEnv.Value("_SMSTSLogPath") |
|||
} |
|||
else |
|||
{ |
|||
$LogsDirectory = ($LogFile | Split-Path) |
|||
if([string]::IsNullOrEmpty($LogsDirectory)) |
|||
{ |
|||
$LogsDirectory = $PSScriptRoot |
|||
} |
|||
else |
|||
{ |
|||
if(!(Test-Path -PathType Container $LogsDirectory)) |
|||
{ |
|||
try |
|||
{ |
|||
New-Item -Path $LogsDirectory -ItemType "Directory" -Force -ErrorAction Stop | Out-Null |
|||
} |
|||
catch |
|||
{ |
|||
throw "Failed to create the log file directory: $LogsDirectory. Exception Message: $($PSItem.Exception.Message)" |
|||
} |
|||
} |
|||
} |
|||
} |
|||
|
|||
if(!($Rerun)){ |
|||
Write-Output "Log path set to $LogFile" |
|||
Write-LogEntry -Value "START - HP Client Management Script Library installation script" -Severity 1 |
|||
|
|||
#Make sure the folder names in the ModulePath match the HPCMSL folder names |
|||
if($ModulePath) |
|||
{ |
|||
Write-LogEntry -Value "Validate the folder names in $ModulePath" -Severity 1 |
|||
#Validate the top level folders |
|||
$ModulePathFolders = Get-ChildItem $ModulePath -Directory | Select-Object -ExpandProperty Name |
|||
ForEach($Folder in $ModulePathFolders){ |
|||
if($HPModules -notcontains $Folder) |
|||
{ |
|||
Write-LogEntry -Value "$Folder is not a valid HPCMSL module folder name" -Severity 3 |
|||
$InvalidFolder = $True |
|||
} |
|||
} |
|||
if($InvalidFolder) |
|||
{ |
|||
Stop-Script -ErrorMessage "Invalid folder names found in $ModulePath. Valid folder names are: ""HP.ClientManagement"" ""HP.Firmware"" ""HP.Private"" ""HP.Repo"" ""HP.Sinks"" ""HP.Softpaq"" ""HP.Utility"" ""HPCMSL""" |
|||
} |
|||
else |
|||
{ |
|||
#Validate the subfolders |
|||
ForEach($Folder in $ModulePathFolders){ |
|||
$Subfolder = Get-ChildItem "$ModulePath\$Folder" -Directory | Select-Object -ExpandProperty Name |
|||
if($NULL -eq $Subfolder) |
|||
{ |
|||
Write-LogEntry -Value "No subfolders detected under $Folder. There should be 1 first-level subfolder." -Severity 3 |
|||
$InvalidSubfolder = $True |
|||
} |
|||
elseif($Subfolder.Count -gt 1) |
|||
{ |
|||
Write-LogEntry -Value "Multiple first-level subfolders detected under $Folder. There should only be 1 first-level subfolder." -Severity 3 |
|||
$InvalidSubfolder = $True |
|||
} |
|||
else |
|||
{ |
|||
$PatternCheck = (([regex]"^(\*|\d+(\.\d+){1,3}(\.\*)?)$").Matches($Subfolder)).Success |
|||
if($PatternCheck -ne "True") |
|||
{ |
|||
Write-LogEntry -Value "$Folder\$Subfolder is not a valid subfolder" -Severity 3 |
|||
$InvalidSubfolder = $True |
|||
} |
|||
} |
|||
} |
|||
if($InvalidSubfolder) |
|||
{ |
|||
Write-LogEntry -Value "Each module folder should contain a single first-level subfolder. The folder should be named the version of the module." -Severity 2 |
|||
Write-LogEntry -Value 'Valid first-level subfolder names should be in the format of "1.2" or "1.2.3" or "1.2.3.4"' -Severity 2 |
|||
throw "Invalid subfolder structure found in $ModulePath. See the log file for more details" |
|||
} |
|||
else |
|||
{ |
|||
Write-LogEntry -Value "Successfully validated the folder names" -Severity 1 |
|||
} |
|||
} |
|||
} |
|||
|
|||
#Check the PowerShell version |
|||
Write-LogEntry -Value "Checking the installed PowerShell version" -Severity 1 |
|||
$PsVerMajor = $PSVersionTable.PSVersion | Select-Object -ExpandProperty Major |
|||
$PsVerMinor = $PSVersionTable.PSVersion | Select-Object -ExpandProperty Minor |
|||
$PsVerFull = "$($PsVerMajor)." + "$($PsVerMinor)." |
|||
if($PsVerFull -ge 5.1) |
|||
{ |
|||
Write-LogEntry -Value "The current PowerShell version is $PsVerFull" -Severity 1 |
|||
} |
|||
else |
|||
{ |
|||
Stop-Script -ErrorMessage "The current PowerShell version is $PsVerFull. The mininum supported PowerShell version is 5.1" |
|||
} |
|||
|
|||
#Set the PowerShell Module insatll path |
|||
$ModuleInstallPath = $env:ProgramFiles |
|||
|
|||
#Get the versions of the currently installed HPCMSL modules |
|||
Write-LogEntry -Value "Checking the versions of the currently installed HPCMSL modules" -Severity 1 |
|||
$LocalModuleVersions = [PSCustomObject]@{} |
|||
ForEach($HPModule in $HPModules){ |
|||
if(Test-Path "$ModuleInstallPath\WindowsPowerShell\Modules\$HPModule") |
|||
{ |
|||
$LocalVersionList = Get-ChildItem "$ModuleInstallPath\WindowsPowerShell\Modules\$HPModule" -Directory | Select-Object -ExpandProperty Name |
|||
if($LocalVersionList.Count -gt 1) |
|||
{ |
|||
$LocalVersion = "0.0" |
|||
ForEach($Version in $LocalVersionList){ |
|||
if(([Version]$Version).CompareTo([Version]$LocalVersion) -eq 1) |
|||
{ |
|||
$LocalVersion = $Version |
|||
} |
|||
} |
|||
} |
|||
else |
|||
{ |
|||
$LocalVersion = $LocalVersionList |
|||
} |
|||
|
|||
if($NULL -ne $LocalVersion) |
|||
{ |
|||
Write-LogEntry -Value "The version of the currently installed $HPModule module is $LocalVersion" -Severity 1 |
|||
$LocalModuleVersions | Add-Member -NotePropertyName $HPModule -NotePropertyValue $LocalVersion |
|||
} |
|||
else |
|||
{ |
|||
Write-LogEntry -Value "$HPModule module not found on the local machine" -Severity 2 |
|||
$LocalModuleVersions | Add-Member -NotePropertyName $HPModule -NotePropertyValue '0.0' |
|||
} |
|||
} |
|||
else |
|||
{ |
|||
Write-LogEntry -Value "$HPModule module not found on the local machine" -Severity 2 |
|||
$LocalModuleVersions | Add-Member -NotePropertyName $HPModule -NotePropertyValue '0.0' |
|||
} |
|||
} |
|||
} |
|||
|
|||
#Attempt to install the HPCMSL from local source files |
|||
if($ModulePath) |
|||
{ |
|||
ForEach($HPModule in $HPModules){ |
|||
#Get the version of the module |
|||
try |
|||
{ |
|||
$SourceVersion = Get-ChildItem "$ModulePath\$HPModule" -Directory | Select-Object -ExpandProperty Name |
|||
if($NULL -ne $SourceVersion) |
|||
{ |
|||
Write-LogEntry -Value "The version of the $HPModule module in $ModulePath is $SourceVersion" -Severity 1 |
|||
} |
|||
} |
|||
catch |
|||
{ |
|||
Write-LogEntry -Value "Failed to check the version of the $HPModule module in $ModulePath" -Severity 3 |
|||
} |
|||
if($NULL -ne $SourceVersion) |
|||
{ |
|||
$LocalVersionCompare = ([Version]$SourceVersion).CompareTo([Version]$LocalModuleVersions.$HPModule) |
|||
if($LocalVersionCompare -eq 0) |
|||
{ |
|||
Write-LogEntry -Value "The latest version of the $HPModule module is already installed" -Severity 1 |
|||
} |
|||
elseif($LocalVersionCompare -eq -1) |
|||
{ |
|||
Write-LogEntry -Value "A newer version of $HPModule is already installed" -Severity 1 |
|||
} |
|||
else |
|||
{ |
|||
Install-HPCMSLLocal -InstallPath $ModuleInstallPath -ModuleName $HPModule -ModulePath "$ModulePath\$HPModule" -Version $SourceVersion |
|||
} |
|||
} |
|||
else |
|||
{ |
|||
Install-HPCMSLLocal -InstallPath $ModuleInstallPath -ModuleName $HPModule -ModulePath "$ModulePath\$HPModule" |
|||
} |
|||
} |
|||
} |
|||
#Attempt to install the HPCMSL module from the PowerShell Gallery |
|||
else |
|||
{ |
|||
if(!($Rerun)){ |
|||
#Ensure the NuGet package provider is installed and updated |
|||
Write-LogEntry -Value "Checking the version of the NuGet package provider" -Severity 1 |
|||
Update-NuGet |
|||
|
|||
#Ensure the PowerShellGet module is updated |
|||
Write-LogEntry -Value "Checking the version of the PowerShellGet module" -Severity 1 |
|||
Update-PowerShellGet |
|||
} |
|||
#Get the version of the HPCMSL module in the PowerShell Gallery |
|||
Write-LogEntry -Value "Checking the version of the HPCMSL module in the PowerShell Gallery" -Severity 1 |
|||
try |
|||
{ |
|||
$WebVersion = Find-Package HPCMSL | Select-Object -ExpandProperty Version |
|||
if($NULL -ne $WebVersion) |
|||
{ |
|||
Write-LogEntry -Value "The version of the HPCMSL module in the PowerShell Gallery is $WebVersion" -Severity 1 |
|||
} |
|||
} |
|||
catch |
|||
{ |
|||
Write-LogEntry -Value "Failed to check the version of the HPCMSL module in the PowerShell Gallery" -Severity 3 |
|||
} |
|||
if($NULL -ne $WebVersion) |
|||
{ |
|||
$WebVersionCompare = ([Version]$WebVersion).CompareTo([Version]$LocalModuleVersions.HPCMSL) |
|||
if($WebVersionCompare -eq 0) |
|||
{ |
|||
Write-LogEntry -Value "The latest version of the HPCMSL module is already installed" -Severity 1 |
|||
} |
|||
elseif($WebVersionCompare -eq -1) |
|||
{ |
|||
Write-LogEntry -Value "A newer version of the HPCMSL module is already installed" -Severity 1 |
|||
} |
|||
else |
|||
{ |
|||
Install-HPCMSLRemote -Version $WebVersion |
|||
} |
|||
} |
|||
elseif(($NULL -ne $WebVersion) -and ($NULL -eq $LocalVersion)) |
|||
{ |
|||
Install-HPCMSLRemote -Version $WebVersion |
|||
} |
|||
else |
|||
{ |
|||
Install-HPCMSLRemote |
|||
} |
|||
} |
|||
|
|||
#Import the HPCMSL module |
|||
Write-LogEntry -Value "Import the HPCMSL module" -Severity 1 |
|||
$Error.Clear() |
|||
try |
|||
{ |
|||
Import-Module HPCMSL -Force -ErrorAction Stop |
|||
} |
|||
catch |
|||
{ |
|||
Stop-Script -ErrorMessage "Failed to import the HPCMSL module" -Exception $PSItem.Exception.Message |
|||
} |
|||
if(!($Error)) |
|||
{ |
|||
Write-LogEntry -Value "Successfully imported the HPCMSL module" -Severity 1 |
|||
} |
|||
|
|||
Write-LogEntry -Value "END - HP Client Management Script Library installation script" -Severity 1 |
@ -0,0 +1,710 @@ |
|||
<# |
|||
.DESCRIPTION |
|||
Automatically configure HP BIOS passwords and prompt the user if manual intervention is required. |
|||
|
|||
.PARAMETER SetupSet |
|||
Specify this switch to set a new setup password or change an existing setup password. |
|||
|
|||
.PARAMETER SetupClear |
|||
Specify this swtich to clear an existing setup password. Must also specify the OldSetupPassword parameter. |
|||
|
|||
.PARAMETER PowerOnSet |
|||
Specify this switch to set a new power on password or change an existing power on password. |
|||
|
|||
.PARAMETER PowerOnClear |
|||
Specify this switch to clear an existing power on password. Must also specify the OldPowerOnPassword parameter. |
|||
|
|||
.PARAMETER SetupPassword |
|||
Specify the new setup password to set. |
|||
|
|||
.PARAMETER OldSetupPassword |
|||
Specify the old setup password(s) to be changed. Multiple passwords can be specified as a comma seperated list. |
|||
|
|||
.PARAMETER PowerOnPassword |
|||
Specify the new power on password to set. |
|||
|
|||
.PARAMETER OldPowerOnPassword |
|||
Specify the old power on password(s) to be changed. Multiple passwords can be specified as a comma seperated list. |
|||
|
|||
.PARAMETER NoUserPrompt |
|||
The script will run silently and will not prompt the user with a message box. |
|||
|
|||
.PARAMETER ContinueOnError |
|||
The script will ignore any errors caused by changing or clearing the passwords. This will not suppress errors caused by parameter validation. |
|||
|
|||
.PARAMETER SMSTSPasswordRetry |
|||
For use in a task sequence. If specified, the script will assume the script needs to run at least one more time. This will ignore password errors and suppress user prompts. |
|||
|
|||
.PARAMETER LogFile |
|||
Specify the name of the log file along with the full path where it will be stored. The file must have a .log extension. During a task sequence the path will always be set to _SMSTSLogPath |
|||
|
|||
.EXAMPLE |
|||
Set a new setup password when no old passwords exist |
|||
Manage-HPBiosPasswords.ps1 -SetupSet -SetupPassword <String> |
|||
|
|||
Set or change a setup password |
|||
Manage-HPBiosPasswords.ps1 -SetupSet -SetupPassword <String> -OldSetupPassword <String1>,<String2> |
|||
|
|||
Clear existing setup password(s) |
|||
Manage-HPBiosPasswords.ps1 -SetupClear -OldSetupPassword <String1>,<String2> |
|||
|
|||
Set a new setup password and set a new power on password when no old passwords exist |
|||
Manage-HPBiosPasswords.ps1 -SetupSet -PowerOnSet -SetupPassword <String1> -PowerOnPassword <String1> |
|||
|
|||
Set or change an existing setup password and clear a power on password |
|||
Manage-HPBiosPasswords.ps1 -SetupSet -SetupPassword <String> -OldSetupPassword <String1>,<String2> -PowerOnClear -OldPowerOnPassword <String1>,<String2> |
|||
|
|||
Clear existing Setup and power on passwords |
|||
Manage-HPBiosPasswords.ps1 -SetupClear -OldSetupPassword <String1>,<String2> -PowerOnClear -OldPowerOnPassword <String1>,<String2> |
|||
|
|||
Set a new power on password when the setup password is already set |
|||
Manage-HPBiosPasswords.ps1 -PowerOnSet -PowerOnPassword <String> -SetupPassword <String> |
|||
|
|||
.NOTES |
|||
Created by: Jon Anderson (@ConfigJon) |
|||
Reference: https://www.configjon.com/lenovo-bios-password-management/ |
|||
Modifed: 2020-09-17 |
|||
|
|||
.CHANGELOG |
|||
2019-07-27 - Formatting changes. Changed the SMSTSPasswordRetry parameter to be a switch instead of an integer value. Changed the SMSTSChangeSetup TS variable to HPChangeSetup. |
|||
Changed the SMSTSClearSetup TS variable to HPClearSetup. Changed the SMSTSChangePowerOn TS variable to HPChangePowerOn. Changed the SMSTSClearPowerOn TS variable to HPClearPowerOn. |
|||
2019-11-04 - Added additional logging. Changed the default log path to $ENV:ProgramData\BiosScripts\HP. Modifed the parameter validation logic. |
|||
2020-01-30 - Removed the SetupChange and PowerOnChange parameters. SetupSet and PowerOnSet now work to set or change a password. Changed the HPChangeSetup task sequence variable to HPSetSetup. |
|||
Changed the HPChangePowerOn task sequence variable to HPSetPowerOn. Updated the parameter validation checks. |
|||
2020-09-14 - Added a LogFile parameter. Changed the default log path in full Windows to $ENV:ProgramData\ConfigJonScripts\HP. |
|||
Consolidated duplicate code into new functions (Stop-Script, Get-WmiData, New-HPBiosPassword, Set-HPBiosPassword, Clear-HPBiosPassword). Made a number of minor formatting and syntax changes |
|||
When using the SetupSet and PowerOnSet parameters, the OldPassword parameters are no longer required. There is now logic to handle and report this type of failure. |
|||
2020-09-17 - Improved the log file path configuration |
|||
|
|||
#> |
|||
|
|||
#Parameters =================================================================================================================== |
|||
|
|||
param( |
|||
[Parameter(Mandatory=$false)][Switch]$SetupSet, |
|||
[Parameter(Mandatory=$false)][Switch]$SetupClear, |
|||
[Parameter(Mandatory=$false)][Switch]$PowerOnSet, |
|||
[Parameter(Mandatory=$false)][Switch]$PowerOnClear, |
|||
[Parameter(Mandatory=$false)][ValidateNotNullOrEmpty()][String]$SetupPassword, |
|||
[Parameter(Mandatory=$false)][ValidateNotNullOrEmpty()][String[]]$OldSetupPassword, |
|||
[Parameter(Mandatory=$false)][ValidateNotNullOrEmpty()][String]$PowerOnPassword, |
|||
[Parameter(Mandatory=$false)][ValidateNotNullOrEmpty()][String[]]$OldPowerOnPassword, |
|||
[Parameter(Mandatory=$false)][Switch]$NoUserPrompt, |
|||
[Parameter(Mandatory=$false)][Switch]$ContinueOnError, |
|||
[Parameter(Mandatory=$false)][Switch]$SMSTSPasswordRetry, |
|||
[Parameter(Mandatory=$false)][ValidateScript({ |
|||
if($_ -notmatch "(\.log)") |
|||
{ |
|||
throw "The file specified in the LogFile paramter must be a .log file" |
|||
} |
|||
return $true |
|||
})] |
|||
[System.IO.FileInfo]$LogFile = "$ENV:ProgramData\ConfigJonScripts\HP\Manage-HPBiosPasswords.log" |
|||
) |
|||
|
|||
#Functions ==================================================================================================================== |
|||
|
|||
Function Get-TaskSequenceStatus |
|||
{ |
|||
#Determine if a task sequence is currently running |
|||
try |
|||
{ |
|||
$TSEnv = New-Object -ComObject Microsoft.SMS.TSEnvironment |
|||
} |
|||
catch{} |
|||
if($NULL -eq $TSEnv) |
|||
{ |
|||
return $False |
|||
} |
|||
else |
|||
{ |
|||
try |
|||
{ |
|||
$SMSTSType = $TSEnv.Value("_SMSTSType") |
|||
} |
|||
catch{} |
|||
if($NULL -eq $SMSTSType) |
|||
{ |
|||
return $False |
|||
} |
|||
else |
|||
{ |
|||
return $True |
|||
} |
|||
} |
|||
} |
|||
|
|||
Function Stop-Script |
|||
{ |
|||
#Write an error to the log file and terminate the script |
|||
|
|||
param( |
|||
[Parameter(Mandatory=$true)][ValidateNotNullOrEmpty()][String]$ErrorMessage, |
|||
[Parameter(Mandatory=$false)][ValidateNotNullOrEmpty()][String]$Exception |
|||
) |
|||
Write-LogEntry -Value $ErrorMessage -Severity 3 |
|||
if($Exception) |
|||
{ |
|||
Write-LogEntry -Value "Exception Message: $Exception" -Severity 3 |
|||
} |
|||
throw $ErrorMessage |
|||
} |
|||
|
|||
Function Get-WmiData |
|||
{ |
|||
#Gets WMI data using either the WMI or CIM cmdlets and stores the data in a variable |
|||
|
|||
param( |
|||
[Parameter(Mandatory=$true)][ValidateNotNullOrEmpty()][String]$Namespace, |
|||
[Parameter(Mandatory=$true)][ValidateNotNullOrEmpty()][String]$ClassName, |
|||
[Parameter(Mandatory=$true)][ValidateSet('CIM','WMI')]$CmdletType, |
|||
[Parameter(Mandatory=$false)][ValidateNotNullOrEmpty()][String[]]$Select |
|||
) |
|||
try |
|||
{ |
|||
if($CmdletType -eq "CIM") |
|||
{ |
|||
if($Select) |
|||
{ |
|||
Write-LogEntry -Value "Get the $Classname WMI class from the $Namespace namespace and select properties: $Select" -Severity 1 |
|||
$Query = Get-CimInstance -Namespace $Namespace -ClassName $ClassName -ErrorAction Stop | Select-Object $Select -ErrorAction Stop |
|||
} |
|||
else |
|||
{ |
|||
Write-LogEntry -Value "Get the $ClassName WMI class from the $Namespace namespace" -Severity 1 |
|||
$Query = Get-CimInstance -Namespace $Namespace -ClassName $ClassName -ErrorAction Stop |
|||
} |
|||
} |
|||
elseif($CmdletType -eq "WMI") |
|||
{ |
|||
if($Select) |
|||
{ |
|||
Write-LogEntry -Value "Get the $Classname WMI class from the $Namespace namespace and select properties: $Select" -Severity 1 |
|||
$Query = Get-WmiObject -Namespace $Namespace -Class $ClassName -ErrorAction Stop | Select-Object $Select -ErrorAction Stop |
|||
} |
|||
else |
|||
{ |
|||
Write-LogEntry -Value "Get the $ClassName WMI class from the $Namespace namespace" -Severity 1 |
|||
$Query = Get-WmiObject -Namespace $Namespace -Class $ClassName -ErrorAction Stop |
|||
} |
|||
} |
|||
} |
|||
catch |
|||
{ |
|||
if($Select) |
|||
{ |
|||
Stop-Script -ErrorMessage "An error occurred while attempting to get the $Select properties from the $Classname WMI class in the $Namespace namespace" -Exception $PSItem.Exception.Message |
|||
} |
|||
else |
|||
{ |
|||
Stop-Script -ErrorMessage "An error occurred while connecting to the $Classname WMI class in the $Namespace namespace" -Exception $PSItem.Exception.Message |
|||
} |
|||
} |
|||
Write-LogEntry -Value "Successfully connected to the $ClassName WMI class" -Severity 1 |
|||
return $Query |
|||
} |
|||
|
|||
Function New-HPBiosPassword |
|||
{ |
|||
param( |
|||
[Parameter(Mandatory=$true)][ValidateSet('Setup','PowerOn')]$PasswordType, |
|||
[Parameter(Mandatory=$true)][ValidateNotNullOrEmpty()][String]$Password, |
|||
[Parameter(Mandatory=$false)][ValidateNotNullOrEmpty()][String]$SetupPW |
|||
) |
|||
if($PasswordType -eq "Setup") |
|||
{ |
|||
$PasswordName = "Setup Password" |
|||
} |
|||
else |
|||
{ |
|||
$PasswordName = "Power-On Password" |
|||
} |
|||
#Attempt to set the power on password when the setup password is already set |
|||
if($SetupPW) |
|||
{ |
|||
if(($Interface.SetBIOSSetting($PasswordName,"<utf-16/>" + $Password,"<utf-16/>" + $SetupPW)).Return -eq 0) |
|||
{ |
|||
Write-LogEntry -Value "The $PasswordType password has been successfully set" -Severity 1 |
|||
} |
|||
else |
|||
{ |
|||
Set-Variable -Name "$($PasswordType)PWExists" -Value "Failed" -Scope Script |
|||
Write-LogEntry -Value "Failed to set the $PasswordType password" -Severity 3 |
|||
} |
|||
} |
|||
#Attempt to set the setup or power on password |
|||
else |
|||
{ |
|||
if(($Interface.SetBIOSSetting($PasswordName,"<utf-16/>" + $Password,"<utf-16/>")).Return -eq 0) |
|||
{ |
|||
Write-LogEntry -Value "The $PasswordType password has been successfully set" -Severity 1 |
|||
} |
|||
else |
|||
{ |
|||
Set-Variable -Name "$($PasswordType)PWExists" -Value "Failed" -Scope Script |
|||
Write-LogEntry -Value "Failed to set the $PasswordType password" -Severity 3 |
|||
} |
|||
} |
|||
} |
|||
|
|||
Function Set-HPBiosPassword |
|||
{ |
|||
param( |
|||
[Parameter(Mandatory=$true)][ValidateSet('Setup','PowerOn')]$PasswordType, |
|||
[Parameter(Mandatory=$true)][ValidateNotNullOrEmpty()][String]$Password, |
|||
[Parameter(Mandatory=$false)][ValidateNotNullOrEmpty()][String[]]$OldPassword |
|||
) |
|||
if($PasswordType -eq "Setup") |
|||
{ |
|||
$PasswordName = "Setup Password" |
|||
} |
|||
else |
|||
{ |
|||
$PasswordName = "Power-On Password" |
|||
} |
|||
Write-LogEntry -Value "Attempt to change the existing $PasswordType password" -Severity 1 |
|||
Set-Variable -Name "$($PasswordType)PWSet" -Value "Failed" -Scope Script |
|||
if(Get-TaskSequenceStatus) |
|||
{ |
|||
$TSEnv.Value("HPSet$($PasswordType)") = "Failed" |
|||
} |
|||
#Check if the password is already set to the correct value |
|||
if(($Interface.SetBIOSSetting($PasswordName,"<utf-16/>" + $Password,"<utf-16/>" + $Password)).Return -eq 0) |
|||
{ |
|||
#Password is set to correct value |
|||
Set-Variable -Name "$($PasswordType)PWSet" -Value "Success" -Scope Script |
|||
if(Get-TaskSequenceStatus) |
|||
{ |
|||
$TSEnv.Value("HPSet$($PasswordType)") = "Success" |
|||
} |
|||
Write-LogEntry -Value "The $PasswordType password is already set correctly" -Severity 1 |
|||
} |
|||
#Password is not set to correct value |
|||
else |
|||
{ |
|||
if($OldPassword) |
|||
{ |
|||
$Counter = 0 |
|||
While($Counter -lt $OldPassword.Count) |
|||
{ |
|||
if(($Interface.SetBIOSSetting($PasswordName,"<utf-16/>" + $Password,"<utf-16/>" + $OldPassword[$Counter])).Return -eq 0) |
|||
{ |
|||
#Successfully changed the password |
|||
Set-Variable -Name "$($PasswordType)PWSet" -Value "Success" -Scope Script |
|||
if(Get-TaskSequenceStatus) |
|||
{ |
|||
$TSEnv.Value("HPSet$($PasswordType)") = "Success" |
|||
} |
|||
Write-LogEntry -Value "The $PasswordType password has been successfully changed" -Severity 1 |
|||
break |
|||
} |
|||
else |
|||
{ |
|||
#Failed to change the password |
|||
$Counter++ |
|||
} |
|||
} |
|||
if((Get-Variable -Name "$($PasswordType)PWSet" -ValueOnly -Scope Script) -eq "Failed") |
|||
{ |
|||
Write-LogEntry -Value "Failed to change the $PasswordType password" -Severity 3 |
|||
} |
|||
} |
|||
else |
|||
{ |
|||
Write-LogEntry -Value "The $PasswordType password is currently set to something other than then supplied value, but no old passwords were supplied. Try supplying additional values using the Old$($PasswordType)Password parameter" -Severity 3 |
|||
} |
|||
} |
|||
} |
|||
|
|||
Function Clear-HPBiosPassword |
|||
{ |
|||
param( |
|||
[Parameter(Mandatory=$true)][ValidateSet('Setup','PowerOn')]$PasswordType, |
|||
[Parameter(Mandatory=$true)][ValidateNotNullOrEmpty()][String[]]$OldPassword |
|||
) |
|||
if($PasswordType -eq "Setup") |
|||
{ |
|||
$PasswordName = "Setup Password" |
|||
} |
|||
else |
|||
{ |
|||
$PasswordName = "Power-On Password" |
|||
} |
|||
Write-LogEntry -Value "Attempt to clear the existing $PasswordType password" -Severity 1 |
|||
Set-Variable -Name "$($PasswordType)PWClear" -Value "Failed" -Scope Script |
|||
if(Get-TaskSequenceStatus) |
|||
{ |
|||
$TSEnv.Value("HPClear$($PasswordType)") = "Failed" |
|||
} |
|||
$Counter = 0 |
|||
While($Counter -lt $OldPassword.Count) |
|||
{ |
|||
if(($Interface.SetBIOSSetting($PasswordName,"<utf-16/>","<utf-16/>" + $OldPassword[$Counter])).Return -eq 0) |
|||
{ |
|||
#Successfully cleared the password |
|||
Set-Variable -Name "$($PasswordType)PWClear" -Value "Success" -Scope Script |
|||
if(Get-TaskSequenceStatus) |
|||
{ |
|||
$TSEnv.Value("HPClear$($PasswordType)") = "Success" |
|||
} |
|||
Write-LogEntry -Value "The $PasswordType password has been successfully cleared" -Severity 1 |
|||
break |
|||
} |
|||
else |
|||
{ |
|||
#Failed to clear the password |
|||
$Counter++ |
|||
} |
|||
} |
|||
if((Get-Variable -Name "$($PasswordType)PWClear" -ValueOnly -Scope Script) -eq "Failed") |
|||
{ |
|||
Write-LogEntry -Value "Failed to clear the $PasswordType password" -Severity 3 |
|||
} |
|||
} |
|||
|
|||
Function Start-UserPrompt |
|||
{ |
|||
#Create a user prompt with custom body and title text if the NoUserPrompt variable is not set |
|||
|
|||
[CmdletBinding()] |
|||
param( |
|||
[Parameter(Mandatory=$True)][ValidateNotNullOrEmpty()][String[]]$BodyText, |
|||
[Parameter(Mandatory=$True)][ValidateNotNullOrEmpty()][String[]]$TitleText |
|||
) |
|||
if(!($NoUserPrompt)) |
|||
{ |
|||
(New-Object -ComObject Wscript.Shell).Popup("$BodyText",0,"$TitleText",0x0 + 0x30) | Out-Null |
|||
} |
|||
} |
|||
|
|||
Function Write-LogEntry |
|||
{ |
|||
#Write data to a CMTrace compatible log file. (Credit to SCConfigMgr - https://www.scconfigmgr.com/) |
|||
|
|||
param( |
|||
[parameter(Mandatory = $true, HelpMessage = "Value added to the log file.")] |
|||
[ValidateNotNullOrEmpty()] |
|||
[string]$Value, |
|||
[parameter(Mandatory = $true, HelpMessage = "Severity for the log entry. 1 for Informational, 2 for Warning and 3 for Error.")] |
|||
[ValidateNotNullOrEmpty()] |
|||
[ValidateSet("1", "2", "3")] |
|||
[string]$Severity, |
|||
[parameter(Mandatory = $false, HelpMessage = "Name of the log file that the entry will written to.")] |
|||
[ValidateNotNullOrEmpty()] |
|||
[string]$FileName = ($script:LogFile | Split-Path -Leaf) |
|||
) |
|||
#Determine log file location |
|||
$LogFilePath = Join-Path -Path $LogsDirectory -ChildPath $FileName |
|||
#Construct time stamp for log entry |
|||
if(-not(Test-Path -Path 'variable:global:TimezoneBias')) |
|||
{ |
|||
[string]$global:TimezoneBias = [System.TimeZoneInfo]::Local.GetUtcOffset((Get-Date)).TotalMinutes |
|||
if($TimezoneBias -match "^-") |
|||
{ |
|||
$TimezoneBias = $TimezoneBias.Replace('-', '+') |
|||
} |
|||
else |
|||
{ |
|||
$TimezoneBias = '-' + $TimezoneBias |
|||
} |
|||
} |
|||
$Time = -join @((Get-Date -Format "HH:mm:ss.fff"), $TimezoneBias) |
|||
#Construct date for log entry |
|||
$Date = (Get-Date -Format "MM-dd-yyyy") |
|||
#Construct context for log entry |
|||
$Context = $([System.Security.Principal.WindowsIdentity]::GetCurrent().Name) |
|||
#Construct final log entry |
|||
$LogText = "<![LOG[$($Value)]LOG]!><time=""$($Time)"" date=""$($Date)"" component=""Manage-HPBiosPasswords"" context=""$($Context)"" type=""$($Severity)"" thread=""$($PID)"" file="""">" |
|||
#Add value to log file |
|||
try |
|||
{ |
|||
Out-File -InputObject $LogText -Append -NoClobber -Encoding Default -FilePath $LogFilePath -ErrorAction Stop |
|||
} |
|||
catch [System.Exception] |
|||
{ |
|||
Write-Warning -Message "Unable to append log entry to $FileName file. Error message at line $($_.InvocationInfo.ScriptLineNumber): $($_.Exception.Message)" |
|||
} |
|||
} |
|||
|
|||
#Main program ================================================================================================================= |
|||
|
|||
#Configure Logging and task sequence variables |
|||
if(Get-TaskSequenceStatus) |
|||
{ |
|||
$TSEnv = New-Object -COMObject Microsoft.SMS.TSEnvironment |
|||
$TSProgress = New-Object -ComObject Microsoft.SMS.TsProgressUI |
|||
$LogsDirectory = $TSEnv.Value("_SMSTSLogPath") |
|||
} |
|||
else |
|||
{ |
|||
$LogsDirectory = ($LogFile | Split-Path) |
|||
if([string]::IsNullOrEmpty($LogsDirectory)) |
|||
{ |
|||
$LogsDirectory = $PSScriptRoot |
|||
} |
|||
else |
|||
{ |
|||
if(!(Test-Path -PathType Container $LogsDirectory)) |
|||
{ |
|||
try |
|||
{ |
|||
New-Item -Path $LogsDirectory -ItemType "Directory" -Force -ErrorAction Stop | Out-Null |
|||
} |
|||
catch |
|||
{ |
|||
throw "Failed to create the log file directory: $LogsDirectory. Exception Message: $($PSItem.Exception.Message)" |
|||
} |
|||
} |
|||
} |
|||
} |
|||
Write-Output "Log path set to $LogFile" |
|||
Write-LogEntry -Value "START - HP BIOS password management script" -Severity 1 |
|||
|
|||
#Connect to the HP_BIOSSettingInterface WMI class |
|||
$Interface = Get-WmiData -Namespace root\hp\InstrumentedBIOS -ClassName HP_BIOSSettingInterface -CmdletType WMI |
|||
|
|||
#Connect to the HP_BIOSSetting WMI class |
|||
$HPBiosSetting = Get-WmiData -Namespace root\hp\InstrumentedBIOS -ClassName HP_BIOSSetting -CmdletType WMI |
|||
|
|||
#Get the current password status |
|||
Write-LogEntry -Value "Get the current password state" -Severity 1 |
|||
|
|||
$SetupPasswordCheck = ($HPBiosSetting | Where-Object Name -eq "Setup Password").IsSet |
|||
if($SetupPasswordCheck -eq 1) |
|||
{ |
|||
Write-LogEntry -Value "The setup password is currently set" -Severity 1 |
|||
} |
|||
else |
|||
{ |
|||
Write-LogEntry -Value "The setup password is not currently set" -Severity 1 |
|||
} |
|||
$PowerOnPasswordCheck = ($HPBiosSetting | Where-Object Name -eq "Power-On Password").IsSet |
|||
if($PowerOnPasswordCheck -eq 1) |
|||
{ |
|||
Write-LogEntry -Value "The power on password is currently set" -Severity 1 |
|||
} |
|||
else |
|||
{ |
|||
Write-LogEntry -Value "The power on password is not currently set" -Severity 1 |
|||
} |
|||
|
|||
#Parameter validation |
|||
Write-LogEntry -Value "Begin parameter validation" -Severity 1 |
|||
if(($SetupSet) -and !($SetupPassword)) |
|||
{ |
|||
Stop-Script -ErrorMessage "When using the SetupSet switch, the SetupPassword parameter must also be specified" |
|||
} |
|||
if(($SetupClear) -and !($OldSetupPassword)) |
|||
{ |
|||
Stop-Script -ErrorMessage "When using the SetupClear switch, the OldSetupPassword parameter must also be specified" |
|||
} |
|||
if(($PowerOnSet) -and !($PowerOnPassword)) |
|||
{ |
|||
Stop-Script -ErrorMessage "When using the PowerOnSet switch, the PowerOnPassword parameter must also be specified" |
|||
} |
|||
if(($PowerOnSet -and $SetupPasswordCheck -eq 1) -and !($SetupPassword)) |
|||
{ |
|||
Stop-Script -ErrorMessage "When using the PowerOnSet switch on a computer where the setup password is already set, the SetupPassword parameter must also be specified" |
|||
} |
|||
if(($PowerOnClear) -and !($OldPowerOnPassword)) |
|||
{ |
|||
Stop-Script -ErrorMessage "When using the PowerOnClear switch, the OldPowerOnPassword parameter must also be specified" |
|||
} |
|||
if(($SetupSet) -and ($SetupClear)) |
|||
{ |
|||
Stop-Script -ErrorMessage "Cannot specify the SetupSet and SetupClear parameters simultaneously" |
|||
} |
|||
if(($PowerOnSet) -and ($PowerOnClear)) |
|||
{ |
|||
Stop-Script -ErrorMessage "Cannot specify the PowerOnSet and PowerOnClear parameters simultaneously" |
|||
} |
|||
if(($OldSetupPassword -or $SetupPassword) -and !($SetupSet -or $SetupClear)) |
|||
{ |
|||
Stop-Script -ErrorMessage "When using the OldSetupPassword or SetupPassword parameters, one of the SetupSet or SetupClear parameters must also be specified" |
|||
} |
|||
if(($OldPowerOnPassword -or $PowerOnPassword) -and !($PowerOnSet -or $PowerOnClear)) |
|||
{ |
|||
Stop-Script -ErrorMessage "When using the OldPowerOnPassword or PowerOnPassword parameters, one of the PowerOnSet or PowerOnClear parameters must also be specified" |
|||
} |
|||
if($OldSetupPassword.Count -gt 2) #Prevents entering more than 2 old Setup passwords |
|||
{ |
|||
Stop-Script -ErrorMessage "Please specify 2 or fewer old Setup passwords" |
|||
} |
|||
if($OldPowerOnPassword.Count -gt 2) #Prevents entering more than 2 old power on passwords |
|||
{ |
|||
Stop-Script -ErrorMessage "Please specify 2 or fewer old power on passwords" |
|||
} |
|||
if(($SMSTSPasswordRetry) -and !(Get-TaskSequenceStatus)) |
|||
{ |
|||
Write-LogEntry -Value "The SMSTSPasswordRetry parameter was specifed while not running in a task sequence. Setting SMSTSPasswordRetry to false." -Severity 2 |
|||
$SMSTSPasswordRetry = $False |
|||
} |
|||
Write-LogEntry -Value "Parameter validation completed" -Severity 1 |
|||
|
|||
#Set variables from a previous script session |
|||
if(Get-TaskSequenceStatus) |
|||
{ |
|||
Write-LogEntry -Value "Check for existing task sequence variables" -Severity 1 |
|||
$HPSetSetup = $TSEnv.Value("HPSetSetup") |
|||
if($HPSetSetup -eq "Failed") |
|||
{ |
|||
Write-LogEntry -Value "Previous unsuccessful setup password set attempt detected" -Severity 1 |
|||
} |
|||
$HPClearSetup = $TSEnv.Value("HPClearSetup") |
|||
if($HPClearSetup -eq "Failed") |
|||
{ |
|||
Write-LogEntry -Value "Previous unsuccessful setup password clear attempt detected" -Severity 1 |
|||
} |
|||
$HPSetPowerOn = $TSEnv.Value("HPSetPowerOn") |
|||
if($HPSetPowerOn -eq "Failed") |
|||
{ |
|||
Write-LogEntry -Value "Previous unsuccessful power on password set attempt detected" -Severity 1 |
|||
} |
|||
$HPClearPowerOn = $TSEnv.Value("HPClearPowerOn") |
|||
if($HPClearPowerOn -eq "Failed") |
|||
{ |
|||
Write-LogEntry -Value "Previous unsuccessful power on password clear attempt detected" -Severity 1 |
|||
} |
|||
} |
|||
|
|||
#No setup password currently set |
|||
if($SetupPasswordCheck -eq 0) |
|||
{ |
|||
if($SetupClear) |
|||
{ |
|||
Write-LogEntry -Value "No Setup password currently set. No need to clear the setup password" -Severity 2 |
|||
Clear-Variable SetupClear |
|||
} |
|||
if($SetupSet) |
|||
{ |
|||
New-HPBiosPassword -PasswordType Setup -Password $SetupPassword |
|||
} |
|||
} |
|||
|
|||
#No power on password currently set |
|||
if($PowerOnPasswordCheck -eq 0) |
|||
{ |
|||
if($PowerOnClear) |
|||
{ |
|||
Write-LogEntry -Value "No power on password currently set. No need to clear the power on password" -Severity 2 |
|||
Clear-Variable SetupClear |
|||
} |
|||
if($PowerOnSet) |
|||
{ |
|||
#If the setup password is currently set, the setup password is required to set the power on password |
|||
if(($HPBiosSetting | Where-Object Name -eq "Setup Password").IsSet -eq 1) |
|||
{ |
|||
New-HPBiosPassword -PasswordType PowerOn -Password $PowerOnPassword -SetupPW $SetupPassword |
|||
} |
|||
else |
|||
{ |
|||
New-HPBiosPassword -PasswordType PowerOn -Password $PowerOnPassword |
|||
} |
|||
} |
|||
} |
|||
|
|||
#If a Setup password is set, attempt to clear or change it |
|||
if($SetupPasswordCheck -eq 1) |
|||
{ |
|||
#Change the existing Setup password |
|||
if(($SetupSet) -and ($HPSetSetup -ne "Success")) |
|||
{ |
|||
if($OldSetupPassword) |
|||
{ |
|||
Set-HPBiosPassword -PasswordType Setup -Password $SetupPassword -OldPassword $OldSetupPassword |
|||
} |
|||
else |
|||
{ |
|||
Set-HPBiosPassword -PasswordType Setup -Password $SetupPassword |
|||
} |
|||
} |
|||
#Clear the existing Setup password |
|||
if(($SetupClear) -and ($HPClearSetup -ne "Success")) |
|||
{ |
|||
Clear-HPBiosPassword -PasswordType Setup -OldPassword $OldSetupPassword |
|||
} |
|||
} |
|||
|
|||
#If a power on password is set, attempt to clear or change it |
|||
if($PowerOnPasswordCheck -eq 1) |
|||
{ |
|||
#Change the existing power on password |
|||
if(($PowerOnSet) -and ($HPSetPowerOn -ne "Success")) |
|||
{ |
|||
if($OldPowerOnPassword) |
|||
{ |
|||
Set-HPBiosPassword -PasswordType PowerOn -Password $PowerOnPassword -OldPassword $OldPowerOnPassword |
|||
} |
|||
else |
|||
{ |
|||
Set-HPBiosPassword -PasswordType PowerOn -Password $PowerOnPassword |
|||
} |
|||
} |
|||
#Clear the existing power on password |
|||
if(($PowerOnClear) -and ($HPClearPowerOn -ne "Success")) |
|||
{ |
|||
Clear-HPBiosPassword -PasswordType PowerOn -OldPassword $OldPowerOnPassword |
|||
} |
|||
} |
|||
|
|||
#Prompt the user about any failures |
|||
if((($SetupPWExists -eq "Failed") -or ($SetupPWSet -eq "Failed") -or ($SetupPWClear -eq "Failed") -or ($PowerOnPWExists -eq "Failed") -or ($PowerOnPWSet -eq "Failed") -or ($PowerOnPWClear -eq "Failed")) -and (!($SMSTSPasswordRetry))) |
|||
{ |
|||
if(!($NoUserPrompt)) |
|||
{ |
|||
Write-LogEntry -Value "Failures detected, display on-screen prompts for any required manual actions" -Severity 2 |
|||
#Close the task sequence progress dialog |
|||
if(Get-TaskSequenceStatus) |
|||
{ |
|||
$TSProgress.CloseProgressDialog() |
|||
} |
|||
#Display prompts |
|||
if($SetupPWExists -eq "Failed") |
|||
{ |
|||
Start-UserPrompt -BodyText "No setup password is set, but the script was unable to set a password. Please reboot the computer and manually set the setup password." -TitleText "HP Password Management Script" |
|||
} |
|||
if($SetupPWSet -eq "Failed") |
|||
{ |
|||
Start-UserPrompt -BodyText "The setup password is set, but cannot be automatically changed. Please reboot the computer and manually change the setup password." -TitleText "HP Password Management Script" |
|||
} |
|||
if($SetupPWClear -eq "Failed") |
|||
{ |
|||
Start-UserPrompt -BodyText "The setup password is set, but cannot be automatically cleared. Please reboot the computer and manually clear the setup password." -TitleText "HP Password Management Script" |
|||
} |
|||
if($PowerOnPWExists -eq "Failed") |
|||
{ |
|||
Start-UserPrompt -BodyText "No power on password is set, but the script was unable to set a password. Please reboot the computer and manually set the power on password." -TitleText "HP Password Management Script" |
|||
} |
|||
if($PowerOnPWSet -eq "Failed") |
|||
{ |
|||
Start-UserPrompt -BodyText "The power on password is set, but cannot be automatically changed. Please reboot the computer and manually change the power on password." -TitleText "HP Password Management Script" |
|||
} |
|||
if($PowerOnPWClear -eq "Failed") |
|||
{ |
|||
Start-UserPrompt -BodyText "The power on password is set, but cannot be automatically cleared. Please reboot the computer and manually clear the power on password." -TitleText "HP Password Management Script" |
|||
} |
|||
} |
|||
#Exit the script with an error |
|||
if(!($ContinueOnError)) |
|||
{ |
|||
Write-LogEntry -Value "Failures detected, exiting the script" -Severity 3 |
|||
Write-Output "Password management tasks failed. Check the log file for more information" |
|||
Write-LogEntry -Value "END - HP BIOS password management script" -Severity 1 |
|||
Exit 1 |
|||
} |
|||
else |
|||
{ |
|||
Write-LogEntry -Value "Failures detected, but the ContinueOnError parameter was set. Script execution will continue" -Severity 3 |
|||
Write-Output "Failures detected, but the ContinueOnError parameter was set. Script execution will continue" |
|||
} |
|||
} |
|||
elseif((($SetupPWExists -eq "Failed") -or ($SetupPWSet -eq "Failed") -or ($SetupPWClear -eq "Failed") -or ($PowerOnPWExists -eq "Failed") -or ($PowerOnPWSet -eq "Failed") -or ($PowerOnPWClear -eq "Failed")) -and ($SMSTSPasswordRetry)) |
|||
{ |
|||
Write-LogEntry -Value "Failures detected, but the SMSTSPasswordRetry parameter was set. No user prompts will be displayed" -Severity 3 |
|||
Write-Output "Failures detected, but the SMSTSPasswordRetry parameter was set. No user prompts will be displayed" |
|||
} |
|||
else |
|||
{ |
|||
Write-Output "Password management tasks succeeded. Check the log file for more information" |
|||
} |
|||
Write-LogEntry -Value "END - HP BIOS password management script" -Severity 1 |
@ -0,0 +1,513 @@ |
|||
<# |
|||
.DESCRIPTION |
|||
Automatically configure HP BIOS settings |
|||
|
|||
SetBIOSSetting Return Codes |
|||
0 - Success |
|||
1 - Not Supported |
|||
2 - Unspecified Error |
|||
3 - Timeout |
|||
4 - Failed - (Check for typos in the setting value) |
|||
5 - Invalid Parameter |
|||
6 - Access Denied - (Check that the BIOS password is correct) |
|||
|
|||
.PARAMETER GetSettings |
|||
Instruct the script to get a list of current BIOS settings |
|||
|
|||
.PARAMETER SetSettings |
|||
Instruct the script to set BIOS settings |
|||
|
|||
.PARAMETER CsvPath |
|||
The path to the CSV file to be imported or exported |
|||
|
|||
.PARAMETER SetupPassword |
|||
The current BIOS password |
|||
|
|||
.PARAMETER LogFile |
|||
Specify the name of the log file along with the full path where it will be stored. The file must have a .log extension. During a task sequence the path will always be set to _SMSTSLogPath |
|||
|
|||
.EXAMPLE |
|||
#Set BIOS settings supplied in the script |
|||
Manage-HPBiosSettings.ps1 -SetSettings -SetupPassword ExamplePassword |
|||
|
|||
#Set BIOS settings supplied in a CSV file |
|||
Manage-HPBiosSettings.ps1 -SetSettings -CsvPath C:\Temp\Settings.csv -SetupPassword ExamplePassword |
|||
|
|||
#Output a list of current BIOS settings to the screen |
|||
Manage-HPBiosSettings.ps1 -GetSettings |
|||
|
|||
#Output a list of current BIOS settings to a CSV file |
|||
Manage-HPBiosSettings.ps1 -GetSettings -CsvPath C:\Temp\Settings.csv |
|||
|
|||
.NOTES |
|||
Created by: Jon Anderson (@ConfigJon) |
|||
Reference: https://www.configjon.com/hp-bios-settings-management/ |
|||
Modified: 2020-09-17 |
|||
|
|||
.CHANGELOG |
|||
2019-11-04 - Added additional logging. Changed the default log path to $ENV:ProgramData\BiosScripts\HP. |
|||
2020-02-21 - Added the ability to get a list of current BIOS settings on a system via the GetSettings parameter |
|||
Added the ability to read settings from or write settings to a csv file with the CsvPath parameter |
|||
Added the SetSettings parameter to indicate that the script should attempt to set settings |
|||
Changed the $Settings array in the script to be comma seperated instead of semi-colon seperated |
|||
Updated formatting |
|||
2020-09-14 - Added a LogFile parameter. Changed the default log path in full Windows to $ENV:ProgramData\ConfigJonScripts\HP. |
|||
Consolidated duplicate code into new functions (Stop-Script, Get-WmiData). Made a number of minor formatting and syntax changes |
|||
2020-09-17 - Improved the log file path configuration |
|||
|
|||
#> |
|||
|
|||
#Parameters =================================================================================================================== |
|||
|
|||
param( |
|||
[Parameter(Mandatory=$false)][Switch]$GetSettings, |
|||
[Parameter(Mandatory=$false)][Switch]$SetSettings, |
|||
[Parameter(Mandatory=$false)][ValidateNotNullOrEmpty()][String]$SetupPassword, |
|||
[ValidateScript({ |
|||
if($_ -notmatch "(\.csv)") |
|||
{ |
|||
throw "The specified file must be a .csv file" |
|||
} |
|||
return $true |
|||
})] |
|||
[System.IO.FileInfo]$CsvPath, |
|||
[Parameter(Mandatory=$false)][ValidateScript({ |
|||
if($_ -notmatch "(\.log)") |
|||
{ |
|||
throw "The file specified in the LogFile paramter must be a .log file" |
|||
} |
|||
return $true |
|||
})] |
|||
[System.IO.FileInfo]$LogFile = "$ENV:ProgramData\ConfigJonScripts\HP\Manage-HPBiosSettings.log" |
|||
) |
|||
|
|||
#List of settings to be configured ============================================================================================ |
|||
#============================================================================================================================== |
|||
$Settings = ( |
|||
"Deep S3,Off", |
|||
"Deep Sleep,Off", |
|||
"S4/S5 Max Power Savings,Disable", |
|||
"S5 Maximum Power Savings,Disable", |
|||
"Fingerprint Device,Disable", |
|||
"Num Lock State at Power-On,Off", |
|||
"NumLock on at boot,Disable", |
|||
"Numlock state at boot,Off", |
|||
"Prompt for Admin password on F9 (Boot Menu),Enable", |
|||
"Prompt for Admin password on F11 (System Recovery),Enable", |
|||
"Prompt for Admin password on F12 (Network Boot),Enable", |
|||
"PXE Internal IPV4 NIC boot,Enable", |
|||
"PXE Internal IPV6 NIC boot,Enable", |
|||
"PXE Internal NIC boot,Enable", |
|||
"Wake On LAN,Boot to Hard Drive", |
|||
"Swap Fn and Ctrl (Keys),Disable" |
|||
) |
|||
#============================================================================================================================== |
|||
#============================================================================================================================== |
|||
|
|||
#Functions ==================================================================================================================== |
|||
|
|||
Function Get-TaskSequenceStatus |
|||
{ |
|||
#Determine if a task sequence is currently running |
|||
try |
|||
{ |
|||
$TSEnv = New-Object -ComObject Microsoft.SMS.TSEnvironment |
|||
} |
|||
catch{} |
|||
if($NULL -eq $TSEnv) |
|||
{ |
|||
return $False |
|||
} |
|||
else |
|||
{ |
|||
try |
|||
{ |
|||
$SMSTSType = $TSEnv.Value("_SMSTSType") |
|||
} |
|||
catch{} |
|||
if($NULL -eq $SMSTSType) |
|||
{ |
|||
return $False |
|||
} |
|||
else |
|||
{ |
|||
return $True |
|||
} |
|||
} |
|||
} |
|||
|
|||
Function Stop-Script |
|||
{ |
|||
#Write an error to the log file and terminate the script |
|||
|
|||
param( |
|||
[Parameter(Mandatory=$true)][ValidateNotNullOrEmpty()][String]$ErrorMessage, |
|||
[Parameter(Mandatory=$false)][ValidateNotNullOrEmpty()][String]$Exception |
|||
) |
|||
Write-LogEntry -Value $ErrorMessage -Severity 3 |
|||
if($Exception) |
|||
{ |
|||
Write-LogEntry -Value "Exception Message: $Exception" -Severity 3 |
|||
} |
|||
throw $ErrorMessage |
|||
} |
|||
|
|||
Function Get-WmiData |
|||
{ |
|||
#Gets WMI data using either the WMI or CIM cmdlets and stores the data in a variable |
|||
|
|||
param( |
|||
[Parameter(Mandatory=$true)][ValidateNotNullOrEmpty()][String]$Namespace, |
|||
[Parameter(Mandatory=$true)][ValidateNotNullOrEmpty()][String]$ClassName, |
|||
[Parameter(Mandatory=$true)][ValidateSet('CIM','WMI')]$CmdletType, |
|||
[Parameter(Mandatory=$false)][ValidateNotNullOrEmpty()][String[]]$Select |
|||
) |
|||
try |
|||
{ |
|||
if($CmdletType -eq "CIM") |
|||
{ |
|||
if($Select) |
|||
{ |
|||
Write-LogEntry -Value "Get the $Classname WMI class from the $Namespace namespace and select properties: $Select" -Severity 1 |
|||
$Query = Get-CimInstance -Namespace $Namespace -ClassName $ClassName -ErrorAction Stop | Select-Object $Select -ErrorAction Stop |
|||
} |
|||
else |
|||
{ |
|||
Write-LogEntry -Value "Get the $ClassName WMI class from the $Namespace namespace" -Severity 1 |
|||
$Query = Get-CimInstance -Namespace $Namespace -ClassName $ClassName -ErrorAction Stop |
|||
} |
|||
} |
|||
elseif($CmdletType -eq "WMI") |
|||
{ |
|||
if($Select) |
|||
{ |
|||
Write-LogEntry -Value "Get the $Classname WMI class from the $Namespace namespace and select properties: $Select" -Severity 1 |
|||
$Query = Get-WmiObject -Namespace $Namespace -Class $ClassName -ErrorAction Stop | Select-Object $Select -ErrorAction Stop |
|||
} |
|||
else |
|||
{ |
|||
Write-LogEntry -Value "Get the $ClassName WMI class from the $Namespace namespace" -Severity 1 |
|||
$Query = Get-WmiObject -Namespace $Namespace -Class $ClassName -ErrorAction Stop |
|||
} |
|||
} |
|||
} |
|||
catch |
|||
{ |
|||
if($Select) |
|||
{ |
|||
Stop-Script -ErrorMessage "An error occurred while attempting to get the $Select properties from the $Classname WMI class in the $Namespace namespace" -Exception $PSItem.Exception.Message |
|||
} |
|||
else |
|||
{ |
|||
Stop-Script -ErrorMessage "An error occurred while connecting to the $Classname WMI class in the $Namespace namespace" -Exception $PSItem.Exception.Message |
|||
} |
|||
} |
|||
Write-LogEntry -Value "Successfully connected to the $ClassName WMI class" -Severity 1 |
|||
return $Query |
|||
} |
|||
|
|||
Function Set-HPBiosSetting |
|||
{ |
|||
#Set a specific HP BIOS setting |
|||
|
|||
param( |
|||
[Parameter(Mandatory=$true)][ValidateNotNullOrEmpty()][String]$Name, |
|||
[Parameter(Mandatory=$true)][ValidateNotNullOrEmpty()][String]$Value, |
|||
[Parameter(Mandatory=$false)][ValidateNotNullOrEmpty()][String]$Password |
|||
) |
|||
#Ensure the specified setting exists and get the possible values |
|||
$CurrentSetting = $SettingList | Where-Object Name -eq $Name | Select-Object -ExpandProperty Value |
|||
if($NULL -ne $CurrentSetting) |
|||
{ |
|||
#Split the current values |
|||
$CurrentSettingSplit = $CurrentSetting.Split(',') |
|||
#Find the currently set value |
|||
$Count = 0 |
|||
while($Count -lt $CurrentSettingSplit.Count) |
|||
{ |
|||
if($CurrentSettingSplit[$Count].StartsWith('*')) |
|||
{ |
|||
$CurrentValue = $CurrentSettingSplit[$Count] |
|||
break |
|||
} |
|||
else |
|||
{ |
|||
$Count++ |
|||
} |
|||
} |
|||
#Setting is already set to specified value |
|||
if($CurrentValue.Substring(1) -eq $Value) |
|||
{ |
|||
Write-LogEntry -Value "Setting ""$Name"" is already set to ""$Value""" -Severity 1 |
|||
$Script:AlreadySet++ |
|||
} |
|||
#Setting is not set to specified value |
|||
else |
|||
{ |
|||
if(!([String]::IsNullOrEmpty($Password))) |
|||
{ |
|||
$SettingResult = ($Interface.SetBIOSSetting($Name,$Value,"<utf-16/>" + $Password)).Return |
|||
} |
|||
else |
|||
{ |
|||
$SettingResult = ($Interface.SetBIOSSetting($Name,$Value)).Return |
|||
} |
|||
if($SettingResult -eq 0) |
|||
{ |
|||
Write-LogEntry -Value "Successfully set ""$Name"" to ""$Value""" -Severity 1 |
|||
$Script:SuccessSet++ |
|||
} |
|||
else |
|||
{ |
|||
Write-LogEntry -Value "Failed to set ""$Name"" to ""$Value"". Return code $SettingResult" -Severity 3 |
|||
$Script:FailSet++ |
|||
} |
|||
} |
|||
} |
|||
#Setting not found |
|||
else |
|||
{ |
|||
Write-LogEntry -Value "Setting ""$Name"" not found" -Severity 2 |
|||
$Script:NotFound++ |
|||
} |
|||
} |
|||
|
|||
Function Write-LogEntry |
|||
{ |
|||
#Write data to a CMTrace compatible log file. (Credit to SCConfigMgr - https://www.scconfigmgr.com/) |
|||
|
|||
param( |
|||
[parameter(Mandatory = $true, HelpMessage = "Value added to the log file.")] |
|||
[ValidateNotNullOrEmpty()] |
|||
[string]$Value, |
|||
[parameter(Mandatory = $true, HelpMessage = "Severity for the log entry. 1 for Informational, 2 for Warning and 3 for Error.")] |
|||
[ValidateNotNullOrEmpty()] |
|||
[ValidateSet("1", "2", "3")] |
|||
[string]$Severity, |
|||
[parameter(Mandatory = $false, HelpMessage = "Name of the log file that the entry will written to.")] |
|||
[ValidateNotNullOrEmpty()] |
|||
[string]$FileName = ($script:LogFile | Split-Path -Leaf) |
|||
) |
|||
#Determine log file location |
|||
$LogFilePath = Join-Path -Path $LogsDirectory -ChildPath $FileName |
|||
#Construct time stamp for log entry |
|||
if(-not(Test-Path -Path 'variable:global:TimezoneBias')) |
|||
{ |
|||
[string]$global:TimezoneBias = [System.TimeZoneInfo]::Local.GetUtcOffset((Get-Date)).TotalMinutes |
|||
if($TimezoneBias -match "^-") |
|||
{ |
|||
$TimezoneBias = $TimezoneBias.Replace('-', '+') |
|||
} |
|||
else |
|||
{ |
|||
$TimezoneBias = '-' + $TimezoneBias |
|||
} |
|||
} |
|||
$Time = -join @((Get-Date -Format "HH:mm:ss.fff"), $TimezoneBias) |
|||
#Construct date for log entry |
|||
$Date = (Get-Date -Format "MM-dd-yyyy") |
|||
#Construct context for log entry |
|||
$Context = $([System.Security.Principal.WindowsIdentity]::GetCurrent().Name) |
|||
#Construct final log entry |
|||
$LogText = "<![LOG[$($Value)]LOG]!><time=""$($Time)"" date=""$($Date)"" component=""Manage-HPBiosSettings"" context=""$($Context)"" type=""$($Severity)"" thread=""$($PID)"" file="""">" |
|||
#Add value to log file |
|||
try |
|||
{ |
|||
Out-File -InputObject $LogText -Append -NoClobber -Encoding Default -FilePath $LogFilePath -ErrorAction Stop |
|||
} |
|||
catch [System.Exception] |
|||
{ |
|||
Write-Warning -Message "Unable to append log entry to $FileName file. Error message at line $($_.InvocationInfo.ScriptLineNumber): $($_.Exception.Message)" |
|||
} |
|||
} |
|||
|
|||
#Main program ================================================================================================================= |
|||
|
|||
#Configure Logging and task sequence variables |
|||
if(Get-TaskSequenceStatus) |
|||
{ |
|||
$TSEnv = New-Object -COMObject Microsoft.SMS.TSEnvironment |
|||
$LogsDirectory = $TSEnv.Value("_SMSTSLogPath") |
|||
} |
|||
else |
|||
{ |
|||
$LogsDirectory = ($LogFile | Split-Path) |
|||
if([string]::IsNullOrEmpty($LogsDirectory)) |
|||
{ |
|||
$LogsDirectory = $PSScriptRoot |
|||
} |
|||
else |
|||
{ |
|||
if(!(Test-Path -PathType Container $LogsDirectory)) |
|||
{ |
|||
try |
|||
{ |
|||
New-Item -Path $LogsDirectory -ItemType "Directory" -Force -ErrorAction Stop | Out-Null |
|||
} |
|||
catch |
|||
{ |
|||
throw "Failed to create the log file directory: $LogsDirectory. Exception Message: $($PSItem.Exception.Message)" |
|||
} |
|||
} |
|||
} |
|||
} |
|||
Write-Output "Log path set to $LogFile" |
|||
Write-LogEntry -Value "START - HP BIOS settings management script" -Severity 1 |
|||
|
|||
#Connect to the HP_BIOSEnumeration WMI class |
|||
$SettingList = Get-WmiData -Namespace root\hp\InstrumentedBIOS -ClassName HP_BIOSEnumeration -CmdletType WMI |
|||
|
|||
#Connect to the HP_BIOSSettingInterface WMI class |
|||
$Interface = Get-WmiData -Namespace root\hp\InstrumentedBIOS -ClassName HP_BIOSSettingInterface -CmdletType WMI |
|||
|
|||
#Connect to the HP_BIOSSetting WMI class |
|||
$HPBiosSetting = Get-WmiData -Namespace root\hp\InstrumentedBIOS -ClassName HP_BIOSSetting -CmdletType WMI |
|||
|
|||
#Parameter validation |
|||
Write-LogEntry -Value "Begin parameter validation" -Severity 1 |
|||
if($GetSettings -and $SetSettings) |
|||
{ |
|||
Stop-Script -ErrorMessage "Cannot specify the GetSettings and SetSettings parameters at the same time" |
|||
} |
|||
if(!($GetSettings -or $SetSettings)) |
|||
{ |
|||
Stop-Script -ErrorMessage "One of the GetSettings or SetSettings parameters must be specified when running this script" |
|||
} |
|||
if($SetSettings -and !($Settings -or $CsvPath)) |
|||
{ |
|||
Stop-Script -ErrorMessage "Settings must be specified using either the Settings variable in the script or the CsvPath parameter" |
|||
} |
|||
Write-LogEntry -Value "Parameter validation completed" -Severity 1 |
|||
|
|||
#Set counters to 0 |
|||
if($SetSettings) |
|||
{ |
|||
$AlreadySet = 0 |
|||
$SuccessSet = 0 |
|||
$FailSet = 0 |
|||
$NotFound = 0 |
|||
} |
|||
|
|||
#Get the current password status |
|||
if($SetSettings) |
|||
{ |
|||
Write-LogEntry -Value "Check current BIOS setup password status" -Severity 1 |
|||
$PasswordCheck = ($HPBiosSetting | Where-Object Name -eq "Setup Password").IsSet |
|||
if($PasswordCheck -eq 1) |
|||
{ |
|||
#Setup password set but parameter not specified |
|||
if([String]::IsNullOrEmpty($SetupPassword)) |
|||
{ |
|||
Stop-Script -ErrorMessage "The BIOS setup password is set, but no password was supplied. Use the SetupPassword parameter when a password is set" |
|||
} |
|||
#Setup password set correctly |
|||
if(($Interface.SetBIOSSetting("Setup Password","<utf-16/>" + $SetupPassword,"<utf-16/>" + $SetupPassword)).Return -eq 0) |
|||
{ |
|||
Write-LogEntry -Value "The specified setup password matches the currently set password" -Severity 1 |
|||
} |
|||
#Setup password not set correctly |
|||
else |
|||
{ |
|||
Stop-Script -ErrorMessage "The specified setup password does not match the currently set password" |
|||
} |
|||
} |
|||
else |
|||
{ |
|||
Write-LogEntry -Value "The BIOS setup password is not currently set" -Severity 1 |
|||
} |
|||
} |
|||
|
|||
#Get the current settings |
|||
if($GetSettings) |
|||
{ |
|||
$SettingList = $SettingList | Select-Object Name,Value | Sort-Object Name |
|||
$SettingObject = ForEach($Setting in $SettingList){ |
|||
#Split the current values |
|||
$SettingSplit = ($Setting.Value).Split(',') |
|||
#Find the currently set value |
|||
$SplitCount = 0 |
|||
while($SplitCount -lt $SettingSplit.Count) |
|||
{ |
|||
if($SettingSplit[$SplitCount].StartsWith('*')) |
|||
{ |
|||
$SetValue = ($SettingSplit[$SplitCount]).Substring(1) |
|||
break |
|||
} |
|||
else |
|||
{ |
|||
$SplitCount++ |
|||
} |
|||
} |
|||
[PSCustomObject]@{ |
|||
Name = $Setting.Name |
|||
Value = $SetValue |
|||
} |
|||
} |
|||
if($CsvPath) |
|||
{ |
|||
$SettingObject | Export-Csv -Path $CsvPath -NoTypeInformation |
|||
(Get-Content $CsvPath) | ForEach-Object {$_ -Replace '"',""} | Out-File $CsvPath -Force -Encoding ascii |
|||
} |
|||
else |
|||
{ |
|||
Write-Output $SettingObject |
|||
} |
|||
} |
|||
#Set settings |
|||
if($SetSettings) |
|||
{ |
|||
if($CsvPath) |
|||
{ |
|||
Clear-Variable Settings -ErrorAction SilentlyContinue |
|||
$Settings = Import-Csv -Path $CsvPath |
|||
} |
|||
#Set HP BIOS settings - password is set |
|||
if($PasswordCheck -eq 1) |
|||
{ |
|||
if($CsvPath) |
|||
{ |
|||
ForEach($Setting in $Settings){ |
|||
Set-HPBiosSetting -Name $Setting.Name -Value $Setting.Value -Password $SetupPassword |
|||
} |
|||
} |
|||
else |
|||
{ |
|||
ForEach($Setting in $Settings){ |
|||
$Data = $Setting.Split(',') |
|||
Set-HPBiosSetting -Name $Data[0].Trim() -Value $Data[1].Trim() -Password $SetupPassword |
|||
} |
|||
} |
|||
} |
|||
#Set HP BIOS settings - password is not set |
|||
else |
|||
{ |
|||
if($CsvPath) |
|||
{ |
|||
ForEach($Setting in $Settings){ |
|||
Set-HPBiosSetting -Name $Setting.Name -Value $Setting.Value |
|||
} |
|||
} |
|||
else |
|||
{ |
|||
ForEach($Setting in $Settings){ |
|||
$Data = $Setting.Split(',') |
|||
Set-HPBiosSetting -Name $Data[0].Trim() -Value $Data[1].Trim() |
|||
} |
|||
} |
|||
} |
|||
} |
|||
|
|||
#Display results |
|||
if($SetSettings) |
|||
{ |
|||
Write-Output "$AlreadySet settings already set correctly" |
|||
Write-LogEntry -Value "$AlreadySet settings already set correctly" -Severity 1 |
|||
Write-Output "$SuccessSet settings successfully set" |
|||
Write-LogEntry -Value "$SuccessSet settings successfully set" -Severity 1 |
|||
Write-Output "$FailSet settings failed to set" |
|||
Write-LogEntry -Value "$FailSet settings failed to set" -Severity 3 |
|||
Write-Output "$NotFound settings not found" |
|||
Write-LogEntry -Value "$NotFound settings not found" -Severity 2 |
|||
} |
|||
Write-Output "HP BIOS settings Management completed. Check the log file for more information" |
|||
Write-LogEntry -Value "END - HP BIOS settings management script" -Severity 1 |
@ -0,0 +1,61 @@ |
|||
Name,Value |
|||
After Power Loss,Off |
|||
Deep S3,Off |
|||
Deep Sleep,Off |
|||
Power state after power loss,Power Off |
|||
S4/S5 Max Power Savings,Disable |
|||
S5 Maximum Power Savings,Disable |
|||
Wake unit from sleep when lid is opened,Enable |
|||
Wake unit from sleep when lid is opened,Enabled |
|||
Wake when Lid is Opened,Enable |
|||
Audio Alerts During Boot,Enable |
|||
Audio Device,Enable |
|||
Fingerprint Device,Disable |
|||
Integrated Audio,Enable |
|||
Integrated Camera,Enable |
|||
Integrated Microphone,Enable |
|||
Internal speaker,Enable |
|||
Internal speakers,Enable |
|||
Microphone,Enable |
|||
Num Lock State at Power-On,Off |
|||
NumLock on at boot,Off |
|||
NumLock on at boot,Disable |
|||
Numlock state at boot,Off |
|||
System Audio,Device available |
|||
Intel VT for Directed I/O (VT-d),Enable |
|||
Intel(R) VT-d,Enable |
|||
Virtualization Technology,Enable |
|||
Virtualization Technology (VTx),Enable |
|||
Virtualization Technology (VT-x),Enable |
|||
Virtualization Technology (VTx/VTd),Enable |
|||
Virtualization Technology Directed I/O (VTd),Enable |
|||
Virtualization Technology Directed I/O (VT-d2),Enable |
|||
Virtualization Technology for Directed I/O,Enable |
|||
Virtualization Technology for Directed I/O (VTd),Enable |
|||
Password prompt on F9 & F12,Enable |
|||
Password prompt on F9 F11 & F12,Enable |
|||
Prompt for Admin password on F9 (Boot Menu),Enable |
|||
Prompt for Admin password on F11 (System Recovery),Enable |
|||
Prompt for Admin password on F12 (Network Boot),Enable |
|||
Network (PXE) Boot,Enable |
|||
Network (PXE) Boot Configuration,IPv4 Before IPv6 |
|||
Network Boot,Enable |
|||
Network Service Boot,Enable |
|||
PXE Internal IPV4 NIC boot,Enable |
|||
PXE Internal IPV6 NIC boot,Enable |
|||
PXE Internal NIC boot,Enable |
|||
Remote Wakeup Boot Source,Local Hard Drive |
|||
S4/S5 Wake on LAN,Enable |
|||
S5 Wake on LAN,Enable |
|||
S5 Wake On LAN,Boot to Hard Drive |
|||
Wake on LAN,Follow Boot Order |
|||
Wake On LAN,Boot to Hard Drive |
|||
Wake on LAN on DC mode,Enable |
|||
Wake on LAN on DC mode,Enabled |
|||
Wake on WLAN,Enable |
|||
Fast Boot,Enable |
|||
LAN / WLAN Auto Switching,Enabled |
|||
LAN / WLAN Auto Switching,Enable |
|||
LAN/WLAN Switching,Enable |
|||
Swap Fn and Ctrl (Keys),Disable |
|||
Swap Fn and Ctrl (Keys),Disabled |
@ -0,0 +1,14 @@ |
|||
Name,Value |
|||
Boot Mode,UEFI Native (Without CSM) |
|||
Configure Option ROM Launch Policy,All UEFI |
|||
Legacy Boot Options,Disable |
|||
Legacy Support,Disable |
|||
PXE Option ROMs,UEFI Only |
|||
Storage Option ROMs,UEFI Only |
|||
UEFI Boot Mode,Enable |
|||
UEFI Boot Options,Enable |
|||
Video Option ROMs,UEFI Only |
|||
Configure Legacy Support and Secure Boot,Legacy Support Disable and Secure Boot Enable |
|||
Configure Legacy Support and Secure Boot,Disable Legacy Support and Enable Secure Boot |
|||
Secure Boot,Enable |
|||
SecureBoot,Enable |
@ -0,0 +1,19 @@ |
|||
Name,Value |
|||
Embedded Security Device,Device available |
|||
Embedded Security Device Availability,Available |
|||
OS management of Embedded Security Device,Enable |
|||
OS Management of TPM,Enable |
|||
Reset of Embedded Security Device through OS,Enable |
|||
Reset of TPM from OS,Enable |
|||
TPM Device,Available |
|||
TPM State,Enable |
|||
Activate Embedded Security On Next Boot,Enable |
|||
Activate TPM On Next Boot,Enable |
|||
Embedded Security Activation Policy,No prompts |
|||
TPM Activation Policy,No prompts |
|||
Clear TPM,No |
|||
TPM Clear,Do not Clear |
|||
Physical Presence Interface,Disable |
|||
Tpm No PPI maintenance,Enable |
|||
Tpm No PPI provisioning,Enable |
|||
Tpm PPI policy changed by OS allowed,Enable |
@ -0,0 +1,104 @@ |
|||
#Power Settings |
|||
"After Power Loss;Off", #Off,On,Previous State |
|||
"Deep S3;Off", #Off,On,Auto |
|||
"Deep Sleep;Off", #Off,On,Auto |
|||
"Power state after power loss;Power Off", #Power On,Power Off,Previous State |
|||
"S4/S5 Max Power Savings;Disable", #Disable,Enable |
|||
"S5 Maximum Power Savings;Disable", #Disable,Enable |
|||
"Wake unit from sleep when lid is opened;Enable", #Disable,Enable |
|||
"Wake unit from sleep when lid is opened;Enabled", #Disabled,Enabled |
|||
"Wake when Lid is Opened;Enable", #Disable,Enable |
|||
#Integrated Device Settings |
|||
"Audio Alerts During Boot;Enable", #Disable,Enable |
|||
"Audio Device;Enable", #Disable,Enable |
|||
"Fingerprint Device;Disable", #Disable,Enable |
|||
"Integrated Audio;Enable", #Disable,Enable |
|||
"Integrated Camera;Enable", #Disable,Enable |
|||
"Integrated Microphone;Enable", #Disable,Enable |
|||
"Internal speaker;Enable", #Disable,Enable |
|||
"Internal speakers;Enable", #Disable,Enable |
|||
"Microphone;Enable", #Disable,Enable |
|||
"Num Lock State at Power-On;Off", #Off,On |
|||
"NumLock on at boot;Off", #On,Off |
|||
"NumLock on at boot;Disable", #Disable,Enable |
|||
"Numlock state at boot;Off", #On,Off |
|||
"System Audio;Device available", #Device available,Device hidden |
|||
#Virtualization Settings |
|||
"Intel VT for Directed I/O (VT-d);Enable", #Disable,Enable |
|||
"Intel(R) VT-d;Enable", #Disable,Enable |
|||
"Virtualization Technology;Enable", #Disable,Enable,Reset to default |
|||
"Virtualization Technology (VTx);Enable", #Disable,Enable,Reset to default |
|||
"Virtualization Technology (VT-x);Enable", #Disable,Enable |
|||
"Virtualization Technology (VTx/VTd);Enable", #Disable,Enable |
|||
"Virtualization Technology Directed I/O (VTd);Enable", #Disable,Enable |
|||
"Virtualization Technology Directed I/O (VT-d2);Enable", #Disable,Enable |
|||
"Virtualization Technology for Directed I/O;Enable", #Disable,Enable,Reset to default |
|||
"Virtualization Technology for Directed I/O (VTd);Enable", #Disable,Enable,Reset to default |
|||
#Security Settings |
|||
"Password prompt on F9 & F12;Enable", #Enable,Disable |
|||
"Password prompt on F9 F11 & F12;Enable", #Enable,Disable |
|||
"Prompt for Admin password on F9 (Boot Menu);Enable", #Disable,Enable |
|||
"Prompt for Admin password on F11 (System Recovery);Enable", #Disable,Enable |
|||
"Prompt for Admin password on F12 (Network Boot);Enable", #Disable,Enable |
|||
#PXE Boot Settings |
|||
"Network (PXE) Boot;Enable", #Disable,Enable |
|||
"Network (PXE) Boot Configuration;IPv4 Before IPv6", #IPv4 Before IPv6,IPv6 Before IPv4,IPv4 Disabled,IPv6 Disabled |
|||
"Network Boot;Enable", #Disable,Enable |
|||
"Network Service Boot;Enable", #Disable,Enable |
|||
"PXE Internal IPV4 NIC boot;Enable", #Disable,Enable |
|||
"PXE Internal IPV6 NIC boot;Enable", #Disable,Enable |
|||
"PXE Internal NIC boot;Enable", #Disable,Enable |
|||
#Wake on LAN Settings |
|||
"Remote Wakeup Boot Source;Local Hard Drive", #Remote Server,Local Hard Drive |
|||
"S4/S5 Wake on LAN;Enable", #Disable,Enable |
|||
"S5 Wake on LAN;Enable", #Enable,Disable |
|||
"S5 Wake On LAN;Boot to Hard Drive", #Disable,Boot to Network,Boot to Hard Drive |
|||
"Wake on LAN;Follow Boot Order", #Disable,Boot to Network,Follow Boot Order |
|||
"Wake On LAN;Boot to Hard Drive", #Disabled,Boot to Network,Boot to Hard Drive,Boot to Normal Boot Order |
|||
"Wake on LAN on DC mode;Enable", #Disable,Enable |
|||
"Wake on LAN on DC mode;Enabled", #Disabled,Enabled |
|||
"Wake on WLAN;Enable", #Disable,Enable |
|||
#Other Settings |
|||
"Fast Boot;Enable", #Disable,Enable |
|||
"LAN / WLAN Auto Switching;Enabled", #Disabled,Enabled |
|||
"LAN / WLAN Auto Switching;Enable", #Disable,Enable |
|||
"LAN/WLAN Switching;Enable", #Disable,Enable |
|||
"Swap Fn and Ctrl (Keys);Disable", #Disable,Enable |
|||
"Swap Fn and Ctrl (Keys);Disabled", #Disabled,Enabled |
|||
#Enable TPM |
|||
"Embedded Security Device;Device available", #Device hidden,Device available |
|||
"Embedded Security Device Availability;Available", #Available,Hidden |
|||
"OS management of Embedded Security Device;Enable", #Enable,Disable |
|||
"OS Management of TPM;Enable", #Disable,Enable |
|||
"Reset of Embedded Security Device through OS;Enable", #Disable,Enable |
|||
"Reset of TPM from OS;Enable", #Disable,Enable |
|||
"TPM Device;Available", #Hidden,Available |
|||
"TPM State;Enable", #Disable,Enable |
|||
#Activate TPM |
|||
"Activate Embedded Security On Next Boot;Enable", #Disable,Enable |
|||
"Activate TPM On Next Boot;Enable", #Disable,Enable |
|||
"Embedded Security Activation Policy;No prompts", #F1 to Boot,Allow user to reject,No prompts |
|||
"TPM Activation Policy;No prompts", #F1 to Boot,Allow user to reject,No prompts |
|||
#Clear TPM |
|||
"Clear TPM;No", #No,On next boot |
|||
"TPM Clear;Do not Clear", #Do not Clear,Clear |
|||
#Physical Presence Interface Settings |
|||
"Physical Presence Interface;Disable", #Disable,Enable |
|||
"Tpm No PPI maintenance;Enable", #Disable,Enable |
|||
"Tpm No PPI provisioning;Enable", #Disable,Enable |
|||
"Tpm PPI policy changed by OS allowed;Enable", #Disable,Enable |
|||
#Enable UEFI Support |
|||
"Boot Mode;UEFI Native (Without CSM)", #Legacy,UEFI Hybrid (With CSM),UEFI Native (Without CSM) |
|||
"Configure Option ROM Launch Policy;All UEFI", #All Legacy,All UEFI,All UEFI Except Video |
|||
"Legacy Boot Options;Disable", #Disable,Enable |
|||
"Legacy Support;Disable", #Disable,Enable |
|||
"PXE Option ROMs;UEFI Only", #Do Not Launch,UEFI Only,Legacy Only |
|||
"Storage Option ROMs;UEFI Only", #Do Not Launch,UEFI Only,Legacy Only |
|||
"UEFI Boot Mode;Enable", #Disable,Enable |
|||
"UEFI Boot Options;Enable", #Disable,Enable |
|||
"Video Option ROMs;UEFI Only", #Legacy Only,UEFI Only |
|||
#Enable Secure Boot |
|||
"Configure Legacy Support and Secure Boot;Legacy Support Disable and Secure Boot Enable", #Legacy Support Enable and Secure Boot Disable,Legacy Support Disable and Secure Boot Enable,Legacy Support Disable and Secure Boot Disable |
|||
"Configure Legacy Support and Secure Boot;Disable Legacy Support and Enable Secure Boot", #Enable Legacy Support and Disable Secure Boot,Disable Legacy Support and Enable Secure Boot,Disable Legacy Support and Disable Secure Boot |
|||
"Secure Boot;Enable", #Disable,Enable |
|||
"SecureBoot;Enable" #Disable,Enable |
@ -0,0 +1,29 @@ |
|||
# Define the character set, password length, and the file to save tried combinations |
|||
$charset = "abc" |
|||
$passLength = 3 |
|||
$TriedCombinationsFile = ".\tried_combinations.txt" |
|||
|
|||
# Function to generate all combinations |
|||
function Generate-Combinations($charset, $length) { |
|||
# Your combination generation logic here |
|||
} |
|||
|
|||
# Load tried combinations into memory |
|||
$triedCombinations = @{} |
|||
if (Test-Path $TriedCombinationsFile) { |
|||
Get-Content $TriedCombinationsFile | ForEach-Object { $triedCombinations[$_] = $true } |
|||
} |
|||
|
|||
# Attempt to clear the BIOS password with all combinations, skipping tried ones |
|||
Generate-Combinations $charset $passLength | ForEach-Object { |
|||
$password = $_ |
|||
if (-not $triedCombinations.ContainsKey($password)) { |
|||
Write-Output "Trying password: $password" |
|||
|
|||
# Attempt to clear the BIOS password using the current password |
|||
& "C:\Path\To\Manage-HPBiosPasswords.ps1" -SetupClear -OldSetupPassword $password |
|||
|
|||
# Add password to tried combinations and save to file |
|||
$password | Add-Content $TriedCombinationsFile |
|||
} |
|||
} |
@ -0,0 +1,20 @@ |
|||
# Define the path to the original and local password list file |
|||
$OriginalPasswordListFile = "C:\Path\To\passwordlist.txt" |
|||
$LocalPasswordListFile = ".\passwordlist_local.txt" |
|||
|
|||
# Copy the original password list to the local directory if it doesn't exist |
|||
if (-not (Test-Path $LocalPasswordListFile)) { |
|||
Copy-Item $OriginalPasswordListFile $LocalPasswordListFile |
|||
} |
|||
|
|||
# Read and attempt each password, then remove it from the local list |
|||
Get-Content $LocalPasswordListFile | ForEach-Object { |
|||
$password = $_ |
|||
Write-Output "Trying password: $password" |
|||
|
|||
# Attempt to clear the BIOS password using the current password |
|||
& "C:\Path\To\Manage-HPBiosPasswords.ps1" -SetupClear -OldSetupPassword $password |
|||
|
|||
# Remove the tried password from the local list |
|||
(Get-Content $LocalPasswordListFile) | Where-Object { $_ -ne $password } | Set-Content $LocalPasswordListFile |
|||
} |
Write
Preview
Loading…
Cancel
Save
Reference in new issue