Showing results for 
Search instead for 
Do you mean 
Reply
Paper Tape
Posts: 3
Registered: ‎04-07-2012
Location: slovakia
Message 1 of 5 (3,017 Views)

M700/900 - Set Admin BIOS password from SCCM2012

[ Edited ]

Hi all

 

i want to set BIOS admin password in deployment from SCCM2012.

I find some clue I don't set password from windows when it is clear (from factory).

We have 5000PC M700/900 don't tell me we need manualy set password on all PC ...

 

thnx for help

 

 

Mod:  edited title to add system type

Community SuperMod
Posts: 4,935
Registered: ‎06-26-2008
Location: US
Message 2 of 5 (2,975 Views)

Re: M700/900 - Set Admin BIOS password from SCCM2012

Good day.

 

This question comes up fom time to time.

There are threads that discuss the issue, but IIRC an *initial* BIOS Supervisor password cannot be set by script. It requires physical presence for security purposes. Once a password is set, only then it can be changed by script.

 

If I've misspoken, or this has recently changed, I hope that more info will be provided by the folks who post in this forum regularly.

 

Regards.


Community GuidelinesSearchPrivate MessagingENDEESPTRUMoto
PM requests for individual support are not answered. If a post solves your issue, please mark it so.
X1Carbon3 X1Tablet2 Helix1 X220 X301 X200T T61p T60p TPStack Yoga910 Yoga900S
TPYoga12 T520 T420 T510 T400 R400 T61 Yoga900 Yoga3Pro Yoga2Pro Yoga13

I am not a Lenovo employee

Lenovo Staff
Posts: 761
Registered: ‎01-16-2010
Location: US
Message 3 of 5 (2,950 Views)

Re: M700/900 - Set Admin BIOS password from SCCM2012

As sarbin mentioned it is not possible to set a Supervisor password on a system where one does not exist using scripts under Windows.  Our supervisor password is not a trivial password which can easily be circumvented so you would not want it to be easily set without your knowing it.  This is why we require the additional precaution of physical presence to the machine to set it.

 

Understanding that it would be a difficult task to manually enter a strong supervisor password on 5k machines, we do provide another way of doing it in a more automated fashion.  From the download page for your system's BIOS you can find some BIOS settings tools:  

 

http://support.lenovo.com/us/en/products/Desktops-and-all-in-ones/ThinkCentre-M-Series-desktops/Thin...

 

The Windows BIOS setting tool is a self-extracting executable that includes a utility called "srdos.exe".  As its name implies it is a DOS executable.  As such it requires the system to be booted to an external device such as a USB key which has been configured to be DOS bootable.  This satisfies the physical presence requirement.  You can use a tool such as Rufus (google it) to create such a key.

 

Note:  The Windows version of this tool (srwin.exe) does not support setting a supervisor password.

 

You can run srdos.exe from a batch file on that key with a command line that sets a supervisor password.  This will circumvent the need to type in the password manually so you can have better success with strong passwords.  Since we cannot support blasting out a supervisor password to remote machines at this time, this is probably the best alternative.

Paper Tape
Posts: 4
Registered: ‎07-25-2016
Location: SK
Message 4 of 5 (2,779 Views)

Re: M700/900 - Set Admin BIOS password from SCCM2012

LOL so now i must create DOS USB key and go to everyone PC a boot from USB ???

THS IS HORRIBLE !!!

Fanfold Paper
Posts: 6
Registered: ‎08-08-2016
Location: US
Message 5 of 5 (2,669 Views)

Re: M700/900 - Set Admin BIOS password from SCCM2012

Lenovo has BIOS services, where they can configure an inital BIOS password. My issue is, the password must be set in order to turn on DeviceGuard in Windows 10.

Top kudoed Authors