Menu
CCMEXEC.COM – Enterprise Mobility
  • General
  • Configuration Manager
  • Windows 10
  • Windows 11
  • Intune
  • GitHub
  • About
CCMEXEC.COM – Enterprise Mobility

Configuring Dell BIOS Settings using Intune Win32App and PowerShell

Posted on September 24, 2019September 24, 2019 by Jörgen Nilsson

By my Padawan and co-worker Sassan.
This is a quick post about the possibility to manage and configure some BIOS settings on Dell computers using Intune and Win32 apps. In this example we’re going to set an BIOS/admin password, but this could of course be expanded to configure other settings that are available through the DellBIOSProvider – https://www.dell.com/support/article/se/sv/sebsdt1/sln311262/dell-command-powershell-provider?lang=en
Note: The Dell PowerShell Provider requires platforms supporting WMI-ACPI BIOS

Mike Terrill posted a great article about using Dell’s PowerShell Provider with ConfigMgr which you can find here: https://miketerrill.net/2016/10/23/how-to-deploy-dell-command-powershell-provider-with-configmgr/

Gary Blok also made a great followup post to Mike’s that you can find here: https://garytown.com/dell-powershell-provider-install-w-configmgr

And while we’re at it, another big thank you and credit to Scott Ladewig and his post about the Visual C++ 2015 requriement for Dell’s PowerShell Provider 2.0 that you can find here: https://www.ladewig.com/dell-powershell-provider-2-0-requires-visual-c-2015/

I ran into a problem trying to import the DellBiosProvider module in the script:

Import Module : Could not load file or assembly ‘DSMBLibWrapper.dll’ or one of its dependencies. The specified module could not be found.

Dell have KB artible about this – https://www.dell.com/support/article/se/sv/sebsdt1/sln308274/dell-command-powershell-provider-is-not-working-properly-or-can-t-be-imported-into-powershell-correctly?lang=en.

That article states that Visual C++ 2010 and 2012 redistruables are needed, which is correct for version 1.x of the DellBIOSProvider module if I’ve understood it correctly. But for version 2.x the requirement is Visual C++ 2015, which Scott’s blogpost points out. He also points out that as you’re not able to install the C++ redistruabables in WinPE, you can get away with just droppiing some of the DLL files in the DellBIOSProvider module folder. Armed with that info, I tested it out and it worked perfectlly in my tests. So instead of packaging the Visual C++ reditruable as it’s own Win32 app and making it a dependecy to the main app, which one could argue is the correct way to do it – I opted for the lazy way of doing it. 😊

Let’s start fetching the files needed for the package. In this example I’ll be using E:\Intune_DellSmBios as my work folder with two sub folders named source and output.

Step 1
Download the DellBIOSProvider module to a folder. Either download it manually the Dell site or with PowerShell:

Save-Module -Name DellBIOSProvider -Path E:\Intune_DellSmBios\source

Step 2
Armed with the info from Scott’s blog about the DLL files, I installed the latest Visual C++ 2015-2019 bundle on a testmachine and copied out the DLL files below into the DellBIOSProvider folder in step 1.  You can download the latest VC++ 2015-2019 bundle from here:

https://support.microsoft.com/en-us/help/2977003/the-latest-supported-visual-c-downloads

After installing the bundle, copy the following DLL files from C:\Windows\System32 to the DellBIOSProvider folder:

msvcp140.dll
msvcr120.dll
vcruntime140.dll

Step 3
Final part of the package is the script(s) that does the actual configuration – which is configuring the BIOS admin password in this case. This script works as-is but should be seen as a starting point or proof of concept that should be modified to fit your needs.

Some notes on the script:

$NewPassword = "SecretPassword" 
$OldPassword = "OldSecret"
$DetectionRegPath = "HKLM:\SOFTWARE\Onevinn\Intune\DellBIOSProvider"
$DetectionRegName = "PasswordSet"

$NewPassword – The password we want to set
$OldPassword – The password that is already set and that we want to change from – if applicable
$DetectionRegPath – Registry key that will be created and that will be used for detection method
$DetectionRegName – Name of the registry DWORD that will be set, used as detection method

The first variables obviously needs to be changed to fo the environment. $OldPassword will only actually be used if a BIOS/admin password already is set on the computer.

The Detection variables can be changed to fit your needs, their purpose is to create a regsitry value to use as a detection method if  and when the script has completed successfully.

Passwords in clear text is obviously not great but hardcoding them in the script and deploying it as a Win32 app in this case will at least not show the password in any log files on the clients or in the Intune portal. Ideally the password would be read from a secure vault of some sorts.


Step 4
Save or copy the script to the source folder, in my case: E:\Intune_DellSmBios\source.

Step 5
Download the Microsoft Win32 Content Prep Tool from https://github.com/Microsoft/Microsoft-Win32-Content-Prep-Tool if you haven’t already. Run the tool with the correct paths to create the -.intunewin file.

We should now have a .intunewin file named the same as what was entered as “setup file” in the previous step.

All that’s left now is to create the Win32 app and deploy it to our test user/device. When creating the Win32 app, make sure to use sysnative in the path of the install command. In my case the install command is: C:\Windows\Sysnative\WindowsPowerShell\v1.0\powershell.exe -noprofile -executionpolicy Bypass -file .\DellSmBios-SetAdminPass.ps1. I’m also not using a separate uninstall script/command in this example so I’m just using the same command for both install and uninstall, you can of course change this to whatever fits your scenario.

In the Detection rules pane we will configure a manual detection rule type based on the registry key and value name that we specified in the script. SO in this example that is:

Key path: Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Onevinn\Intune\DellBIOSProvider
Value name: PasswordSet
Detection method: Integer comparison
Operator: Equals
Value: 1

After that we’re done, and we can assign the Win32 app as soon as the file has been uploaded.
To verify we can verify that the  detection rule is there and we also have the transcript/log file in C:\Windows\Temp.

The whole script:

$NewPassword = "eKlient2"
$OldPassword = "eKlient1"
$DetectionRegPath = "HKLM:\SOFTWARE\Onevinn\Intune\DellBIOSProvider"
$DetectionRegName = "PasswordSet"

Start-Transcript -Path "$env:TEMP\$($(Split-Path $PSCommandPath -Leaf).ToLower().Replace(".ps1",".log"))" | Out-Null

if (-not (Test-Path -Path $DetectionRegPath)) {
    New-Item -Path $DetectionRegPath -Force | Out-Null
}

if (Test-Path -Path "$env:ProgramFiles\WindowsPowerShell\Modules\DellBIOSProvider") {
    Write-Output "DellBIOSProvider folder already exists @ $env:ProgramFiles\WindowsPowerShell\Modules\DellBIOSProvider."
    Write-Output "Deleting the folder..."
    Remove-Item -Path "$env:ProgramFiles\WindowsPowerShell\Modules\DellBIOSProvider" -Recurse -Force
}

Write-Output "Copying DellBIOSProvider module to: $env:ProgramFiles\WindowsPowerShell\Modules\DellBIOSProvider" 
Copy-Item -Path "$PSScriptRoot\DellBIOSProvider\" -Destination "$env:ProgramFiles\WindowsPowerShell\Modules\DellBIOSProvider" -Recurse -Force

try {
    Import-Module "DellBIOSProvider" -Force -Verbose -ErrorAction Stop
}
catch {
    Write-Output "Error importing module: $_"
    exit 1
}

$IsAdminPassSet = (Get-Item -Path DellSmbios:\Security\IsAdminPasswordSet).CurrentValue

if ($IsAdminPassSet -eq $false) {
    Write-Output "Admin password is not set at this moment, will try to set it."
    Set-Item -Path DellSmbios:\Security\AdminPassword "$NewPassword"
    if ( (Get-Item -Path DellSmbios:\Security\IsAdminPasswordSet).CurrentValue -eq $true ){
        Write-Output "Admin password has now been set."
        New-ItemProperty -Path "$DetectionRegPath" -Name "$DetectionRegName" -Value 1 | Out-Null
    }
}
else {
    Write-Output "Admin password is already set"
    if ($null -eq $OldPassword) {
        Write-Output "`$OldPassword variable has not been specified, will not attempt to change admin password"

    }
    else {
        Write-Output "`$OldPassword variable has been specified, will try to change the admin password"
        Set-Item -Path DellSmbios:\Security\AdminPassword "$NewPassword" -Password "$OldPassword"
        New-ItemProperty -Path "$DetectionRegPath" -Name "$DetectionRegName" -Value 1 | Out-Null
    }
}

Stop-Transcript

Setting the password is important because knowing the password is a requirement for all future BIOS modifications we need to do in the future, it is of course also a security concern so it should be password protected.

8 thoughts on “Configuring Dell BIOS Settings using Intune Win32App and PowerShell”

  1. Mark Buxton Burns says:
    June 9, 2020 at 5:29 pm

    Great wee script

    Reply
  2. Fredrik says:
    September 30, 2020 at 3:42 pm

    Great guide but i had some problems with it.
    I was scratching my head for a while until i found the problem.

    C:\Windows\Sysnative\WindowsPowerShell\v1.0\powershell.exe -noprofile -executionpolicy Bypass -file .\DellSmBios-SetAdminPass.ps1

    Should be :
    “C:\Windows\Sysnative\WindowsPowerShell\v1.0\powershell.exe” -noprofile -executionpolicy Bypass -file .\DellSmBios-SetAdminPass.ps1

    Reply
  3. Pingback: Windows AutoPilot Feasibility | Me, Myself and IT
  4. mark says:
    February 22, 2023 at 2:38 pm

    Is there an updated version of this, as this one no longer works

    Reply
    1. Jörgen Nilsson says:
      February 25, 2023 at 3:01 pm

      Hi, I will look at it when time allows. thanks for the headsup.
      Regards,
      Jörgen

      Reply
    2. Tim says:
      March 13, 2023 at 10:28 am

      Why is it not working for you anymore? Working fine on my end. Only issue I have is that in some cases it will stop Intune AutoPilot with a generic fault code.

      Reply
  5. Justin says:
    March 24, 2023 at 5:22 pm

    Getting a failed error(The system cannot find the file specified. (0x80070002)) in intune when I try to deploy this in our Gov cloud environment

    Reply
  6. Louie Yeung says:
    July 10, 2024 at 3:08 am

    Run the script manually and it set the Admin Password successfully. However, when get into the BIOS, the Admin Password UNLOCK is greyed out and can’t unlock and make any changes. Any idea how to resolve it?

    Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

My name is Jörgen Nilsson and I work as a Senior Consultant at Onevinn in Malmö, Sweden. This is my blog where I will share tips and stuff for my own and everyone elses use on Enterprise Mobility and Windows related topics.
All code is provided "AS-IS" with no warranties.

Recent Posts

  • MMUGSE – Meetup October 24 2026
  • Windows 365 Link – a week and some
  • Prevent software installations disguised as drivers
  • Tip when troubleshooting unexpected reboots during Autopilot – event ID 2800
  • New settings in Intune Security Baseline Windows 11 24H2 -2504
©2025 CCMEXEC.COM – Enterprise Mobility | WordPress Theme by Superb Themes
This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish.Accept Reject Read More
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT