logo

parallax-small

Set BIOS settings with a Compliance Baseline in ConfigMgr

Thursday, 28 March 2019

In this blog I want to share with you how you can check and set BIOS settings using a Compliance Baseline in ConfigMgr. The PowerShell scripts for discovery and remediation in this blog can be used on HP, Dell or Lenovo systems.

For HP and Lenovo, you can use WMI to check or set BIOS settings. For Dell you should use the Dell BIOS Provider tool (latest version). The Dell BIOS Provider tool must be “installed” on the system before you can check or set BIOS settings on Dell systems.

You can use these links to install the Dell BIOS provider tool in your environment:

  1. https://www.dell.com/support/article/nl/nl/nldhs1/sln311262/dell-command-powershell-provider?lang=en
  2. https://www.powershellgallery.com/packages/DellBIOSProvider/2.1.0

In this example I will set the “Virtualization Technology (VTx)” to “enabled” in the BIOS on a HP system using a Configuration Item.

The following PowerShell scripts are used for discovery and remediation:

Example for Discovery:

Hewlett Packard (HP)

Discovery Hewlett Packard HP

Dell

Discovery Dell

Lenovo

Discovery Lenovo

Example for Remediation:

Hewlett Packard (HP)

Remediation Hewlett

Dell

Remediation Dell

Lenovo

Remediation Lenovo

Advise: Create for every BIOS setting a new Configuration Item. Add every Configuration Item (BIOS setting to check) to a Compliance Baseline. A Compliance Baseline can contain more than one Configuration Item (BIOS settings to check).

How to create a Configuration Item to check and remediate a BIOS setting:

  • Create a new Configuration Item using the Create Configuration Item Wizard. Give the Configuration Item a name and description (if desired). Example: HP BIOS Virtualization Technology (VTx) Enabled
  • Select: Windows Desktops and Servers (custom)
  • Click Next
  • Select only Windows 10 (or another platform)
  • Click Next
  • On Settings Tab, click New
  • On the General Tab of the Create Settings page, type a Name and Description (if desired). Example: Intel(R) Virtualization Technology

Create settings

  • Change the Setting type to: Script
  • Set the Data type to: Booloan
  • Click Add Script (Discovery script)

Discovery script

  • Select script language: Windows Powershell
  • Copy the Discovery Script above for HP, Dell or Lenovo
  • Click OK
  • Click Add Script (Remediation script optional)

Remediation script

  • Select script language: Windows Powershell
  • Copy the Remediation Script above for HP, Dell or Lenovo
  • Click OK
  • Click the Compliance Tab

Compliance rules

  • Type a Name and Description (if desired). Example Virtualization Technology
  • Select Rule type: Value
  • Select The value returned by the specified script: Equals True

The value returned

  • Select: Run the specified remediation script when this setting is noncompliant
  • Select: Report noncompliance if this setting instance is not found

Run Report

  • Click OK
  • Click OK
  • Click Next
  • Click Next
  • Click Next
  • Click Close

Add this Configuration Item to a Compliance Baseline and deploy the Compliance Baseline to a HP, Dell or Lenovo device collection. The final result is the “Virtualization Technology (VTx)” setting is enabled in the system BIOS. Depending on the deployment it will check every time and remediate if non-compliant.

Cookies make it easier for us to provide you with our services. With the usage of our services you permit us to use cookies.
More information Ok