Set BIOS settings with a Compliance Baseline in ConfigMgr

Thursday, 28 March 2019

Set BIOS settings with a Compliance Baseline in ConfigMgr

In this blog I want to share with you how you can check and set BIOS settings using a Compliance Baseline in ConfigMgr. The PowerShell scripts for discovery and remediation in this blog can be used on HP, Dell or Lenovo systems.

For HP and Lenovo, you can use WMI to check or set BIOS settings. For Dell you should use the Dell BIOS Provider tool (latest version). The Dell BIOS Provider tool must be “installed” on the system before you can check or set BIOS settings on Dell systems.

You can use these links to install the Dell BIOS provider tool in your environment:

  1. https://www.dell.com/support/article/nl/nl/nldhs1/sln311262/dell-command-powershell-provider?lang=en
  2. https://www.powershellgallery.com/packages/DellBIOSProvider/2.1.0

In this example I will set the “Virtualization Technology (VTx)” to “enabled” in the BIOS on a HP system using a Configuration Item.

The following PowerShell scripts are used for discovery and remediation:

Example for Discovery:

Hewlett Packard (HP)

Discovery Hewlett Packard HP


Discovery Dell


Discovery Lenovo

Example for Remediation:

Hewlett Packard (HP)

Remediation Hewlett


Remediation Dell


Remediation Lenovo

Advise: Create for every BIOS setting a new Configuration Item. Add every Configuration Item (BIOS setting to check) to a Compliance Baseline. A Compliance Baseline can contain more than one Configuration Item (BIOS settings to check).

How to create a Configuration Item to check and remediate a BIOS setting:

  • Create a new Configuration Item using the Create Configuration Item Wizard. Give the Configuration Item a name and description (if desired). Example: HP BIOS Virtualization Technology (VTx) Enabled
  • Select: Windows Desktops and Servers (custom)
  • Click Next
  • Select only Windows 10 (or another platform)
  • Click Next
  • On Settings Tab, click New
  • On the General Tab of the Create Settings page, type a Name and Description (if desired). Example: Intel(R) Virtualization Technology

Create settings

  • Change the Setting type to: Script
  • Set the Data type to: Booloan
  • Click Add Script (Discovery script)

Discovery script

  • Select script language: Windows Powershell
  • Copy the Discovery Script above for HP, Dell or Lenovo
  • Click OK
  • Click Add Script (Remediation script optional)

Remediation script

  • Select script language: Windows Powershell
  • Copy the Remediation Script above for HP, Dell or Lenovo
  • Click OK
  • Click the Compliance Tab

Compliance rules

  • Type a Name and Description (if desired). Example Virtualization Technology
  • Select Rule type: Value
  • Select The value returned by the specified script: Equals True

The value returned

  • Select: Run the specified remediation script when this setting is noncompliant
  • Select: Report noncompliance if this setting instance is not found

Run Report

  • Click OK
  • Click OK
  • Click Next
  • Click Next
  • Click Next
  • Click Close

Add this Configuration Item to a Compliance Baseline and deploy the Compliance Baseline to a HP, Dell or Lenovo device collection. The final result is the “Virtualization Technology (VTx)” setting is enabled in the system BIOS. Depending on the deployment it will check every time and remediate if non-compliant.

Base Image Script Framework (BIS-F) – Version 6.1.0 build 01.101

the perfect way to seal your Base Image

by Matthias Schlimm, March 2018

The Base Image Script Framework (BIS-F) is the perfect way to seal your Base Image. Whatever your environment has run Citrix XenApp, Citrix XenDesktop with PVS or MCS,  Citrix AppLayering, VMware Horizon View, you must prepare your Base Image before you can distribute this Image to multiple devices. If you install your Base Image from scratch or update them with new software, for the sealing process of your Base Image run this framework (preparation), it makes it also unique if you booting up your cloned device (personalization).

Using Login PI to monitor DaaS provider

Wednesday, 13 May 2015

By Chris van Werkhoven

For a very long time, SCOM (sometimes extended with third-party plugins) is being used as datacenter management system in SBC and VDI environments. With mixed results, because when all individual items like CPU, memory and IO queues are giving a green light, it doesn't mean that the end-user will have a good user experience. And in particular user experience is the cause of many helpdesk calls.

Cookies make it easier for us to provide you with our services. With the usage of our services you permit us to use cookies.
More information Ok