Niketalk is it possible to push a BIOS change (password protect + boot order) remotely or through Ac

datznasty

datznasty

21,750
15,780
Joined
May 25, 2001
Security inspections are coming up and we are in violation, and I don't want to have to go to every single computer and ask the user to let me get there for a few minutes, I need to password protect your BIOS (also have to change the boot order although most are right by default having the HDD first). This would save us TONS of time. Also, the computers have Bitlocker so that's a hurdle, you have to suspend Bitlocker before you make changes in the BIOS or it'll lock the system out and send you to recovery. If the script or whatever just could do that, I can remote in and enable/suspend/disable bitlocker via remote no problem, it's just trying to find a more efficient way to get this BIOs change done

I am about to research It now, admittedly this is a bit out of the scope of what I normally do. Any advice or help would be greatly appreciated
 
Still going office to office asking people to let me borrow their computer for a minute :x
 
All I can tell you is yes, because our various networking teams do it on the regular..

What I can't tell you is how.

Sounds like you can make an executable script for it tho, least that's where I would start.

Pull out ya Python skills papi
 
Last edited:
Jay Patt said:
All I can tell you is yes, because our various networking teams do it on the regular..

What I can't tell you is how.

Sounds like you can make an executable script for it tho, least that's where I would start.

Pull out ya Python skills papi
Click to expand...

We use remote imaging tools, which is exactly what OP will need to do.

1. Create a batch script to turn off bitlocker (Manage-bde is your friend, search "manage-bde.exe parameter reference")

2. Deploy an updated system image at 2AM for all machines on the network (or another script if the change can be made that way,) and make sure its execution only happens if the first script is successful. This is easy to do in asset management systems like Dell's KACE, but idk what y'all use.

3. Make sure to check machines and see if they are stuck in bitlocker recovery after the image/script is done.

4. Deploy a final script to turn bitlocker back on.

You can make it happen all in one script, but separating it out into multiple stages will help you identify any snags.

Oh, and you should ask for a raise if/when you complete this successfully.
 
Last edited:
Thanks. The stuff I had found online was saying I'd need to use different utilities for different brand computers (we use mostly Dell's, some HP's) . But yea I'm not an ou admin so I don't even know if I have the level of rights to do this. I pretty much have Administrative Tools and Dameware. I guess it's possible for me to write the script and then bring it to him, but Idk how he'd take that since I know he tried and failed, and I have no real way to test it. I almost need a solution I can remote in or remote cmd prompt to each computer or to the top level of the AD and make it apply down but even that is getting into IA division stuff and again way above my pay grade/ level of responsibility
 
DatZNasty said:
Thanks. The stuff I had found online was saying I'd need to use different utilities for different brand computers (we use mostly Dell's, some HP's) . But yea I'm not an ou admin so I don't even know if I have the level of rights to do this. I pretty much have Administrative Tools and Dameware. I guess it's possible for me to write the script and then bring it to him, but Idk how he'd take that since I know he tried and failed, and I have no real way to test it. I almost need a solution I can remote in or remote cmd prompt to each computer or to the top level of the AD and make it apply down but even that is getting into IA division stuff and again way above my pay grade/ level of responsibility
Click to expand...

No need for different tools, you should have everything you need with manage-bde. Take a computer that no one is using, connect it your network, and access it through windows explorer ("\\xxx.xxx.xxx.xxx\" to navigate to it through explorer/commandprompt, x's are the IP address.) Test your scripts with that computer. Once the scripts are working, try a second computer. If those two go well, try a controlled deploment to a division, then deploy agency wide.

If the guy ahead of you tried and failed, you definitely need a raise if you pull this off.
 
This is one of those moments in which you can elevate above your peers fam.

Do work! We believe in you.
 
Last edited:
You must log in or register to reply here.

The ultimate sneaker enthusiast community.

NikeTalk was created as a way of giving back to both the sneaker enthusiast community and to the greater global community of which we are all a part.

NikeTalk is NOT affiliated with Nike Inc. in any way, shape, or form. All opinions expressed herein do not necessarily reflect those of Nike, Inc.

© 1999-2024 NikeTalk.com

Share this page

Back
Top Bottom