Loading...

Set Lenovo BIOS settings through Intune and PowerShell

3 A+ A-

In this post, we will see how to set your devices BIOS settings from a CSV file through Intune and PowerShell.

Context
- You want to set multiple settings on multiple devices.
- Save all those settins with their values in a CSV file
- Apply each settings from the CSV on your devices

CSV file
See below an overview of my CSV file. Save it with delimiter ;

Prerequisites
We will use Microsoft Win32 Content Prep Tool from MS
To download it, go to this link.

The script
You can find the script to set settings, the script for uninstalling and the exe to create the package.
Depending of the language you will have to add a parameter -Language to the ps1. 
For instance in my case it's -Language 'fr'.
To have more infos about language see this link.



How it works ?
This will work in 3 steps:
- Create the intunewin package
- Create the Win32 app in Intune
- Assign the app

Create the folder project
1. Create a folder Lenovo
2. Copy the BIOS_Settings_For_Lenovo.ps1 in this folder
3. Copy the CSV in this folder

Create the package
Purpose of this part ?
To deploy BIOS settings we will create a Win32 package containing both the CSV file and the PS1.
1. Run IntuneWinAppUtil.exe
2. Select the Source folder 
3. Select the ps1 file
4. Select an output folder
5. A package BIOS_Settings_For_Lenovo.intunewin will be created

Create the Win32 app
Purpose of this part ?
We will now integrate the intunewin package into Intune.
1. Go to Intune
2. Go to Client apps
3. Go to Apps
4. Click on Add
5. Select Windows app (Win32)
6. Browse to the package BIOS_Settings_For_Lenovo.intunewin
7. Click on OK
8. Click on App information > Configure
9. Type informations, as below:


10. Click on OK
11. Click on Program > Configure

12. In Install command type the below command
13. In Uninstall command type the same with Uninstall.ps1
14. Click on OK

15. Click on Requirements > Configure
16. Type your requirements
17. Click on OK
18. Click on Detection rules > Configure
19. Select Manually configure detection rules
20. Click on Add
21. Select File
22. Set detection rule, as below:


23. Click on OK twice
24. Click on Add
25. The below warnning will be displayed (wait a bit)

Assign the app
1. Go to Assignments
2. Click on Add group
3. Assign as you want

Get the log
See below my BIOS settings before the app execution:
The process will create a log file under C:\Windows\Debug.
See below an overview:
remote bios 2440683214375254233

Enregistrer un commentaire

3 commentaires

Unknown a dit…

Hi.

Trying this script on a ThinkCentre M630e. It works in that it will change the BIOS values, but the settings don't actually change. For example, I disable Bluetooth via the CSV and script and it does indeed set it to 'disabled' yet Bluetooth is still active, even after a shut down of the device.

However off I then go into the BIOS, enable Bluetooth then disable it, it does actually disable Bluetooth.

Any ideas?

Pancake Cookbooks a dit…

Thanks for thiis blog post

Anonyme a dit…

Hi there,

Is there any way I can set the Lenovo ThinkPad BIOS password through Intune? do you have any script which I can push to Intune to set the BIOS password?

Accueil item

Award

Learn KQL in one month

Sponsors

You want to support me ?

Mes articles en français

Books in French


Stats