Set Lenovo BIOS settings through Intune and PowerShell
https://www.systanddeploy.com/2019/11/set-lenovo-bios-settings-through-intune.html
In this post, we will see how to set your devices BIOS settings from a CSV file through Intune and PowerShell.
Context
- You want to set multiple settings on multiple devices.
- Save all those settins with their values in a CSV file
- Apply each settings from the CSV on your devices
CSV file
See below an overview of my CSV file. Save it with delimiter ;
Prerequisites
We will use Microsoft Win32 Content Prep Tool from MS
To download it, go to this link.
The script
You can find the script to set settings, the script for uninstalling and the exe to create the package.
Depending of the language you will have to add a parameter -Language to the ps1.
For instance in my case it's -Language 'fr'.
To have more infos about language see this link.
How it works ?
This will work in 3 steps:
- Create the intunewin package
- Create the Win32 app in Intune
- Assign the app
Create the folder project
1. Create a folder Lenovo
2. Copy the BIOS_Settings_For_Lenovo.ps1 in this folder
3. Copy the CSV in this folder
Create the package
Purpose of this part ?
To deploy BIOS settings we will create a Win32 package containing both the CSV file and the PS1.
1. Run IntuneWinAppUtil.exe
2. Select the Source folder
3. Select the ps1 file
4. Select an output folder
5. A package BIOS_Settings_For_Lenovo.intunewin will be created
Create the Win32 app
Purpose of this part ?
We will now integrate the intunewin package into Intune.
1. Go to Intune
2. Go to Client apps
3. Go to Apps
4. Click on Add
5. Select Windows app (Win32)
6. Browse to the package BIOS_Settings_For_Lenovo.intunewin
7. Click on OK
8. Click on App information > Configure
9. Type informations, as below:
11. Click on Program > Configure
12. In Install command type the below command
13. In Uninstall command type the same with Uninstall.ps1
14. Click on OK
15. Click on Requirements > Configure
16. Type your requirements
17. Click on OK
18. Click on Detection rules > Configure
19. Select Manually configure detection rules
20. Click on Add
21. Select File
22. Set detection rule, as below:
24. Click on Add
25. The below warnning will be displayed (wait a bit)
Assign the app
1. Go to Assignments
2. Click on Add group
3. Assign as you want
Get the log
See below my BIOS settings before the app execution:
The process will create a log file under C:\Windows\Debug.
See below an overview:
3 commentaires
Hi.
Trying this script on a ThinkCentre M630e. It works in that it will change the BIOS values, but the settings don't actually change. For example, I disable Bluetooth via the CSV and script and it does indeed set it to 'disabled' yet Bluetooth is still active, even after a shut down of the device.
However off I then go into the BIOS, enable Bluetooth then disable it, it does actually disable Bluetooth.
Any ideas?
Thanks for thiis blog post
Hi there,
Is there any way I can set the Lenovo ThinkPad BIOS password through Intune? do you have any script which I can push to Intune to set the BIOS password?
Enregistrer un commentaire