Hi Team,
I want to get BIOS password is set or not using BigFix Property. Specific for HP workstations.
Please help how can we get this.
So this is a little tricky since there is no standard way to do this across all systems/types/vendors/bioses/etc but I did find a whitepaper HP has published regarding their HP Client Manager Interface which, if present on the machine, will expose what your looking for via WMI.
Assuming my reading of the MOF is correctâŚ
"Setup Password Set: " & (((integer value of select "isSet FROM HP_BIOSSetting WHERE Name = 'Setup Password'" of wmi "root\HP\InstrumentedBIOS") | 0) = 1) as string
and
"Power-On Password Set: " & (((integer value of select "isSet FROM HP_BIOSSetting WHERE Name = 'Power-On Password'" of wmi "root\HP\InstrumentedBIOS") | 0) = 1) as string
1 Like
Just bear in mind that HP officially âsunsetâ HP WBEM functionality as of Gen10 of their hardware (no idea why, as it was brilliant), so the above might not work with Gen10 and above.
Hi Ageorgiev,
Is there any other way to get details from all HP workstations.
I used some scripts from https://www.configjon.com/hp-bios-settings-management/ to manage the BIOS password on some of our endpoints. Maybe they can be useful to you too.
Unfortunately, not directly, no. We are stuck as well. What our Ops team have been looking to write is write scripts using some commandline HP tools which essentially make call to the HP RestAPIs under the hood, collect the data and store it locally, so BigFix can read it back. Idea being, we modify the properties with basic if statement:
if (Model <= Gen9) then (âŚuse wmi queriesâŚ) else (⌠read this file backâŚ)
but as you can imagine itâs completely separate set of problems - you need to maintain scripts, depending on how authentication of those scripts are set, may need to keep credential sets, store files locally and make sure someone doesnât delete them, make sure script are ran ok periodically so data doesnât become outdated, etc⌠Not the best solution really but not much else is possible unfortunatelyâŚ
These relevance statements to not appear to work now on HP systems that are less than G10.
Assuming my reading of the MOF is correctâŚ
"Setup Password Set: " & (((integer value of select âisSet FROM HP_BIOSSetting WHERE Name = âSetup Passwordââ of wmi âroot\HP\InstrumentedBIOSâ) | 0) = 1) as string
and
"Power-On Password Set: " & (((integer value of select âisSet FROM HP_BIOSSetting WHERE Name = âPower-On Passwordââ of wmi âroot\HP\InstrumentedBIOSâ) | 0) = 1) as string