Creating an analysis for BIOS settings with different BIOS versions/naming

Content Authoring
1

Hello all! I’d like to preface this question that I’m not an experienced coder/programmer and have been sort of brute force learning BigFix relevance and action script on the go.

Essentially since BigFix has been pushed into our enterprise my management has asked me to track certain BIOS settings with it. So far I’ve been doing making very “complicated” analysis’s based on the hardware and the specific setting, but it gets cumbersome because HP tends to re-name their BIOS names frequently between bios updates.

Example: if (string value of select “Model from Win32_ComputerSystem” of wmi contains “Thin Client”) then (string value of select “CurrentValue from HP_BIOSEnumeration WHERE name=‘Power On Sunday’” of wmi “root/hp/instrumentedbios”) else (string value of select “CurrentValue FROM HP_BIOSEnumeration WHERE name=‘Sunday’” of wmi “root/hp/instrumentedbios”)

That’s one of the less obtuse ones because some fields change between hardware models themselves. This is currently working, but it does leading me to create various analysis’s with the same information just for different hardware and if that field isn’t there then I get an “Error”. I’m wondering if there is a better way to be less “Specific” so that I can target keywords in the name values.

Thanks!

2

Perhaps you could use the select objects inspector from WMI to retrieve the instances without known the property names, and then iterate over both the names and values? I don’t have an HP machine in front of me, but for example we could go through the default Win32_OperatingSystem like

q: (name of it, string values of it) of properties whose (name of it does not start with "__") of select objects "* from Win32_OperatingSystem" of wmis
A: BootDevice, \Device\HarddiskVolume1
A: BuildNumber, 22631
A: BuildType, Multiprocessor Free
A: Caption, Microsoft Windows 11 Enterprise
A: CodeSet, 1252
A: CountryCode, 1
A: CreationClassName, Win32_OperatingSystem

I think your query would probably be something like

q: (name of it, string values of it) of properties whose (name of it does not start with "__") of select objects "* from HP_BIOSEnumeration" of wmis "root/hp/instrumentedbios"

It looks like an HP_BIOSEnumeration may be a more complex type though, so it may take a little more digging to get into the ‘Name/CurrentValue’ pairs. Let me know what results you get from this though.

3

The results were so big they exceeded the post limit and I don’t know how to create the nice code boxes you have:

Q: (name of it, string values of it) of properties whose (name of it does not start with “__”) of select objects “* from HP_BIOSEnumeration” of wmis “root/hp/instrumentedbios”
A: Active, True
A: CurrentValue, Enable
A: DisplayInUI, 1
A: InstanceName, ACPI\PNP0C14\1_0
A: IsReadOnly, 0
A: Name, System Management Command
A: Path, \Security\Utilities\System Management Command
A: PossibleValues, Disable
A: PossibleValues, Enable
A: Prerequisites, SELECT * FROM HP_BIOSPassword WHERE Name=‘Setup Password’ AND IsSet=1
A: PrerequisiteSize, 1
A: RequiresPhysicalPresence, 0
A: SecurityLevel, 0
A: Sequence, 18010
A: Size, 2
A: Value, ( Disable,*Enable )
A: Active, True
A: CurrentValue, Disable
A: DisplayInUI, 1
A: InstanceName, ACPI\PNP0C14\1_1
A: IsReadOnly, 0
A: Name, Fast Boot
A: Path, \Advanced\Boot Options
A: PossibleValues, Disable
A: PossibleValues, Enable
A: PrerequisiteSize, 0
A: RequiresPhysicalPresence, 0
A: SecurityLevel, 0
A: Sequence, 27020
A: Size, 2
A: Value, ( *Disable,Enable )
A: Active, True
A: CurrentValue, Enable
A: DisplayInUI, 1
A: InstanceName, ACPI\PNP0C14\1_2
A: IsReadOnly, 0
A: Name, Audio Alerts During Boot
A: Path, \Advanced\Boot Options
A: PossibleValues, Disable
A: PossibleValues, Enable
A: PrerequisiteSize, 0
A: RequiresPhysicalPresence, 0
A: SecurityLevel, 0
A: Sequence, 27021
A: Size, 2
A: Value, ( Disable,*Enable )
A: Active, True
A: CurrentValue, Disable
A: DisplayInUI, 1
A: InstanceName, ACPI\PNP0C14\1_3
A: IsReadOnly, 0
A: Name, Sure Start BIOS Settings Protection
A: Path, \Security\Security Configuration\BIOS SureStart
A: PossibleValues, Disable
A: PossibleValues, Enable
A: Prerequisites, SELECT * FROM HP_BIOSPassword WHERE Name=‘Setup Password’ AND IsSet=1
A: PrerequisiteSize, 1
A: RequiresPhysicalPresence, 1
A: SecurityLevel, 1
A: Sequence, 7070
A: Size, 2
A: Value, ( *Disable,Enable )
A: Active, True
A: CurrentValue, Enable
A: DisplayInUI, 1

There’s a small portion of it.

4

Ok, that’s a great start.

Next try

q: (string values of properties "Name" of it, string values of properties "Active" of it, string values of properties "CurrentValue" of it) of  select objects "* from HP_BIOSEnumeration" of wmis "root/hp/instrumentedbios"

And to get the code blocks, you can either use ‘markdown’ formatting, (like the three backticks before and after the code block above), or highlight your text and click the “Preformatted Text” icon in the menu bar

image
image1140×607 56.4 KB

5

Appreciate the guidance! Browsing this forum can be a bit daunting sometimes with my lack of experience, but everyones been super helpful!

Anways here’s the results:

Q: (string values of properties "Name" of it, string values of properties "Active" of it, string values of properties "CurrentValue" of it) of  select objects "* from HP_BIOSEnumeration" of wmis "root/hp/instrumentedbios"
A: System Management Command, True, Enable
A: Fast Boot, True, Disable
A: Audio Alerts During Boot, True, Enable
A: Sure Start BIOS Settings Protection, True, Disable
A: Sure Start Secure Boot Keys Protection, True, Enable
A: Enhanced BIOS Authentication Mode, True, Disable
A: Manufacturing Programming Mode, True, Lock
A: Permanent Disable Absolute Persistence Module Set Once, True, No
A: Absolute Persistence Module Current State, True, Inactive
A: Startup Delay (sec.), True, 0
A: Native OS Firmware Update Service, True, Enable
A: Permanently Disable HP Sure Run (Set Once), True, No
A: HP Cloud Managed, True, Enable
A: Permanently Disable HP Cloud Management (Set Once), True, No
A: Remote Device Management, True, Enable
A: Permanently Disable Remote Device Management (Set Once), True, No
6

Also in regards to all these BIOS settings. We’re only tracking an assortment of them. TPM status’s, Secure Boot, Auto Power on days, etc etc. We won’t need to track EVERY single one of them.

7

This is where you can start using a whose() block to filter the results, where ‘item 0 of it’ is the setting name, could use something like

Q: (string values of properties "Name" of it, string values of properties "Active" of it, string values of properties "CurrentValue" of it) whose (item 0 of it contains "TPM" or item 0 of it contains "Secure Boot" or item 0 of it contains "Auto Power") of  select objects "* from HP_BIOSEnumeration" of wmis "root/hp/instrumentedbios"