Flexible Security For Your Peace of Mind

BiosConfig Tool

(Last updated on August 2, 2018)

This is hopefully old news for our existing and longtime customers, but might be useful for some of the new ones.

If you have not been using MDT, RIS, SCCM or any other similar deployment solution in the past, there is a big risk that your clients are not configured to PXE Boot. Running around manually to hundreds or thousands of clients to reconfigure BIOS is not really an option.

There are luckily multiple ways to solve that. You can either check with your hardware manufacturer if they have a tool to change boot order via a script or remotely, or you can use the BiosConfig.exe tool shipped with Specops Deploy.

There is a folder on your server called; C:Program FilesSpecopssoftSpecops DeployAdmin Tools OSBios Config Tools which contains the Biosconfig.exe and Biosconfig.ini (configuration file). It support HP, Fujitsu and Dell computers. Unfortunately not Lenovo at this time.

I will be running this on my Dell Laptop and show how it behaves.
First, the syntax;

C:BIOSCONF>BiosConfig.exe -?
General:
  -h [ –help ]              product help message
  -v [ –verbose ]           Display verbose error messages
  -f [ –force ]             Force command execution even if versions match
  -s [ –showComputerInfo ]  Display computer make and model

It’s quite straight forward. Verbose is only needed for troubleshoting and the force would be used to make it execute always. Else it’s checking if it has already been run since the config file was updated last time.
And -S will give you some details about the client.

C:BIOSCONF>BiosConfig.exe -s
Dell Inc. Latitude E6420
Manufacturer:      Dell Inc.
Name:              Default System BIOS
SMBIOSBIOSVersion: A07
Version:           DELL   – 6222004
Serial:            D4754Q1

To run the tool normally, just execute it without any command line switches.

C:BIOSCONF>BiosConfig.exe
There is no section for the current computer in BiosConfig.ini
Dell Inc. Latitude E6420

That means, that we have not enabled the Dell section in the biosconf.ini file.
Open it with notepad and make it look like this (notice the missing ; infront of some of the lines);

[General]
;; Increment version to run the actions again. Otherwise, the actions below are only executed once.
Version=1

[MakeModel]
;Hewlett-Packard*=HP
Dell*=Dell
;Fujitsu*=Fujitsu

;; Use brackets around all values below, i.e. Key=[Value]

;; For more information see:
;; HP Client Management Interface (WMI)
;; http://www.hp.com/go/hpcmi
;; For examples see:
;; http://forums13.itrc.hp.com/service/forums/questionanswer.do?admit=109447627+1261047544829+28353475&threadId=1208628
;; Extract HPCMIProviders.msi from downloaded setup.exe
[HP]
;RunExe=[%windir%system32msiexec.exe /i “%BiosConfigDir%HPHPCMIProviders.msi” /qn REINSTALLMODE=vomus REINSTALL=ALL ]
;HPWOL=[on]
;HPPXE=[on]

;; For more information see:
;; http://support.ts.fujitsu.com/download/Showdescription.asp?ID=1043393
;; Use the BIOSSET.EXE file
[Fujitsu]
;RunExe1=[fujitsubiosset.exe /BOOTORDER=1LAN /PWD=%SpecopsBIOSPassword%]
;RunExe2=[fujitsubiosset.exe /WOL=ON /PWD=%SpecopsBIOSPassword%]

;; For more information see:
;; http://www.dell.com/content/topics/global.aspx/sitelets/solutions/management/client_software?c=us&l=en&cs=555
;; Extract x86setup.exe from for example DELL_OPENMANAGE-CLIENT-INSTR_A00_R214518.exe
;; Extract x64setup.exe from for example DELL_OPENMANAGE-CLIENT-INSTR_A00_R214519.exe
[Dell]
;RunExeX86=[dellx86setup.exe /s /v/qn]
;RunExeX64=[dellx64setup.exe /s /v/qn]
DellWmi=[<Dell_WmiClass>.<Property>=<value>]
DellPXE=[on]
DellWOL=[on]
DellForcePXEOnNextReboot=[on]

;; For more information see:
;; http://www-307.ibm.com/pc/support/site.wss/document.do?sitestyle=lenovo&lndocid=MIGR-41472
[Lenovo]

[BiosNetworkBootDevices]
Network*

Running the tool again, gives us this;

C:BIOSCONF>BiosConfig.exe
Dell WMI string was incorrect.
<Dell_WmiClass>.<Property>=<value>
DellWmi=[<Dell_WmiClass>.<Property>=<value>]

It’s because the Dell WMI classes has not been installed yet, so the tool does not know how to communicate with the BIOS.

There are two options here. You can either let the tool install the WMI Classes at that time. Or as I prefer to do, deploy the WMI Classes via Specops Deploy / App in advance which gives me more control.

You can use the links in the INI files to find and download the OpenManage Client. I’ve noticed that I’ve had to download and install different versions of the Client for various models in the past. For example an older version for old Laptops and a new version for the new models.

So, create a package that deploys the OpenClient (msi package) to your clients with a “Make and Model filter.
And then create a package that runs biosconfig.exe on the same clients to automatically configure them for PXE and Wake On Lan.

If your clients have a BIOS Password, then set the password in %SpecopsBIOSPassword% before executing the tool. That password will then be used to access and modify bios.

Back to Blog