Update BIOS that has a password
In an enterprise environment it is common practice to have a BIOS password to stop users accidentally/deliberately accessing the BIOS and making changes that would affect the operation of the computer.
It appears that Distribution/Dell Updates cannot update a BIOS if it has a password set. This means that I have to go to ~1000 computers and upgrade the BIOS manually which is an extreme waste of time when KACE was purchased to do that sort of stuff automatically and it can't update a Dell computer's BIOS.
As previously announced, we adopted a new Dell Updates framework starting in the KACE Systems Management Appliance (SMA) release 11.1. This change was triggered by Dell’s plan to end of life the framework previously used by KACE. This new framework developed by Dell is supposed to bring additional capabilities as it matures. We are keeping a close eye on these incremental improvements made by Dell and are hopeful that things like mass passing of passwords will come in time to develop against.
Yes, and we've had to resort to using the Dell Command Suite instead of the built-in Dell Update functionality in KACE. I'd hope Quest can integrate that functionality into KACE so we don't have to use two different mechanisms to fully update our workstations. Especially given the tight integration with Dell offerings in other areas.
Stephen Crane commented
The Dell Command Suite has a lot of really good tools that would handle this issue.
The Dell Command | Monitor software application enables IT administrators to easily manage fleet inventory, monitor system health, modify BIOS settings, and remotely collect information for deployed Dell client systems. Active system health state monitoring can help reduce the total cost of system ownership and is part of a holistic approach to managing all networked devices.
Dell Command | Monitor interfaces with leading enterprise management consoles that support industry standards. This approach helps to ensure that Dell systems can be managed by a broad array of existing enterprise management tools. It also interfaces with the Dell Integration Suite for System Center 2012, Dell KACE K1000 Management Appliance , Dell OpenManage Essentials and our Client Management Pack for System Center Operations Manager (SCOM). Finally, tight integration with Windows Management Instrumentation (WMI) allows customers to take advantage of the rich scripting capabilities for collecting information and customizing system settings. This product is provided at no additional charge to Dell customers.
The latest version of Dell Command | Monitor is v10.8.0.
The latest admin response acknowledges that it doesn't address this request. Please implement functionality to allow Dell Update schedules to update BIOS when a password is set. That is the request here, and it's nearly 10 years old at this point. The script workaround is not acceptable.
I have tested Optiplex 7050 and 7040 deployment of BIOS patches with the switches /s /f /p=password successfully. http://www.itninja.com/blog/view/deploying-a-current-model-dell-bios-update-when-there-is-a-bios-password
Jeff Arey commented
"Declined" and "idea closed" is the status on this request? Anyone know why? I'm in the same boat as other commenters and this seems like it should be an easy thing for Quest to implement into Kace. We use the same bios password for all computers, so just give us a box in "Settings" to save that password in, and then the Kbox should respond with that password if the bios update asks for it when it is pushed out.
I can't believe that this is not working. Massive disappointment after purchase.
Chris Breuer commented
You can follow this example script
Paul D'Amore commented
Add me to the list. We are a K-12 school district where we have to set a password. Otherwise, middle and high school kids would do it for us. I have drivers being deployed which works great. I just need to update bios's with the same ease.
I too would like to see this feature added in the K1000. Just spent many hours with tech support trying to figure out why the BIOS will not update. BIOS password is there for a reason, especially in a business environment. We also have to adhere to policies stating that a BIOS password is required. Workaround seems a bit lengthy and is well, a workaround.
I do this all the time. In fact I made exe's with the Dell Client Configuration Utility that goes out to all Dell Computers and sets the BIOS Settings (Password, Boot Order, PXE, etc..) and then I just make managed installs to update the BIOS.
Using smart labels I search for certain models that are not of a certain BIOS level and then attach the install to that label. It is a bit of a process to set up initially but once set up it works great. I have to primary exes that I script (one for desktops and one for laptops) to set BIOS settings so any new dell computer will automatically get the appropriate bios settings once the agent is installed.
Then with the labels and BIOS Managed installs all I have to do is update the smart label with the new BIOS revision I want to search for and update the install with the new BIOS Install file.
Someone already linked to information on how to install a BIOS to a computer with a password which is similar to what I do. If you search on itninja.com for DCCU or Dell Client Configuration Utility you may find helpful information on how to script out setting BIOS settings automatically too.
Iain Morrison commented
I can't believe that a Dell appliance designed for Enterprise use can't update Dell BIOSes used in an Enterprise environment, i.e. with a password. We are currently evaluating KACE appliances and if they can't get this right it doesn't inspire much confidence in the product.
Add us to the list of customers that would like this feature. We are currently using the work around that involves scripting in Kace http://www.itninja.com/blog/view/deploying-a-current-model-dell-bios-update-when-there-is-a-bios-password
This works, but the updating of DELL bios with passwords should be built into the k1000. If it's possible for users to create a script to do this, it has to be possible for this to be programed into Kace.
Managed to do this under Kace 5.4 using the Dell Client Configuration Utility.
Created 2 packages, one to disable the bios password and one to set it again.
Then scheduled a few scripts in sequence (Wake on LAN, disable bios, reboot systems, Update the systems with the new bios, set password and finally reboot systems again).
Took a bit of testing but I managed to get 150 dell systems bios updated this. I do also agree there has to be an easier way.
Rene Sonnenschein-Flohr commented
I agree this too. We have BIOS PW on all Clients and we are not able to update them automatically. So please implement this feature in one of the next Kace Releases... BIG thx!
Will Hopkins commented
I completely agree with Steve. We're using Dell machines and a Dell product. We should be able to bypass the BIOS password without disabling it manually.