We are able to set blank BIOS passwords in the task sequence by using a "run command line" step, pointing the package to the CCTK source files, and using command: .\x86\cctk --setuppwd= --valsetuppwd=oldOrExistingPassword. If the computer actually has the password, it is set to blank. If the computer already has a blank password, this step could fail, so we put the option in the task sequence to "continue on error"
Further, let's say for example that there are a possible of 6 older passwords that could be on the computer's BIOS, there's nothing wrong with having 6 of the same steps in the task sequence as I described in the first paragraph to set it to blank, just mark each step as "continue on error" As an aside, all of our computers are required to have a BIOS password, so the Task Sequence later puts in a new BIOS password for TPM and it stays that way. We have an enterprise password vault so we can easily track the old passwords. On Wed, May 13, 2015 at 2:18 PM, Nick Moseley <[email protected]> wrote: > I seem to have found a bug in Dell's newer BIOS configuration tools (DCC > 3.0.x). This will prevent automating BIOS configurations (to > enable/activate the TPM chip) with ConfigMgr. Has anyone experienced the > following or know if it's by design?? > > > > More details: > > > > In order to enable/activate the TPM, a BIOS password must be set. > Normally, we can set the password, enable TPM, then remove the password. > However, the problem to remove the password is being seen as a two-fold > problem. > > 1. The GUI wizard tool to create the configuration, does not allow > for building the configuration if the value is left blank (meaning to clear > the password). > > 2. The DCC toolset includes the set of files ("cctk") which can be > used directly rather than the wizard. These files can be run with the > proper command line parameters to accomplish the same goal. When running > the commands manually, it succeeds. But running the commands via SCCM, it > fails. > > > > If the problem is not by design, then it may mean a feature enhancement > (in #1) or a bug fix (in #2). Otherwise, possible workarounds include: > > · Enable a BIOS password, and do not remove it > > o Pro - no additional work needed, plus it would help prevent users > from disabling TPM and potentially corrupting their disk encryption and > data loss > > o Con - IT needing to remember the BIOS setup password > > · Install the DCC toolset > > o Pro - would allow for registration of the proper DLLs (or whatever) > that allows using the "cctk" directly > > o Con - it's an unnecessary administrative tool to be installed for the > general user, or it will prolong the process to install the toolset, and > then do a follow-up uninstall > > · Have a technician manually make the changes (not recommended) > > > > Nick | http://t3chn1ck.com > > > >
