Tag Archives: bios update

SCCM 2012 R2 – Updating and configuring HP ProBook 6470b/6570b BIOS in a task sequence – Part 2

If you’ve come to this post directly, you may want to read through part 1! If not, read on…

In this part, we’ll cover putting the files we’ve got together in a couple of packages and putting them into a task sequence. We’ll also be using WMI to query the computer model, so we don’t try updating the BIOS on a machine it certainly won’t work on.

I’ve set up the files I need in the following hierarchy, and spread the BIOS configuration and update over two packages. You may decide to do it differently.

SCCMSources\OSD\Packages
    BIOSConfig\HP ProBook
        BiosConfigUtility.exe   (BIOS configuration utility - x86)
        BiosConfigUtility64.exe (BIOS configuration utility - x64)
        BIOSPW.bin              (Encrypted BIOS password)
        ProBook6x70bConfig.cfg  (BIOS configuration settings)
        ProBook6x70bConfig.cmd  (BIOS configuration command file)

SCCMSources\OSD\Packages
    BIOSUpdate\HP Probook
        BIOSPW.bin              (Encrypted BIOS password)
        HPBIOSUPDREC.exe        (New BIOS update utility)
        hpqFlash.exe            (Old BIOS update utility)
        ProBook6x70bBIOS.cab    (HP Probook 6x70b BIOS file)
NOTE: “SCCMSources” is my network share I store the SCCM source files to use as the content location for applications and packages. I then have “OSD\Packages” to differentiate these packages as being primarily for OSD task sequences. Hopefully the “BIOSUpdate” and “BIOSConfig” folders will eventually house many folders for different types of laptop, but at the moment it’s a bit bare.

Configuring the BIOS

Most of the magic for configuring the BIOS is done in the file “ProBook6x70bConfig.cmd” (shown below).

This batch file picks the correct version of BiosConfigUtility to run (x86 or x64), then runs it with the configuration file. It runs it first, attempting to get access to the BIOS using a blank password, then set the password along with the configuration. If this completes successfully (exit code 0), that’s it!

However if it fails for some reason (i.e. there’s a BIOS password set) It then runs the second command, which attempts to set the configuration, using the current password. I’ve yet to properly test a parameterized version of this, to allow the configuration to be specified outside of the batch file.

biosconfigprops

This is run in the SCCM task sequence, at the beginning, before provisioning or enabling Bitlocker, but after formatting the drive, so that on the reboot that occurs directly afterward, using an “Restart Computer” task, the boot image can be successfully staged to the hard disk.

biosconfigopts

The options base the running of this task on the computer model name, so that we dont try to configure an incompatible BIOS or some other crazy situation. It’s not too clear in the image, but I’m using the single character wildcard “_” in the model – “SELECT * FROM Win32_ComputerSystem WHERE Model LIKE “HP ProBook 6_70b””

Hopefully this has covered everything that’s needed for yourself to go forth and configure the HP ProBook BIOS in an unattended way! As with most of my posts, please let me know if you’ve discovered improvements or inaccuracies and I’ll attempt to right them!

Read on, where I cover the flashing of the BIOS in part three.

SCCM 2012 R2 – Updating and configuring HP ProBook 6470b/6570b BIOS in a task sequence – Part 1

Continuing my recent foray into System Center Configuration Manager (SCCM) 2012 R2, I’ve been working on getting a task sequence to automatically update and configure the BIOS for our HP ProBook laptops. I’ve started with our most popular models, the HP ProBook 6470b/6570b. Fortunately, apart from their screen size, they are almost completely identical, which makes the job a lot easier.

Prerequisites

The first thing we’ll need to do is take care of the prerequisites and the downloads, so we’ve got all the files required to complete the work.

Files Needed

  • The HO ProBook 6x70b BIOS is available here and should work with both the 6470b and the 6570b.
  • HP BIOS Configuration Utility (HP BCU). I’m using version 3.0.13.1, there could be changes if you are using something newer.
  • HP System Software Manager (HP SSM). Again, I’m using version 3.1.10.1, so be aware.

First of all, we’ll get the BIOS configuration working and we’ll do the BIOS update second. This may sound backwards, but it simplifies things if you will be imaging a mix of factory fresh and pre-provisioned machines. This is because we’ll be setting the BIOS password in the configuration stage and putting the logic there to deal with whether the machine already has a password set. This means when we come to the BIOS flash, we can just run the tool in a straightforward way.

NOTE: If you’re not using a BIOS password, you can do this in any order, but I highly recommend you secure things properly. The last thing your service desk needs is someone changing the boot order and installing their own OS or something, because users.

Encrypting your BIOS password

Extract the HP System Software Manager download and install it. You’ll then have to browse to either “%ProgramFiles(x86)%\Hewlett-Packard\SystemSoftwareManager”, or “%ProgramFiles%\Hewlett-Packard\SystemSoftwareManager” to find “ssm.cab”. The files you need are in here:

  • “HPBIOSUPDREC.exe” (BIOS updater tool we may need later)
  • “HpqPswd.exe” (BIOS password encryption tool)
NOTE: For the ProBook 6x70b, we’ll be using the hpqFlash.exe utility that we’ll get later, as that’s the one that works with these models. If you are using newer models (like the EliteBook 840G1), you will need to use HPBIOSUPDREC.exe.

HPQPswd

If you run HpqPswd.exe, it will ask you for the BIOS password you wish to encrypt into a “.bin” file. Enter your BIOS password, then save the file somewhere useful, as this we will use this later to as the credential for configuring/updating the BIOS.

Preparing the BIOS configuration

Now, you’ll need a test machine of the right type to get a BIOS configuration from. You could in theory specify the configuration file from scratch, but that would take a while. The easiest way to do it is to set up a computer how you want it, export the BIOS config, tweak it to suit, then deploy!

To start this process, you’ll need to install the HP BIOS configuration utility, then browse to “%ProgramFiles(x86)%\Hewlett-Packard\BIOS Configuration Utility”, or “%ProgramFiles%\Hewlett-Packard\BIOS Configuration Utility” and get the following files:

  • “BiosConfigUtility.exe” (BIOS configuration tool, for x86)
  • “BiosConfigUtility64.exe” (BIOS configuration tool, for x64)
NOTE: Both of these files seem to work fine on x64 build of Windows 7, so I’m not too sure why there is a specific x64 version. The “BIOS Configuration Utility User Guide.pdf” is alo quite useful, so you may want to grab that too.

BIOSConfigurationUtilityHelp

If you take BiosConfigUtility and run it on the machine you’ve configured, you can get it to export the current configuration to file, using “BiosConfigUtility.exe /get:”ProBook 6x70b\BIOSConfig.cfg””

The file format for the BIOS configuration isn’t particularly great, with tab indented options, but with the export, the current settings are all selected for you, with an asterisk (*) denoting the active option.

Here’s an example of part of my config file:

Data Execution Prevention
    Disable
    *Enable
SATA Device Mode
    IDE
    *AHCI
Reset of TPM from OS
    Disable
    *Enable
OS Management of TPM
    Disable
    *Enable
Activate TPM On Next Boot
    Disable
    *Enable
TPM Device
    Hidden
    *Available
TPM Activation Policy
    F1 to Boot
    Allow user to reject
    *No prompts

You can tweak the file however you need, It seems the general recommendation is to remove anything you’re not actively going to set, as this provides a more concise config file and makes it easier to track down issues.

In the next part, I’ll cover setting up the SCCM side of things now we are nearly ready to deploy the new settings and upgrade the BIOS. Read on to Part 2!