BIOS Configuration Management

RemoteManagementofBIOSConfiguration
WhitepaperIanGodfrey
IanGodfrey isaprincipalconsultantfor1E,aspecialistinlargescaleWindows
deploymentandmanagement. Feedbackiswelcome. Youcanreachhimat
iang@1e.com
Whitepaper~RemoteManagementofBIOSConfiguration
January2009Edition2.4 1EWhitepaper Page 2 of 30
1 Introduction
ThispaperaimstoprovideinformationaboutanumberofdifferentmethodsofremotemanagementofBIOS
settingson Windows workstationswithouthavingtomanuallybootintoBIOSsetup.
This paperwasoriginallywritten forthebenefitof1Escustomerswhofinditnecessarytoremoteconfigure
BIOSsettingson Windows computersto:
o enableWakeonLANforusewith1EWakeUp
o configurenetworkbootforusewith1EPXELite
o configureAPM/APCIsupporttomakebest useof1ENightWatchman
However,beforeyougetstuckintothecomplexitiesofBIOSmanagement,pleaseconsiderwhetheryouhavea
genuine needtoreconfigure the BIOSonallyourcomputers,asallthatmayberequiredis performafewtests
andmanually fixthefewmachinesthataredifferent. Some troubleshootingtests are providedinthe WakeOn
LAN section below.
TheabilityforWindowssoftwaretomanageBIOSsettingsis dependantonindividualcomputer hardware
manufacturer modelsand networkcardsandwhetherthe vendorprovides softwareanddriversthatsupport
automatedconfigurationwhilethecomputerisbeingused.
ThereisnosinglesoftwareproductorsolutionthatwillmanageBIOSsettingsformultiplevendors,although
thereareseveral systemsmanagement productsthatcan reportBIOS information.Most major hardware
vendorshavetheirownmanagementsystem,andinsomecasesalsoprovideutilities. 1Econsultantshaveused
knowledgeofthesetoprovidecustomsolutionsforreportingandmanagingsettings.
Organisations shouldtestthe capabilitiesofindividualcomputermodelsandtheirrevisionsbeforepurchasing
hardware,andmake theirmanagementrequirements aconditionofpurchaseagreements. Ifremote
managementofhardwareisnotaconsiderationbeforepurchasinghardwareanorganizationmaybeplacedina
predicamentwheremanualvisitstohundredsorthousandsofsystemsisrequiredratherthanafewclicksviaa
managementtool.Vendorwebsitesshouldberegularlycheckedforupdatedutilitiesfornewermodels.
1Esolutions integratewithMicrosoftSystemsManagementServer(SMS)andSystemCenterConfiguration
Manager(ConfigMgr),thereforeitisbeneficialifthesecanbealsousedtoreportandmanageBIOSsettings.
TheseMicrosoftsystemscanreportanumberofBIOSsettings,includingserialnumberandassettag,butthey
relyonvendorspecificagentsorutilitiesandcustomscriptsorcodetoexposeothersettingsviaWMI,andto
managethem.
ThiseditionofthepaperdoesnotcoverotherfrequentlyaskedquestionsaboutupgradingBIOSfirmware,
TrustedPlatformModule(TPM), AMTvPro systems orIPv6.
Disclaimer
1Edoesnotprovidesupportforanyofthesesoftware,utilities,3
rd
partyproductsorscripts!ConfiguringBIOS
settingsisthecustomer'sresponsibility,andthecomputervendorshouldbecontactedforproductsupport.
Youruseofthisdocument,software,utilitiesandscriptsisatyoursolerisk.Theyareprovided"asis",without
anywarranty,whetherexpressorimplied,ofaccuracy,completeness,fitnessforaparticularpurpose,titleor
noninfringement, and is supported or guaranteed by 1E. 1E shall not be liable for any damages you may
sustain by using this document, software, utilities or scripts, whether direct, indirect, special, incidental or
consequential,evenifithasbeenadvisedofthepossibilityofsuchdamages.
1.1 Agentor Agentless?
Whichisbestis acontinuing industrydebate. Simplyput,anagentissoftwarethatispermanentlyinstalledon
acomputerperhapsasaserviceorAPI,whereasagentlessimpliesautilitythatdoesnotleaveafootprint.
Eitherway,asystemmanagementsolutionishelpfultodeploythemifyouhavemanycomputerstomanage.
You arealsolikelyto requirescriptsorprogramstoreportand/ormanageBIOSandWindowssettings.
However, anagentorutilitythatsupports WMI willallowasystemmanagementsolutionlike SMS/ConfigMgr to
reportsettingsaspartofthehardwareinventory,andrunscriptstomanage settings. Tosupportscriptsthat
useWMI,itis usually necessarytohaveWindowsScriptingHost(WSH) and VBScript execution both enabled.
WMIisMicrosoftsimplementationofthe CommonInformationModel(CIM) which isanopenstandardthat
defineshowmanagedelementsarerepresentedasacommonsetofobjectsandrelationshipsbetweenthem,
intendedtoallowconsistent management,independentoftheirmanufacturerorprovider. Howeverthisdoes
notpreventvendorsaddingtheirownobjects.
Belowisatablethatshowsagentsandutilities availablefrom someof theworldstop PC vendors
1
.
SystemManagement Standalone WMIAgent Standalone Windows Utility
Acer ? ? ?
Asus ? ? ?
Dell DellOpenManageIT
Assistant (ITA)
DellClientManager
2
OpenManageClient
Instrumentation(OMCI)
Dell ClientConfigurationUtility
(DCCU)
Fujitsu
Siemens
DeskView
2
Thereisalsoa DeskView
SMS component
? DeskViewInstantBIOS
Management includesautility
called BIOSSET.exe
HCL ? ? ?
HP HPClientManager
2
HPOpenViewPC
ConfigurationManagement
(akaRadia)
HPClientManagement
Interface (CMI)
HPSystemSoftwareManager(
SSM)includesautilitycalled
BiosConfigUtility.exe
Lenovo
(IBM)
IBMDirector withRemote
DeploymentManager(RDM)
LANClientControlManager (
LCCM)
AvailableatcostfromIBM
? SRCMOSisaDOSbootfloppy
utility
ThereisaWindowsversionof
SRCMOSthatsupportsalimited
numberofThinkPadmodels.
Sony ? ? ?
Toshiba ? ? ?
1
Sources: IDCApril2008,GartnerJuly2008.ForWintelcompatiblePCs,thereforeexcludesApple.
2
TheseproductsrequireAltirisNotificationServer,nottobeconfusedwithAltirisDeploymentServer
1.2 ExtendingSMS/ConfigMgr hardwareinventory
SMS/ConfigMgr providesacomprehensiveinventoryofhardwaredetailsincludingBIOSversionanddate.Forit
toreportvendorspecificinformationitisnecessarytoconfigurethehardwareinventorySMS_DEF.MOFfile. An
exampleisgiveninsection 3.2.4 onpage 17.
1Ecanassist you withdeveloping relevantconfigurationdetailsand reportsforuseonanenterprise
scaleandinanautomatedmanner.Pleasecontactyour1Erepresentativeformoreinformation.
1.3 WhatisBIOS?
TheBIOSisthefirstprogramtorunwhenacomputerisswitchedon.Itinitializesandteststhehardware(called
PowerOnSelfTestorPOST)andifeverythingisOKitpassescontroltotheoperatingsystem.TheBIOSalso
providesRunTimeServicesthathelpoperatingsystemsandapplicationprogramsaccesshardware.
BIOSisanacronymmeaningBasicInput/Output System. ItisasoftwareprogramstoredinachipcalledROM
(readonlymemory).NowadaysEEPROM(ElectricallyErasableProgrammableReadOnlyMemory)isused,also
knownasFlashBIOS.
ComputermotherboardsandaddoncardseachhavetheirownBIOS thatdeterminehowthehardware
behaves,forexampleNetworkInterfaceCards(NICs).Computerstandardsmeanthatdifferentmanufacturer
hardwarewillbehaveinthesameway. Insomecases,theBIOSisconfigurable.
BIOSsettingscanbechangedbyrunningBIOSSetup,sometimescalledCMOSSetup. CMOSis agenericterm
foramemorychip,andinthisinstanceiswheretheconfigurablesettingsarestored.
ThevastmajorityofPCmotherboard manufacturers licenseaBIOScoreandtoolkitfromaBIOSmanufacturer,
knownasanindependentBIOSvendor(IBV).Themotherboardmanufacturerthencustomizesthe BIOStosuit
itsownhardware preferences,andanyspecialisationrequiredfromthecomputervendor.
Somemajorcomputervendorsproducetheirown motherboardsforsomeoftheircomputers,butmostsource
componentsfromOEMmanufacturers.Someoutsourcethecompletemanufacture.
IBVsinclude:
PhoenixTechnologies,thefirstPCBIOSmanufacturer,now also owns AwardSoftwareInternational and
GeneralSoftware
AdvancedLogicResearch,Inc.
AmericanMegatrends (AMIBIOS),
AMD (AdvancedMicroDevices,Inc.)
DTK (DatatechEnterprisesCo.)
MicroidResearchInc.
InsydeSoftware (previously SystemSoftCorporation)
Microsoftprovidesalist ofMotherboardmanufacturersin KB243909.
2 WakeOnLAN
WakeOnLAN (WOL) isawellestablishedstandardforperformingremotewakeupofsystems.
Thissectionprovidesusefulhintsandtips aboutpreparingforandusingWakeOnLAN,andincludes
backgroundonusingWOLoveraroutednetwork.
WOLuses aspecialnetworkpacket called MagicPacket
3
whichcontainsMACaddressinformation. Thenetwork
adaptermonitorsallincomingpacketsthataredestinedfortheadaptersMACaddress,evenwhenthemachine
ispowereddown. On receipt thenetworkadapterwillsendamessagetothemotherboardtoinitiatebootup,
providingthenetworkadapterandsystemBIOSare WOLenabled.
AMagicPacketisadirectedbroadcast,andinorderforthepackettoreachtheclient,thelocalnetwork
infrastructuremustbeabletoforwarditacrossalltypesofnetworkhardware.
2.1 TroubleshootingSteps
System administratorsoften perceivethereisaproblemwith theircomputer WakeonLANsettingswhich may
besomeotherexternalproblem suchasnetworkconfiguration.Thissectionexplainssomeofthefundamentals
thatmayavoid unnecessary effortofconfiguring BIOSsettings.
Typicaltroubleshootingstepsare:
1. Aquickwaytotellifasystemis WOL readyistopowerdownthesystemthenlookatthenetworkadapter
displayLED's.Ifthelightsarestillon,thenchancesarethatthesystemisOK.
2. Hasthe computer beengracefullyshutdownandisitpluggedin? Iftherehasbeenapowerloss,the
computerisunableto prepareitself forwakeup,andwillneedtobeproperlyrestarted.
3. EnsurethecomputerisreceivingtheMagicPacket. Usethe 1Eutility discussed below.
4. VerifythecomputersupportsWOL and itisenabled in the BIOS. SomesystemsalsorequireACPItobe
enabled.If usingWindowsXPandBIOSis settoAPMthenitmustberesettoACPI, andWindows re
installed touseadifferentHAL.
5. VerifyWOListurnedonintheNICconfiguration asdescribedinsectionon WindowsPowerManagement
Settings below.
6. VerifytheNIC adapter isconnectedtothenetworkandhaspower.Mostlaptopsdonotrespondto
wakeuppacketswhenrunningonbatteryor in lowpowermode.
7. VerifyyouarerunningthelatestNICdrivers,andcheckforotherhardware.
8. Check vendor supportwebsitesforspecificissues.
2.2 HintsandTips
Networkconfiguration.Simple WOL solutionsusesubnetdirectedbroadcastswhichrelyonnetwork
routerstoforward a MagicPackettothesubnetwherethetargetsystemresides. Subnetdirected
broadcasts andUnicastare explained below.
3
MagicPacketisatrademarkofAdvancedMicroDevices,Inc.
BIOSmustbeWOLcapable. UseaninventorysystemsuchasMicrosoftSMS/ConfigMgr toreportcomputer
modelsandBIOSversions.Thencheck asampleset toconfirmtheBIOSsupportsWOL and already
enabled. Inventorysystemswillalsotellyou the MACaddressnecessarytocreatetheMagicPacket,and
theIPaddressandsubnettoenableyoutosendit.
ManycomputermodelshavemultipleBIOSsettingsforWakeOnLAN,soyouneedtocheckthemalland
refertothemanufacturersdocumentation. Thismayinclude thetypeofactivitythatallowsthemachine
towakeup suchas WakeonMagicPacket, WakeonARP,Wakeonbroadcast,Wakeon Multicast,Wakeon
UnicastandWakeonphysicalactivity. WakeonMagicPacket isnormallytheonlyoptionrequired.
SomesystemsdonotrespondtoaWOL unless shutdown inacontrolledmanner,sothattheyproperly
entersleep(G1)orsoftoff(G2)ACPIstate
4
.Thatis, will not wakeupif switchedoffby disconnecting the
power orbyholdinginthepowerbutton (G3state).
Windowscompatiblenetworkcarddriversshouldbeinstalledandtested,withtheNICproperties
configuredto allow WOL. Ascripttoenablethisisprovided below.
Poweron passwords, disk encryptionorprotection passwords will preventWindowsstarting,givingthe
impressiontherehasbeenaWOLfailure.
KB815304 describesafixforWindowsXP blankingwhenwokenfromhibernationorstandby.
Somecomputermodelsdonotsupportwakingupfromhibernation.
SomePS/2devicesmaynotfunctiononresumptionifitexperiencesapowerlossaftergoinginto
hibernation.
SomeNICadaptersrequireapassword tobeincludedinthemagicpacket.
SomeNICadaptersrequireaphysicalwiretothemotherboard.
WakeonLANmaintenancemodemustnotbeconfiguredintheBIOS.
For802.1x,portsmustbesettounidirectionaltotransmitpreauthenticatedframes.
SomeWiFiadapterssupportWOL.IfusingsubnetdirectedbroadcastyouwillneedtoconfirmyourWiFi
routersare capableofforwarding.SomeWiFiroutersprovideafacilitytogenerateWOLpackets.Ifthe
vendorclaimstosupportWOL,checktheyare referringtowirelessand notjustthephysicalports.
SomeDellsystemsusing3com 3C905C or 3C920 requireNICregistrychangedescribedin
http://www.myitforum.com/forums/m_99547/tm.htm
2.3 Subnet Directed Broadcasts orUnicast
ForWOL tobesentacrossrouters,onlySubnetDirectedBroadcastsandUnicast arerelevant
5
.
Whichevermethodisadopted, whetheroncorporatenetworksortheinternet, eachrequiresfirewallsand
routerstobeconfiguredtoforwardpacketsonachosenUDPportnumber. UDP isrequired becausethe target
machine isoff andtherefore cannot useTCP.
1Eprovideafree Magic Test utilitytotestwhetheranetworkisalreadyconfiguredtosupportthesemethods.
Thisutilitycanbeusedtosendasinglepackettoaremotesubnet.Acomplimentaryutilitycalled Receive From
isused totestifthepacketisreceived.Moreinfoonthisisprovided below.
4
WikipediahasausefularticleonACPIglobalandsleepstates,althoughthismaynotbeauthoritative.
5
Multicast isanoptionbutnotflexible.ItrequiresamulticastgroupIDtobeassignedandasufficientlyhighTTLforthe
packettotraverserouterstoreachitsfinaltarget.Thepacketisalsosenttounnecessarysubnets.
Subnetdirectedbroadcast
ThismethoddoesnotrequiretheIPaddressofthetargetmachine,itrequires only thesubnet.
Simple WOL solutionsusesubnetdirectedbroadcasts which relyonnetworkrouterstoforward theMagic
Packet tothesubnetwherethetarget computer resides. All WOLcompatible NICssupport subnetdirected
broadcast becauseithasbeenaroundthelongest.However, networksareoften configuredtoprevent directed
broadcastsbecause itmakes themmoreopen to Denial of Service(DoS) attacks,suchasSmurf.
Asubnetdirectedbroadcast uses theIP subnet ofthetargetcomputer sothattheUDPpacketreachesthelocal
routerwhichthenbroadcaststoallthecomputersonthelocalnetwork.ThepacketcontainstheMACaddress,
thereforeprovidedthecomputer remains connectedtothe samesubnetwiththesamenetworkadapterthen it
should wakeevenifhaschangeditsIPaddress. Routersmustbeconfiguredtoforwardthistypeofpacket,but
tobe moresecure,routersshouldbeconfiguredto forward broadcastsfromaspecificsenderand usea non
standard port.
Asanexample,considerasendersituatedonsubnet192.168.1.0andtheclienton192.168.3.0,linkedbytwo
routers,Router1andRouter2.Thetargetcomputerhasanaddressof192.168.3.50 thereforethesubnet
broadcastaddressis192.168.3.255.ToreachthetargettheMagicPacketwouldhavetotakethefollowing
steps,asshownbelow.
1. TheDestinationaddressfortheMagicPacketissettothesubnetbroadcastaddressforthetarget
machine:192.168.3.255
2. TheMagicPacketreachesthelocaldefaultgatewayandisforwardedtoRouter2basedonthe
networkaddressportionoftheMagicPacketsIPheader
3. Router2realisesthatthemagicpacketisattherightdestinationnetwork,recognisesitasa
subnetdirectedbroadcastpacketandbroadcastsittothesubnet.
4. ThetargetsystemrecognisestheframeasaMagicPacket,matchesthe16bit MACaddress,and
instructsthecomputertoboot.
Unicast
ThismethodrequirestheIPaddressofthetargetmachine.
Unicastsendsthe UDP wakeuppacket directlytothecomputerusingitsIP address.Routerswillforwardthe
UDP packetthesamewasasanyotherIPpacketuntilitreachesthetargetslocalrouter.Althoughthepacket
containstheMACaddress,therouter looksuptheIPaddressin itsARPcacheto obtain theMACaddressto be
ableto sendthepacketdirectlytothecomputer.
However,thereareseveral significant problems.
TheIPaddress mustbeknownand isverylikelytohavechanged
TheARPcache record mayhavebeenclearedifthecomputerhasbeenswitchedoff longerthantheARP
cachesTimetoLive(TTL)setting. Thedefaulton Cisco equipment is4hours. If thetarget machine in
theaboveexample hasbeenoffformorethan4hours youwill beunabletowakeitup
OlderNICsdonotsupportthismethod,andcanhavedifficultyinsomesleepstates
Solution
Thesolutionis none oftheabovemethods. Tosolvetheabove problems experiencedby Subnetdirected
broadcast and Unicast methods, themostcomprehensiveWOLsolutions suchas1EWakeUp uselocalagents.
1E WakeUp stillneeds toknowtheIPsubnettodeterminewhichagenttoinstruct,and obtainsthis
fromtheSMS/ConfigMgr or1EAgilityFramework database.
2.4 PoweronPasswords
LaptopsandothermachinesoftenhavesoftwareinstalledorBIOSconfigured thatrequiresapasswordtobe
enteredonbootupbeforetheoperatingsystemloads. WOLwillpowerupthesemachinesbuttheywillremain
poweredonwiththepasswordpromptdisplayeduntilauserresponds,atwhichpointtheoperatingsystemwill
load andtheSMS/ConfigMgradvertisedprogramwillrun,assumingithasntexpired. SomesoftwareorBIOS
versionswillautomaticallypoweroffifthepasswordisnotentered.
A workaroundforthisproblemwhenusing1EWakeUp withSMS/ConfigMgristo Create aseparateCollection
andAdvertisement inSMS/ConfigMgrfor these systemsandincludethetextNoWakeUpsintheSMS
advertisementname,howeverthiscurrentlyalsostops the1EWakeUppolicyrefresh too.
Alternatively, disableWOLforthesemachines. Thedownsideisiftheyareswitchedoffthen 1E WakeUp
successreportingwilltreatthesemachinesasfailedwakeupsunlesstheyareexcludedfromadvertisements.
Systempasswords
BIOSsetuppasswordscanpreventBIOSbeingconfigured.Mostvendorutilitiesallowpasswordstobeprovided,
howeveryouneedtoconsidertheimplicationsiftheyaresuppliedascleartext.
Diskencryptionandpasswords
Acomputermaybeconfiguredtopreventtheoperatingsystemstartingupafterithasbeenswitchedonor
wokenup thatdefeatsthepurposeofWOL.Forexample,bootdisksmaybeconfiguredwithapasswordora
securitysoftwareproduct,orBitLockerenabled.
SomesecurityproductscanbeconfiguredtobeWOLaware,and allowWindowstostartwithoutapowerup
passwordforaspecificnumberoftimes. Detailscanbefoundinthevendorproductguides.
SomeNICadapterssupportapasswordbeingincludedinthemagicpacket,butthisisonlyfortheadapterand
notpassedtothesecuritysoftwareoroperatingsystem.
2.5 1EMagic Test
This comprises two WakeOnLANtestingtools, MagicTest and ReceiveFrom. The MagicTest tool
allowsyoutosendamagicpackettoasinglemachinetotestthefunctioningofWakeOnLAN
hardware. The ReceiveFrom toolenablesyoutotestwhetheraparticularmachineisreceivingwakeup
packets.
Apartfrombeingabletotestamachineiscapableofbeingwoken,theutilityisusefultodetermineif thesender
hascorrectfirewallsettings,andif routershavebeenconfiguredtoallowsubnetdirectedbroadcaststobe
forwarded,orunicastportenabled.Rememberthatconfiguringroutersisnotrequiredifusing1EWakeUp
agents.
TheMagicTestTool
Magic Testworksbysendingtypesof MagicPacketexplicitlytothe destinationsystemtoseeifthesystem
wakesup,ortoseeifthesystemisreceivingtheMagicPacketsatall.
Whenusing Magictst.exe,therearethreetypesofMagicPacketwhichcanbesent.Theseare:
1. SendMagicPacket Thisisa subnetdirected broadcastandwillfailifdirectedbroadcastisdisabledon any
intervening routers.
Note: Theabovemethodshouldbeusedtotestfor1EWakeUpcompatibility.
2. SendShortUnsuspendDatagram(Type=2) Thissends an arppacketwhich willwake thecomputer from
sleep/standby state. ThisissentdirectlytoanIPaddressandistheequivalentofaping.
3. SendMagicPacketDirect(Type=4) This isunicastandwillworkoverrouterswheredirectedbroadcastis
disabled.
1. Makesurebothsystemsarepoweredon.
2. Onthesendersystem,starttheMagicTestutility magictst.exe(shownbelow)
3. IntheTargetNamefield,filloutthenameofthetargetsystem.
4. ClickontheResolveNamebutton.ThiswillautomaticallycompletetheIPAddressandSubnetMask
fields.IfyouknowtheIPinformationalreadyyoucanfillinthefieldsmanually.
5. OncetheIPAddressinformationiscomplete clickonthePingforMACAddressbutton.Thiswillcomplete
theMACAddressfield.
TheMACAddresscanberesolvedprovidingyourrouteriscurrentlyawareofit.TheresolutionusesARP,
whichcanonlyresolvetheMACaddressiftheMACinfoiscurrentlyinthesendercomputerorrouterARP
cache. Thismeansthatfortheresolutiontoworkthetargetmachinewouldneedtohavebeenrecently on
astherouterARPcacheisnormallyclearedoutfrequently.
FortestingpurposestheMACaddresscanbeenteredmanually.TheresolutionissuewithMagicTestwill
notaffect 1EWakeUp as 1EWakeUp retrievestheMACaddressinformation directlyfromSMS/ConfigMgr.
6. Ifsendingthroughroutersorfirewalls,selectaportnumberthatyouknowwillworkforyou.Thiswill be
theportyournetworkadministratorhasenabledontherouterstoallowsubnetdirectedbroadcaststobe
forwarded.Thisisnotrequiredforlocalsubnets. Note: mostnetworkadministratorsprefernottoopenup
forwardingportsbecauseoftheriskof DoSattacksasdescribed above.
7. Iftestingsleep/standby,ensuretheWindowsNICconfigurationonthetargetsystemhasbeenenabledto
allowwakeup.
8. Shutdownthetargetsystem,orputtosleep/standby.
9. Onthesendersystem, useoneoftheSendbuttons,which should cause theremote system to restart.
TheReceiveFromTool
The ReceiveFromdiagnostictoollistensformagicpackets. Thistoolcanberunona target systemandlogall
magicpacketsthatarereceivedforthatsystem.
Whenyourunthistool,youwillseeacommandwindowopensimilartothe example below,which showshow
theutilityrespondstoeachtypeofMagicPacketsentbythe MagicTesttool.
2.6 WindowsPowerManagementSettings
Todeterminewhichdevicescanbemanaged; whichdevicesareenabled;and enablea deviceyoucanusethe
POWERCFGutilityavailableonWindowsXPandlater.
POWERCFG.EXE /DEVICEQUERY wake_programmable
POWERCFG.EXE /DEVICEQUERY wake_armed
POWERCFG.EXE /DEVICEENABLEWAKE "<Name>
WindowsNICPowerManagementtab
Toensurethatacomputerwakesup from
sleep/standby whenanetworkcardreceivesa
WakeonLANcommand,the Windows Power
Management settingsshould all beenabled on
thenetworkcardproperties.
Theseoptionsareonlyconfigurableifyou
enable Allowthecomputertoturnoffthis
devicetosavepower.
Theoption "Onlyallowmanagementstationsto
wakethecomputer" shouldbeenabledto
ensuretheNICwillonlywakethecomputer
whenintended.Leavingthisboxunchecked
configuresthesystemtowakeon bothMagic
Packetsandoperatingsystemdefined
programmablepatterns,whichbydefaultisjust
aboutany networkactivity asdiscussed below.
Thefollowingscriptwillenablethese NICPowerManagement options.
'See disclaimer on page 2
'Script to enable Power Management options for all NICs
On Error Resume next
Set objWMI = GetObject("WinMgmts://./root/WMI")
Set objCIMV2 = GetObject("WinMgmts://./root/CIMV2")
Set colDevices2 = objCIMV2.ExecQuery("SELECT * FROM Win32_NetworkAdapter where AdapterTypeId=0")
WScript.Echo "Enabling WOL for the following adapters:"
For Each objDevice2 In colDevices2
WScript.Echo right("000" & objDevice2.Index & " ",5) & objDevice2.MACAddress & " " & objDevice2.Name
strdevice2 = UCase(objDevice2.PNPDeviceID)
Set colDevices1 = objWMI.ExecQuery("SELECT * FROM MSPower_DeviceEnable")
strdevice1 = UCase(Left(objDevice1.InstanceName, Len(strdevice2)))
If StrComp(strdevice1, strdevice2)=0 Then
objDevice1.Enable = True 'True is bit3 off for PnPCapabilities
objDevice1.Put_
if Err.Number=0 Then WScript.Echo " Allow the computer to turn off this device=" _
& objDevice1.Enable
End If
Next
Set colDevices1 = objWMI.ExecQuery("SELECT * FROM MSPower_DeviceWakeEnable")
objDevice1.Enable = True 'True is bit4 off for PnPCapabilities
objDevice1.Put_
if Err.Number=0 Then WScript.Echo " Allow this device to wake the computer=" _
& objDevice1.Enable
End If
Next
Set colDevices1 = objWMI.ExecQuery("SELECT * FROM MSNdis_DeviceWakeOnMagicPacketOnly")
objDevice1.EnableWakeOnMagicPacketOnly = True 'True is bit8 on for PnPCapabilities
objDevice1.Put_
if Err.Number=0 Then WScript.Echo " Only allow management stations to wake the computer=" _
& objDevice1.EnableWakeOnMagicPacketOnly
End If
Next
Next 'bit5 on by default for PnPCapabilities
Windows NIC Configuration
Inadditiontothe above WindowsPower
Managementsettings,theremaybevendor
specificsettingsthatneedtobeconfigured.
WakeUpFrame meanssupportforthe
MicrosoftNDIS5specification wherea 3
rd
party applicationcanspecifya
programmable patterntomatch.Bydefault
thiswillincludeanynetworkactivitysuchas
ping,ARPrequestandmulticasttrafficeven
ifnotintendedforthetargetworkstation.
ThissettingisoverriddeniftheOnlyallow
management stationsto wakethe
computeroptionisenabled.
Themethodfor scripting theseoptions is
vendorspecific and generallyonly
manageableusing WMI ifthe vendorhas
WMIsoftware.
Itisalsopossible to modifyregistrysettings underthekey
HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}
Aswellasvendorspecificsettings,youcanalso control theWindowsNICPowerManagement optionsbysetting
the PnPCapabilities value. KB837058 providessomedetail. Bits3,4and8correspondtotheoptionsintheNIC
PowerManagementtabandscriptabove.
1Ecanassistwith these settings forvariousvendorsonanenterprisescaleandinanautomated
manner.Pleasecontactyour1Erepresentativeformoreinformation.
3 Dell
3.1 IntroductiontoDellTools
DellToolsandsolutions formanaging DellPrecisionworkstations,OptiPlexdesktops,andLatitudelaptops are
availablefordownloadat
http://www.dell.com/content/topics/global.aspx/sitelets/solutions/management/client_software
However,forsimple remoteBIOSconfiguration,DellrecommendusingSMS/ConfigMgr and DellOpenManage
ClientInstrumentation(OMCI). However,thisrequiresWMIscriptingwhichmaybepreventedifsecurity
lockdownsettingspreventsuchscriptsfromrunning.
Pros: ExposestheDellBIOStoWMIandthereforeenablesalmostanymodificationtobemadeby
runningVBscript.ItalsomeansSMShardware inventorycanthenreportuponBIOSsettingsby
extendingtheSMS_DEF.MOF
Cons: Requiresagentsoftwaretoberunontheclient
TheDell ClientConfigurationUtility(DCCU)canbeusedasanalternativetotheOMCIclienttocreatestand
aloneexecutablesthatcanoutputconfigurationsettings(GetValues)toanXMLfileand/orconfigure BIOS
settings(SetValues),includingenablingWOL.
Pros: Leavesnofootprintontheclient asit optionally deletesitselfafterrunning
Cons: AnexecutablefileneedstobecreatedforeveryactionyouwanttoperformagainsttheBIOS;
meaningheavier networkutilization,testingandrisk
The Inventory Tool for Dell Updates (ITDU) allows administrators to determine compliance and deploy the
necessary updates for Dell Servers, supporting BIOS versions (not BIOS settings), firmware, drivers, and Dell
applications.Updatesaredeployed using thesameSMS2003processutilisedbyITMU.
Dell Client Manager is a further Dell solution consisting of suite of integrated tools developed by Dell and
Symantec(previouslyAltiris)thatusesAltirisNotificationServer. DellClientManagerdiscoverssupported Dell
computers and installs the Dell OpenManage Client Instrumentation (OMCI), EnTech SoftOSD, and Dell Client
ManagerAgentsoftwaretothesecomputers.TheDellClientManagerAgentsoftwareworksasalinkbetween
the OMCI and EnTech software and the Altiris Agent. Dell Client Manager can also connect to a target Dell
computer directly through WMI and query OMCI for inventory and configuration information and display this
informationin theSymantec (Altiris) ManagementConsolesResourceManager,intheRealTimeview.
AnoverviewofthevariousDellClientManagementeditionscanbefoundat
http://www.dell.com/content/topics/global.aspx/sitelets/solutions/management/client_overview
3.2 DELLOpenManageClient Instrumentation
TheDELLOpenManageClientInstrumentation(OMCI) agentsoftware canbeinstalledonDELLclientsystemsto
exposeconfigurationdatafromtheBIOS,includingtheWOLstatus,throughWMI. ThelatestversionofOMCI
enablesDellclientsystemstobemanagedusingCIMandAlertStandardFormat(ASF)standards.
ADellwhitepaperisavailableat http://www.dell.com/downloads/global/solutions/omci_info.pdf. Thereare
variousscripts includedwithsomefurtherscriptsontheDell website;versionsofsomeareprovidedbelow.
3.2.1 Installing OMCI
OMCIv7.x canonlybeinstalledonDELLsystemswithSMBIOSversion2.3orabove.(BIOSupgradescanbe
performedusingtheDELLClientConfigurationUtilitydescribedlaterinthisdocument).
The download is anexecutable whichshouldbe run toextractSETUP.EXEto a specifiedlocation.Thefollowing
commandlinecan then beusedtoinstallsilently.
setup.exe /s /v"/qn REBOOT=ReallySuppress /l %windir%\temp\OMCI.log"
1ErecommendtestingthiswithdeliveryusingSMS/ConfigMgr asit may restarttheWMIserviceontheclient,
which may causetheSMS/ConfigMgr clientto reporta failed installation.
OMCIcreatesanewWMInamespaceroot/Dellomci
3.2.2 SomeannoyingOMCIhabits
ChassisIntrusionAlerts
A chassisintrusionalertoccurs when the computer systemunithasbeenopenedtoupgradeorfixhardwareat
anypointinitslife. Youcanmomentarilyseethealertduring Power On SelfTest (POST)butitisoftenmissed.
A warning isalsologged intheWindowseventlog.
When OMCI isinstalled,itwillpopupanalertmessageiftherehasbeenachassisintrusioneachtimetheOMCI
serviceisrestarteduntilthealerthasbeenacknowledged,andthe preferable waytodothisisbymanually
rebootingthecomputerintoBIOS setup,whichisnot practicalformostusers.
Thealert canonly beresetbygoingintoBIOSsetup,Security,IntrusionAlertandselectingAcknowledge. The
IntrusionAlertoptionisvisibleonlywhenthereisanalertthatneedstobeacknowledged. Engineersshould
betrainedtofollowthisprocedureeachtimetheyopenthesystemunit.
Thealertisnotcriticalanddoesnotcauseanyproblemsotherthanbeingannoying.TheOMCI messageisoften
mistakenas beingcaused by OMCI.WhenOMCIisdeployed,Helpdeskstaffshouldbetrainedtoreassureusers
thatnewsoftwarehasrecognisedtheuserscomputerhaspreviouslyhadahardwarefixandtheengineerhad
notresettheBIOS.
Itispossibletoturnoff chassisintrusionalerts using the script below butthatdisables akeyfeatureofOMCI.
YoumaynotwanttodothisifthisfeatureisareasonforusingOMCIandallyoureallywanttodois resetthe
original alert.
'Script to disable Dell Chassis Intrusion Detection. Requires Dell OMCI.
Option Explicit
On Error Resume Next
'*** Declare variables
Dim strNameSpace, strComputerName, strClassName, strKeyValue, strPropName, strPropValue
Dim objInstance
'*** Initialize variables
strNameSpace = "root/Dellomci"
strComputerName = "."
strClassName = "Dell_SMBIOSSettings"
strKeyValue = "0"
strPropName = "ChassisIntrusionStatus"
'*** Retrieve the instance of Dell_SMBIOSSettings class, there should be only one
Set objInstance = GetObject("WinMgmts:{impersonationLevel=impersonate}//" & _
strComputerName & "/" & strNameSpace & ":" & strClassName & "=" & _
Chr(34) & strKeyValue & Chr(34))
strPropValue = objInstance.Properties_.Item(strPropName).Value
'*** Clear the value of ChassisIntrusionStatus only if it = 3
' A value of 3 = "Detected"
' Setting this value to 5 (Clear) will cause the ChassisIntrusionStatus
' property to really be reset to 4 (Not Detected).
If strPropValue = 3 then
'*** Set the new value for the property and save the instance
objInstance.Properties_.Item(strPropName).Value = 5
objInstance.Put_
'*** If any errors occurred, let the user know
If Err.Number <> 0 Then
WScript.Echo "Clearing the chassis intrusion alert failed."
End If
End If
Set objInstance = Nothing
If Err.Number =424 Then WScript.Echo strNameSpace & " not registered."
WScript.Quit(Err.Number)
Dell also providesascriptthat turnsoff allmessagesand popups.Thisoptionshouldbeconsideredwithcare,
dependingonyourreasonsforinstallingOMCI.
DiskSpaceAlerts
IfuserscomplaintheyreceivepopupmessagessayingWarningeventnotification,diskfreespacehasdropped
belowtheminimalthreshold thenyoucantweaktheregistryvaluefor
[HKEY_LOCAL_MACHINE\SOFTWARE\DELL\OpenManage\Client\SysInfo\HDDThresholdValue]
ThisisaDWordvaluewhichcanbechangedto0toturnoff thethresholdchecks.
3.2.3 OMCIScripttoenable WOL
DELLOMCIcanalsouseWMIscriptingtoenableWOL.AVBScriptsampleisavailableintheDELLOMCIUser
GuidetoenableWOLonallNICs(i.e.settingtheWakeupOnLANattributeto6).Thisscript is reproduced below.
'Script to enable WOL on Dell computers. Requires Dell OMCI.
Option Explicit
On Error Resume Next
'*** Declare variables
Dim strNameSpace, strComputerName, strClassName, strKeyValue, strPropName, strPropValue
Dim objInstance
'*** Initialize variables
strNameSpace = "root/Dellomci"
strComputerName = "."
strClassName = "Dell_SMBIOSSettings"
strKeyValue = "0"
strPropName = "WakeupOnLan"
'*** Retrieve the instance of Dell_SMBIOSSettings class
Set objInstance = GetObject("WinMgmts:{impersonationLevel=impersonate}//" & _
strComputerName & "/" & strNameSpace & ":" & strClassName & "=" & _
Chr(34) & strKeyValue & Chr(34))
strPropValue = objInstance.Properties_.Item(strPropName).Value
'*** Set the value of WakeUpOnLan only if it is not already '6'
' A value of 6 = "Enable for all NICs"
If strPropValue <> 6 then
'*** Set the new value for the property and save the instance
objInstance.Properties_.Item(strPropName).Value = 6
objInstance.Put_
'*** If any errors occurred, let the user know
If Err.Number <> 0 Then
WScript.Echo "Enabling WakeUp On Lan failed."
End If
End If
Set objInstance = Nothing
If Err.Number =424 Then WScript.Echo strNameSpace & " not registered."
WScript.Quit(Err.Number)
3.2.4 ReportingWOLconfigurationinSMSHardwareInventory
OncetheOMCIclientsoftwarehasbeeninstalledonclients,theWOLpropertiescanbereportedthroughSMS
HardwareInventorybyaddingthefollowingReportingClassdefinitiontoSMS_DEF.MOF.
//==================================================================
// Define the DELL SMBIOSSettings reporting class
//==================================================================
[SMS_Report(TRUE),
SMS_Group_Name("Dell_SMBIOS_Settings"),
ResID(7500),ResDLL("dellwmi.dll"),
SMS_Class_ID("Dell|SMBIOSSettings|1.0"),
Namespace("root\\\\DellOMCI")]
class Dell_SMBIOSSettings : SMS_Class_Template
{
[SMS_Report(TRUE),Key] uint32 DellInstanceID;
[SMS_Report(TRUE)] sint32 WakeupOnLAN;
[SMS_Report(TRUE)] sint32 WakeupOnLANMethod;
};
AstheOMCIinstallationcreatesthedataclassesontheclient(intheDELLOMCInamespace),thereisnoneedto
doanythingfurtherontheclienttoenableSMStoreportthisdata.
TheWakeupOnLANattributewillhaveoneofthefollowingvalues.
Value Description
1 Other
2 Unsupported
3 Disabled
4 EnabledforaddinNIC
5 EnabledforonboardNIC
6 EnabledforallNICs
7 Enabledwithboot toNIC
8 LANorWLAN
9 WLANonly
TheWakeupOnLANMethodattributewillhaveoneofthefollowingvalues. Thisvalueisforreportingonlyandis
notmanageable.
Value Description
1 Other
2 Unsupported
3 MagicPacket
Theabovetablesmaybeusedin customwebreportstotranslatethevaluesreturnedintheinventory.
3.3 DELLClientConfigurationUtility(DCCU)
DCCUv3.0 was releasedin October2008. ThepreviousversionwasV1.2.1.
http://support.dell.com/support/downloads/download.aspx?releaseid=R200703&deviceid=19801&fileid=278576
ThisutilitycanbedownloadedfromtheDELLwebsiteandtheConsoleinstalledonanadministrators
workstation. Thehelpfilecontainsinstallationandusageinstructions. Onceinstalled,the Consoleisusedto
createastandaloneexecutable(calledapackage).Thisexecutablemustthenbe run ontheclient,forexample
using SMS/ConfigMgr. Whenrun,ittemporarily loadsa OMCIwhichmeansDCCUtheoreticallysupportsthe
sameWMIpropertiesasOMCI.
Thev3consoleissimilartothepreviousv1.2.1releaseexceptitplacesashortcut icononyourdesktopandin
thesystemtray;theuserinterfacehasbeenimproved.Theprincipleenhancementispackagesnowsupport
commandlineoptionsallowingforscriptinglogic;alsothepackagenolongerselfdeletes.
Theminimumrequirementsfor installingandusingtheDCCUv3.0are:
WindowsXPSP2orlaterwith.NETframework2.0installed
MicrosoftInternetExplorerVersion7.0orlater
Availablediskspace20MB
Memory64MB
3.3.1 Creatinga DCCU Settings Package
ToenabletheBIOSfunctionalityforWakeOnLANitisfirstnecessarytocreate an executable package usingthe
Console whichhastobeinstalled andrun onanadmin workstation. Thescreenshotbelowindicateshowto
configuretheWOLoption.
The CreateBIOSSettings Packagelinkisthenusedto create the executablethatcanbe deployedusing
SMS/ConfigMgrorothermethod.
Itis necessary forSMS/ConfigMgr todownload
thepackage intoitscacheandrunfromthere.If
using1EsNomadBranchwithSMS,thenitwill
downloadandrunfromitscache.
Duringexecution,anumberoftemporaryfiles
andfoldersarecreatedinthe samefolder as
wellastheTaskResultfiles.
Thismeansthepackagemustberunwith
administrativeaccess.
Av3settingspackagealsoprovidestheoptionto
shutdownorrestartthecomputerafterapplying
thesettings.However,withSMS/ConfigMgr
theseoptionsshouldnotbeusedandthe
SMS/ConfigMgrprogramoptionsshouldbeused
instead.
Bydefault,thev3settingspackage issavedas
SETTINGS.EXE,althoughthiscanberenamed
later.
Aspreviouslystated,itispossibletomanage
oneormoresettingsusingacommandline.The
syntaxis:
settings.exe -<property.name>:<value>
Forexample:
settings.exe -PWR.WakeupOnLAN:6
Detailsofproperty.nameoptionscanbefound
inthetemplateBIOSInventory.xmlfile.
3.3.2 CreatingaDCCUInventoryPackage
DCCUprovidestheabilitytocreateaninventorypackageto reportBIOS settings.BydefaulttheDCCUv3
inventorypackageissaved asINVENTORY.EXE,althoughthiscanberenamedlater. Thereportisproducedina
xmlfilewhichcanbe imported intotheconsole.ThereisnomethodofcentralisedreportingotherthanDell
ClientManager(Altiris).
Theinventorypackagereports all properties specified in thetemplateBIOSInventory.xmlfile. Althoughnot
recommended,thetemplate canbeeditedtoproducedifferentversionsoftheinventorypackage,however
pleaseensuretheSS.BIOSDate propertyisnotdeletedotherwisetheTaskResult.xmlfilewillnotimportintothe
Console.
Thefollowingrepresentpropertiesdisplayedunderthe SystemInformation sectionintheConsole when
importingtheresultsofaninventorypackage.
<property name="PWR.WakeupOnLANMethod" />
<property name="SS.BIOSDate" />
<property name="SS.BIOSVersion" />
<property name="SS.ServiceTag" />
<property name="SS.SystemDescription" />
<property name="SS.SystemVendor" />
<property name="SS.ProcessorType" />
<property name="SS.ProcessorSpeed" />
<property name="SS.SystemClass" />
<property name="SS.ExtensionTokens"/>
<property name="SS.NumberOfBootDevices"/>
<property name="Configuration.MaximumPasswordLength" />
<property name="Configuration.SMBIOSSupported" />
<property name="Configuration.SystemIDByte" />
<property name="Memory.Size" />
<property name="OperatingSystem.Caption" />
Thereareanumberofinventory properties thatarereported bythedefaulttemplateBIOSInventory.xmlfile,
butnotviewableinthecurrentversionoftheConsole,forexample all the DCCUspecificOMCAOperating
System properties. Thisisprobablybecausetheyarenoneditableandthereforecannotbeusedinasettings
package.
3.3.3 RunningaDCCUPackage
WhenaDCCUpackageisrunonaclient,itcreatesthefollowingresultfilesinthesamefolderastheexecutable:
TaskResult.xml
TaskResult.nse
Thisisdifferenttov1.2.1whichcreatedafilecalledDCCUResults.xmlplusafileappendedwith _FAILor
_SUCCESSdependingonthesuccessorfailureofrunningthepackage.The.nsefilecreatedbyv3isonlyusedby
theDellClientManager(Altiris).
Below showsthe contentsofthe TaskResults.xmlforasettingspackagethatsetstheWakeupOnLAN optionto6.
ResultvaluesarethesameasdescribedintheOMCIsection 3.2.4 above. Resultvaluesforotherpropertiescan
befoundintheschema.xmlfile.
<root>
<command name="Set">
<property name="PWR.WakeupOnLAN" value="6" errorcode="0x0"/>
</command>
<command name="Set">
</command>
<command name="biossettings">
<property name="task" value="Succeeded." errorcode="0x0"/>
</command>
</root>
The output ofaninventorypackage hasasimilarformat.BelowshowsthecontentsoftheTaskResults.xml that
queriestheWakeupOnLAN.TheTaskResults.xmlfilemaybeimportedintoDCCUConsoletoviewtheresultsor
asatemplateforcreatingasettingspackage,butonlyiftheSS.BIOSDatepropertyhasalsobeenqueried.
<root>
<command name="Inventory">
<property name="PWR.WakeupOnLAN" value="6" errorcode="0x0"/>
<property name="SS.BIOSDate" value="2007-11-01T00:00:00" errorcode="0x0"/>
</command>
<command name="inventory">
<property name="task" value="Succeeded." errorcode="0x0"/>
</command>
</root>
Ascriptwould needtobedevelopedtoconvertthedatafromxmlinto MIFfile format ontheclientsothat
SMS/ConfigMgrcan includethedata inHardwareInventory.OptionallycustomWMIclassescouldbecreated
but instead itwouldbepreferabletoinstallanduseOMCIasdescribedinsection 3.2 above.
4 Fujitsu
ThefollowingisanextractfromtheDeskView10UserManual,releasedAugust2007.
DeskViewissoftwarethatrunsunderAltirisNotificationServersoftware.UsingNotificationServer,you
canusesoftware delivery taskstoremotelyinstallsoftwareagentsonclientcomputers.Theseagentssend
inventorydataaboutclientcomputersbacktotheNotificationServer.Thisinventorydatacanbeviewedin
reportsandWebbasedconsoles.YoucanalsoinitiatecomputermanagementfunctionsfromNotification
Server.Youcanmanagecomputerssinglyoringroupsbyusingcollections.
DeskViewhasanaddoncomponent called DeskViewSMS,whichextendstheSMShardwareinventory.This
componentdependsonDeskViewClient.
4.1 DeskViewInstant BIOSManagement
Thisisa pairof free standaloneutilitiesthatcanbefoundbysearchingforDeskViewInstant BIOS
Management.ThedownloadpageontheFujitsuwebsitecontainsthefollowing information,andalistof
supportedFujitsucomputers.
BIOSSettings(BIOSSET.exe)
ChangeselectedBIOSsettings
SettheBIOSpassword
ChangetheBootorder
WithBiosSettingsyoucanchangetheBIOSSettingsofdifferentsystemswithonecommand.
BiosSettingsdoesnotsupport allFujitsu workstationsandnotebooks.Fordetailsofsupportedfunctionson
dedicatedsystempleaselookto http://www.fujitsu
siemens.com/solutions/it_infrastructure_solutions/manageability/featurefinder.html.
BIOSSet Version 6.22
Copyright (C) 2005-2008 Fujitsu Siemens Computers
DeskView BIOS Settings - Change BIOS Settings
BIOSSET /NEWPWD=[<password>] [/PWD=<password>] [/Q]
BIOSSET <setting>=<state> [/PWD=<password>] [/Q]
BIOSSET /DEFAULT [/PWD=<password>] [/Q]
BIOSSET /BOOTORDER=<nr><device>{,<nr><device>...} [/PWD=<password>] [/Q]
BIOSSet /E
<password> : BIOS Settings Password (Allowed characters are A-Z and 0-9).
<setting> : See allowed 'List of Settings' below.
<state> : ON (switch setting on) | OFF (switch setting off).
<nr> : Order inside the boot sequence (values from 1 to 5).
<device> : Device in Bootorder.
(F=Floppy, HDD=Harddisk, CD=CD-ROM,
LAN=Netzwerk, LEG=Legacy Device)
/NEWPWD : Change Password. <password> is the new Setup Password..
/PWD : Current Setup Password; Is needed, when a setup password is set.
/DEFAULT : Sets BIOS to default values (depending on Motherboard),
disables BOOTORDER command till next reboot.
/BOOTORDER : Sets the boot order, the abbreviation is /BO.
/Q : Quiet mode.
/E : Display possible values of ERRORLEVEL.
List of Settings (<setting>):
/DC : Activate/Deactivate DisketteController.
/USB : Activate/Deactivate USB Host Controller.
/RB : Activate/Deactivate Boot from remote (e.g. PXE, BOOTP).
/FW : Activate/Deactivate Flashing the BIOS.
/WOL : Activate/Deactivate Wake On LAN.
/AC : Activate/Deactivate Audio Controller.
/HT : Activate/Deactivate Hyperthreading.
/IR : Activate/Deactivate Infrared Port.
/BT : Activate/Deactivate Bluetooth.
/WLAN : Activate/Deactivate Wirelesslan.
The new settings will become active with the next reboot.
Examples:
BIOSSET /PWD=mypwd /NEWPWD= Clear password. Old password was "mypwd".
BIOSSET /WOL=ON /PWD=xy Activates Wake On LAN.
BIOSSET /DEFAULT /PWD=1234 Set BIOS Settings to default values.
BIOSSET /BOOTORDER=1F,2HDD,5LAN Floppy is first boot device, Harddisk second
device and LAN the 5th device.
DeskFlash(DSKFLASH.exe)
Thisutilityis ableto:
UpdatetheBIOS
UpdateBIOSsettings
ArchivetheBIOSandBIOSsettings
Updateinstalledprocessormicrocodepatches
AppropriateBiosUpdateFiles(BUP)canbe created from the FlashBIOSsectionofeachsystem
DskFlash.exe, Version 6.22
Copyright (C) 2005-2007 Fujitsu Siemens Computers
DeskFlash - Update System BIOS and Settings
DskFlash /UPD [/WD=<dir>] [/LF[=<log>]] [/S] [/W] [/O=<file>|<dospat> ]
[/NRB|/ARB|/FRB] [/OV]
DskFlash /AR [/WD=<dir>] [/LF[=<log>]] [/S] [/W] [/O=<file>|<pattern>]
[/OV]
DskFlash /NVU [/WD=<dir>] [/LF[=<log>]] [/S] [/W] [/O=<file>|<dospat> ]
[/NRB|/ARB|/FRB] [/AFU]
DskFlash /MCU [/WD=<dir>] [/LF[=<log>]] [/S] [/W] [/NRB|/ARB|/FRB]
DskFlash /?
DskFlash /E
/UPD : Update system BIOS, NVRAM settings and processor micro codes
/AR : Archive BIOS and NVRAM settings.
/NVU : Update NVRAM settings
/MCU : Update processor micro codes
/AFU : Allow DeskFlash to perform a full update to complete the
selected action.
/ARB : Allow DeskFlash to reboot the system if required.
/NRB : Do not allow DeskFlash to reboot the system.
/WD : Set the current working directory for loading and saving files
and for storing the logfile too.
/O : Name the object file or file pattern for loading and saving.
/S : Hide control dialog and display warning dialog.
/W : Hide warning dialog too.
/LF : Enable logfile output and name the logfile.
/FRB : Force DeskFlash to reboot the system after finishing the job.
/OV : Allow DeskFlash to overwrite a current BIOS or an existing file.
/E : Show errorcodes
/? : Show help
<dospat> : File specifier with wildcards, e.g. D1332*.bup
<file> : File name in the current working directory, e.g. D1332_00.bup
<log> : Name or path of the logfile.
<pattern> : Archive pattern with special placeholders
In <pattern> and <log> the following placeholders can be used
#system# = BIOS ID of the system, e.g. D1332 (only in <pattern>)
#name# = Network name of the system
#domain# = Network domain (NT only)
#date# = Current date
#time# = Current time in the format HHMMSS
#no# = Automatic created sequence number
Examples: DskFlash /UPD /WD="c:\my work folder" /LF /O=D1332*.BUP /FRB
DskFlash /AR /O="MyArch_#system#_#date#.bup" /S /W
DskFlash /MCU /S /W /FRB /LF=myMCU.log
The following parameter aliases are supported
/? /help, /h
/UPD /update
/NVU /nvramupdate
/WD /workingdirectory
/S /silent
/W /warningoff
/LF /logfile
/FRB /forcereboot
/ARB /allowreboot
/NRB /noreboot
/AFU /allowfullupdate
/OV /overwrite
5 HP
HPprovidesanumberoftoolsbasedon the HPClientManagementInterface(CMI) WMIagent. Theexception
isHPSystemSoftwareManager(SSM)whichincludesabundledutilitycalled BiosConfigUtility.exe that modifies
BIOSsettingsthroughatextbasedfileformat,whichcanbeusedindependently ofSSM. HPsays a future
versionofHPSSM will leverageHP CMI on 32bitand64bit platforms.
IfyoualreadyhaveSMS/ConfigMgrthen HPrecommendsusingHP SSM formanagingHPdriversand software
updates,althoughifyouonlywanttomanageBIOSsettingsthenitissimplertouseHPCMI orHPSSMs
BiosConfigUtility.
HPBIOSConfigurationforProtectTools version2.0utilizesHPCMI.
HPClientManager (HPCM) usesHP CMI. HPClientManager isbasedonAltirisNotificationServer6.0asan
alternativetoMicrosoftsSMS/ConfigMgr,andprovides theabilitytoobtainhardwareinventoryinformation,
monitorsystemhealthstatus,rundiagnostictests,remotelyinstalldriversandmanageBIOSsettings.
HPalsoprovides HPOpenViewPCConfigurationManagement,basedonRadia.
5.1 HP ClientManagementInterface (CMI)
ThisisaWMIagent that allowsreportingandscriptingusinganappropriatesystemsmanagement solutionsuch
asSMS/ConfigMgr,oritcanbeusedstandalone.
HPprovidea comprehensive whitepaper at http://www.hp.com/go/hpcmi
CMIisdownloadableasaHPSoftPaq andavailableattheabovelink.Itcreates a new WMInamespace called
root/HP/InstrumentedBIOS withseveralclasses.
ToinstallCMIsilently,expandthe SoftPaqandeditthesetup.inifileusingCmdLine=/s
Setupinstallsin%ProgramFiles%\HewlettPackard\HPClientManagementInterface
ThisfoldercontainsacopyofthewhitepaperandthreeWindowsScriptfiles(ChangeSetting,
ChangeSetupPasswordandEnumSettings).Thereareadditionalscriptslistedinthewhitepaper.
However,allthatisreallynecessaryistoextractandcopythetwo
executablestoasuitablelocationonthelocalcomputerandinstallusing:
hpqBIOS.exe /install
hpPwdCtl.exe /install
TheHPCMIPasswordControlutility,hpPwdCtlisdescribedinthewhitepaper.
hpqBIOSandhpPwdCtlareuninstalledusing/uninstall,andoptionally/silent.Thismeanstheagentcanbe
removedafteruseifnecessary.
Usage: ChangeSetting.wsf /setting:value /value:value [computers1 computers2...]
Options:
setting : A specific setting to modify. If a particular setting
contains spaces, be sure to enclose the entire argument in
quotation marks.
value : The new setting value. If a particular value contains
spaces, be sure to enclose the entire argument in quotation
marks.
computers : An optional list of computers to query specified by name
or IP address, otherwise the local system is used. The dot
nomenclature can also be used to include the local computer in
the computer list.
Forexample,toenable Wakeon LAN usethecommand:
ChangeSetting.wsf /setting:"S5 Wake on LAN" /value:Enable
Thewhitepaperprovides sufficientdetailabouttheclassestoenableyoutoextendtheSMS/ConfigMgr
inventorytoreportBIOSinformation,butnoexamples.
5.2 HPSSMBiosConfigUtility
HPSystemsSoftwareManager (SSM) canbedownloaded asaSoftPaq from http://www.hp.com/go/SSM,which
includestheBIOSconfigurationutility.IfyoualreadyhaveSMS/ConfigMgr installedandalsowishtomanageHP
driversandsoftwareupdates,thenitisrecommendedtoinstall anduse SSM.
BiosConfigUtility.exe isusedtocapturesettingsfromareferencemachine,anddeploytosimilartarget
machines.ItispossibletoeditthecapturefiletolimitthespecificvaluessuchasS5 WakeonLAN.
Hewlett-Packard BIOS Configuration Utiltiy
Copyright (c) 2005 - 2006, Hewlett-Packard Development Company L.P.
Usage:
BiosConfigUtility.EXE {options}
where the valid options are:
/GetConfig:"filename" - Gets the configuration data.
/SetConfig:"filename" - Modify the system BIOS configuration.
- Accepts only RESPET formatted files.
/Format:REPSET - Specifies the GETCONFIG output format.
- /FORMAT:REPSET is the default.
/? or /Help - Display this help message.
/cspwd:"pwd" or
/CurSetupPassword:"pwd" - Current BIOS Setup Password.
- Provide only if needed for /SETCONFIG
or if changing the password with
/NewSetupPassword
- Can specify multiple current passwords.
/nspwd:"pwd" or
/NewSetupPassword:"pwd" - New BIOS Setup Password.
- Used to modify the password.
- To remove the password use /NewSetupPassword:""
NOTE: BIOS passwords are converted from ASCII to English keyboard
scan codes. If a character does not map directly to a scan
code, the password is ignored.
Valid 'characters' are mapped to keyboard keys as follows:
` 1 2 3 4 5 6 7 8 9 0 - =
q w e r t y u i o p [ ] \ <KEYPAD 7> <KEYPAD 8> <KEYPAD 9> <KEYPAD *>
a s d f g h j k l ; ' <KEYPAD 4> <KEYPAD 5> <KEYPAD 6> <KEYPAD ->
z x c v b n m , . <KEYPAD 1> <KEYPAD 2> <KEYPAD 3> <KEYPAD +>
<SPACE BAR> <KEYPAD 0> <KEYPAD .>
Valid 'SHIFT+characters' are mapped to keyboard keys as follows:
~ ! @ # $ % ^ & * ( ) _ +
Q W E R T Y U I O P { } |
A S D F G H J K L ; '
Z X C V B N M <LT> <GT>
<SHIFT SPACE BAR>
ExampleBIOSsetscript
BiosConfigUtility.exe /SetConfig:"HP-DC7600.TXT" /cspwd:"P@ssw0rd"
ExampleBIOSsetfile toenableWakeonLANonaHPDC7600
English
Boot Order
Network Controller
Hard Drive
ATAPI CD-ROM Drive
USB device Disabled
Diskette Drive
Multibay Device (except hard drive)
PnP Device #2
PnP Device #3
PnP Device #4
PnP Device #5
PnP Device #6
PnP Device #7
PnP Device #8
PnP Device #9
PnP Device #10
PnP Device #11
Num Lock State at Power-On
*Off
On
S5 Wake on LAN
*Enable
Disable
5.3 HPSystemSoftwareManager(SSM)
ThelatestversionofHPSystemsSoftwareManagercanbedownloaded asaSoftPaq from
http://www.hp.com/go/SSM,whichincludestheBIOSconfigurationutility.Thedetailsbelowrefertoversion
2.00RevD (SoftPaq SP32605).
HPSSMleverages theInventoryToolforCustomUpdates(ITCU)andtheCustomUpdatePublishingTool(CUPT)
forSMS2003R2. HP provides aClientCatalogueforSMS2003R2whichcontainssoftwaredriverandpatch
informationfordesktops,notebooks,andworkstations.Thesedriversandpatchesarestoredina HPSSMFile
store andmanagedusingCUPTandITCU.
Thereadmefor SSMcontainsalistofsupportedHPcomputermodels.
FurtherdetailisfoundintheHPWhitePaperHPClientCatalogforSMSTechnicalWhitePaper
http://h20331.www2.hp.com/Hpsub/downloads/HP_Client_Catalog_for_SMS_Technical_Whitepaper_Rev3
NC.pdf
ConfigurationofHPSSMisnotcomplicated,andrequiresselectionofthesynchronizationandpreproduction
testclientsandthecreationofSSM packagesandprograms,allofwhicharesubjecttooperationalprocedures.
Thefollowingtwosectionsare [cut+paste] extractsfromHPClientCatalogforSMSTechnicalWhitePaper.
HowtodeployHPupdatesusingHPSSMwithMicrosoftSMS
SMS administratorsneedtomindfullydistributesoftwareupdatestoclientsbycreatingpackagesand
notifications.OnewaytomaximizethesoftwareupdateautomationprocessistouseHPSystemSoftware
Manager(SSM)combiningwithMicrosoftSMS.
HPSSMisa freeutilitythathelpsstreamlinethemassdeploymentofsystemsoftwareupdatestoclientPCs.
SSMreducesthecomplexityofsystemsoftwaremanagementbydeliveringthefollowingcapabilities:
Deployingsystemsoftwareupdates(fordriversandBIOS,for example)fromacentralizedfilestoreto
multipleclientPCssimultaneouslyandautomatically.
Deployingcustomercreatedupdatepackages.
EnforcingBIOSconfigurationsandpasswords.
Loggingthechangesmadetoeachcomputer.
HowtoCombineMicrosoftSMSandHPSSMfortheGreatestBenefit
DownloadHPSSMfrom http://www.hp.com/go/SSM
ConfigureanetworkfileshareasthefilestoreforSSM. (ForSIM,thiswillbetheSMSDistribution
Points.)
DeploySSMtoclients andconfigureSSMtorunonclientswiththeconfiguredfilestoreona
scheduledbasisusingSMS.
DownloadHPupdatesfromtheHPftpsitetotheSSMfilestore. (ForSIM,thepackagesourcewillbe
updatedmanually.)
LetSSMrunontheclientsandautomaticallyfigureoutwhatupdatestheclientneedandinstallthe
updatesneeded.
ImporttheHPClientCatalogforSMStoCUPTandpublishHPupdatesinthecatalogtoSMS.
ViewthecompliancyinSMSafterthecustomupdatescanprocessandhardwareinventorycyclerunon
clients.SinceyouletSSMinstallHPupdates,youdonotneedtodistributethesameupdatesusingSMSand
shouldnotdoso.YouonlytakeadvantageoftheSMScustomupdateprocesstoscanforcompliancyhere.
6 IBM&Lenovo
IBM workstationproductsarenowentirelybrandedLenovo.
Unfortunately,thereis verylimitedsupportand nosinglesolutionforremoteBIOSmanagementofLenovo
desktops and/ornotebooks.1ErecommendLenovousers to contacttheirvendorandrequestthedevelopment
of afree WindowsbasedutilitycapableofsupportingthefullrangeofLenovomodels.
IBMsrecommendationistouse IBMDirector and the RemoteDeploymentManager (RDM) extension,and
deploysagentssimilartoSMS/ConfigMgr.HoweverthisismustbepurchasedfromIBMandprovides many
moremanagementfeaturesforserversandworkstations,anddoesnotsupport BIOSconfigurationsforawide
rangeof models.
IBMalsoprovides the SystemInstallationToolKit whichmustbepurchasedfrom IBM,which includes LANClient
ControlManager(LCCM) for unattendedinstallationsofWin32operatingsystems.
RDMand LCCM include the SRCMOS utilitywhichmaybedownloadedseparatelyforfree.This manages some
BIOSsettings ona limited rangeof models,and is alsoknownastheBIOSSettingsCapture/PlaybackUtility.
Thisutilityshouldbeusedwithcareasitfairlyinflexibleandchangesallsettings.
IfyousearchforSRCMOSyouwillfindthe DOSbootfloppy version (alsosupportsUSBmemoryandCDRW)
which is therefore notautomatic, andof nouseforremotemanagement. Itisonlysuitableforatrained
engineertousetocopyconfigurationsfromonemachinetothesamemodels.
Thereisalesswidelyavailable Windowsversions ofSRCMOS forwhichthereislittleinformation,andappearsto
beavailableunderdifferentnames,andsometimescalled BiosSettingsWindows. If you searchforWindows
versionofSRCMOS youshouldfind Version1.04 thatwasreleasedinApril2008andsupportsthefollowing
ThinkPadmodels:
ThinkPadR60,R60e,R61,R61e,R61i
ThinkPadT60,T60p,T61,T61p
ThinkPadX60,X60s,X61,X61s
ThinkPadX60Tablet,X61 Tablet (SupportsVistaandXPTabletEdition2005only)
ThinkPadX300
ThinkPadZ61e,Z61m,Z61p,Z61t
ThinkPadReserveEdition
SomeThinkPadmodelsrequireadditionalhardwareinordertosupportWOL,asdescribedin Matrixthatlists
hardwarerequiredtoenableWOLforcertainThinkPads(ThinkPad380Z,390/E,560Z,600,770,1720).

BIOS Configuration Management

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

BIOS Configuration Management

Uploaded by

Copyright:

Available Formats

RemoteManagementofBIOSConfiguration

You might also like