Deploy BIOS settings to multiple computers before Windows

Just saw your reply after my second one immediately above had posted.  Out of curiosity, why are you disabling Secure Boot?  Unless you're still deploying Windows 7 on new systems even though it's got less than 18 months of support left at this stage, then you shouldn't need to do that.  Windows 8 (and WinPE 4.0) and newer support Secure Boot, so as long as you can network boot in UEFI mode, which requires enabling the "Enable UEFI Network Stack" option in the BIOS and then verifying that your PXE server supports UEFI, you should be good to go with Secure Boot.  I've personally seen cases where a Secure Boot validation failure notification was the behavior that alerted users to the fact that malware had compromised their system.  Had it not been for that, they would have kept on working with who knows what kind of rootkit running amok on their PC.  So it's worth figuring out how to keep enabled unless you know for certain that you can't.

You would create the bootable environment using something like SCCM or MDT.  Take a look at this article.

Are there anywhere with steps on how to do this? Is Windows PE a separate program? I have the Bios config file I created that I can run on a booted up windows PC. How do I get this Windows PE to run that?

Ok, well fyi the new Latitude xx90 models don't support Legacy booting from internal drives anymore, so you'll probably be forced to fix this sooner rather than later.  I would look into it for that reason alone even if the security benefits of running Secure Boot aren't enough incentive (though they should be).

To answer your earlier questions, Windows PE stands for "Windows Pre-installation environment".  It's basically a stripped down version of Windows that's used primarily for installing "real" Windows, but it has enough capability that it has also become the foundation for some third-party imaging/recovery tools as well.  The Windows Setup application on regular install media uses Windows PE and is easy to create, which is why I recommended it.  SCCM and MDT deployment environments also run on WinPE.  Finally, a generic Windows PE instance can be downloaded as part of the Windows ADK for people who have the knowledge and desire to customize that environment to their liking without all of the overhead of a full Windows Setup environment.  But if you've never done that, then that's probably more effort than it's worth.

In terms of steps, I assume you're asking about the part that I said was outside the scope of my post above since I provided the other steps?  If so, that can be done using the DISM command-line tool, which is built into Windows.  The full command-line reference for that is here, but if you're using Windows 10 install media as your baseline since it's easy, you would do this:

- Use DISM to mount the \Sources\Boot.wim file to a folder somewhere.  Mount Index #2 for Windows Setup.

- Add your Dell Command Configure folder to the mounted instance, including a batch file containing the CCTK.exe command you want to run.  I don't see a way in that article to run a generated file.  It may exist, but if not, just create the desired command and save it as a batch file (NOT a text file).  The path to the CCTK file in that command would now involve the X drive.

- Optionally customize the startnet.cmd file under the Windows\System32 folder if you want to configure an auto-run for this.  If so, I would add a "pause" line beforehand so that you get prompted to continue with customizing BIOS settings before moving forward and therefore have the option to cancel by just closing the Command Prompt window.  If you want to get more fancy you can add "Echo" lines to explain what that window is doing.  It seems I can't write the exact syntax without this forum erroring out when I try to post, but basically it would be cmd dot exe slash c pause.

- Use DISM to unmount the image with the /commit option.

Honestly I don't know, we're on Windows 10 now and it may be something left from when we were on 7. What I know is that if we use UEFI it PXE boots to SCCM and works but only once. Any subsequent attempts to PXE boot fail ad it somehow automatically removed Network PX boot from the boot order after that first image (not sure why) so we use Legacy and it keeps that order setting. I know when we try and PXE boot with secure boot enable it usually prevents it from working.

One additional tip in case it wasn't clear from the above.  There's no requirement that you use SCCM or MDT; that just automates these BIOS changes as part of (typically) a system image deployment.  If you don't have SCCM or MDT in your environment, you literally want to just be able to boot from a flash drive and run this command, AND you're ok doing this manually, then you can use any bog standard Windows PE bootable environment as a platform, including regular Windows Setup media, like this:

- Create regular Windows 10 install media.

- Create a new folder on that media containing the Dell Command Configure files.

- You may want to additionally create a text file inside that new folder that contains the actual command you want to run in order to set the desired BIOS settings, adapted from the Examples shown in the article I linked above.  (Note: A batch file would be even easier, but the problem there is that you can't always know what drive letter your flash drive will be assigned and therefore the correct path to the CCTK.exe file, so the batch file would break if you guessed the wrong drive letter.  The ideal workaround for this would be to incorporating the Dell Command Configure folder into the Boot.wim file on the Windows Setup media so that the folder is always available on the virtual X drive that gets created when Windows PE starts, and then you could even modify WinPE's startnet.cmd file so that this BIOS configuration command ran automatically when WinPE loads, optionally with a prompt beforehand to confirm execution, but that is all outside the scope of this post.)

- When you boot a PC from your Windows Setup media, press Shift+F10 to open Command Prompt.  Figure out which drive letter your flash drive was assigned, then go to the Dell Command Configure folder you created, and you can run the command "type MyCommand.txt" to display the contents of the text file you stored.  That will then allow you to highlight it, paste it into a new Command Prompt line, change the drive letter as necessary to point to CCTK.exe, and run it.

We have SCCM but to image these though SCCM them we need to set each one up to boot order, network first, enable PXE boot, disable secure boot etc. So we have to do all these things before we can image it with SCCM.If the person is in there setting all that they might as well set the password and do the rest. I'm looking for a before SCCM option like from a flash drive.

Hi,

Did you solve the PXE boot option problem - only once in bios?

Rukicc