Dell Command | PowerShell Provider BIOS Passwords feature

Dell Command | PowerShell Provider BIOS Passwords feature


The Unified Extensible Firmware Interface (UEFI) BIOS supports several kind of BIOS passwords that provide different levels of security to Dell computers. Admin (Setup) password and System (User) password are commonly used, and both have unique security purposes.

Admin Password

Admin password provides the security by locking all the BIOS features or settings so that these cannot be modified. User can boot and see BIOS settings but cannot modify unless the correct admin password is provided to the system.

After setting admin password, no BIOS settings can be modified except System password, HDD password, and Wireless Switch.

System password

System password provides the security by preventing user from booting the system. User will not be able to see the boot menu (F2/F12) unless the correct system password is provided to the system. Once password is provided to the system, the BIOS setup options can be modified. In case admin password is also set on the machine, provide admin password also to modify the BIOS settings.

Configuring BIOS passwords using Dell Command | PowerShell Provider (DCPP)

Dell Command | PowerShell Provider can be used to configure admin and system passwords. You can set, modify, and clear these passwords. You can also verify whether the password is set on the system or not. To know about installing and configuring Dell Command | PowerShell Provider module on your system, refer Download and Installation section in user guide. To download the user guide, click here.

Verifying Admin/System password

Using Dell Command | PowerShell Provider, you can verify whether Dell machine has admin or system password set or not. To verify, run the following commands:

  • Get-Item -Path DellSmbios:\Security\IsAdminPasswordSet
  • Get-Item -Path DellSmbios:\Security\IsSystemPasswordSet

Output of these two commands will be true or false based on whether particular password is set on machine or not.

screen-command
Figure 1: IsAdminPasswordSet

Setting Admin/System password

Admin and system password both requires minimum 4 and maximum 32 characters. To set the passwords, use the following commands.

  • Set-Item -Path DellSmbios:\Security\AdminPassword "$AdminPwd"
  • Set-Item -Path DellSmbios:\Security\SystemPassword "$SystemPwd"


screen-command
Figure 2: Path DellSmbios

Note - If the system has admin password set and you want to set system password, provide admin password using the following command:

Set-Item -Path DellSmbios:\Security\SystemPassword "$SystemPwd" -Password "$AdminPwd"

Modifying Admin/System password

To modify the password using DCPP, run the following commands:

  • Set-Item -Path DellSmbios:\Security\AdminPassword "$NewAdminPwd" -Password "$OldAdminPwd"
  • Set-Item -Path DellSmbios:\Security\SystemPassword "$NewSystemPwd" -Password "$OldSystemPwd"


screen-command
Figure 3: PS DellSmbios

Clearing Admin/System password

To modify the password using DCPP, run the following commands:

  • Set-Item -Path DellSmbios:\Security\AdminPassword "" -Password "$OldAdminPwd"
  • Set-Item -Path DellSmbios:\Security\SystemPassword "" -Password "$OldSystemPwd"


screen-command
Figure 4: Security AdminPassword

  • Admin password cannot be set if system/HDD password is already set on the system.
  • If system is in legacy boot mode, the admin password is required for all UEFI boot paths but if system is in UEFI boot mode, then admin password is not required for UEFI boot paths.
  • Clearing admin password also clears the system password.

Dependency on other BIOS features

Strong Password

Strong password applies rules on admin and system passwords. When strong password feature is enabled, admin password and system password require,

  • Minimum 8 characters
  • Must contain at least one upper case, and one lower case character

To enable or disable this setting using DCPP, run the following commands:

  • Set-Item -Path DellSmbios:\Security\StrongPassword "Enabled"
  • Set-Item -Path DellSmbios:\Security\StrongPassword "Disabled"


screen-command
Figure 5: StrongPassword

Password Bypass

This BIOS setting provides the facility to bypass the system password during system restart or resume from standby. If Password Bypass feature is disabled and system password is set, then system prompts for system password during every restart.

  • Disabled - If Password Bypass feature is disabled and system password is set, then system prompts for system password during every restart.
  • Reboot Bypass - System will not prompt for system password during system restart.
  • Resume Bypass - System will not prompt for system password during system resume from standby state.
  • Reboot and Resume Bypass - system will not prompt for system password during system restart, or system resume from standby state.

To modify this setting using DCPP, run the following commands:

  • Set-Item -Path DellSmbios:\Security\PasswordBypass "Disabled"
  • Set-Item -Path DellSmbios:\Security\PasswordBypass "Reboot Bypass"
  • Set-Item -Path DellSmbios:\Security\PasswordBypass "Resume Bypass"
  • Set-Item -Path DellSmbios:\Security\PasswordBypass "Reboot and Resume Bypass"


screen-command
Figure 6: PasswordBypass

Admin Setup Lockout

If the admin password is set on your machine, you can view the BIOS setup menu (F2/F12) in the locked mode. Admin password is required only if you want to modify the BIOS settings. Admin Setup Lockout feature provides more security to the system. If admin setup lockout is enabled and admin password is set, then you cannot view the BIOS setup menu (F2/F12) until you provide the correct admin password.

To enable or disable this setting using DCPP, run the following commands:

  • Set-Item -Path DellSmbios:\Security\AdminPasswordSetup "Enabled"
  • Set-Item -Path DellSmbios:\Security\ AdminPasswordSetup "Disabled"


screen-command
Figure 7: AdminSetupLockout




Article ID: SLN312150

Last Date Modified: 08/17/2018 10:14 AM


Rate this article

Accurate
Useful
Easy to understand
Was this article helpful?
Yes No
Send us feedback
Comments cannot contain these special characters: <>()\
Sorry, our feedback system is currently down. Please try again later.

Thank you for your feedback.