/build/static/layout/Breadcrumb_cap_w.png

Set/change BIOS password

Hi,

I couldn't find any way to run a script in Kace1000 with local admin privileges, therefore i am asking you if it is possible.

Reason why i need it is to be able to run this as local admin, because running from the System account it doesn't work

PS script:


Install-PackageProvider -Name NuGet -MinimumVersion 2.8.5.201 -Force

Install-Module -Name DellBIOSProvider -RequiredVersion 2.3.0 -Force

Import-Module DellBiosProvider -Force


$isPass=Get-Item -Path DellSmbios:\Security\IsAdminPasswordSet | select CurrentValue

if($isPass."CurrentValue"="True"){

  Set-Item -Path DellSmbios:\Security\AdminPassword "OldPass" -Password "NewPass"

  }else {

    Set-Item -Path DellSmbios:\Security\AdminPassword "NewPass"

  }


Kace1000 script i tried:

Launch PowerShell from directory: $(KACE_SYS_DIR)\WindowsPowerShell\v1.0

with params: -executionpolicy remotesigned -File $(KACE_DEPENDENCY_DIR)\Script.ps1 -Verb RunAs



Thank you.

0 Comments   [ + ] Show comments

Answers (3)

Posted by: Hobbsy 3 years ago
Red Belt
0

In a script you can chose to run the script as another user, so you should be able to select the admin account there. You may need to create fresh credentials so that they can be used from the script.


Comments:
  • No, i cannot create credentials automatically. Like i said below and got two down-votes for no reason, i am not a full rights sysadmin. I just thought it is possible with what access i have. - Empousa 3 years ago
Posted by: Michelle.ashby 3 years ago
Purple Belt
0

I have had so many issues with running PowerShell scripts because of what I can only guess is the PowerShell used by Kace. I recently had to give up my simple script to remove people that weren't supposed to be admins off the device because despite this script working perfectly when run by a person, Kace could not recognize "Get-LocalGroupMember" I even tried to bypass and run using PowerShell from the sys directory and just could not do it. Ended up going a much less elegant route for others to run where they have to edit the script and put the name they are removing and for me, using my script outside Kace. 

I am not totally sure why this happens or what to request from Kace to fix it. My suggestion to see if you are coming up against a similar problem by checking the output log on the run now script:

tEEh+8jTWOwAAAABJRU5ErkJggg==


Unless this is where you are getting the information about the credentials? Just check the log. Like I said, this same script run perfectly locally.
If it is a limit of Kace and PowerShell within, you may want to look at manipulating the Bios in the way you need using Command | Configure. I have had good success with this and reporting on as well as changing BIOS boot order.


Comments:
  • Kace agent launch powershell in 32 bits environment.
    Put this code at the beginning of your script:

    if ($PSHOME -like "*syswow64*") {
    Write-Output 'Relaunching as x64'
    & (Join-Path ($PSHOME -replace 'syswow64', 'sysnative') powershell.exe) `
    -File $Script:MyInvocation.MyCommand.Path `
    @args
    Exit
    } - gwir 1 year ago
Posted by: Empousa 3 years ago
Senior White Belt
-3

I will never be able to do that with my lvl of access, but i already pushed it to those who can push the script via SSCM. Kace cannot run as local admin 


Comments:
  • this is plain wrong. You can run scripts as any user and if you choose a local admin it has local admin rights. - Nico_K 3 years ago
    • You say it's plain wrong as you know better what kind of access lvl i have. Funneh! - Empousa 3 years ago
 
This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ