Set/change BIOS password
Hi,
I couldn't find any way to run a script in Kace1000 with local admin privileges, therefore i am asking you if it is possible.
Reason why i need it is to be able to run this as local admin, because running from the System account it doesn't work
PS script:
Install-PackageProvider -Name NuGet -MinimumVersion 2.8.5.201 -Force
Install-Module -Name DellBIOSProvider -RequiredVersion 2.3.0 -Force
Import-Module DellBiosProvider -Force
$isPass=Get-Item -Path DellSmbios:\Security\IsAdminPasswordSet | select CurrentValue
if($isPass."CurrentValue"="True"){
Set-Item -Path DellSmbios:\Security\AdminPassword "OldPass" -Password "NewPass"
}else {
Set-Item -Path DellSmbios:\Security\AdminPassword "NewPass"
}
Kace1000 script i tried:
Launch PowerShell from directory: $(KACE_SYS_DIR)\WindowsPowerShell\v1.0
with params: -executionpolicy remotesigned -File $(KACE_DEPENDENCY_DIR)\Script.ps1 -Verb RunAs
Thank you.
Answers (3)
In a script you can chose to run the script as another user, so you should be able to select the admin account there. You may need to create fresh credentials so that they can be used from the script.
Comments:
-
No, i cannot create credentials automatically. Like i said below and got two down-votes for no reason, i am not a full rights sysadmin. I just thought it is possible with what access i have. - Empousa 3 years ago
I have had so many issues with running PowerShell scripts because of what I can only guess is the PowerShell used by Kace. I recently had to give up my simple script to remove people that weren't supposed to be admins off the device because despite this script working perfectly when run by a person, Kace could not recognize "Get-LocalGroupMember" I even tried to bypass and run using PowerShell from the sys directory and just could not do it. Ended up going a much less elegant route for others to run where they have to edit the script and put the name they are removing and for me, using my script outside Kace.
I am not totally sure why this happens or what to request from Kace to fix it. My suggestion to see if you are coming up against a similar problem by checking the output log on the run now script:
Unless this is where you are getting the information about the credentials? Just check the log. Like I said, this same script run perfectly locally.
If it is a limit of Kace and PowerShell within, you may want to look at manipulating the Bios in the way you need using Command | Configure. I have had good success with this and reporting on as well as changing BIOS boot order.
Comments:
-
Kace agent launch powershell in 32 bits environment.
Put this code at the beginning of your script:
if ($PSHOME -like "*syswow64*") {
Write-Output 'Relaunching as x64'
& (Join-Path ($PSHOME -replace 'syswow64', 'sysnative') powershell.exe) `
-File $Script:MyInvocation.MyCommand.Path `
@args
Exit
} - gwir 1 year ago
I will never be able to do that with my lvl of access, but i already pushed it to those who can push the script via SSCM. Kace cannot run as local admin