Dell Command PowerShell Provider BIOS Passwords Feature

Affected Products:

• Dell Command | PowerShell Provider

The Unified Extensible Firmware Interface (UEFI) BIOS supports several kinds of BIOS passwords that provide different levels of security to Dell computers. Admin (Setup) password and System (User) password are commonly used, and both have unique security purposes.

Admin Password

The admin password provides security by locking all the BIOS features and settings. The user can boot and see the BIOS settings, but they cannot modify them unless the correct admin password is provided to the computer.

System password

The system password provides security by preventing the user from booting the computer. The user cannot see the boot menu (F2 or F12) unless the correct system password is provided. Once the password is provided to the computer, the BIOS setup options can be modified. In the case where the admin password is also set on the machine, the admin password must also be provided to modify the BIOS settings.

Configuring BIOS passwords using Dell Command | PowerShell Provider (DCPP)

Dell Command | PowerShell Provider can be used to configure the admin and system passwords. The User can set, modify, and clear these passwords. The User can also verify whether the password is set or not. To learn more about installing and configuring the Dell Command | PowerShell Provider module on your computer, reference the Download and Installation section in the user guide. To download the user guide, click Dell Command | Powershell Provider Documentation.

Verifying Admin/System password

The user can verify whether the Dell machine has the admin or system password set or not, using Dell Command | PowerShell Provider. To verify, run the following commands:

• Get-Item -Path DellSmbios:\Security\IsAdminPasswordSet
• Get-Item -Path DellSmbios:\Security\IsSystemPasswordSet

The output of these two commands is true or false based on whether each password is set on the machine or not.

Figure 1: (English Only) IsAdminPasswordSet

Setting Admin/System password

The admin and system password both require a minimum of 4 and a maximum of 32 characters. To set the passwords, use the following commands.

• Set-Item -Path DellSmbios:\Security\AdminPassword "$AdminPwd"
• Set-Item -Path DellSmbios:\Security\SystemPassword "$SystemPwd"

Figure 2: (English Only) AdminPassword

Modifying Admin/System password

To modify the admin or system passwords using DCPP, run the following commands:

• Set-Item -Path DellSmbios:\Security\AdminPassword "$NewAdminPwd" -Password "$OldAdminPwd"
• Set-Item -Path DellSmbios:\Security\SystemPassword "$NewSystemPwd" -Password "$OldSystemPwd"

Figure 3: (English Only) PS AdminPassword (changing password)

Clearing Admin/System password

To modify the password using DCPP, run the following commands:

• Set-Item -Path DellSmbios:\Security\AdminPassword "" -Password "$OldAdminPwd"
• Set-Item -Path DellSmbios:\Security\SystemPassword "" -Password "$OldSystemPwd"

Figure 4: (English Only) Security AdminPassword (clearing password)

Dependency on other BIOS features

Strong Password

Strong password applies rules on to the admin and system passwords. When the strong password feature is enabled, the admin password and system password require,

• Minimum of eight characters
• Must contain at least one uppercase, and one lowercase character.

To enable or disable this setting using DCPP, run the following commands:

• Set-Item -Path DellSmbios:\Security\StrongPassword "Enabled"
• Set-Item -Path DellSmbios:\Security\StrongPassword "Disabled"

Figure 5: (English Only) StrongPassword

Password Bypass

This BIOS setting provides the facility to bypass the system password during computer restart or resume from standby. If the Password Bypass feature is disabled and the system password is set, then the computer prompts for the system password during every restart, or the computer resumes from standby state.

• Disabled - If the Password Bypass feature is disabled and the system password is set, then computer prompts for the system password during every restart, or the computer resumes from standby state.
• Reboot Bypass - The computer does not prompt for the system password during a computer restart.
• Resume Bypass - The computer does not prompt for the system password during the computer resumes from standby state.
• Reboot and Resume Bypass - The computer does not prompt for the system password during a computer restart, or the computer resumes from standby state.

To modify these settings using DCPP, run the following commands:

• Set-Item -Path DellSmbios:\Security\PasswordBypass "Disabled"
• Set-Item -Path DellSmbios:\Security\PasswordBypass "Reboot Bypass"
• Set-Item -Path DellSmbios:\Security\PasswordBypass "Resume Bypass"
• Set-Item -Path DellSmbios:\Security\PasswordBypass "Reboot and Resume Bypass"

Figure 6: (English Only) PasswordBypass

Admin Setup Lockout

If the admin password is set on your machine, the user can view the BIOS setup menu (F2/F12) in the locked mode. The admin password is required only if the user wants to modify the BIOS settings. The Admin Setup Lockout feature provides more security to the computer. If the Admin Setup Lockout is enabled and the admin password is set, then the user cannot view the BIOS setup menu (F2/F12) until the user provides the correct admin password.

To enable or disable this setting using DCPP, run the following commands:

• Set-Item -Path DellSmbios:\Security\AdminSetupLockout "Enabled">
• Set-Item -Path DellSmbios:\Security\ AdminSetupLockout "Disabled">

Figure 7: (English Only) AdminSetupLockout

Recommended Articles

Here are some recommended articles related to this topic that might be of interest to you.

• Dell Command | PowerShell Provider
• Installing the Dell SMBIOS PowerShell Provider in Windows PE​
• Dell Command PowerShell Provider Advanced Battery Charge feature
• Dell Command PowerShell Provider Hard Drive Password feature
• Dell Command PowerShell Provider Peak Shift feature
• Dell Command PowerShell Provider Secure Password feature