Kaz

I must live in hell, not too long ago it was down to -30 C.

It's more of a workaround.... Insert bootable windows USB, press shift + F10 at Windows Setup to open cmd prompt. Then create a backup of windows accessibility, copy cmd exe and rename it to windows accessibility. Boot into windows normally, click accessibility which now opens cmd prompt, then enable admin account. Note, enabling admin does not work from the bootable cmd prompt, only from the native windows cmd prompt. After removing a user's password the admin account should be disabled and accessibility restored. Unless they remove the ability to reach command prompt with shift +F10 I don't see that going away anytime soon. I haven't tried it on windows 11, but I suspect it would work. Bitlocker or other drive encryption may complicate the task. I'm not sure how bitlocker works in regards to windows restoration attempts, since the media would have to be decrypted for windows to fix corrupted files. I've been avoiding bitlocker so I don't have experience with it.

I think it averaged around 40-45 fps, I don't know if you'd call it comfortable, but it was certainly playable.

Good. I know I'm in the minority here, but TPM is not good for the industry. I can understanding encrypting a drive and saving the key to a bios. I can understand using manufacture keys to prevent unsigned bios updates. What I can't fathom is why Microsoft has final say on what's "trusted" and should be able to run on a computer. If they are worried about booting outside OS systems that can compromise a system, they should lock down the boot loader and bios under a user password. Windows 10 passwords can be bypassed with a simple windows 10 bootable USB, the same USB you may NEED to restore a corrupt system or reinstall the OS. A rubber ducky can grab a lot of information without even logging into a system. If microsoft was worried about security, they could do a lot more to fix their systems than try to control the industry. TPM was always a power grab by microsoft, once people realize it doesn't actually provide security, they might move on to something else.

Not a bad looking system. You should see the RGB setup on my system... It's got this crazy flat panel, that has; pixels, they can be any color, and even go together to show a picture! Yep, that's what I wanna look at. My case? Oh, that's dark, only 1 red light that shows if the system is on. Wouldn't want to distract from those awesome panels. When I built my friends system, I remember doing a fair bit of work to hide the RGB wires for 6 different fans. Maybe I need to start making tempered glass systems with non-modular power supplies where I just run the wires everywhere and show off my spaghetti. I'm convinced wire chaos is a real thing. When wires look at each other, they instantly become tangled. Embrace the madness....

5700x processor is sitting in a good position for budget builds right now. There is definitely a market for building computers and selling them, especially the slightly older stock that still runs well, used or otherwise. I find it interesting that a lot of people are willing to pay for the 'slightly better' stuff because they aren't hurting for money and want to feel good about their purchase. Even though they won't benefit from the increased performance. I'm probably guilty of that too, but I keep stuff for a long time, so my spending is TOTALLY justified. A long time ago I was looking at starting a business building computers. One guy in the industry told me, if you can make money off anything else, do that instead. The hardware industry is so cutthroat that it's hard to make any money. He told me he'd seen online stores selling stuff cheaper than it cost to get, because they were turning around and selling user data to make up the difference. Things may have changed a lot in the 30 years since then, now we generally have fewer hardware resellers in the business. I think if you can build to order, it's still a good business, but if your sitting on stock when manufactures slash their prices, it's hard to get rid of inventory. If Artesian Builds showed anything, it's that there are a lot of people willing to order a PC and wait for it to be built. If Gamer's Nexus prebuilt reviews show anything, it's that there's a lot of crap on the market that isn't well built. I must be getting old, I don't like building computers anymore. I miss the days of my metal side panels, non-RGB systems where wires could run anywhere. The PSU shroud on my Meshify 2 case caused a fair bit of headache trying to run the 3x PCIE cables to my GPU. In part, because the ASrock Steel Legend includes a GPU support bracket, and those power cable holes came out right underneath the support bracket. The PCIE connectors barely squeaked through, and only at the perfect angle with 4 pins split apart from the others. That issue alone easily added 30 minutes to an hour to my build. I regret the meshify 2. I prefer cheap cases that don't engineer solutions to non-existent problems. P.S. RGB is a plague

I got a better appreciation for FSR 2.0 in Cyberpunk trying to run it on my old GTX 970 @ 1440p. The game was borderline unplayable without it, with FSR 2.0, it was playable. With my current system, I'd rather run native, I don't need the performance boost. I can't help but laugh about DLSS 3.0. What's the point of offering upscaling on only the newest hardware? It shouldn't need it. It's the old hardware that would benefit from it. I always hope that open source beats closed source. I'm glad it did with monitors, freesync compatible is the standard, it's rare to see monitors that actually include the Nvidia module for g-sync, now they all claim "g-sync compatible", which isn't what g-sync was. Traditionally, whoever releases first claims proprietary tech, and whoever comes along after says it's open source. I wonder if that standard will hold true now that Intel has entered the market. 2nd place may not offer open source. There's also a Chinese company trying to enter the market. I really hope foreign nation competition doesn't stifle open source.

I could have sworn there are laws against bait and switch. Nvidia marketing heavily influenced my decision to go with the 7900xtx. They lied about their GTX 970 too...

I didn't finish reading the entire pdf, but I especially like how they talk about how snooping can cause relationship problems and suggest that spyware is better... I wouldn't be upset at someone looking through my phone, but I sure as hell would be if they installed spyware. I think it's worth noting that the developers didn't hack phones to install their software. Users did it for them. In cybersecurity it's pretty much a given, if they have physical access to the device, they can bypass security. I know a guy who used to pass out drunk. His wife used his fingerprints to unlock his phone, then programmed one of hers to be accepted. He was cheating on her, and she used his phone to impersonate him and talk a lot of crap to the other women. I don't see what "notifying users" will accomplish. Nothing stops the user who installs it from clicking past notifications. They would have to be reoccurring notifications but it doesn't look like the ruling took that into account. If anything this judgement was way to light. They should have seized servers and contacted the phone of compromised victims and ask if they wanted to press charges. There's a conspiracy between the provider and user for sure, and it's likely the money trail isn't too hard to follow. Aaron's law never passed, why do these guys get off so easily? Maybe because it mirrors what the U.S. government already does....

I think chasing script policy is a red herring, (especially since the script doesn't work), the clear solution is to access the bios. Whatever is preventing that needs to be figured out. This video is a bit old, but it might help. The little pinhole they press gives options to reach the bios.

Hmm, bad news. We are running into the same problem the GUI program had. WMI, is the interface that they are using to communicate, which seems to support thinkpads, but not so much Ideapads... This is a bit beyond my knowledge, if you can find something that supports your device, I may be able to help. I am curious why the shift + restart option doesn't let you boot into the UEFI. Taken from https://learn.microsoft.com/en-us/windows-hardware/design/device-experiences/oem-secure-boot Possibly forcing a failure could cause it to go into recovery mode. There's a lot of "OEM-Specific" mentions, which always makes me skittish, I don't trust OEM's to consistently have a solution.

That first command is supposed to connect, give it a try. You probably need to copy/paste all his files to use these commands.

That last message looks promising. It says it's running the file, but that the file needs more instructions. Check my 2nd post for some suggested command lines. You can read the file to see exactly what commands are available/suggested.

Given that your machine is actively trying not to revert bios, you might have more luck disabling secure boot in bios: Disabling Secure Boot | Microsoft Learn LEARN.MICROSOFT.COM Disabling Secure Boot The bigger question may be, why are you unable to enter bios?

Open Notepad, paste the following, then choose save as, select any file extension, and name it Manage-LenovoBiosSettings.ps1 This is just one example, if you are using more than the Manage-LenovoBiosSettings, you will need to copy/create each file accordingly. This is just a copy of what their file had in it. <# .DESCRIPTION Automatically configure Lenovo BIOS settings .PARAMETER GetSettings Instruct the script to get a list of current BIOS settings .PARAMETER SetSettings Instruct the script to set BIOS settings .PARAMETER CsvPath The path to the CSV file to be imported or exported .PARAMETER SupervisorPassword The current supervisor password .PARAMETER SystemManagementPassword The current system management password .PARAMETER SetDefaults Instructs the script to set all BIOS settings to default values .PARAMETER LogFile Specify the name of the log file along with the full path where it will be stored. The file must have a .log extension. During a task sequence the path will always be set to _SMSTSLogPath .EXAMPLE #Set BIOS settings supplied in the script when no password is set Manage-LenovoBiosSettings.ps1 -SetSettings #Set BIOS settings supplied in the script when the supervisor password is set Manage-LenovoBiosSettings.ps1 -SetSettings -SupervisorPassword ExamplePassword #Set BIOS settings supplied in the script when the system management password is set Manage-LenovoBiosSettings.ps1 -SetSettings -SystemManagementPassword ExamplePassword #Set BIOS settings supplied in a CSV file Manage-LenovoBiosSettings.ps1 -SetSettings -CsvPath C:\Temp\Settings.csv -SupervisorPassword ExamplePassword #Output a list of current BIOS settings to the screen Manage-LenovoBiosSettings.ps1 -GetSettings #Output a list of current BIOS settings to a CSV file Manage-LenovoBiosSettings.ps1 -GetSettings -CsvPath C:\Temp\Settings.csv #Set all BIOS settings to factory default values when the supervisor password is set Manage-LenovoBiosSettings.ps1 -SetDefaults -SupervisorPassword ExamplePassword .NOTES Created by: Jon Anderson (@ConfigJon) Reference: https://www.configjon.com/lenovo-bios-settings-management/ Modified: 2020-10-18 .CHANGELOG 2019-11-04 - Added additional logging. Changed the default log path to $ENV:ProgramData\BiosScripts\Lenovo. 2020-02-10 - Fixed a bug where the script would ignore the supplied Supervisior Password when attempting to change settings. 2020-02-21 - Added the ability to get a list of current BIOS settings on a system via the GetSettings parameter Added the ability to read settings from or write settings to a csv file with the CsvPath parameter Added the SetSettings parameter to indicate that the script should attempt to set settings Changed the $Settings array in the script to be comma seperated instead of semi-colon seperated Updated formatting 2020-09-16 - Added a LogFile parameter. Changed the default log path in full Windows to $ENV:ProgramData\ConfigJonScripts\Lenovo. Consolidated duplicate code into new functions (Stop-Script, Get-WmiData). Made a number of minor formatting and syntax changes Updated the save BIOS settings section with better logic to work when a password is set. Added support for for using the system management password 2020-10-18 - Added the SetDefaults parameter. This allows for setting all BIOS settings to default values. #> #Parameters =================================================================================================================== param( [Parameter(Mandatory=$false)][Switch]$GetSettings, [Parameter(Mandatory=$false)][Switch]$SetSettings, [Parameter(Mandatory=$false)][Switch]$SetDefaults, [Parameter(Mandatory=$false)][ValidateNotNullOrEmpty()][String]$SupervisorPassword, [Parameter(Mandatory=$false)][ValidateNotNullOrEmpty()][String]$SystemManagementPassword, [ValidateScript({ if($_ -notmatch "(\.csv)") { throw "The specified file must be a .csv file" } return $true })] [System.IO.FileInfo]$CsvPath, [Parameter(Mandatory=$false)][ValidateScript({ if($_ -notmatch "(\.log)") { throw "The file specified in the LogFile paramter must be a .log file" } return $true })] [System.IO.FileInfo]$LogFile = "$ENV:ProgramData\ConfigJonScripts\Lenovo\Manage-LenovoBiosSettings.log" ) #List of settings to be configured ============================================================================================ #============================================================================================================================== $Settings = ( "PXE IPV4 Network Stack,Enabled", "IPv4NetworkStack,Enable", "PXE IPV6 Network Stack,Enabled", "IPv6NetworkStack,Enable", "Intel(R) Virtualization Technology,Enabled", "VirtualizationTechnology,Enable", "VT-d,Enabled", "VTdFeature,Enable", "Enhanced Power Saving Mode,Disabled", "Wake on LAN,Primary", "Require Admin. Pass. For F12 Boot,Yes", "Physical Presence for Provisioning,Disabled", "PhysicalPresenceForTpmProvision,Disable", "Physical Presnce for Clear,Disabled", "PhysicalPresenceForTpmClear,Disable", "Boot Up Num-Lock Status,Off" ) #============================================================================================================================== #============================================================================================================================== #Functions ==================================================================================================================== Function Get-TaskSequenceStatus { #Determine if a task sequence is currently running try { $TSEnv = New-Object -ComObject Microsoft.SMS.TSEnvironment } catch{} if($NULL -eq $TSEnv) { return $False } else { try { $SMSTSType = $TSEnv.Value("_SMSTSType") } catch{} if($NULL -eq $SMSTSType) { return $False } else { return $True } } } Function Stop-Script { #Write an error to the log file and terminate the script param( [Parameter(Mandatory=$true)][ValidateNotNullOrEmpty()][String]$ErrorMessage, [Parameter(Mandatory=$false)][ValidateNotNullOrEmpty()][String]$Exception ) Write-LogEntry -Value $ErrorMessage -Severity 3 if($Exception) { Write-LogEntry -Value "Exception Message: $Exception" -Severity 3 } throw $ErrorMessage } Function Get-WmiData { #Gets WMI data using either the WMI or CIM cmdlets and stores the data in a variable param( [Parameter(Mandatory=$true)][ValidateNotNullOrEmpty()][String]$Namespace, [Parameter(Mandatory=$true)][ValidateNotNullOrEmpty()][String]$ClassName, [Parameter(Mandatory=$true)][ValidateSet('CIM','WMI')]$CmdletType, [Parameter(Mandatory=$false)][ValidateNotNullOrEmpty()][String[]]$Select ) try { if($CmdletType -eq "CIM") { if($Select) { Write-LogEntry -Value "Get the $Classname WMI class from the $Namespace namespace and select properties: $Select" -Severity 1 $Query = Get-CimInstance -Namespace $Namespace -ClassName $ClassName -ErrorAction Stop | Select-Object $Select -ErrorAction Stop } else { Write-LogEntry -Value "Get the $ClassName WMI class from the $Namespace namespace" -Severity 1 $Query = Get-CimInstance -Namespace $Namespace -ClassName $ClassName -ErrorAction Stop } } elseif($CmdletType -eq "WMI") { if($Select) { Write-LogEntry -Value "Get the $Classname WMI class from the $Namespace namespace and select properties: $Select" -Severity 1 $Query = Get-WmiObject -Namespace $Namespace -Class $ClassName -ErrorAction Stop | Select-Object $Select -ErrorAction Stop } else { Write-LogEntry -Value "Get the $ClassName WMI class from the $Namespace namespace" -Severity 1 $Query = Get-WmiObject -Namespace $Namespace -Class $ClassName -ErrorAction Stop } } } catch { if($Select) { Stop-Script -ErrorMessage "An error occurred while attempting to get the $Select properties from the $Classname WMI class in the $Namespace namespace" -Exception $PSItem.Exception.Message } else { Stop-Script -ErrorMessage "An error occurred while connecting to the $Classname WMI class in the $Namespace namespace" -Exception $PSItem.Exception.Message } } Write-LogEntry -Value "Successfully connected to the $ClassName WMI class" -Severity 1 return $Query } Function Set-LenovoBiosSetting { #Set a specific Lenovo BIOS setting param( [Parameter(Mandatory=$false)][ValidateNotNullOrEmpty()][String]$Name, [Parameter(Mandatory=$false)][ValidateNotNullOrEmpty()][String]$Value, [Parameter(Mandatory=$false)][ValidateNotNullOrEmpty()][String]$Password, [Parameter(Mandatory=$false)][Switch]$Defaults ) if($Defaults) { if(!([String]::IsNullOrEmpty($Password))) { $SettingResult = ($DefaultSettings.LoadDefaultSettings("$Password,ascii,us")).Return } else { $SettingResult = ($DefaultSettings.LoadDefaultSettings()).Return } if($SettingResult -eq "Success") { Write-LogEntry -Value "Successfully loaded default BIOS settings" -Severity 1 $Script:DefaultSet = $True } else { Write-LogEntry -Value "Failed to load default BIOS settings. Return code: $SettingResult" -Severity 3 $Script:DefaultSet = $False } } else { #Ensure the specified setting exists and get the possible values $CurrentSetting = $SettingList | Where-Object CurrentSetting -Like "$Name*" | Select-Object -ExpandProperty CurrentSetting if($NULL -ne $CurrentSetting) { #Check how the CurrentSetting data is formatted, then split the setting and current value if($CurrentSetting -match ';') { $FormattedSetting = $CurrentSetting.Substring(0, $CurrentSetting.IndexOf(';')) $CurrentSettingSplit = $FormattedSetting.Split(',') } else { $CurrentSettingSplit = $CurrentSetting.Split(',') } #Setting is already set to specified value if($CurrentSettingSplit[1] -eq $Value) { Write-LogEntry -Value "Setting ""$Name"" is already set to ""$Value""" -Severity 1 $Script:AlreadySet++ } #Setting is not set to specified value else { if(!([String]::IsNullOrEmpty($Password))) { $SettingResult = ($Interface.SetBIOSSetting("$Name,$Value,$Password,ascii,us")).Return } else { $SettingResult = ($Interface.SetBIOSSetting("$Name,$Value")).Return } if($SettingResult -eq "Success") { Write-LogEntry -Value "Successfully set ""$Name"" to ""$Value""" -Severity 1 $Script:SuccessSet++ } else { Write-LogEntry -Value "Failed to set ""$Name"" to ""$Value"". Return code: $SettingResult" -Severity 3 $Script:FailSet++ } } } #Setting not found else { Write-LogEntry -Value "Setting ""$Name"" not found" -Severity 2 $Script:NotFound++ } } } Function Write-LogEntry { #Write data to a CMTrace compatible log file. (Credit to SCConfigMgr - https://www.scconfigmgr.com/) param( [parameter(Mandatory = $true, HelpMessage = "Value added to the log file.")] [ValidateNotNullOrEmpty()] [string]$Value, [parameter(Mandatory = $true, HelpMessage = "Severity for the log entry. 1 for Informational, 2 for Warning and 3 for Error.")] [ValidateNotNullOrEmpty()] [ValidateSet("1", "2", "3")] [string]$Severity, [parameter(Mandatory = $false, HelpMessage = "Name of the log file that the entry will written to.")] [ValidateNotNullOrEmpty()] [string]$FileName = ($script:LogFile | Split-Path -Leaf) ) #Determine log file location $LogFilePath = Join-Path -Path $LogsDirectory -ChildPath $FileName #Construct time stamp for log entry if(-not(Test-Path -Path 'variable:global:TimezoneBias')) { [string]$global:TimezoneBias = [System.TimeZoneInfo]::Local.GetUtcOffset((Get-Date)).TotalMinutes if($TimezoneBias -match "^-") { $TimezoneBias = $TimezoneBias.Replace('-', '+') } else { $TimezoneBias = '-' + $TimezoneBias } } $Time = -join @((Get-Date -Format "HH:mm:ss.fff"), $TimezoneBias) #Construct date for log entry $Date = (Get-Date -Format "MM-dd-yyyy") #Construct context for log entry $Context = $([System.Security.Principal.WindowsIdentity]::GetCurrent().Name) #Construct final log entry $LogText = "<![LOG[$($Value)]LOG]!><time=""$($Time)"" date=""$($Date)"" component=""Manage-LenovoBiosSettings"" context=""$($Context)"" type=""$($Severity)"" thread=""$($PID)"" file="""">" #Add value to log file try { Out-File -InputObject $LogText -Append -NoClobber -Encoding Default -FilePath $LogFilePath -ErrorAction Stop } catch [System.Exception] { Write-Warning -Message "Unable to append log entry to $FileName file. Error message at line $($_.InvocationInfo.ScriptLineNumber): $($_.Exception.Message)" } } #Main program ================================================================================================================= #Configure Logging and task sequence variables if(Get-TaskSequenceStatus) { $TSEnv = New-Object -COMObject Microsoft.SMS.TSEnvironment $LogsDirectory = $TSEnv.Value("_SMSTSLogPath") } else { $LogsDirectory = ($LogFile | Split-Path) if([string]::IsNullOrEmpty($LogsDirectory)) { $LogsDirectory = $PSScriptRoot } else { if(!(Test-Path -PathType Container $LogsDirectory)) { try { New-Item -Path $LogsDirectory -ItemType "Directory" -Force -ErrorAction Stop | Out-Null } catch { throw "Failed to create the log file directory: $LogsDirectory. Exception Message: $($PSItem.Exception.Message)" } } } } Write-Output "Log path set to $LogFile" Write-LogEntry -Value "START - Lenovo BIOS settings management script" -Severity 1 #Parameter validation Write-LogEntry -Value "Begin parameter validation" -Severity 1 if($GetSettings -and ($SetSettings -or $SetDefaults)) { Stop-Script -ErrorMessage "Cannot specify the GetSettings and SetSettings or SetDefaults parameters at the same time" } if(!($GetSettings -or $SetSettings -or $SetDefaults)) { Stop-Script -ErrorMessage "One of the GetSettings or SetSettings or SetDefaults parameters must be specified when running this script" } if($SetSettings -and !($Settings -or $CsvPath)) { Stop-Script -ErrorMessage "Settings must be specified using either the Settings variable in the script or the CsvPath parameter" } if($SetSettings -and $SetDefaults) { $ErrorMsg = "Both the SetSettings and SetDefaults parameters have been used. The SetDefaults parameter will override any other settings" Write-LogEntry -Value $ErrorMsg -Severity 2 } if(($SetDefaults -and $CsvPath) -and !($SetSettings)) { $ErrorMsg = "The CsvPath parameter has been specified without the SetSettings paramter. The CSV file will be ignored" Write-LogEntry -Value $ErrorMsg -Severity 2 } Write-LogEntry -Value "Parameter validation completed" -Severity 1 #Connect to the Lenovo_BiosSetting WMI class $SettingList = Get-WmiData -Namespace root\wmi -ClassName Lenovo_BiosSetting -CmdletType WMI #Connect to the Lenovo_SetBiosSetting WMI class $Interface = Get-WmiData -Namespace root\wmi -ClassName Lenovo_SetBiosSetting -CmdletType WMI #Connect to the Lenovo_SaveBiosSettings WMI class $SaveSettings = Get-WmiData -Namespace root\wmi -ClassName Lenovo_SaveBiosSettings -CmdletType WMI #Connect to the Lenovo_BiosPasswordSettings WMI class $PasswordSettings = Get-WmiData -Namespace root\wmi -ClassName Lenovo_BiosPasswordSettings -CmdletType WMI #Connect to the Lenovo_SetBiosPassword WMI class $PasswordSet = Get-WmiData -Namespace root\wmi -ClassName Lenovo_SetBiosPassword -CmdletType WMI #Connect to the Lenovo_SetBiosPassword WMI class if($SetDefaults) { $DefaultSettings = Get-WmiData -Namespace root\wmi -ClassName Lenovo_LoadDefaultSettings -CmdletType WMI } #Set counters to 0 if($SetSettings -or $SetDefaults) { $AlreadySet = 0 $SuccessSet = 0 $FailSet = 0 $NotFound = 0 $DefaultSet = $Null } #Get the current password state Write-LogEntry -Value "Get the current password state" -Severity 1 switch($PasswordSettings.PasswordState) { {$_ -eq 0} { Write-LogEntry -Value "No passwords are currently set" -Severity 1 } {($_ -eq 2) -or ($_ -eq 3) -or ($_ -eq 6) -or ($_ -eq 7) -or ($_ -eq 66) -or ($_ -eq 67) -or ($_ -eq 70) -or ($_-eq 71)} { $SvpSet = $true Write-LogEntry -Value "The supervisor password is set" -Severity 1 } {($_ -eq 64) -or ($_ -eq 65) -or ($_ -eq 66) -or ($_ -eq 67) -or ($_ -eq 68) -or ($_ -eq 69) -or ($_ -eq 70) -or ($_-eq 71)} { $SmpSet = $true Write-LogEntry -Value "The system management password is set" -Severity 1 } default { Stop-Script -ErrorMessage "Unable to determine the current password state from value: $($PasswordSettings.PasswordState)" } } #Ensure passwords are set correctly if($SetSettings -or $SetDefaults) { if($SvpSet) { Write-LogEntry -Value "Ensure the supplied supervisor password is correct" -Severity 1 #Supervisor password set but parameter not specified if([String]::IsNullOrEmpty($SupervisorPassword)) { Stop-Script -ErrorMessage "The supervisor password is set, but no password was supplied. Use the SupervisorPassword parameter when a password is set" } #Supervisor password set correctly if($PasswordSet.SetBiosPassword("pap,$SupervisorPassword,$SupervisorPassword,ascii,us").Return -eq "Success") { Write-LogEntry -Value "The specified supervisor password matches the currently set password" -Severity 1 } #Supervisor password not set correctly else { Stop-Script -ErrorMessage "The specified supervisor password does not match the currently set password" } } elseif($SmpSet -and !$SvpSet) { Write-LogEntry -Value "Ensure the supplied system management password is correct" -Severity 1 #System management password set but parameter not specified if([String]::IsNullOrEmpty($SystemManagementPassword)) { Stop-Script -ErrorMessage "The system management password is set, but no password was supplied. Use the SystemManagementPassword parameter when a password is set" } #System management password set correctly if($PasswordSet.SetBiosPassword("smp,$SystemManagementPassword,$SystemManagementPassword,ascii,us").Return -eq "Success") { Write-LogEntry -Value "The specified system management password matches the currently set password" -Severity 1 } #System management password not set correctly else { Stop-Script -ErrorMessage "The specified system management password does not match the currently set password" } } } #Get settings if($GetSettings) { $SettingList = $SettingList | Select-Object CurrentSetting | Sort-Object CurrentSetting $SettingObject = ForEach($Setting in $SettingList){ #Split the current values $SettingSplit = ($Setting.CurrentSetting).Split(',') if($SettingSplit[0] -and $SettingSplit[1]) { [PSCustomObject]@{ Name = $SettingSplit[0] Value = $SettingSplit[1] } } } if($CsvPath) { $SettingObject | Export-Csv -Path $CsvPath -NoTypeInformation (Get-Content $CsvPath) | ForEach-Object {$_ -Replace '"',""} | Out-File $CsvPath -Force -Encoding ascii } else { Write-Output $SettingObject } } #Set Settings if($SetSettings -or $SetDefaults) { if($CsvPath) { Clear-Variable Settings -ErrorAction SilentlyContinue $Settings = Import-Csv -Path $CsvPath } #Set Lenovo BIOS settings - supervisor password is set if($SvpSet) { if($SetSettings) { if($CsvPath) { ForEach($Setting in $Settings){ Set-LenovoBiosSetting -Name $Setting.Name -Value $Setting.Value -Password $SupervisorPassword } } else { ForEach($Setting in $Settings){ $Data = $Setting.Split(',') Set-LenovoBiosSetting -Name $Data[0] -Value $Data[1].Trim() -Password $SupervisorPassword } } } if($SetDefaults) { Set-LenovoBiosSetting -Defaults -Password $SupervisorPassword } } #Set Lenovo BIOS settings - system management password is set elseif($SmpSet -and !$SvpSet) { if($SetSettings) { if($CsvPath) { ForEach($Setting in $Settings){ Set-LenovoBiosSetting -Name $Setting.Name -Value $Setting.Value -Password $SystemManagementPassword } } else { ForEach($Setting in $Settings){ $Data = $Setting.Split(',') Set-LenovoBiosSetting -Name $Data[0] -Value $Data[1].Trim() -Password $SystemManagementPassword } } } if($SetDefaults) { Set-LenovoBiosSetting -Defaults -Password $SystemManagementPassword } } #Set Lenovo BIOS settings - password is not set else { if($SetSettings) { if($CsvPath) { ForEach($Setting in $Settings){ Set-LenovoBiosSetting -Name $Setting.Name -Value $Setting.Value } } else { ForEach($Setting in $Settings){ $Data = $Setting.Split(',') Set-LenovoBiosSetting -Name $Data[0] -Value $Data[1].Trim() } } } if($SetDefaults) { Set-LenovoBiosSetting -Defaults } } } #If settings were set, save the changes if(($SuccessSet -gt 0) -or ($DefaultSet -eq $True)) { Write-LogEntry -Value "Save the BIOS settings changes" -Severity 1 if($SvpSet) { $ReturnCode = ($SaveSettings.SaveBiosSettings("$SupervisorPassword,ascii,us")).Value } elseif($SmpSet -and !$SvpSet) { $ReturnCode = ($SaveSettings.SaveBiosSettings("$SystemManagementPassword,ascii,us")).Value } else { $ReturnCode = ($SaveSettings.SaveBiosSettings()).Value } if(($null -eq $ReturnCode) -or ($ReturnCode -eq "Success")) { Write-LogEntry -Value "Successfully saved the BIOS settings" -Severity 1 } else { Stop-Script -ErrorMessage "Failed to save the BIOS settings. Return Code: $ReturnCode" } } #Display results if($SetSettings) { Write-Output "$AlreadySet settings already set correctly" Write-LogEntry -Value "$AlreadySet settings already set correctly" -Severity 1 Write-Output "$SuccessSet settings successfully set" Write-LogEntry -Value "$SuccessSet settings successfully set" -Severity 1 Write-Output "$FailSet settings failed to set" Write-LogEntry -Value "$FailSet settings failed to set" -Severity 3 Write-Output "$NotFound settings not found" Write-LogEntry -Value "$NotFound settings not found" -Severity 2 } if($SetDefaults) { if($DefaultSet -eq $True) { Write-Output "Successfully loaded default BIOS settings" } else { Write-Output "Failed to load default BIOS settings" } } Write-Output "Lenovo BIOS settings Management completed. Check the log file for more information" Write-LogEntry -Value "END - Lenovo BIOS settings management script" -Severity 1

From what I read about remote signed, it is supposed to allow scripts that have remotely been signed, or... scripts that were created by you. Try creating a notepad file, copy paste the text in, and save as all file types, make sure to set the file extension (.ps1) for correct naming.

Found it - Make sure your Powershell is running in Admin or this command doesn't work: Set-ExecutionPolicy Unrestricted This should allow you to run your scripts, when you finish, it would be advisable to re-enable the execution policy with the command Set-ExecutionPolicy Restricted Make sure you don't have bitlocker on, if you lose your secure boot key on a bios flash it will require a hard drive wipe.

Hmm, I see the 2nd screenshot you tried that.... Let me look a little

From the screenshots listed, you can simply put .\Manage-LenovoBiosSettings.ps1 The .\ Tells windows you want to bypass their default security issues. As for bios rollback, are you talking about resetting the bios to default? This line might be of use... So with your security settings, add a .\ in front of that command line. Note, they are issuing commands after the initial program launch to tell it what to do. If your supervisor password isn't set, you might try: That's not exactly default settings, it's whatever settings are in the script, but they are probably close to default....

Start -> Run; Windows PowerShell Gives a text based interface. It looks like the files he has are basic config files that are designed to be ran straight from powershell. (I might be wrong here...) Download the files to a directory you will remember. In the powershell window, navigate to where the files are stored. CD [filepath] So if you put the files in the default C drive, BiosConfig, Options, the command would be CD C:\BiosConfig\Options From there you can run: dir to see all files listed in that directory. Try running his file and see what happens. I did look through the files and didn't see anything malicious, that said, it's always good to read over what the files are to understand what they are doing. For example he has one that can reset bios password, don't use that if you don't want to reset your password. These files are written in text format, and can be modified and changed with a text editor. Any line with # in front of it is a note written for our information, the computer will ignore anything with # in front of it. Use the # notes to figure out what the settings are doing and change what it is you desire. Without more information about what you are trying to do, it's hard to give better directions. Towards the bottom of his post, there's a link to Think Bios Config Tool, which is an official Lenovo tool that has a graphics interface. You might find that easier to work with than powershell.

I wish he would have asked it to define who he as a user is. Bing spouts off a bunch of accusations about him and cites logs, perhaps it really has logs and those accusations could be true, they just aren't limited to him...

Thanks! I haven't used BOM tools before. That would have made things much easier! The manufacturing websites were a nightmare to navigate for a large list of parts. I hadn't thought of using a tool, and probably wouldn't think of it until I sat down and started writing my own script, that's about when I would think "gee, I wonder if anyone else has done this before."

I got about 20% though the BOM and decided screw it, and just bought a kit. A smarter man would have written a program to find all the parts. Overall I'm not sure I saved much/anything from buying a pre-built, but it was fun to build.

Test is overlooking the obvious. AMD's ram sweet spot is 6000, Intel chips benefit from higher speeds.

Nice article, I didn't realize the game was released on the same day of the invasion and could be considered Russian propaganda due to the idealized portrayal of the Soviet Union. That certainly makes it a bit more political than just another video game. It's a fair question, if we are embargoing goods, why should video games still be sold with a simple, we'll collect later, tag? No other goods are done like that. I'd love to say the dev's did their own thing and the timing was just bad, but I think that would be a naive outlook. Video games have been used as propaganda for a long time, just look at American Army. Other games may not be as blatantly obvious, but they tend to push a similar idea. Cortana was originally introduced in video games, before trying to convince everyone it is a personal assistant that just happens to spy on you. There's no doubt in my mind that Russia is willing to use the same playbook.