Jump to content

Welcome to ExtremeHW

Welcome to ExtremeHW, register to take part in our community, don't worry this is a simple FREE process that requires minimal information for you to signup.

 

Registered users can: 

  • Start new topics and reply to others.
  • Show off your PC using our Rig Creator feature.
  • Subscribe to topics and forums to get updates.
  • Get your own profile page to customize.
  • Send personal messages to other members.
  • Take advantage of site exclusive features.
  • Upgrade to Premium to unlock additional sites features.
IGNORED

Does anyone know how to use PowerShell to edit Lenovo BIOS using this tool?


Recommended Posts

I had a question about how to use Jon Anderson's PowerShell BIOS Configurator for lenovo laptops.  I just don't know how to use PowerShell or anything.

 

I need help changing the BIOS Rollback setting from Disabled to Enabled, please?

Thank You

 

Heres the whole webpage downloaded if the link doesn't work

Jon Anderson Lenovo BIOS Management Powershell Script Changer Webpage.zip

 

Lenovo BIOS Settings Management – Jon's Notes (configjon.com)

 

 

Edited by HeyItsChris
Link to comment
Share on other sites

Start ->  Run; Windows PowerShell

Gives a text based interface.  It looks like the files he has are basic config files that are designed to be ran straight from powershell.  (I might be wrong here...)

Download the files to a directory you will remember.

 

In the powershell window, navigate to where the files are stored.

CD [filepath]

So if you put the files in the default  C drive, BiosConfig, Options, the command would be

CD C:\BiosConfig\Options

 

From there you can run:

dir

to see all files listed in that directory.

Try running his file and see what happens.  I did look through the files and didn't see anything malicious, that said, it's always good to read over what the files are to understand what they are doing.  For example he has one that can reset bios password, don't use that if you don't want to reset your password.

 

These files are written in text format, and can be modified and changed with a text editor.  Any line with # in front of it is a note written for our information, the computer will ignore anything with # in front of it.  Use the # notes to figure out what the settings are doing and change what it is you desire.  Without more information about what you are trying to do, it's hard to give better directions.

 

Towards the bottom of his post, there's a link to Think Bios Config Tool, which is an official Lenovo tool that has a graphics interface.  You might find that easier to work with than powershell.

 

 

 

Edited by Kaz
Minor clarification
  • Thanks 1
  • Respect 1
Link to comment
Share on other sites

Thanks so much for the reply.

 

I cannot use Think BIOS Config tool because its for Thinkpad & I have an Ideapad.

 

Unless you think it could work?  I tried it out & I just received an error message.

 

So what I'm trying to change is the BIOS Rollback flash option in the BIOS setup.  May you assist me with the proper command to use to Enable BIOS Rollback flash option.

 

Thanks

 

errors1.thumb.jpg.c69906694112fac57ebf772f2f172793.jpg

 

Something about Script Execution Policy is Disabled?  I thought I Enabled it.  I guess not.  Know of any way to Enable it easily?

 

errors2.thumb.jpg.78107d3da75bb3b12c875595449c1e38.jpg

Edited by HeyItsChris
Link to comment
Share on other sites

From the screenshots listed, you can simply put

.\Manage-LenovoBiosSettings.ps1

The .\ Tells windows you want to bypass their default security issues.

As for bios rollback, are you talking about resetting the bios to default?

 

This line might be of use...

Quote
#Set all BIOS settings to factory default values when the supervisor password is set

Manage-LenovoBiosSettings.ps1 -SetDefaults -SupervisorPassword ExamplePassword

So with your security settings, add a .\ in front of that command line.

Note, they are issuing commands after the initial program launch to tell it what to do.

 

If your supervisor password isn't set, you might try:

Quote
#Set BIOS settings supplied in the script when no password is set

Manage-LenovoBiosSettings.ps1 -SetSettings

That's not exactly default settings, it's whatever settings are in the script, but they are probably close to default....

Edited by Kaz
Link to comment
Share on other sites

So I was gonna try to install windows 11 pro because i accidentally installed windows 11 home and dont have access to Group Policy Editor so I can globally change the Execution Policy.  I cannot though because I cannot enter the bios at all and i reset the cmos battery which turned secure boot which needs to be disabled.  So I'm stuck on my current os i think for now, at least for the moment.

 

Check this out... this is the error i need to bypass by enabling rollback in the bios so i can re-flash the whole bios fixing the problem of me not being able to enter the bios.


Thanks

 

Lenovoideapad110-15aclwinflash32warningrollbackflashisdisabledinBIOS.jpg.ebbc2d939e57427d6bcee2332895cb05.jpg

Link to comment
Share on other sites

Found it - Make sure your Powershell is running in Admin or this command doesn't work:

Set-ExecutionPolicy Unrestricted

This should allow you to run your scripts, when you finish, it would be advisable to re-enable the execution policy with the command

Set-ExecutionPolicy Restricted

 

 

Make sure you don't have bitlocker on, if you lose your secure boot key on a bios flash it will require a hard drive wipe.

Edited by Kaz
  • Thanks 1
Link to comment
Share on other sites

From what I read about remote signed, it is supposed to allow scripts that have remotely been signed, or...  scripts that were created by you.  Try creating a notepad file, copy paste the text in, and save as all file types, make sure to set the file extension (.ps1) for correct naming.

  • Thanks 1
Link to comment
Share on other sites

Do i copy the text of the filenames of Jon Anderson's bios configurator script files or what?  Sorry if u can be more specific, id appreciate it.  thx

 

*Update*

Wait i get what u mean i think so copy the text from the Manage-LenovoBiosSettings.ps1 file into my own personal created file and name it whatever i want and put the .ps1 extension and try to run okay ill try that now.

Edited by HeyItsChris
Link to comment
Share on other sites

Open Notepad, paste the following, then choose save as, select any file extension, and name it Manage-LenovoBiosSettings.ps1

 

This is just one example, if you are using more than the Manage-LenovoBiosSettings, you will need to copy/create each file accordingly.  This is just a copy of what their file had in it.

<#
    .DESCRIPTION
        Automatically configure Lenovo BIOS settings
    .PARAMETER GetSettings
        Instruct the script to get a list of current BIOS settings
    .PARAMETER SetSettings
        Instruct the script to set BIOS settings
    .PARAMETER CsvPath
        The path to the CSV file to be imported or exported
    .PARAMETER SupervisorPassword
        The current supervisor password
    .PARAMETER SystemManagementPassword
        The current system management password
    
    .PARAMETER SetDefaults
        Instructs the script to set all BIOS settings to default values
    .PARAMETER LogFile
        Specify the name of the log file along with the full path where it will be stored. The file must have a .log extension. During a task sequence the path will always be set to _SMSTSLogPath
    .EXAMPLE
        #Set BIOS settings supplied in the script when no password is set
        Manage-LenovoBiosSettings.ps1 -SetSettings
    
        #Set BIOS settings supplied in the script when the supervisor password is set
        Manage-LenovoBiosSettings.ps1 -SetSettings -SupervisorPassword ExamplePassword
        #Set BIOS settings supplied in the script when the system management password is set
        Manage-LenovoBiosSettings.ps1 -SetSettings -SystemManagementPassword ExamplePassword
        #Set BIOS settings supplied in a CSV file
        Manage-LenovoBiosSettings.ps1 -SetSettings -CsvPath C:\Temp\Settings.csv -SupervisorPassword ExamplePassword
        #Output a list of current BIOS settings to the screen
        Manage-LenovoBiosSettings.ps1 -GetSettings
        #Output a list of current BIOS settings to a CSV file
        Manage-LenovoBiosSettings.ps1 -GetSettings -CsvPath C:\Temp\Settings.csv
        #Set all BIOS settings to factory default values when the supervisor password is set
        Manage-LenovoBiosSettings.ps1 -SetDefaults -SupervisorPassword ExamplePassword
    .NOTES
        Created by: Jon Anderson (@ConfigJon)
        Reference: https://www.configjon.com/lenovo-bios-settings-management/
        Modified: 2020-10-18
    .CHANGELOG
        2019-11-04 - Added additional logging. Changed the default log path to $ENV:ProgramData\BiosScripts\Lenovo.
        2020-02-10 - Fixed a bug where the script would ignore the supplied Supervisior Password when attempting to change settings.
        2020-02-21 - Added the ability to get a list of current BIOS settings on a system via the GetSettings parameter
                     Added the ability to read settings from or write settings to a csv file with the CsvPath parameter
                     Added the SetSettings parameter to indicate that the script should attempt to set settings
                     Changed the $Settings array in the script to be comma seperated instead of semi-colon seperated
                     Updated formatting
        2020-09-16 - Added a LogFile parameter. Changed the default log path in full Windows to $ENV:ProgramData\ConfigJonScripts\Lenovo.
                     Consolidated duplicate code into new functions (Stop-Script, Get-WmiData). Made a number of minor formatting and syntax changes
                     Updated the save BIOS settings section with better logic to work when a password is set.
                     Added support for for using the system management password
        2020-10-18 - Added the SetDefaults parameter. This allows for setting all BIOS settings to default values.
#>

#Parameters ===================================================================================================================

param(
    [Parameter(Mandatory=$false)][Switch]$GetSettings,
    [Parameter(Mandatory=$false)][Switch]$SetSettings,
    [Parameter(Mandatory=$false)][Switch]$SetDefaults,
    [Parameter(Mandatory=$false)][ValidateNotNullOrEmpty()][String]$SupervisorPassword,
    [Parameter(Mandatory=$false)][ValidateNotNullOrEmpty()][String]$SystemManagementPassword,
    [ValidateScript({
        if($_ -notmatch "(\.csv)")
        {
            throw "The specified file must be a .csv file"
        }
        return $true 
    })]
    [System.IO.FileInfo]$CsvPath,
    [Parameter(Mandatory=$false)][ValidateScript({
        if($_ -notmatch "(\.log)")
        {
            throw "The file specified in the LogFile paramter must be a .log file"
        }
        return $true
    })]
    [System.IO.FileInfo]$LogFile = "$ENV:ProgramData\ConfigJonScripts\Lenovo\Manage-LenovoBiosSettings.log"
)

#List of settings to be configured ============================================================================================
#==============================================================================================================================
$Settings = (
    "PXE IPV4 Network Stack,Enabled",
    "IPv4NetworkStack,Enable",
    "PXE IPV6 Network Stack,Enabled",
    "IPv6NetworkStack,Enable",
    "Intel(R) Virtualization Technology,Enabled",
    "VirtualizationTechnology,Enable",
    "VT-d,Enabled",
    "VTdFeature,Enable",
    "Enhanced Power Saving Mode,Disabled",
    "Wake on LAN,Primary",
    "Require Admin. Pass. For F12 Boot,Yes",
    "Physical Presence for Provisioning,Disabled",
    "PhysicalPresenceForTpmProvision,Disable",
    "Physical Presnce for Clear,Disabled",
    "PhysicalPresenceForTpmClear,Disable",
    "Boot Up Num-Lock Status,Off"
)
#==============================================================================================================================
#==============================================================================================================================

#Functions ====================================================================================================================

Function Get-TaskSequenceStatus
{
    #Determine if a task sequence is currently running
	try
	{
		$TSEnv = New-Object -ComObject Microsoft.SMS.TSEnvironment
	}
	catch{}
	if($NULL -eq $TSEnv)
	{
		return $False
	}
	else
	{
		try
		{
			$SMSTSType = $TSEnv.Value("_SMSTSType")
		}
		catch{}
		if($NULL -eq $SMSTSType)
		{
			return $False
		}
		else
		{
			return $True
		}
	}
}

Function Stop-Script
{
    #Write an error to the log file and terminate the script

    param(
        [Parameter(Mandatory=$true)][ValidateNotNullOrEmpty()][String]$ErrorMessage,
        [Parameter(Mandatory=$false)][ValidateNotNullOrEmpty()][String]$Exception
    )
    Write-LogEntry -Value $ErrorMessage -Severity 3
    if($Exception)
    {
        Write-LogEntry -Value "Exception Message: $Exception" -Severity 3
    }
    throw $ErrorMessage
}

Function Get-WmiData
{
	#Gets WMI data using either the WMI or CIM cmdlets and stores the data in a variable

    param(
        [Parameter(Mandatory=$true)][ValidateNotNullOrEmpty()][String]$Namespace,
        [Parameter(Mandatory=$true)][ValidateNotNullOrEmpty()][String]$ClassName,
        [Parameter(Mandatory=$true)][ValidateSet('CIM','WMI')]$CmdletType,
        [Parameter(Mandatory=$false)][ValidateNotNullOrEmpty()][String[]]$Select
    )
    try
    {
        if($CmdletType -eq "CIM")
        {
            if($Select)
            {
				Write-LogEntry -Value "Get the $Classname WMI class from the $Namespace namespace and select properties: $Select" -Severity 1
                $Query = Get-CimInstance -Namespace $Namespace -ClassName $ClassName -ErrorAction Stop | Select-Object $Select -ErrorAction Stop
            }
            else
            {
				Write-LogEntry -Value "Get the $ClassName WMI class from the $Namespace namespace" -Severity 1
                $Query = Get-CimInstance -Namespace $Namespace -ClassName $ClassName -ErrorAction Stop
            }
        }
        elseif($CmdletType -eq "WMI")
        {
            if($Select)
            {
				Write-LogEntry -Value "Get the $Classname WMI class from the $Namespace namespace and select properties: $Select" -Severity 1
                $Query = Get-WmiObject -Namespace $Namespace -Class $ClassName -ErrorAction Stop | Select-Object $Select -ErrorAction Stop
            }
            else
            {
				Write-LogEntry -Value "Get the $ClassName WMI class from the $Namespace namespace" -Severity 1
                $Query = Get-WmiObject -Namespace $Namespace -Class $ClassName -ErrorAction Stop
            }
        }
    }
    catch
    {
        if($Select)
        {
            Stop-Script -ErrorMessage "An error occurred while attempting to get the $Select properties from the $Classname WMI class in the $Namespace namespace" -Exception $PSItem.Exception.Message
        }
        else
        {
            Stop-Script -ErrorMessage "An error occurred while connecting to the $Classname WMI class in the $Namespace namespace" -Exception $PSItem.Exception.Message	
        }
    }
    Write-LogEntry -Value "Successfully connected to the $ClassName WMI class" -Severity 1
    return $Query
}

Function Set-LenovoBiosSetting
{
    #Set a specific Lenovo BIOS setting

    param(
        [Parameter(Mandatory=$false)][ValidateNotNullOrEmpty()][String]$Name,
        [Parameter(Mandatory=$false)][ValidateNotNullOrEmpty()][String]$Value,
        [Parameter(Mandatory=$false)][ValidateNotNullOrEmpty()][String]$Password,
        [Parameter(Mandatory=$false)][Switch]$Defaults
    )
    if($Defaults)
    {
        if(!([String]::IsNullOrEmpty($Password)))
        {
            $SettingResult = ($DefaultSettings.LoadDefaultSettings("$Password,ascii,us")).Return
        }
        else
        {
            $SettingResult = ($DefaultSettings.LoadDefaultSettings()).Return
        }
        if($SettingResult -eq "Success")
        {
            Write-LogEntry -Value "Successfully loaded default BIOS settings" -Severity 1
            $Script:DefaultSet = $True
        }
        else
        {
            Write-LogEntry -Value "Failed to load default BIOS settings. Return code: $SettingResult" -Severity 3
            $Script:DefaultSet = $False
        }
    }
    else
    {
        #Ensure the specified setting exists and get the possible values
        $CurrentSetting = $SettingList | Where-Object CurrentSetting -Like "$Name*" | Select-Object -ExpandProperty CurrentSetting
        if($NULL -ne $CurrentSetting)
        {
            #Check how the CurrentSetting data is formatted, then split the setting and current value
            if($CurrentSetting -match ';')
            {
                $FormattedSetting = $CurrentSetting.Substring(0, $CurrentSetting.IndexOf(';'))
                $CurrentSettingSplit = $FormattedSetting.Split(',')
            }
            else
            {
                $CurrentSettingSplit = $CurrentSetting.Split(',')
            }
            #Setting is already set to specified value
            if($CurrentSettingSplit[1] -eq $Value)
            {
                Write-LogEntry -Value "Setting ""$Name"" is already set to ""$Value""" -Severity 1
                $Script:AlreadySet++
            }
            #Setting is not set to specified value
            else
            {
                if(!([String]::IsNullOrEmpty($Password)))
                {
                    $SettingResult = ($Interface.SetBIOSSetting("$Name,$Value,$Password,ascii,us")).Return
                }
                else
                {
                    $SettingResult = ($Interface.SetBIOSSetting("$Name,$Value")).Return
                }
                if($SettingResult -eq "Success")
                {
                    Write-LogEntry -Value "Successfully set ""$Name"" to ""$Value""" -Severity 1
                    $Script:SuccessSet++
                }
                else
                {
                    Write-LogEntry -Value "Failed to set ""$Name"" to ""$Value"". Return code: $SettingResult" -Severity 3
                    $Script:FailSet++
                }
            }
        }
        #Setting not found
        else
        {
            Write-LogEntry -Value "Setting ""$Name"" not found" -Severity 2
            $Script:NotFound++
        }
    }
}

Function Write-LogEntry
{
    #Write data to a CMTrace compatible log file. (Credit to SCConfigMgr - https://www.scconfigmgr.com/)

	param(
		[parameter(Mandatory = $true, HelpMessage = "Value added to the log file.")]
		[ValidateNotNullOrEmpty()]
		[string]$Value,
		[parameter(Mandatory = $true, HelpMessage = "Severity for the log entry. 1 for Informational, 2 for Warning and 3 for Error.")]
		[ValidateNotNullOrEmpty()]
		[ValidateSet("1", "2", "3")]
		[string]$Severity,
		[parameter(Mandatory = $false, HelpMessage = "Name of the log file that the entry will written to.")]
		[ValidateNotNullOrEmpty()]
		[string]$FileName = ($script:LogFile | Split-Path -Leaf)
	)
    #Determine log file location
    $LogFilePath = Join-Path -Path $LogsDirectory -ChildPath $FileName
    #Construct time stamp for log entry
    if(-not(Test-Path -Path 'variable:global:TimezoneBias'))
    {
        [string]$global:TimezoneBias = [System.TimeZoneInfo]::Local.GetUtcOffset((Get-Date)).TotalMinutes
        if($TimezoneBias -match "^-")
        {
            $TimezoneBias = $TimezoneBias.Replace('-', '+')
        }
        else
        {
            $TimezoneBias = '-' + $TimezoneBias
        }
    }
    $Time = -join @((Get-Date -Format "HH:mm:ss.fff"), $TimezoneBias)
    #Construct date for log entry
    $Date = (Get-Date -Format "MM-dd-yyyy")
    #Construct context for log entry
    $Context = $([System.Security.Principal.WindowsIdentity]::GetCurrent().Name)
    #Construct final log entry
    $LogText = "<![LOG[$($Value)]LOG]!><time=""$($Time)"" date=""$($Date)"" component=""Manage-LenovoBiosSettings"" context=""$($Context)"" type=""$($Severity)"" thread=""$($PID)"" file="""">"
    #Add value to log file
    try
    {
        Out-File -InputObject $LogText -Append -NoClobber -Encoding Default -FilePath $LogFilePath -ErrorAction Stop
    }
    catch [System.Exception]
    {
        Write-Warning -Message "Unable to append log entry to $FileName file. Error message at line $($_.InvocationInfo.ScriptLineNumber): $($_.Exception.Message)"
    }
}

#Main program =================================================================================================================

#Configure Logging and task sequence variables
if(Get-TaskSequenceStatus)
{
	$TSEnv = New-Object -COMObject Microsoft.SMS.TSEnvironment
	$LogsDirectory = $TSEnv.Value("_SMSTSLogPath")
}
else
{
	$LogsDirectory = ($LogFile | Split-Path)
    if([string]::IsNullOrEmpty($LogsDirectory))
    {
        $LogsDirectory = $PSScriptRoot
    }
    else
    {
        if(!(Test-Path -PathType Container $LogsDirectory))
        {
            try
            {
                New-Item -Path $LogsDirectory -ItemType "Directory" -Force -ErrorAction Stop | Out-Null
            }
            catch
            {
                throw "Failed to create the log file directory: $LogsDirectory. Exception Message: $($PSItem.Exception.Message)"
            }
        }
    }
}
Write-Output "Log path set to $LogFile"
Write-LogEntry -Value "START - Lenovo BIOS settings management script" -Severity 1

#Parameter validation
Write-LogEntry -Value "Begin parameter validation" -Severity 1
if($GetSettings -and ($SetSettings -or $SetDefaults))
{
    Stop-Script -ErrorMessage "Cannot specify the GetSettings and SetSettings or SetDefaults parameters at the same time"
}
if(!($GetSettings -or $SetSettings -or $SetDefaults))
{
    Stop-Script -ErrorMessage "One of the GetSettings or SetSettings or SetDefaults parameters must be specified when running this script"
}
if($SetSettings -and !($Settings -or $CsvPath))
{
    Stop-Script -ErrorMessage "Settings must be specified using either the Settings variable in the script or the CsvPath parameter"
}
if($SetSettings -and $SetDefaults)
{
	$ErrorMsg = "Both the SetSettings and SetDefaults parameters have been used. The SetDefaults parameter will override any other settings"
    Write-LogEntry -Value $ErrorMsg -Severity 2
}
if(($SetDefaults -and $CsvPath) -and !($SetSettings))
{
	$ErrorMsg = "The CsvPath parameter has been specified without the SetSettings paramter. The CSV file will be ignored"
    Write-LogEntry -Value $ErrorMsg -Severity 2
}
Write-LogEntry -Value "Parameter validation completed" -Severity 1

#Connect to the Lenovo_BiosSetting WMI class
$SettingList = Get-WmiData -Namespace root\wmi -ClassName Lenovo_BiosSetting -CmdletType WMI

#Connect to the Lenovo_SetBiosSetting WMI class
$Interface = Get-WmiData -Namespace root\wmi -ClassName Lenovo_SetBiosSetting -CmdletType WMI

#Connect to the Lenovo_SaveBiosSettings WMI class
$SaveSettings = Get-WmiData -Namespace root\wmi -ClassName Lenovo_SaveBiosSettings -CmdletType WMI

#Connect to the Lenovo_BiosPasswordSettings WMI class
$PasswordSettings = Get-WmiData -Namespace root\wmi -ClassName Lenovo_BiosPasswordSettings -CmdletType WMI

#Connect to the Lenovo_SetBiosPassword WMI class
$PasswordSet = Get-WmiData -Namespace root\wmi -ClassName Lenovo_SetBiosPassword -CmdletType WMI

#Connect to the Lenovo_SetBiosPassword WMI class
if($SetDefaults)
{
    $DefaultSettings = Get-WmiData -Namespace root\wmi -ClassName Lenovo_LoadDefaultSettings -CmdletType WMI
}

#Set counters to 0
if($SetSettings -or $SetDefaults)
{
    $AlreadySet = 0
    $SuccessSet = 0
    $FailSet = 0
    $NotFound = 0
    $DefaultSet = $Null
}

#Get the current password state
Write-LogEntry -Value "Get the current password state" -Severity 1
switch($PasswordSettings.PasswordState)
{
	{$_ -eq 0}
	{
		Write-LogEntry -Value "No passwords are currently set" -Severity 1
	}
	{($_ -eq 2) -or ($_ -eq 3) -or ($_ -eq 6) -or ($_ -eq 7) -or ($_ -eq 66) -or ($_ -eq 67) -or ($_ -eq 70) -or ($_-eq 71)}
	{
		$SvpSet = $true
		Write-LogEntry -Value "The supervisor password is set" -Severity 1
	}
	{($_ -eq 64) -or ($_ -eq 65) -or ($_ -eq 66) -or ($_ -eq 67) -or ($_ -eq 68) -or ($_ -eq 69) -or ($_ -eq 70) -or ($_-eq 71)}
	{
		$SmpSet = $true
		Write-LogEntry -Value "The system management password is set" -Severity 1
	}
	default
	{
		Stop-Script -ErrorMessage "Unable to determine the current password state from value: $($PasswordSettings.PasswordState)"
	}
}

#Ensure passwords are set correctly
if($SetSettings -or $SetDefaults)
{
    if($SvpSet)
    {
        Write-LogEntry -Value "Ensure the supplied supervisor password is correct" -Severity 1
        #Supervisor password set but parameter not specified
        if([String]::IsNullOrEmpty($SupervisorPassword))
        {
            Stop-Script -ErrorMessage "The supervisor password is set, but no password was supplied. Use the SupervisorPassword parameter when a password is set"
        }
        #Supervisor password set correctly
        if($PasswordSet.SetBiosPassword("pap,$SupervisorPassword,$SupervisorPassword,ascii,us").Return -eq "Success")
	    {
		    Write-LogEntry -Value "The specified supervisor password matches the currently set password" -Severity 1
        }
        #Supervisor password not set correctly
        else
        {
            Stop-Script -ErrorMessage "The specified supervisor password does not match the currently set password"
        }
    }
    elseif($SmpSet -and !$SvpSet)
    {
        Write-LogEntry -Value "Ensure the supplied system management password is correct" -Severity 1
        #System management password set but parameter not specified
        if([String]::IsNullOrEmpty($SystemManagementPassword))
        {
            Stop-Script -ErrorMessage "The system management password is set, but no password was supplied. Use the SystemManagementPassword parameter when a password is set"
        }
        #System management password set correctly
        if($PasswordSet.SetBiosPassword("smp,$SystemManagementPassword,$SystemManagementPassword,ascii,us").Return -eq "Success")
	    {
		    Write-LogEntry -Value "The specified system management password matches the currently set password" -Severity 1
        }
        #System management password not set correctly
        else
        {
            Stop-Script -ErrorMessage "The specified system management password does not match the currently set password"
        }
    }
}

#Get settings
if($GetSettings)
{
    $SettingList = $SettingList | Select-Object CurrentSetting | Sort-Object CurrentSetting
    $SettingObject = ForEach($Setting in $SettingList){
        #Split the current values
        $SettingSplit = ($Setting.CurrentSetting).Split(',')
        if($SettingSplit[0] -and $SettingSplit[1])
        {
            [PSCustomObject]@{
                Name = $SettingSplit[0]
                Value = $SettingSplit[1]
            }
        }
    }
    if($CsvPath)
    {
        $SettingObject | Export-Csv -Path $CsvPath -NoTypeInformation
        (Get-Content $CsvPath) | ForEach-Object {$_ -Replace '"',""} | Out-File $CsvPath -Force -Encoding ascii
    }
    else
    {
        Write-Output $SettingObject    
    }
}
#Set Settings
if($SetSettings -or $SetDefaults)
{
    if($CsvPath)
    {
        Clear-Variable Settings -ErrorAction SilentlyContinue
        $Settings = Import-Csv -Path $CsvPath
    }
    #Set Lenovo BIOS settings - supervisor password is set
    if($SvpSet)
    {
        if($SetSettings)
        {
            if($CsvPath)
            {
                ForEach($Setting in $Settings){
                    Set-LenovoBiosSetting -Name $Setting.Name -Value $Setting.Value -Password $SupervisorPassword
                }
            }
            else
            {
                ForEach($Setting in $Settings){
                    $Data = $Setting.Split(',')
                    Set-LenovoBiosSetting -Name $Data[0] -Value $Data[1].Trim() -Password $SupervisorPassword
                }
            }
        }
        if($SetDefaults)
        {
            Set-LenovoBiosSetting -Defaults -Password $SupervisorPassword
        }
    }
    #Set Lenovo BIOS settings - system management password is set
    elseif($SmpSet -and !$SvpSet)
    {
        if($SetSettings)
        {
            if($CsvPath)
            {
                ForEach($Setting in $Settings){
                    Set-LenovoBiosSetting -Name $Setting.Name -Value $Setting.Value -Password $SystemManagementPassword
                }
            }
            else
            {
                ForEach($Setting in $Settings){
                    $Data = $Setting.Split(',')
                    Set-LenovoBiosSetting -Name $Data[0] -Value $Data[1].Trim() -Password $SystemManagementPassword
                }
            }
        }
        if($SetDefaults)
        {
            Set-LenovoBiosSetting -Defaults -Password $SystemManagementPassword
        }
    }
    #Set Lenovo BIOS settings - password is not set
    else
    {
        if($SetSettings)
        {
            if($CsvPath)
            {
                ForEach($Setting in $Settings){
                    Set-LenovoBiosSetting -Name $Setting.Name -Value $Setting.Value
                }
            }
            else
            {
                ForEach($Setting in $Settings){
                    $Data = $Setting.Split(',')
                    Set-LenovoBiosSetting -Name $Data[0] -Value $Data[1].Trim()
                }
            }
        }
        if($SetDefaults)
        {
            Set-LenovoBiosSetting -Defaults
        }
    }
}

#If settings were set, save the changes
if(($SuccessSet -gt 0) -or ($DefaultSet -eq $True))
{
    Write-LogEntry -Value "Save the BIOS settings changes" -Severity 1
    if($SvpSet)
    {
        $ReturnCode = ($SaveSettings.SaveBiosSettings("$SupervisorPassword,ascii,us")).Value
    }
    elseif($SmpSet -and !$SvpSet)
    {
        $ReturnCode = ($SaveSettings.SaveBiosSettings("$SystemManagementPassword,ascii,us")).Value
    }
    else
    {
        $ReturnCode = ($SaveSettings.SaveBiosSettings()).Value
    }
    if(($null -eq $ReturnCode) -or ($ReturnCode -eq "Success"))
    {
        Write-LogEntry -Value "Successfully saved the BIOS settings" -Severity 1
    }
    else
    {
        Stop-Script -ErrorMessage "Failed to save the BIOS settings. Return Code: $ReturnCode"
    }
}

#Display results
if($SetSettings)
{
    Write-Output "$AlreadySet settings already set correctly"
    Write-LogEntry -Value "$AlreadySet settings already set correctly" -Severity 1
    Write-Output "$SuccessSet settings successfully set"
    Write-LogEntry -Value "$SuccessSet settings successfully set" -Severity 1
    Write-Output "$FailSet settings failed to set"
    Write-LogEntry -Value "$FailSet settings failed to set" -Severity 3
    Write-Output "$NotFound settings not found"
    Write-LogEntry -Value "$NotFound settings not found" -Severity 2
}
if($SetDefaults)
{
    if($DefaultSet -eq $True)
    {
        Write-Output "Successfully loaded default BIOS settings"
    }
    else
    {
        Write-Output "Failed to load default BIOS settings"
    }
}
Write-Output "Lenovo BIOS settings Management completed. Check the log file for more information"
Write-LogEntry -Value "END - Lenovo BIOS settings management script" -Severity 1

 

Link to comment
Share on other sites

Given that your machine is actively trying not to revert bios, you might have more luck disabling secure boot in bios:

 

 

Quote
  • Open the PC BIOS menu:

    • You can often access this menu by pressing a key while your PC is booting, such as F1, F2, F12, or Esc.

      Or

    • From Windows, hold the Shift key while selecting Restart. Go to Troubleshoot > Advanced Options: UEFI Firmware Settings.

 

LEARN.MICROSOFT.COM

Disabling Secure Boot

 

The bigger question may be, why are you unable to enter bios?

  • Thanks 1
Link to comment
Share on other sites

I cannot enter the bios at all and yeah idk why i tried pulling the ssd, didn't change anything and changed to a different module of ram nothing changed must be corruption or something highly unusual.

 

here i tried first to just create a direct hex copy of the Manage-LenovoBiosSettings.ps1 file but no dice and then did ur way with the text file no dice either.

 

moreerrors.thumb.jpg.87d808eaf09a6b27dade9e002af6b770.jpg

Link to comment
Share on other sites

Quote

The first WMI class is Lenovo_BiosSetting. This class is used to return a list of the configurable BIOS settings as well as their current values.

#Connect to the Lenovo_BiosSetting WMI class
$SettingList = Get-WmiObject -Namespace root\wmi -Class Lenovo_BiosSetting

#Return a list of all configurable settings
$SettingList | Select-Object CurrentSetting

#Return a specific setting and value
$SettingList | Where-Object CurrentSetting -Like "SettingName*" | Select-Object -ExpandProperty CurrentSetting

 

That first command is supposed to connect, give it a try.  You probably need to copy/paste all his files to use these commands.

Edited by Kaz
  • Thanks 1
Link to comment
Share on other sites

moreerrors3.jpg.52de4337c474696c8079decd383cd8a1.jpg

 

That would be insanely cool if i could turn up the tdp on this processor because its a AMD A6-7310 in the Lenovo Ideapad 110-15ACL 80TJ without the discrete gpu and its 2.4ghz quad core but only goes up to 1.4ghz on the cpu in game and gpu pretty much remains 800mhz.  It would be cool to overclock the gpu core clock but thats not likely possible.

Edited by HeyItsChris
Link to comment
Share on other sites

Hmm, bad news.  We are running into the same problem the GUI program had.  WMI, is the interface that they are using to communicate, which seems to support thinkpads, but not so much Ideapads...  This is a bit beyond my knowledge, if you can find something that supports your device, I may be able to help.  I am curious why the shift + restart option doesn't let you boot into the UEFI.

 

Taken from https://learn.microsoft.com/en-us/windows-hardware/design/device-experiences/oem-secure-boot

Quote
  • After the PC is turned on, the signature databases are each checked against the platform key.
  • If the firmware is not trusted, the UEFI firmware must initiate OEM-specific recovery to restore trusted firmware.
  • If there is a problem with Windows Boot Manager, the firmware will attempt to boot a backup copy of Windows Boot Manager. If this also fails, the firmware must initiate OEM-specific remediation.
  • After Windows Boot Manager has started running, if there is a problem with the drivers or NTOS kernel, Windows Recovery Environment (Windows RE) is loaded so that these drivers or the kernel image can be recovered

Possibly forcing a failure could cause it to go into recovery mode.  There's a lot of "OEM-Specific" mentions, which always makes me skittish, I don't trust OEM's to consistently have a solution.

Link to comment
Share on other sites

Well I never did sort out my script execution policy and to run these bios scripts, needs the script execution policy lined up to allow them to work in the first place.  I'll let u know what I find out.

 

If u have windows home edition download and run this as administrator and gpedit.msc can be searched and started.

gpedit-enabler.zip

localgrouppolicyeditorturnonscriptexecution.thumb.jpg.5be5ee187813e3fad0da77c1198ad76f.jpg

Edited by HeyItsChris
Link to comment
Share on other sites

I think chasing script policy is a red herring, (especially since the script doesn't work), the clear solution is to access the bios.  Whatever is preventing that needs to be figured out.  This video is a bit old, but it might help.  The little pinhole they press gives options to reach the bios. 

 

 

  • Thanks 1
Link to comment
Share on other sites

What's happening when you're trying to access the bios?

Also, how are you trying to access the bios (what method)?

 

The built in (since windows 10) function to reboot to the bios has worked fine for me for a long time.

  • Thanks 1

Owned

 Share

CPU: AMD Ryzen 9 7950x
MOTHERBOARD: MSI MEG X670E GODLIKE
RAM: 32GB G.Skill Trident Z5 Neo RGB - DDR5 6000 CL30
GPU: Gigabyte GTX1080 OC
CASE: Lian Li o11 Dynamic Evo - temp until Caselabs opens back up
SSD/NVME: Samsung 980 500GB - Linux boot
SSD/NVME 2: Samsung 980 500GB - Windows 10/11 boot
SSD/NVME 3: SK Hynic P31 Gold 1TB
Full Rig Info
Link to comment
Share on other sites

I tried every method, f2 fn f2 novo button and windows uefi settings after holding shift on reboot in recovery all no dice.  It just flashes a black screen and then continues to windows.

 

I cannot even reinstall windows because rufus requires secure boot to be disabled and i reset my cmos battery hoping it would fix the issue, which set secure boot to enabled.  

 

I think my only options for me are usb bios recovery but i need a usb flash drive which has a led indicator light to show when its reading on boot because the drive i tried a sandisk usb 3.2 gen 1 16gb wouldn't work.

 

Other option is replacing the whole motherboard which is dirt cheap, but ill be replacing it with the faster AMD A8-7410 apu with the discrete gpu AMD Radeon R5 M430 2gb motherboard for $49.99 or if i get an offer possibly less from ebay.

 

Unless u may advise how to use what i have, my 16gb sandisk flair i think its called and i think u simply format to fat32 and put nothing but the bios on there naming is 1qCrisis.bin and hold fn + r on boot and it should flash the bios, but for me all it does it blink the charge led continuously orange, never proceeding with the bios flash.

 

Thanks

Edited by HeyItsChris
Link to comment
Share on other sites

4 hours ago, HeyItsChris said:

I tried every method, f2 fn f2 novo button and windows uefi settings after holding shift on reboot in recovery all no dice.  It just flashes a black screen and then continues to windows.

 

I cannot even reinstall windows because rufus requires secure boot to be disabled and i reset my cmos battery hoping it would fix the issue, which set secure boot to enabled.  

 

I think my only options for me are usb bios recovery but i need a usb flash drive which has a led indicator light to show when its reading on boot because the drive i tried a sandisk usb 3.2 gen 1 16gb wouldn't work.

 

Other option is replacing the whole motherboard which is dirt cheap, but ill be replacing it with the faster AMD A8-7410 apu with the discrete gpu AMD Radeon R5 M430 2gb motherboard for $49.99 or if i get an offer possibly less from ebay.

 

Unless u may advise how to use what i have, my 16gb sandisk flair i think its called and i think u simply format to fat32 and put nothing but the bios on there naming is 1qCrisis.bin and hold fn + r on boot and it should flash the bios, but for me all it does it blink the charge led continuously orange, never proceeding with the bios flash.

 

Thanks

 

At this point, we're past my knowledge of UEFI recovery unfortunately.

 

Did you try the pinhole method from the video above my comment?

It might just be worth it to spend the $50 for the replacement motherboard honestly.

 

Edited by maddangerous
  • Thanks 1

Owned

 Share

CPU: AMD Ryzen 9 7950x
MOTHERBOARD: MSI MEG X670E GODLIKE
RAM: 32GB G.Skill Trident Z5 Neo RGB - DDR5 6000 CL30
GPU: Gigabyte GTX1080 OC
CASE: Lian Li o11 Dynamic Evo - temp until Caselabs opens back up
SSD/NVME: Samsung 980 500GB - Linux boot
SSD/NVME 2: Samsung 980 500GB - Windows 10/11 boot
SSD/NVME 3: SK Hynic P31 Gold 1TB
Full Rig Info
Link to comment
Share on other sites

1 hour ago, maddangerous said:

 

At this point, we're past my knowledge of UEFI recovery unfortunately.

 

Did you try the pinhole method from the video above my comment?

It might just be worth it to spend the $50 for the replacement motherboard honestly.

 

Thanks for the comment.  Yes that pinhole method beside the power connector on the laptop is the pinhole novo button.  Which brings up the menu but cannot enter the bios this way either.  Yeah im thinking ill first try bios usb recovery with a usb flash drive with a led indicator light and then motherboard replacement will be imminent.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now


×
×
  • Create New...

Important Information

This Website may place and access certain Cookies on your computer. ExtremeHW uses Cookies to improve your experience of using the Website and to improve our range of products and services. ExtremeHW has carefully chosen these Cookies and has taken steps to ensure that your privacy is protected and respected at all times. All Cookies used by this Website are used in accordance with current UK and EU Cookie Law. For more information please see our Privacy Policy