Skip to main content
Start a Conversation

Unsolved

This post is more than 5 years old

Jon Peatfield

5 Posts

16082

September 19th, 2011 11:00

CCTK possible future option?

At some point might the CCTK maintainers add an option to allow a crypted string be provided for the new setup password? e.g. assuming that it isn't stored in plain in flash can we have an optionb to provide the crypted string (e.g. in md5, sha1, sha256 etc whatever the BIOS internally uses). That way we could have a script which can set our default BIOS password without worrying how to get that in in a way which can't be read by users... (currently we have a script which prompts for the new BIOS password but automation would be better)...

DELL-Warren B

1.1K Posts

September 22nd, 2011 09:00

I'll forward your feedback to the dev team. If you are just trying to keep users from seeing a password in the script, then encrypting the script is an easy way to help with that.

Jon Peatfield

5 Posts

September 22nd, 2011 10:00

This is for a PXE installation, deploying a batch of new machines - hopefully with as little interaction needed by an operator.

Any files which are used have to be essentially world readable. If a script is encrypted then either someone needs to type in the password/phrase or that secret needs to be in another file... whch would also need to be protected.

When we just did a batch of 42 optiplex 790s we used CCTK to set the BIOS for the first time (previously we had them set all the BIOS options by hand - so CCTK saved several minutes per box and probably avoided some accidents...) and the feedback was positive, but we were asked why they still have to type in the new BIOS password... ('cos I don't want to put it in a script)...

Clint11

1 Rookie

 • 

57 Posts

October 18th, 2011 21:00

I'd also like to see this added. HP supplies a tool with all their BIOS updates that allows you to encrypt your BIOS password. The BIOS updater has a switch that takes this encrypted file as an argument.

Jon Peatfield

5 Posts

October 24th, 2011 13:00

Ooh that sounds very handy - can you tell me the name of the HP utility to look for? We are about to start a new round of formal tendering to see who should supply the majority of our desktop machines for the next year or two and having an example to put into the ITT might encourage other vendors to tell us what their equivalent is (if they have one).

DELL-Warren B

1.1K Posts

October 24th, 2011 14:00

Great feedback! I'll send it along to the dev team.

Remember to sign up for the new Dell TechCenter before 11/11/11

http://www.delltechcenter.com/page/techcenter+migration+account+information

Clint11

1 Rookie

 • 

57 Posts

October 24th, 2011 20:00

"Ooh that sounds very handy - can you tell me the name of the HP utility to look for? We are about to start a new round of formal tendering to see who should supply the majority of our desktop machines for the next year or two and having an example to put into the ITT might encourage other vendors to tell us what their equivalent is (if they have one)."

When you download and extract an HP BIOS softpaq there will be an HPQFlash folder. Inside it there will be the HPQPwsd.exe GUI tool. Enter the password and save it as whatever.bin
hpqflash.exe -s -pwhatever.bin will use the encrypted BIOS password file. I don't know how good the encryption is but it is better than nothing and better than script encoding which is easily reversible.
Up until recently (OptiPlex 990s for sure), Dell BIOS updates didn't allow you to specify a password. I had to use CCTK to clear password, then run BIOS update and reboot, and then set BIOS password back. If I set BIOS password back before rebooting, then applying the new BIOS image would fail on some models (OptiPlex 760 I think). This is an inconvenient process compared to HP. Newer style Dell BIOS updates do have a password switch now but it is a plaintext password.

Was this post helpful?

View All

No Events found!

Top