Is it possible to detect a BIOS password from Windows?

Hello, at my place of work we reset leased equipment and audit it before return it to the leasing company. I’ve been working to streamline the imaging/resetting process to be as easy and efficient as possible. Right now an annoying/slow process is testing every single unit from the likes of HP, Lenovo, or Panasonic for BIOS password protection. This requires me to mash F10, F1, or Del on every single computer during boot to see if I’m blocked by a request for password.

Now we are provided (or at least we’re supposed to be provided) the passwords so we can remove them but it’s a very small minority of the computers we process that have a BIOS password. It’s a waste of time checking every single computer in the traditional fashion.

Now I’ve been digging around and did find one way that HP clients such as the X360 or Elitebook 840’s have a single bit integer value 0 or 1 that dictate if the BIOS has a password. This works in Windows via powershell which is great but the incorporation of the command into my existing scripts is troublesome and only applies to HP computers. Not Lenovos, Panasonics, or potentially Dells.

Is there a simple command, script, or program that can run from a network share to check if the BIOS has a password? Maybe a registry query for BIOS information? I have a little programming experience so if it’s possible to do this with something like a CLI program written in C# it is something I can do with a little guidance.

I imagine because the way the password is setup can be different vendor to vendor ways to detect it in Windows probably aren’t universal. That’s going to be disappointing if it’s true.

1 Like

Wont a BIOS reset clear the password?

1 Like

I believe so…

Well then if keeping the BIOS settings isn’t so critical, I’d reset them all.

No, not in our application it does not. For example the Lenovo X270, T480, and T580 all retain their supervisor password after a BIOS reset. I Personally went through a lot of trouble with an X270 to remove it’s supervisor password. It’s a very involved process.

Even if it did, additionally this would not address the problem I have at hand. When I’m imaging 16 to 20 computers at a time (soon to double) I don’t want to reset the BIOS on every single one if it’s not needed. We just need to remove the password on the ones where a password exists.

The question is. How can I automate checking for one without doing it manually?

1 Like

Well this seems like a real enterprise equiptment kind of issue. While this is a tech centered forum with a lot of people working on enterprise networks you might also want to visit the lawrence systems forum as that is a more niche enterprise focused community.

You could also wait a bit here and give a few days.


You know what, I think it would be best if you contacted Lenovo since you have concerns on their Laptops. Maybe they have a tool? Call your Lenovo product rep?

1 Like

What I can think off the top of my head is using a rubber ducky key that smashes the required keys to get into the BIOS. Maybe the first step could be getting a bunch of those, hook them up to the laptops at first power on and just wait a little to see if the BIOS shows up. That could allow you to do work while those machines boot up and potentially have tens of them getting into the BIOS at once instead of two or three, depending on how fast you are at doing this thing.

Or have a dedicated machine with lots of USB ports that act as keyboards, a webcam pointed at these laptops screens and a Matlab software that recognizes when the laptop enteres a password screen or not. The Matlab software part is the easiest one, if you can believe that. This is stupid but it might work I think.

It doesn’t, it’s there exactly to stop users from accessing the BIOS so even and hard reset of the BIOS doesn’t clear it. Since OP is talking about laptops I can’t imagine how shitty it even would be to take them apart to clear the BIOS.

How about a script to reboot into firmware, so all you do is turn PC on, and run the script?

Automate deployment of the script, and not worry about which key combination&timing for which OEM?

Like

$shutdown /r /fw

Would reboot the computer to firmware. Run it on a labful of computers, and see which have passwords on?

Or are the computers live in the field/offices?

OP mentioned about having to do it manually… This would remove half the issue, if the command could be deployed and run where he needs i

1 Like

This sounds so suspicious, lol. How do you have 16-20 machines that require reimaging that you don’t have the administrator password to?

Regardless, you don’t need the administrator password to reimage the drive, you could just remove the drive and image to it directly with any common imaging program/deployment server.

This is a fairly new thing for even business laptops. Many of them have a “RESET CMOS” jumper that was visible through the bottom shell, or required the shell to come off and you could jump with a screwdriver. Older motherboards for both laptops/desktops would completely reset bios/uefi admin passwords with a cmos reset.

1 Like

Unfortunately we’re not that big of a company. We don’t have contacts and only act as a middle man. We’re on our own effectively.

Will be honest I have thought of this but I would have to either justify the cost or figure out where to get them very very cheap.

We don’t need to go so far as automating the password removal. That can continue to be done manually.

This would be very feasible. I just didn’t know of a command that could do it. The command you suggested has a caveat though. It requires administrator level privileges which requires manual intervention. I could technically recreate the image to auto-permit some level of administartion enabling it to run the command but having to re-image up to dozens of windows .WIM files to permit the access control then probably having to revert it to the default permissions sounds very tedious.

You’ve misinterpreted or did not read the OP thoroughly. We are an audit company. A middle man if you will. We handle resetting and auditing equipment leased to other companies from companies that lease equipment. We don’t have 16-20 computers to image. That’s what we can image at a time right now. Volume wise we have to images multiple 1000’s of pieces ranging from laptops to workstations to thin-clients to all-in-ones. Some are easy, some are a PITA but everything has to be checked for a BIOS password. The small amout we recieve that do have one are a huge waste of time because we don’t know which ones have them so we have to check ALL of them. Then remove the password as needed. For example out of about 120 laptops I imaged today only about 7 had BIOS passwords. That’s not 7 laptops I had to check. That’s 120 laptops I had to sit and mash F10 for 20 seconds to see if it has one then remove the password from the 7 or so that did…

Starting to get the picture now?

2 Likes

the password on the bios chip? from inside windows or linux?
no.

the only way to know is to smash f2-f12, del or what ever. to get to the bios splash and hope.

as for resetting them…
its simple enough but time consuming as you will pretty much have to dismantle the lappy to pull the battery.
re-assemble it and hope you plugged everything back in, in the right place :slight_smile:
yeah not fun but it helps stop thieves from selling on stolen lappys.

Maybe a computer running Linux and a beefy USB HUB could do the same job, simulate multiple HID devics like a keyboards.
I know it’s never easy to justify buying new equipment. Maybe pitch the rubber ducky buy keeping track of how many laptops you go through, time needed and so forth. That’s usually what get points across: data.

2 Likes

Actually Tropper_lsh’s suggestion gives a glimmer of hope. Only issue is unprivileged users cannot execute it. Trying to think of possible unattended workarounds for this.

Data is a nice thought but I don’t think the cost would outweigh the increased efficiency here. It’s really more for convenience.

I wonder. Could a Raspberry Pi or similar clone be used here? We have a box full of keyboards that could be USB cable donors. And I’ve always been looking for an excuse to play with one. How hard might it be to program a Pi with the signal out instructions to mash a particular F key across as many of it’s output pins as I can rig together?

It’d be a little jank but quite a bit more cost effective. The imaging bench already has cables going everywhere what’s a dozen more?

2 Likes

oh i thought you wanted to see what the password was… lol
not that you just wanted to know if a system has a password or not.

my bad.

But you still bought their products? Surely there is some level of support they can provide? I’m sure your problem would not be the first time Lenovo hearing it. Do try to contact customer support at the very least. Its like maybe wasting 10-20 mins of your time.

We did not purchase the equipment no. We are just a middle man. We reset and audit the return on behalf of the leasing company who purchased the equipment.

Additionally contacting them would only address Lenovo products. What about HP, Dell, and Panasonic? This is why I was hoping for a Windows solution. It’s the common ground all the vendors are compatible with.

You have what, 4-6 laptop vendors? On the off chance that one of the has the answer, it is still a good opportunity to explore.

Also a reminder of this graph/table from XKCD


Maybe ask an AI chat about this? I asked one but it did not return a source:

you.com AI reply

Yes, there are programs and scripts available that can automate the process of pressing the F2, F8, F10, F12, or DEL button to enter the BIOS. These programs can simulate key presses, allowing you to automate the process of entering the BIOS without having to manually press the keys. However, it is important to note that automating the process of entering the BIOS can be risky, and should only be done by experienced users who understand the potential risks involved. Improperly entering or making changes in the BIOS can cause irreversible damage to your computer. Therefore, it is highly recommended to consult the manufacturer’s documentation or seek professional help if you are not familiar with the BIOS and its settings.

I am also seeing a switchbot:

Maybe it can help button mashing somehow. Maybe mount them to raised platform and put an attachment to it to reach the keyboard button.

Absolutely! If you want to just rip open a keyboard and have the Pi just close one or more circuits relating the F keys you need to press it’s super easy.
If you want to emulate an HID device it can be done in Linux just so it doesn’t matter if you do that from a PC or a Raspberry Pi.
Now that I think of it you could use any micro controller like a Pi 0, Arduino, STM32, etc.

Oh most definitely. Because of how complex the entire operation is to setup the computers, boot them into WinPE, get windows.wim installed, and configure certain post-install services. (this is an oversimplification) I’ve been approaching different steps from multiple directions to improve the process and make it easier/faster on myself.

There are some steps where I did abandon making it faster because the time investment wasn’t worth the payoff but this one would be very nice to get working. I have to do it anywhere between 100~150 times a day and it takes about 3 minutes per 20 computer assuming nothing goes wrong. (there’s always that one computer that doesn’t want to cooperate. :roll_eyes:) So in reality it can range from 3 mins to several minutes per 20.

Really getting this to work would make my job easier even if it’s not incredibly faster, it will save my aching back leaning over the benches in an awkward position for multiple minutes at a time. :laughing:

This is the next slowest and time consuming step in the process. I’ve streamlined just about everything else to the max within the server, network, and end clients capabilities.

It looks like going the micro controller direction would be quite a bit more cost effective even though I know it would mean wires going everywhere but that’s nothing new. The Pi 0 which I could solder pins or wires directly to how many pairs of pins can I program as a HID keyboard?

For the moment I’m not going to pull the trigger on this venture but it doesn’t change the fact I’ve been meaning to play with a Pi in my free time. This would make a nice excuse.

1 Like

With a little “hacking” you might have just given me the solution.

So I can’t use the /fw argument in an un-elevated windows CMD prompt but I CAN from within a WinPE prompt (the Windows installer application). Caveat (there’s always a catch) being shutdown.exe does not exist in my version of WinPE and both wpeutil reboot & wpeutil shutdown do not support the /fw argument that I can find.

So I tried stealing shutdown.exe from Windows. :laughing:

Now I do know how to crack open WinPE to add scripts and applications then how to recompile the file for network boot or into an .ISO file for USB deployment but before I go doing that I already have a external network share configured that WinPE is scripted to remote into and execute a specific .bat file. I can drop shutdown.exe onto the network share then add it’s execution to the .bat script.

So I decided to test it.

And it worked. Yay!

Screenshot from 2023-06-03 10-38-38

It does not really matter in which order the BIOS PW is checked. Before WinPE, after WinPE, or after Windows boots for the first time. Just that it gets checked for a password at some point during the imaging process and this looks very promising now. It circumvents the need for an administrator level prompt.

I also tried it bare metal on a Lenovo ThinkCentre M700. It took me strait into the BIOS.

It seems the HP’s will give me the most trouble it drops me into a boot menu, not the BIOS but that’s one F10 press away which is an improvement so so far so good. I will have the opportunity to test this full scale come Monday. I’ll let you know how it goes. :grin:

5 Likes