Change Phoenix Bios Password

  1. Change Phoenix Bios Password Free
  2. Change Phoenix Bios Password Mac

What are BIOS & CMOS Passwords:: BIOS Or CMOS Password is the Authenticate Information given to BIOS (Basic Input Output System). The CMOS or BIOS password is given to the computer for an extra layer of security so that it can prevent unauthorized access. Method #1: Reset BIOS Password by Removing CMOS Battery In order to start with this method, firstly disconnect your PC from the main power source or remove the battery if you are using a laptop. Next remove the computer's cover, and locate the CMOS coin battery which is depicted as follows in the image below.

In this article, we simulate a Phoenix BIOS to give you an idea of how it might be configured. We'll show you some illustrated graphics of the Phoenix BIOS, and brief explanations of the options and how you might use them.

How is the Phoenix BIOS different?

  • Arrow keys navigate.
  • Plus and minus keys change values.
  • Users must save values before exiting.

Navigation information

The Phoenix BIOS is a very intuitive BIOS setup and is fairly easy to navigate. To navigate the Phoenix BIOS, use the up and down arrow keys to navigate the current screen. To change menus, pressing the right or left arrow keys switch between each of the available menus.

Once an item is selected, it can be changed by pressing Enter key or the + or - key.

Menus and screenshots

Change Phoenix Bios Password Free

Note

The pictures included in this section are from one version of the Phoenix BIOS. The version of the Phoenix BIOS on your computer may be different, and therefore it could look different than shown in these pictures. These pictures are meant to provide you with a general idea of what to look for in the Phoenix BIOS.

Below are example pictures of the Phoenix BIOS setup screens. As you can see in the picture below, this BIOS is broken up into different menus.

Main menu

In the below illustration of the Main menu portion of the BIOS, a user can see the computer specifications and change the time, date, and other system specific settings.

Advanced menu

The Advanced menu, as shown below, allows you to change the system settings. As shown, this menu is broken down into six additional sub-menus that enable you to change settings for each of the different categories.

Peripheral Configuration

The Peripheral Configuration section contains options for the computer's serial ports, parallel ports, and legacy USB ports.

IDE Configuration

The IDE configuration allows a user to define or change any values relating to IDE devices connected to the computer (e.g., hard drive and CD-ROM drive).

Diskette Options

Change Phoenix Bios Password Mac

The Diskette Options enables you to enable, disable, and change settings relating to the diskette drive connected to the computer.

DMI Event Logging

The DMI Event Logging enables a user to view the DMI event log, clear the log and enable or disable this feature.

Video Configuration

The Video Configuration allows you to set settings related to the video including the Palette Snooping, AGP aperture size, and the default adapter.

Resource Configuration

The Resource Configuration enables a user to reserve or make available any memory or IRQ resources.

Security menu

The Security menu enables you to set BIOS passwords on the computer. From here, you can set a User Password, which prompts for a password each time the computer boots or set a Setup Password to enter the BIOS setup. If a user sets a BIOS password and forgets that password, he or she must clear the CMOS or BIOS password.

Power menu

The next section, or Power menu, enables a user to enable and disable the power management options on the computer. Because this section really has no more than disabling and enabling power management and the hardware with power management features, this illustration is not shown.

Boot menu

The final section in this example of the Phoenix BIOS is the Boot menu. This section enables a user to configure how the computer and its peripherals should load during the boot process. As seen below, users can define the boot sequence of the bootable devices. This section is important for when you want to boot from a floppy diskette or CD-ROM. There are three sub-menus that enable a user to select from a listing of available hard drives or other removable devices.

Additional information

This post was updated on October 18th, 2020.

This post discusses how to manage Lenovo BIOS passwords using WMI. My goal was to have a script that could change or clear existing passwords and could display a prompt to the screen when manual intervention was required. In this post, I’ll cover the basics of how the script works. I’ll also talk about some limitations of the script and some areas it could be improved in the future

The script can be downloaded from my GitHub. https://github.com/ConfigJon/Firmware-Management/tree/master/Lenovo

Lenovo, WMI, and PowerShell

Lenovo provides a WMI interface that can be used for querying and modifying BIOS settings on their hardware models. This means that we can use PowerShell to directly view and edit BIOS settings without the need for a vendor specific program. This script deals specifically with Lenovo BIOS passwords, so in this post, I will only be discussing the classes related to password management.

The first thing that needs to be done is to determine what passwords are currently configured. This information can be obtained from the Lenovo_BiosPasswordSettings class.

These two lines will return a number that tells us what passwords are currently set. For reference, this is what each value means:

  • 0 – No passwords set
  • 1 – Power on password set
  • 2 – Supervisor password set
  • 3 – Power on and supervisor passwords set
  • 4 – Hard drive password(s) set
  • 5 – Power on and hard drive passwords set
  • 6 – Supervisor and hard drive passwords set
  • 7 – Supervisor, power on, and hard drive passwords set
  • 64 – System management password set
  • 65 – System management and power on passwords set
  • 66 – System management and supervisor passwords set
  • 67 – System management, supervisor, and power on passwords set
  • 68 – System management and hard drive passwords set
  • 69 – System management, power on, and hard drive passwords set
  • 70 – System management, supervisor, and hard drive passwords set
  • 71 – System management, supervisor, power on, and hard drive passwords set

The next step is to action on this data and either change or clear the BIOS password. This can be done using the Lenovo_SetBiosPassword class.

These two lines will attempt to change the supervisor password from OldPassword to NewPassword. The type of password being modified is determined by the first value inside the double quotes, in this case pap, which is the supervisor password. For reference, here are the values for the other password types:

  • pap – Supervisor password
  • pop – Power on password
  • smp – System management password
  • uhdp1 – User hard drive password
  • mhdp1 – Master hard drive password

Here are some additional examples.

For more detailed information on the Lenovo WMI interface, as well as a list of supported hardware models, refer to the official documentation. https://support.lenovo.com/us/en/solutions/ht100612

Manage-LenovoBiosPasswords.ps1

This script takes the basic commands we just looked at and adds logic to allow for a more automated password management process. The script accepts parameters that tell it which actions to perform.

  • SupervisorSet – Change an existing supervisor password
  • SupervisorClear – Clear an existing supervisor password
  • PowerOnSet – Change an existing power on password
  • PowerOnClear – Clear an existing power on password
  • SystemManagementSet – Change an existing system management password
  • SystemManagementClear – Clear an existing system management password
  • HDDPasswordClear – Clear an existing user and/or master hard drive password

There are also parameters that are used to specify the new and old BIOS passwords.

  • SupervisorPassword – The current supervisor password or password to be set
  • OldSupervisorPassword – The old supervisor password(s) to be changed. Multiple old passwords can be specified (separated by a comma). See the Limitations section of this post for more information.
  • PowerOnPassword – The current power on password or password to be set
  • OldPowerOnPassword – The old power on password(s) to be changed. Multiple old passwords can be specified (separated by a comma). See the Limitations section of this post for more information.
  • SystemManagementPassword – The current system management password or password to be set
  • OldSystemManagementPassword – The old system management password(s) to be changed. Multiple old passwords can be specified (separated by a comma). See the Limitations section of this post for more information.
  • HDDUserPassword – The current user hard drive password to be cleared
  • HDDMasterPassword – The current master hard drive password to be cleared

By default, if the script fails to perform any of these actions, it will display a message box on the screen and exit with an error code. This can be useful in a task sequence scenario where you may not want a system to continue with the task sequence if the BIOS password is not set correctly. However, if you want the script to be completely silent, there are a few parameters that can be set.

  • NoUserPrompt – Suppress all user prompts
  • ContinueOnError – Ignore any errors caused by changing or clearing passwords. (Will not ignore parameter validation errors)

When the script runs, it will write to a log file. By default, this log file will be named Manage-LenovoBiosPasswords.Log. If the script is being run during a task sequence, the log file will be located in the _SMSTSLogPath. Otherwise, the log file will be located in ProgramDataConfigJonScriptsLenovo. The log file name and path can be changed using the LogFile parameter. Note that the log file path will always be set to _SMSTSLogPath when run during a task sequence.

Limitations and Known Issues

Blank Passwords
The first limitation is actually imposed by Lenovo for security reasons. The first time a BIOS password is set, it must be set manually. It is not possible to programmatically set a BIOS password when one does not already exist. The script does have logic to detect for this scenario, and will throw an error and prompt the user if that is the case.

Lenovo has recently added a System Deployment Boot Mode to newer hardware models that allows setting a password. I will look into this more in the future to see if it can be incorporated into the script.

Password Lockout
The second limitation is also imposed by Lenovo for security reasons. If enough wrong password attempts are made, the system will lock and require a reboot to continue attempting passwords. In my testing with Lenovo hardware, I’ve found some models lock after 3 failed password attempts, and some lock after 6 failed password attempts.
Even though the lockout number is 3 or 6, depending on hardware model, the way this script is written, you can only specify either 2 or 5 old passwords in the old password parameters. This is because the script first tests if the password is already set to the value passed in the new password parameters, which eats up 1 of those lockout attempts if incorrect.
For example, if the script is instructed to change a supervisor password, the first thing it does, is test the current password against the value passed in the SupervisorPassword parameter. If it does not match, this counts as 1 failed attempt. The script then attempts to change the password to the values passed in the OldSupervisorPassword parameter. However, since we are already at 1 failed attempt after the first test, we can only try 2 more passwords before needing a reboot.
If this script is being run during a task sequence, and there are 4 different potential old passwords, and the device locks after 3 failed attempts, the script would need to be called with Password1 and Password2 specified as old passwords. Then a reboot would need to happen. Then the script would need to be run a second time with Password3 and Password4 specified as old passwords.
There are 2 checks in the parameter validation section of the script that will throw an error if 2 or more old passwords are specified. If you need to increase this limit, either comment out or modify those lines. Additionally, if too many failed password attempts are made and the BIOS setting Password Count Exceeded Error is set to Enabled, on the next reboot a message will be displayed on screen and require a user input.

Multiple Configured Passwords
When multiple types of passwords are set on a system, there are different requirements for which passwords must be specified to complete some actions.

  • If the supervisor and power on passwords are set
    • The supervisor password is required to change or clear the power on password
  • If the supervisor and system management passwords are set
    • The supervisor password is required to change or clear the system management password
  • If the system management and power on passwords are set
    • The system management password is required to change or clear the power on password

Power On Password Issue
In my testing I’ve run into an issue where the SetBiosPassword WMI method will always report success (even in a failure situation) when attempting to change or clear the power on password. When attempting to change a password, my script will first check to see if the supplied password is already set correctly. If it is not, the SetBiosPassword method should return a failure, but when this issue occurs, the SetBiosPassword always returns success. This causes the script to think the power on password has been changed, when in reality, it has not.

Another symptom of this issue is after a failed (reported success) attempt to change or clear the power on password, an error message will be displayed on the screen during the next system reboot. The message is: 0191: System Security – Invalid remote change requested.

Hard Drive Passwords
Currently the script only has logic to clear existing hard drive passwords. In my testing, I found that when attempting to change or clear a hard drive password, the command always returns Success even if it failed. This makes it difficult to determine if the command actually worked or not. If you are planning to use the hard drive password parameters, ensure that the passwords being used are correct. I’d love to hear from you if you have tips on better dealing with Lenovo hard drive passwords. This is definitely an area of the script that could use improvement.

Examples

The script can be run as a standalone script in Windows, or as a part of a Configuration Manager task sequence. It can also be run in the full Windows OS or in WinPE.

Here are a few examples of calling the script from a PowerShell prompt in Windows.

Here is a basic example of calling the script during a task sequence. In this example the supervisor password is being changed and there is only 1 possible old supervisor password.

Here is a second example of calling the script during a task sequence. In this example, the supervisor password is being changed and there are 6 possible old supervisor passwords. The hardware the script is being run against will lock after 3 failed attempts, so only 2 old passwords can be specified before a reboot is required. The means that the script will need to be run 3 times.

First in the Set Password Values step, create variables for each password.

The First Pass folder has no conditions on it, as we want it to run for any Lenovo system. To change a supervisor password, the SupervisorSet parameter is specified along with the SupervisorPassword and OldSupervisorPassword parameters.

Because the script will need to run multiple times, there is one additional parameter that needs to be specified. The SMSTSPasswordRetry parameter instructs the script to not display prompts to the screen until all attempts have completed. In this scenario, the script needs to be run 3 times, so SMSTSPasswordRetry parameter is specified on the first 2 passes of the script and not on the final pass. When the password(s) are successfully changed or cleared, the SMSTSPasswordRetry variable will be set to false. This means that if the first pass of the script is successful, the second and third passes of the script will be skipped.

Change Phoenix Bios Password

When the script runs during a task sequence, it will create task sequence variables to track the success or failure of each different script action. If any one of the password actions fails, the associated task sequence variable will be set to Failed.

  • LenovoSetSupervisor
  • LenovoClearSupervisor
  • LenovoSetPowerOn
  • LenovoClearPowerOn
  • LenovoSetSystemManagement
  • LenovoClearSystemManagement

As I mentioned before, the first run of the script in the task sequence does not have any conditions, but each successive run of the script should have these conditions.

The second pass of the script. Notice the SMSTSPasswordRetry parameter is specified because there is still another potential pass of the script yet to run.

The third pass of the script. Notice the SMSTSPasswordRetry parameter is not set because this is the final pass of the script.

If at the end of the 3 passes of the script, the password was still not successfully changed, a message would then be prompted on the screen informing the imaging technician.

This script ended up being a lot longer and more complicated than I expected when I started, but the end result of all of this is a script that can be used to change or clear Lenovo BIOS passwords. The script can be run in a task sequence and persist information across multiple reboots. This allows for the user to be correctly prompted about any required manual actions even if there are many old passwords to test.

Additional Reading

If you’re looking to configure Lenovo BIOS settings other than just the passwords, check out these links. Lenovo BIOS Settings Management is my own script. The Think BIOS Config Tool is an official tool released by Lenovo that allows for changing BIOS settings through a GUI interface or at the command line. The Lenovo BIOS Configurator is a script written by Martin Bengtsson. It’s a great example of using PowerShell to configure BIOS settings.