Welcome back to our “Managing the Dell BIOS” series! In this final part, we are going to start pushing BIOS setting with Group Policy.
Before we proceed, make sure that:
- You have installed the Client Configuration Toolkit (CCTK). The download can be found on our Tools page under the Deployment/MDT section.
- You know how CCTK works in command line.
- You have created your customized BIOS package.
Now that you have everything you need, let’s lock down your BIOS and deploy your settings!
Saving your CCTK Package
At the end of Part 2, you created a CTTK package in the form of an EXE. If you are using MDT as your deployment suite, navigate to the Applications folder under your DeploymentShare. Create a new folder named Dell. If you are not using MDT, simply create a new folder on a file or software distribution server.
Note: The BIOS Updates sub-folder is used in our environment to update the Dell BIOS version before imaging. I find that it is much safer to update the BIOS before the OS is installed rather than afterwards. We won’t go down that rabbit hole in this post. If you would like instructions on setting up the BIOS version update feature, then check out part 4 of this series.
Save your BIOS settings package in the root of the Dell folder. Saving the package here instead of on a file server has one big benefit. It allows you to change machine settings through Group Policy and/or MDT.
Next, create batch file in the same Dell folder. Edit it so that it will execute your BIOS package. Be sure that the BIOS package path points to the UNC. An example would look like this:
Create your BIOS Settings GPO
In the GPMC, create a new GPO named “Dell BIOS Settings”. Edit the GPO and browse to the Shutdown Scripts node. Browse to your batch file and add it to your GPO. Test your GPO by linking it to a few computers. After a GPUpdate and a restart, you should see your BIOS settings take effect. Be sure to restart each computer twice after the update has been installed. This will help you identify any potential problems.
For me, the easiest way to see my settings is to configure the Dell Asset attribute in your BIOS package. The asset attribute lets you configure a company tag that appears when your machines POST. When computers start in our environment, they will display “GCBE” right above the Dell logo. This also has the added bonus of proving ownership in case a device decides to grow legs.
Your BIOS – Now Managed
In this three part series, you learned how to use the Dell Client Configuration Toolkit. You’ve created a BIOS package and learned how to deploy settings with Group Policy. Using this tool and configuring your machines will let you fix some pretty difficult problems! Just to get you motivated, you can:
- Make your users happier by having their machines pre powered on
- Secure your BIOS with a password to prevent unauthorized changes
- Restrict boot devices to stop password cracking CDs
- Disable the wireless adapter kill switch (the one that every user accidently turns on)
- Tattoo your computers with an asset tag
Go forth and start pushing BIOS Settings with Group Policy!If you have any questions or thoughts (such as why I use exclamation marks so much), let me know in the comments below!