[Technical Whitepaper] Dell Agentless Client Manageability Technical Whitepaper BIOS Development Abstract How to manage Dell client devices by leveraging their direct WMI capabilities July 2020 ID 413
Revisions Revisions Date Description July 2020 Initial release Acknowledgements Author: Girish Prakash The information in this publication is provided “as is.” Dell Inc. makes no representations or warranties of any kind with respect to the information in this publication, and specifically disclaims implied warranties of merchantability or fitness for a particular purpose. Use, copying, and distribution of any software described in this publication requires an applicable software license.
Table of contents Table of contents Revisions.............................................................................................................................................................................2 Acknowledgements .............................................................................................................................................................2 Table of contents .................................................................................................
Executive summary Executive summary Managing Dell client devices without additional agentry is an important capability for many customers. This paper explains how to use the WMI interface to leverage the default namespaces that are available to manage Dell client devices without the need for additional agents or tools.
Introduction 1 Introduction This whitepaper provides technical information on how customers can leverage “zero-touch” or agentless management aspects of Dell© commercial client platforms. The interface described in this whitepaper is included on Dell commercial client systems released to market after calendar year 2018. 1.1 1.2 Background Configuring Dell client systems without first installing a system management agent such as Dell Command Suite agents can be challenging.
Platform Level Data Modeling 2 Platform Level Data Modeling On Dell’s commercial client systems, most of the configurable items available on the BIOS Setup (F2) screen are based on the Distributed Management Task Force (DMTF) PLDM for BIOS Control and Configuration Specification. You can find more information on this using the below link. https://www.dmtf.org/sites/default/files/standards/documents/DSP0247_1.0.0.
WMI namespace, classes and instances 3 WMI namespace, classes and instances All objects in WMI are exposed within a unique namespace, and so are BIOS attributes. The attributes mentioned above are modeled as individual classes under the namespace root/dcim/sysman/biosattributes Attributes are exposed under the following class names: 3.
WMI namespace, classes and instances { }; [key, read] string InstanceName; [read] boolean ReadOnly; [WmiDataId(1),read] string AttributeName; [WmiDataId(2),read] string DisplayNameLangCode; [WmiDataId(3),read] string DisplayName; [WmiDataId(4),read] string DefaultValue; [WmiDataId(5),read] string CurrentValue; [WmiDataId(6),read] string Modifiers; [WmiDataId(7),read]uint32 MinLength; [WmiDataId(8),read] uint32 MaxLength; To enumerate the attributes supported on any given system, the Get-WmiObject PowerSh
Modifying Attributes & BIOS Defaults. 4 Modifying Attributes & BIOS Defaults. BIOSAttributeInterface is the name of the WMI class which exposes various Set methods to set the attribute value to a required state. It also exposes methods to restore entire BIOS configurations to previously registered default values. In addition to various Set methods, BIOSAttributeInterface class also exposes a method to get the Help string for any given attribute.
Modifying Attributes & BIOS Defaults.
Modifying Attributes & BIOS Defaults. But if the password is set to PASSWORD, for example, then the commands look like $pwd = ”PASSWORD” $encoder = New-Object System.Text.UTF8Encoding $bytes = $encoder.GetBytes($pwd) $BAI.SetAttribute(1,$bytes.Length,$bytes,"UefiNwStack","Disabled") The first three commands above encode the plaintext password to bytes, and the SetAttribute() method’s first argument is 1(Plain Text) instead of 0 (None).
Boot order enumeration and configuration 5 Boot order enumeration and configuration Like attributes, bootorder is another class exposed in WMI on Dell client systems in the same namespace (root/dcim/sysman/biosattributes).
Boot order enumeration and configuration __PATH : \\COMPNAME\root\dcim\sysman\biosattributes:BootOrder.InstanceName="ACPI\\PNP0C14 \\WBAT_0" BOCount : 0 BootListType : LEGACY BootOrder : InstanceName : ACPI\PNP0C14\WBAT_0 IsActive : 0 PSComputerName : COMPNAME __GENUS : 2 __CLASS : BootOrder __SUPERCLASS : __DYNASTY : BootOrder __RELPATH : BootOrder.InstanceName="ACPI\\PNP0C14\\WBAT_1" __PROPERTY_COUNT : 5 __DERIVATION : {} __SERVER : COMPNAME __NAMESPACE : root\dcim\sysman\biosattributes __PATH : \\COMPNAM
Managing passwords 6 Managing passwords The BIOS administrator password and system password can be set, reset, or cleared using the WMI classes from namespace: root/dcim/sysman/wmisecurity There are two classes which are exposed from this namespace: PasswordObject and SecurityInterface. PasswordObject instances indicate properties of the password whereas SecurityInterface can be used to perform operations on the password.
Managing passwords Conclusion Now you can manage the BIOS configurations on your Dell commercial client systems directly from WMI, without using additional agents or applications.