The Unified Extensible Firmware Interface (UEFI) BIOS supports several kind of BIOS passwords that provide different levels of security to Dell computers. Admin (Setup) password and System (User) password are commonly used, and both have unique security purposes.
Admin Password
Admin password provides the security by locking all the BIOS features or settings so that these cannot be modified. User can boot and see BIOS settings but cannot modify unless the correct admin password is provided to the system.
After setting admin password, no BIOS settings can be modified except System password, HDD password, and Wireless Switch.
System password
System password provides the security by preventing user from booting the system. User will not be able to see the boot menu (F2/F12) unless the correct system password is provided to the system. Once password is provided to the system, the BIOS setup options can be modified. In case admin password is also set on the machine, provide admin password also to modify the BIOS settings.
Configuring BIOS passwords using Dell Command | PowerShell Provider (DCPP)
Dell Command | PowerShell Provider can be used to configure admin and system passwords. You can set, modify, and clear these passwords. You can also verify whether the password is set on the system or not. To know about installing and configuring Dell Command | PowerShell Provider module on your system, refer Download and Installation section in user guide. To download the user guide, click here.
Verifying Admin/System password
Using Dell Command | PowerShell Provider, you can verify whether Dell machine has admin or system password set or not. To verify, run the following commands:
- Get-Item -Path DellSmbios:\Security\IsAdminPasswordSet
- Get-Item -Path DellSmbios:\Security\IsSystemPasswordSet
Output of these two commands will be true or false based on whether particular password is set on machine or not.
Setting Admin/System password
Admin and system password both requires minimum 4 and maximum 32 characters. To set the passwords, use the following commands.
- Set-Item -Path DellSmbios:\Security\AdminPassword "$AdminPwd"
- Set-Item -Path DellSmbios:\Security\SystemPassword "$SystemPwd"
Note - If the system has admin password set and you want to set system password, provide admin password using the following command:
Set-Item -Path DellSmbios:\Security\SystemPassword "$SystemPwd" -Password "$AdminPwd"
Modifying Admin/System password
To modify the password using DCPP, run the following commands:
- Set-Item -Path DellSmbios:\Security\AdminPassword "$NewAdminPwd" -Password "$OldAdminPwd"
- Set-Item -Path DellSmbios:\Security\SystemPassword "$NewSystemPwd" -Password "$OldSystemPwd"
Clearing Admin/System password
To modify the password using DCPP, run the following commands:
- Set-Item -Path DellSmbios:\Security\AdminPassword "" -Password "$OldAdminPwd"
- Set-Item -Path DellSmbios:\Security\SystemPassword "" -Password "$OldSystemPwd"
Note -
- Admin password cannot be set if system/HDD password is already set on the system.
- If system is in legacy boot mode, the admin password is required for all UEFI boot paths but if system is in UEFI boot mode, then admin password is not required for UEFI boot paths.
- Clearing admin password also clears the system password.
Dependency on other BIOS features
Strong Password
Strong password applies rules on admin and system passwords. When strong password feature is enabled, admin password and system password require,
- Minimum 8 characters
- Must contain at least one upper case, and one lower case character
To enable or disable this setting using DCPP, run the following commands:
- Set-Item -Path DellSmbios:\Security\StrongPassword “Enabled”
- Set-Item -Path DellSmbios:\Security\StrongPassword “Disabled”
Password Bypass
This BIOS setting provides the facility to bypass the system password during system restart or resume from standby. If Password Bypass feature is disabled and system password is set, then system prompts for system password during every restart.
- Disabled - If Password Bypass feature is disabled and system password is set, then system prompts for system password during every restart.
- Reboot Bypass - System will not prompt for system password during system restart.
- Resume Bypass - System will not prompt for system password during system resume from standby state.
- Reboot and Resume Bypass - system will not prompt for system password during system restart, or system resume from standby state.
To modify this setting using DCPP, run the following commands:
- Set-Item -Path DellSmbios:\Security\PasswordBypass “Disabled”
- Set-Item -Path DellSmbios:\Security\PasswordBypass “Reboot Bypass”
- Set-Item -Path DellSmbios:\Security\PasswordBypass “Resume Bypass”
- Set-Item -Path DellSmbios:\Security\PasswordBypass “Reboot and Resume Bypass”
Admin Setup Lockout
If the admin password is set on your machine, you can view the BIOS setup menu (F2/F12) in the locked mode. Admin password is required only if you want to modify the BIOS settings. Admin Setup Lockout feature provides more security to the system. If admin setup lockout is enabled and admin password is set, then you cannot view the BIOS setup menu (F2/F12) until you provide the correct admin password.
To enable or disable this setting using DCPP, run the following commands:
- Set-Item -Path DellSmbios:\Security\AdminPasswordSetup “Enabled”
- Set-Item -Path DellSmbios:\Security\ AdminPasswordSetup “Disabled”
