Follow up to forum in https://community.acer.com/en/discussion/588912/bios-configuration-using-wmi

mchsm16
mchsm16 Member Posts: 3 New User
Understood back in Feb 2020, Acer laptops/desktops did not support BIOS programming thru WMI.

( forum https://community.acer.com/en/discussion/588912/bios-configuration-using-wmi )

Today is already Aug 2022, is there certain new Acer laptop model that can support this kind of BIOS programming thru WMI?

If no, is there plan from Acer to support that feature to its future products?

Thank you.

Answers

  • JackE
    JackE ACE Posts: 45,080 Trailblazer
    It's probably more secure to prohibit Windows from accessing the UEFI bootstrap settings and only allow user access to these setting on startup or reboot that is outside any operating system environment.

    In my opinion, a UEFI bootstrapper should be able validate/access the trusted file in the EFI partition but the Windows operating system should not be able access the UEFI settings.

    Jack E/NJ

  • mchsm16
    mchsm16 Member Posts: 3 New User
    This is more less questions/queries from admin point of view in managing thousands of laptops and desktops (e.g. students' laptops).

    If we explore few major vendors, we can find certain vendor like Dell has already had that capability.
    ( https://www.dell.com/support/kbdoc/en-sg/000146358/dell-command-powershell-provider-bios-passwords-feature )

    If currently none of Acer desktops/laptops have that kind of capability, is there plan from Acer to add support that feature in its future products?

    Thank you.


  • billsey
    billsey ACE Posts: 34,601 Trailblazer
    edited August 2022
    I doubt very much if they will ever support something like that. It would open a huge security hole into the system, ripe for exploitation by the malware folks...
    Though that wouldn't stop you from scripting BIOS updates using standard CMD prompt tools, since the BIOS updates are normally don't through batch files.
    Click on "Like" if you find my answer useful or click on "Yes" if it answers your question.
  • mchsm16
    mchsm16 Member Posts: 3 New User
    Understood, thanks for the info.

    So far we never heard any exploitation on the Dell laptops/PCs.

    UEFI itself should have already had its way on how to secure the access as part of secure boot.

    Microsoft also has this feature on its Surface 3 pro model thru special firmware:
    https://docs.microsoft.com/en-us/surface/advanced-uefi-security-features-for-surface-pro-3

    Hopefully Acer can consider this feature to be added in their future products.

    Or else student laptops currently only have small options on their laptop brands to be used by their schools, which currently are Dell and Surface 3 pro only

    We are also checking closely with Lenovo, as they have already had the programming capabilities on their products but still lack of ability to set initial password during initial deployment:
    https://www.configjon.com/lenovo-bios-password-management/

    HP doesn't seem to have issue on it, but currently they are not our affiliate:
    https://www.configjon.com/hp-bios-password-management/


  • JackE
    JackE ACE Posts: 45,080 Trailblazer
    >>>Hopefully Acer can consider this feature to be added in their future products.>>>

    You've posted to an Acer users forum. Accordingly, except for the forum moderators, we are not Acer employees or reps who have any influence whatsoever over adding a feature like this.

    However, as an Acer user, I suggest not holding one's breath hoping that Acer would reconsider its decision not to add it except in limited ways already allowed by its own proprietary Sense applications. Perhaps you could try to contact the Acer corporate Group at this link to see if they might consider expanding the Sense app capabilities to accommodate your request.


    Jack E/NJ