Configure Surface devices with PowerShell
The Surface IT Toolkit includes a centralized library of scripts is designed to enhance the management capabilities of IT admins, providing precision control over Surface devices, Docks, and Hubs. Whether you’re enrolling new devices into the Surface Enterprise Management Mode (SEMM), managing Unified Extensible Firmware Interface (UEFI) firmware settings, or ensuring devices are compliant with your organization's policies, these scripts offer an alternative to using the UI-based UEFI Configurator tool.
To access the scripts, open Surface IT Toolkit, select UEFI Configurator > PowerShell Scripts and copy the scripts into your dev environment.
Surface Device Scripts
This collection enables IT admins to configure SEMM on individual Surface devices efficiently. From setting up new devices to managing UEFI settings and permissions, these scripts ensure that the devices adhere to enterprise security standards.
Key Scripts:
- Configure SEMM: For creating configuration packages tailored to specific organizational requirements.
- Additional Scripts: View scripts for various advanced management tasks, as shown in the following table.
| Script | Summary |
|---|---|
| ApplyProvisioningPackage | Used to apply existing Owner and Permissions packages, determining who has authority to make changes to UEFI settings. |
| ApplySettingsPackage | Applies an existing UEFI settings package to a device. |
| CreateOwnerPackage | Generates an Owner package setting organizational certificate-based ownership of the UEFI. |
| CreateOwnerUpgradePackage | Creates a package to replace an expiring certificate on an already-enrolled device. |
| CreatePermissionPackages | Produces a package that sets permissions for UEFI setting changes. |
| CreateSettingsPackage | Generates a package containing desired UEFI settings. |
| CreateTestCertificates | Creates self-signed certificates for SEMM testing in nonproduction environments. |
| CurrentSettings | Displays the UEFI settings currently configured on the host device. |
| ResetSEMM | Constructs a reset package to remove SEMM from a device. |
| ShowSettingsOptions | Shows available UEFI settings that can be configured. |
| VerifySettings | Verifies UEFI settings against settings configured on the host device and in applied packages. |
Surface Dock Scripts
Facilitate the integration of Surface Docks into your device management framework. These scripts offer an alternative to the UI-based UEFI Configurator tool, for precise control of Surface Docks connected to your Surface devices.
Surface Thunderbolt 4 Dock Scripts
Built for Thunderbolt 4 Docks, these PowerShell scripts offer policy creation, provisioning, and dynamic USB-C disablement.
| Script | Summary |
|---|---|
| CreateSurfaceThunderbolt(TM)4DockCertificates | Generates self-signed certificates for testing SEMM with Surface Thunderbolt™ 4 Dock in nonproduction environments. |
| ResetSEMM - Thunderbolt(TM)4Dock | Creates a package to remove SEMM from a Surface Thunderbolt™ 4 Dock. |
| VerifyDockSettings | Displays the settings currently applied to the connected Surface Thunderbolt™ 4 Dock. |
Surface Dock 2 Scripts
Built for Surface Dock 2, these PowerShell scripts offer management for port and firmware settings.
| Script | Summary |
|---|---|
| CreateSurfaceDock2Certificates | Generates self-signed certificates to test SEMM for Surface Dock 2 in nonproduction environments. |
| Reset SEMM | Creates a reset package that can be used to remove SEMM from a Surface Dock 2. |
| VerifyDockSettings | Displays the applied settings of the connected Surface Dock 2. |
Why use Surface PowerShell scripts?
- Automation: Automate repetitive tasks to save time and reduce the likelihood of errors during device setup and management.
- Customization: Tailor the device settings to meet the unique needs of your organization.
- Security: Maintain high security by controlling UEFI settings and SEMM configurations.
- Documentation: Each script comes with detailed comments to guide you through usage and deployment.
The PowerShell Scripts within the Surface IT Toolkit's UEFI Configurator offer a robust solution for the fine-tuned management of Surface devices and accessories, aligning with enterprise security, compliance, and operational efficiency goals.