Can windows 10 updates change/alter BIOS settings?
We have a controlled environment in which all computers were deployed with the microphones and wifi disabled in the BIOS settings (roughly 12 to 15 months ago). When these devices were deployed, the deploying team member confirmed the bios settings and labeled the device 'no camera/wifi, mic disabled.' During a recent check, we found that 17 of the devices had the mics enabled in the BIOS settings. These devices have not been altered in any way except for windows updates. There is a BIOS password that is not shared.
If it is possible for BIOS settings to be altered by windows update, how can we disable that feature?
Windows update changed BIOS settings? - Super User
BOTTOM LINE: It apparently is possible for a Windows Update (or combination thereof) to override the BIOS administrator password and reset PC firmware to its defaults -- without disabling or changing BIOS password.
KB4056887 and KB4056890 are not related. One is a cumulative patch for Windows 10 1607. the other patched Adobe Flash Player. Neither of those updates would have changed the BIOS password, and I disagree, that a Windows Update even has that capability. The method you discovered to boot to Advanced Startup, is user initiated and does not bypass the password. What is more likely is, the CMOS battery is weak, and a power failure happened and the firmware defaults were applied. Neither of those updates were even released in March.
The recent update to version 1803 of Windows 10 erased all my BIOS settings. I was astonished to see the COMPAQ splash screen for the first time in about 11 years. The boot order for my internal hard disks had changed. CMOS battery was just replaced a couple of months ago. Such an annoying trick by the cursed Microsoft.
Updating Windows OS but not BIOS can cause issues: Win 10 changing BIOS settings - Microsoft Community
Since you've updated Windows 10, BIOS settings should be updated as well to make it work with latest build for Windows 10.
Windows has the ability to communicate with the BIOS. A good example is for Windows to read the product key embedded in the BIOS during an upgrade.
I believe Windows can also communicate with the BIOS through ACPI settings, e.g. sleep, fast startup, etc.
I noticed this BIOS tampering by Windows several weeks ago and posted the situation here in this Microsoft Community Forum. You can read my post here < Microsoft has gone too far this time >
Ends up going to the Asus forum – Asus concluded:
The idea of the Asus forum is that Windows installation may have tampered with UEFI BIOS, erasing part of it in the process.
I haven't gotten a real response as yet from the Forum members or from Microsoft Support Engineers hanging around here from time to time. Only one forum member suggested me to put my question in the TechNet forums. I haven't done it yet.
I am not saying that your issue ( and mine ) is happening because of Windows tinkering the BIOS settings. Just a thought.
Another instance: KB4462919 Windows update reset bios settings - Microsoft Community
After windows update KB4462919 was installed automatically, all my bios settings were reset. I haven't the bios password, and i can't change bios settings.
This one talks about windows updates bricking computers: Windows 10 forcing bios updates leaving computer unbootable - Microsoft Community
The other option is to configure the disabling of driver downloads in Windows updates, which should include firmware. If your computers are all part of a domain, then use the GPO editor to toggle that setting: Computer Configuration > Administrative Templates > Windows Components > Windows Update > Do not include drivers with Windows updates.
In the registry, this would be a DWORD named ExcludeWUDriversInQualityUpdate = 1 in HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(60.8, 17%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGJ%3C/text%3E%3C/svg%3E)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(99.2, 79%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESM%3C/text%3E%3C/svg%3E)