Lenovo BIOS Supervisor Password - automated deployment possibility
I have researched a lot and found this:
System Deployment Boot Mode (SDB) is a new feature added to the Whiskey Lake generation of ThinkPads. This introduces the ability to programmatically configure key security BIOS settings during your operating system deployments.
Unlike previous generations, this boot mode will allow you to:
Set an initial Supervisor Password
In the past, a supervisor password had to be set manually or from the factory. Once a supervisor password was set, it could be changed in an automated way leveraging the Lenovo_SetBiosPassword WMI class.
Disable the TPM Physical Presence for Clear requirement
No longer requires user interaction if a call to clear the TPM was performed. In other words, no more pressing F9!
Link: https://docs.lenovocdrt.com/#/bios/sdbm
Further reading says:
You can also use the Think BIOS Config Tool or higher to apply these changes in your operating system deployment task sequence.
I really appreciate if someone simplify this and help me understand how to deploy Supervisor password for both type of machines. (both already installed and to be installed). The present deployment at our org is EasyInstall for Windows and We also have E5 license ofcourse Intune capability.
Thanks again!