How do I roll out BIOS passwords properly across a laptop fleet?
Setting BIOS passwords by hand per device is error-prone and does not scale. Dell, HP and Lenovo offer vendor tools that let you push and rotate the password centrally via script or MDM.
Try this first
- 1Decide between a unique password per device or one fleet-wide password. Unique is safer but needs a password vault (Bitwarden Business, 1Password Business, KeePassXC) tied to the serial.
- 2Dell: Dell Command Configure or the cctk CLI. From Intune or GPO run `cctk --setuppwd=NEW --valsetuppwd=OLD` as a post-deployment script. Rotate via a PowerShell runbook every 6 or 12 months.
- 3HP: HP BIOS Configuration Utility (BCU) with a signed BIOS password file. Generate per device or fleet-wide with `BiosConfigUtility64.exe /setconfig` and ship via Intune Win32 app or Configuration Manager.
- 4Lenovo: ThinkBIOSConfig.hta or the Lenovo Vantage MDM extension via Intune. From ThinkPad platforms 2022 onwards you can set the supervisor password through WMI without reboot.
- 5Record in your register which password belongs to which serial, with the last rotation date. On a defect or recovery the vendor will ask first. Without it you cannot even open your own devices.
When to bring us in
For a fleet over 25 laptops with mixed brands it pays to set this up properly once in Intune or NinjaOne, with auto-rotation and vault integration. We deliver that as a 1- to 2-day engagement.
See also
- Should we buy or lease laptops as a 5-person company?Both work. Lease is predictable but pricier over the term; buying needs cash and your own depreciation. The difference is mostly admin.
- Is buying refurbished smart or asking for trouble?For office work fine, if from a serious vendor with warranty and a clean OS install. The trap is shady marketplace listings.
- How much RAM and SSD for office work in 2026?Rule of thumb for knowledge work: 16 GB RAM and 512 GB SSD as a comfortable minimum. 8 GB already feels tight; 32 GB is for heavy tools.
None of the above fits?
Describe your situation below. We pass your input plus the steps you already saw to our AI and return tailored next-step advice. If it's too risky to DIY, we'll say so.
Or skip the DIY entirely
Our Managed IT clients do not look these things up. One point of contact, a fixed monthly price, resolved within working hours.