Category Archives: Uncategorized

Customizing Intel NUC BIOS with Intel Integrator Toolkit

I’ve noticed that the newer models of NUCs that I’m purchasing (specifically the NUC7i7BNH) ship with a 12 character serial number populated in BIOS. A while back, I wrote a post about how to add it should it be missing. The utility used in that post is no longer available for download, and the last time I used it, the NUC  bricked, so I set off to find a new tool to interact with NUC BIOS. Enter the Intel Integrator Toolkit.

This is a really pretty picture, strategically placed to reduce your disappointment that you will encounter in the next paragraph 🙂

Now, don’t get mad at me, but to use the Intel Integrator Toolkit, you have to disable Secure Boot to turn on the “Internal UEFI Shell” feature (which isn’t something you should leave on because it requires a keystroke to quit before it interrupts normal boot into Windows). I’m not really fond of tools that not only provide little automation in the end, but that also require you to turn off security features just to use it. Especially when you can manipulate BIOS properties of other major PC vendors from within Windows and it can be automated and distributed via a sequence engine and leave Secure Boot turned on.

 

Look, I have no idea what they were thinking. I’m just as confused as you.

Now on to the purpose of this post:

If you want to use the Windows Autopilot Script on your Intel NUCs, you’re in for some failure if the serial number is missing on account of the script requires a serial number 🙂

So, to fix it in a scenario where you want to add/change/remove/whatever a serial number or other bios properties, you need to:

  1.  Download the Intel Integrator toolkit (which is a .EFI file and some documentation)
  2. Format a USB drive in FAT32
  3. Copy the .EFI file from the download to your formatted USB drive
  4. Disable Secure Boot
  5. Enable Internal UEFI Shell

Now to manipulate the Serial Number property, simply boot into the Internal UEFI Shell (if it’s enabled in BIOS, it will give you a few seconds to cancel out of before it interrupts the normal Windows boot process, so best not to leave this turned on outside of this scenario).

To edit the serial number use the following syntax:

ITK6.efi –s –t system –f serial –v mySerial

Where “mySerial” is the serial number you want to enter. The -s, -t -f are flags that drill specifically to the Serial Number property. Full documentation on how to use the switches is in the guide that ships with the toolkit.

Here’s a list of customizations you can do with v 6.1.6 of the toolkit:

Manufacturer

Product Name

Serial Number

SKU Number

Family

Asset Tag

Chassis Type

OEM String (up to 3)

 

 

 

Create Local User Based on Serial Number

If you ever find yourself wanting to create a local user based on something super specific (like Serial Number) then this post is for you.

First you need your script:


#
#Created by Ami Casto Twitter:@MDTPro Blog:http://amicasto.com
#
#This script will create a local user account based on Serial Number, set the password to never expire, prevent user from changing the password, and add it to the Local Admin Group
#
#Make it all clean - this could be commented out if unwanted
#
$Error.clear() # Clear errors
$startupVariables=””
#
#Queries Win32_Bios for Serial Number and pulls out the serial number to return it on a single line which gets captured as a variable
#
$SN = gwmi win32_bios | Select-Object -Expandproperty SerialNumber
#
# $SN now equals the hardware's Serial Number and this variable is used to create a user account, set a password, and prevent that user from changing it
#
net user $SN P@ssw0rd /add /passwordchg:no
#
#This step sets the password to never expire
#
wmic useraccount where "name='$SN'" set passwordexpires=false
#
#This step adds the newly created account to the Local Admin group
#
net localgroup administrators $SN /add
#

Just copy/paste and save it as user.ps1 in the Scripts folder.

In MDT, open your preferred task sequence and create a new group where you would like the step to go.  Since this account is a local user and won’t be able to access anything specific to the deployment anyway, I’m adding the account near the end.

I've added the PowerShell script in a group I created for this step.

I’ve added the PowerShell script in a group I created for this step.

Notice that I call on it this way %SCRIPTROOT%\user.ps1 .  You could create a separate folder within the scripts folder, but you’ll have to remember to include that in the path as well, otherwise your deployment will fail.

And, Success!

Complete

It worked as expected – the user account matches what’s in the Serial Number property.

Disclaimer: It is very important that you pick a property that is short and doesn’t have special characters.  So I wouldn’t do this on a VM for example, I’d pick something from win32_bios such as model.

If you want to make this work on a Intel NUC, then you need to read my post about how to assign a Serial Number for your NUC.

Uninstall String for Autodesk Content Service 2016

Autodesk Content service (Especially 2016) isn’t playing nice in my environment.  If you’re in a BIM environment and you’re seeing a lot of strange things happen in Office (think ghost actions 🙂 ) I recommend uninstalling it.  You’ll see the same trends in Event Viewer as pictured below.

Event 7031 Service Control Manager

These 3 errors will appear together in the Applications node of Event Viewer

Event ID: 0 Autodesk Content Service

Event ID 1026 .NET Runtime

Event ID: 1000 Application Error

 

From admin prompt:

msiexec /x {A37CDB58-AAE8-0000-8C13-E0F7BACB0D5F} /quiet