How to configure Samsung BIOS settings using WMI and PowerShell

Last updated on 2023-06-21

Introduction

This document provides instructions for IT administrators using WMI (Windows Management Instrumentation) and Windows PowerShell to configure the BIOS settings of their remote Samsung Galaxy Book2 client devices.

Supported models

Samsung provides a BIOS WMI interface for the Galaxy Book2 and Book3 series of devices. This document provides instructions for the following models:

Galaxy Book3

  • Galaxy Book3 Ultra (2023)
  • Galaxy Book3 Pro 360 (2023)
  • Galaxy Book3 Pro 360 5G (2023)
  • Galaxy Book3 Pro (2023)
  • Galaxy Book3 360 (2023)
  • Galaxy Book3 (2023)
  • Galaxy Book Edu 360(2023)
  • Galaxy Book2 Pro (2023)

Galaxy Book2

  • Galaxy Book2 Pro 360 (2022)
  • Galaxy Book2 Pro (2022)
  • Galaxy Book2 360 (2022)
  • Galaxy Book2 (2022)
  • Galaxy Book2 Business (2022)

Prerequisites

Before proceeding with this document, you must ensure that you have the following:

Verify BIOS WMI interface version

To verify your BIOS WMI interface version, connect to the device, then run PowerShell and enter the following command:

gwmi -namespace root\samsung -class biosmanager).GetRevision()

Entering this command would produce the following output:

PS> (gwmi -namespace root\samsung -class biosmanager).GetRevision()
__GENUS          : 2
__CLASS          : __PARAMETERS
__SUPERCLASS     : 
__DYNASTY        : __PARAMETERS
__RELPATH        : 
__PROPERTY_COUNT : 1
__DERIVATION     : {}
__SERVER         : 
__NAMESPACE      : 
__PATH           : 
Revision         : 4
PSComputerName   :

If your system shows a Revision number lower than 4, please update your device’s system BIOS to the latest version.

Retrieve current BIOS setting values

The following PowerShell command lets you retrieve the current BIOS setting values:

(gwmi -namespace root\samsung -class biosmanager).Get([ItemCode])

See Appendix A for a list of [ItemCode] values.

Using an ItemCode example of 0x1000, we see the following output:

PS> (gwmi -namespace root\samsung -class biosmanager).Get(0x1000)
__GENUS           :   2
__CLASS           :   __PARAMETERS
__SUPERCLASS      : 
__DYNASTY         :   __PARAMETERS
__RELPATH         :   
__PROPERTY_COUNT  :   3
__DERIVATION      :   {}
__SERVER          : 
__NAMESPACE       : 
__PATH            : 
Data              :   2
ItemCode          :   1000
RetCode           :   0
PSComputerName    :

Depending on the ItemCode value entered, you’ll see a result in the Data field corresponding to the possible query values. In the example of ItemCode : 0x1000, the possible values (referring to Appendix A) are either 1 or 2.

Whenever you retrieve a BIOS setting, you’ll also see a RetCode (Return Code) value. RetCode : 0 indicates that the query was successful. See Appendix B for a full list of possible RetCode values.

Note

For certain ItemCodes like Supervisor Password (0x3000) and User Password (0x3001), you cannot use the .Get() function to return the actual value. In other words, you cannot use .Get(0x3000) to view the actual Supervisor password in the Data field. Instead, entering the .Get() function will return the following Data field responses:

  • Data : Password Exists indicates that a supervisor or user password has been set.
  • Data : None indicates that a supervisor or user password has not been set.

Change BIOS settings

Before you can make any changes to the BIOS settings, you have to first create a Supervisor Password in the Samsung BIOS Configuration menu. To create the Supervisor Password, press F2 on the keyboard during system start up, then navigate to the Security tab.

After the Supervisor Password gets created, you’ll need to enter this same password (as a means of authentication) whenever you want to make BIOS setting changes. In general, the process for making BIOS changes is as follows:

  1. Connect to the device and run PowerShell.
  2. Authenticate the Supervisor Password.
  3. Make changes to the BIOS settings.
  4. Save changes.
  5. Restart the device to commit changes.

Authenticate Supervisor Password

After you connect to the device and run PowerShell, enter the following command to authenticate the Supervisor Password:

(gwmi -namespace root\samsung -class biosmanager).SetPassword('[Password]')

For example:

PS> (gwmi -namespace root\samsung -class biosmanager).SetPassword('CurrentPassword123') 
__GENUS           :   2
__CLASS           :   __PARAMETERS
__SUPERCLASS      :
__DYNASTY         :   __PARAMETERS
__RELPATH         : 
__PROPERTY_COUNT  :   1
__DERIVATION      :   {}
__SERVER          :
__NAMESPACE       :
__PATH            :
RetCode           :   0
PSComputerName    :

Note

[Password] must match the Supervisor Password entered in the BIOS Setup Utility menu. If you enter a Supervisor Password that is different than the one set in the BIOS menu, you’ll see RetCode : 2 to indicate that this is the wrong password.

Change values

Once the Supervisor password has been authenticated, you can proceed to change any BIOS setting value by entering the following command in PowerShell:

(gwmi -namespace root\samsung -class biosmanager).Set([ItemCode], [Setting value]).

See Appendix A for a full list of [ItemCodes] and relevant [setting values].

For example, to disable the touchpad mouse, the command and result would look like this:

PS> (gwmi -namespace root\samsung -class biosmanager).Set(0x1000, 1) 
__GENUS          : 2
__CLASS          : __PARAMETERS
__SUPERCLASS     : 
__DYNASTY        : __PARAMETERS
__RELPATH        : 
__PROPERTY_COUNT : 3
__DERIVATION     : {}
__SERVER         : 
__NAMESPACE      : 
__PATH           : 
Data             : 1
ItemCode         : 1000
RetCode          : 0
PSComputerName   :

Save settings

After you change any BIOS setting values, you must save your changes then restart the device to have them take effect. Enter the following command in PowerShell to save the changes:

(gwmi -namespace root\samsung -class biosmanager).Save()

For example:

PS> (gwmi -namespace root\samsung -class biosmanager).Save()

__GENUS          : 2
__CLASS          : __PARAMETERS
__SUPERCLASS     : 
__DYNASTY        : __PARAMETERS
__RELPATH        : 
__PROPERTY_COUNT : 1
__DERIVATION     : {}
__SERVER         : 
__NAMESPACE      : 
__PATH           : 
RetCode          : 0
PSComputerName   :

If you see a RetCode of 0, then the save was successful.

Note

After you restart your device, your PowerShell session will close.

Making multiple changes

As previously mentioned, you must authenticate the Supervisor Password before you can make any changes to the BIOS setting values.

If you have multiple BIOS setting changes, you can stack the changes before saving. For example:

  1. Connect to device, run PowerShell.
  2. Authenticate Supervisor Password using .SetPassword() command.
  3. Making BIOS setting change #1.
  4. Making BIOS setting change #2.
  5. Making BIOS setting change #3.
  6. Save the changes using the .Save() command.
  7. Restart the device to have the changes take effect.

Note that after you restart your device, the PowerShell session closes. If you need to make additional BIOS setting changes AFTER you’ve restarted the device, then you must re-connect to PowerShell and repeat the previous procedure (authenticate > make change > save > restart) once again.

Change supervisor or user password

If you need to change either the supervisor (ItemCode: 0x3000) or user’s password (ItemCode: 0x3001), enter the following command in PowerShell:

PS C:\> (gwmi -namespace root\samsung -class biosmanager).Set(0x3000, '[NewPassword]')

Note that [NewPassword] must be at least 8 characters in length, and include 1 upper-case letter, 1 lower-case letter, and 1 numeric character.

The command and result would look like this:

PS> (gwmi -namespace root\samsung -class biosmanager).Set(0x3000, 'NewPassword123') 
__GENUS          : 2
__CLASS          : __PARAMETERS
__SUPERCLASS     : 
__DYNASTY        : __PARAMETERS
__RELPATH        : 
__PROPERTY_COUNT : 3
__DERIVATION     : {}
__SERVER         : 
__NAMESPACE      : 
__PATH           : 
Data             : NewPassword123
ItemCode         : 3000
RetCode          : 0
PSComputerName   :

The Data field will display the new password that you entered.

Override boot device settings

By default, the BIOS boot device priority is controlled by the BIOS’s Setup Utility menu. If you need to boot a BIOS from a different device, enter the following command in PowerShell:

PS C:\> (gwmi -namespace root\samsung -class biosmanager).set(0x5003, [BootDeviceNumber])

Referring to the table in Appendix A we see that ItemCode 0x5003 has the following BootDeviceNumber options:

  • None (default): 1
  • SSD Boot: 2
  • USB Flash Boot: 3
  • Network Boot: 5

For example, booting the BIOS from an SSD would look like this:

PS> (gwmi -namespace root\samsung -class biosmanager).Set(0x5003, 2) 
__GENUS          : 2
__CLASS          : __PARAMETERS
__SUPERCLASS     : 
__DYNASTY        : __PARAMETERS
__RELPATH        : 
__PROPERTY_COUNT : 3
__DERIVATION     : {}
__SERVER         : 
__NAMESPACE      : 
__PATH           : 
Data             : 2
ItemCode         : 5003
RetCode          : 0
PSComputerName   :

After you set the BIOS boot device priority, save the changes and restart the device for the new setting to take effect.

Note

After you restart your device, the BIOS will try to load the boot image from the selected boot device. If there is no proper boot image present in the device, the BIOS will ignore this change and boot using the default setting.

Load default BIOS settings

You can revert any BIOS changes you’ve made by loading the default settings that came with the device. To load the default BIOS settings, you must first authenticate using the Supervisor Password:

PS> (gwmi -namespace root\samsung -class biosmanager).SetPassword('[Password]')

After you’ve authenticated, use the following command to load the default BIOS settings:

PS> (gwmi -namespace root\samsung -class biosmanager).LoadDefault()

The command and result will look like this:

PS> (gwmi -namespace root\samsung -class biosmanager).LoadDefault() 
__GENUS          : 2
__CLASS          : __PARAMETERS
__SUPERCLASS     : 
__DYNASTY        : __PARAMETERS
__RELPATH        : 
__PROPERTY_COUNT : 1
__DERIVATION     : {}
__SERVER         : 
__NAMESPACE      : 
__PATH           : 
RetCode          : 0
PSComputerName   :

Appendix A: ItemCodes

Note:

(*) indicates the default value.

ItemCode Item Description Possible Value Note
0x900 USB Ports 1: Off
2: On (*)		 This item only appears in the BIOS menu if the device is present in the PC.
This feature is only available on the following models:
- Galaxy Book2 Business
- Galaxy Book3 with B2B SKUs.
0x910 Thunderbolt Ports 1: Off
2: On (*)		 This item only appears in the BIOS menu if the device is present in the PC.
This feature is only available on the following models:
- Galaxy Book2 Business
- Galaxy Book3 with B2B SKUs.
0x920 Wired LAN 1: Off
2: On (*)		 This item only appears in the BIOS menu if the device is present in the PC.
This feature is only available on the following models:
- Galaxy Book2 Business
- Galaxy Book3 with B2B SKUs.
0x921 WiFi 1: Off
2: On (*)		 This item only appears in the BIOS menu if the device is present in the PC.
This feature is only available on the following models:
- Galaxy Book2 Business
- Galaxy Book3 with B2B SKUs.
0x922 Bluetooth 1: Off
2: On (*)		 This item only appears in the BIOS menu if the device is present in the PC.
This feature is only available on the following models:
- Galaxy Book2 Business
- Galaxy Book3 with B2B SKUs.
0x923 Wireless WAN 1: Off
2: On (*)		 This item only appears in the BIOS menu if the device is present in the PC.
This feature is only available on the following models:
- Galaxy Book2 Business
- Galaxy Book3 with B2B SKUs.
0x925 Front Camera 1: Off
2: On (*)		 This item only appears in the BIOS menu if the device is present in the PC.
This feature is only available on the following models:
- Galaxy Book2 Business
- Galaxy Book3 with B2B SKUs.
0x926 Rear Camera 1: Off
2: On (*)		 This item only appears in the BIOS menu if the device is present in the PC.
This feature is only available on the following models:
- Galaxy Book2 Business
- Galaxy Book3 with B2B SKUs.
0x927 HD Audio 1: Off
2: On (*)		 This item only appears in the BIOS menu if the device is present in the PC.
This feature is only available on the following models:
- Galaxy Book2 Business
- Galaxy Book3 with B2B SKUs.
0x928 MIC 1: Off
2: On (*)		 This item only appears in the BIOS menu if the device is present in the PC.
This feature is only available on the following models:
- Galaxy Book2 Business
- Galaxy Book3 with B2B SKUs.
0x929 SD Card Slot 1: Off
2: On (*)		 This item only appears in the BIOS menu if the device is present in the PC.
This feature is only available on the following models:
- Galaxy Book2 Business
- Galaxy Book3 with B2B SKUs.
0x92A Fingerprint Reader 1: Off
2: On (*)		 This item only appears in the BIOS menu if the device is present in the PC.
This feature is only available on the following models:
- Galaxy Book2 Business
- Galaxy Book3 with B2B SKUs.
0x1000 Touchpad mouse 1: Off
2: On (*)		 This item appears in the BIOS menu only if the device is present in the PC.
0x1020 USB Charging 1: Off (*)
2: On		 This feature is available only on Galaxy Book2 Business models.
0x1030 Wired LAN Wake-up from S5 1: Off (*)
2: On		 This feature is available only on Galaxy Book2 Business models.
0x1040 USB provisioning of AMT 1: Off (*)
2: On		 This feature is available only on Galaxy Book2 Business models.
0x1041 Remote Platform Erase 1: Off
2: On (*)		 This feature is available only on Galaxy Book2 Business models.
0x1042 Total Memory Encryption 1: Off (*)
2: On		 This feature is available only on Galaxy Book2 Business models.
0x1050 USB4 Connection Manager 1: Firmware CM only
2: Software CM first (*)
0x1060 BT Audio Offload 1: Off
2: On (*)
0x1070 UEFI Firmware Update 1: Off
2: On (*)
0x3000 Set Supervisor Password ASCII Character or number Minimum 8 characters, must include 1 upper-case and 1 lower-case letter, and 1 number
0x3001 Set User Password ASCII Character or number Minimum 8 characters, must include 1 upper-case and 1 lower-case letter, and 1 number
0x3010 Password on Boot 1: Off
2: On		 Default values:
- Galaxy Book2 Business and Galaxy Book3 B2B SKUs: Off
- All other models: On
0x3011 Password on Boot Menu 1: Off (*)
2: On		 This feature is available only on the following models:
- Galaxy Book2 Business
- Galaxy Book3 with B2B SKUs
0x3100 TPM Device Control 1: Off
2: On (*)		 This ItemCode value is set to 2: On (default), and cannot be set to 1:Off. Using the function .Set(0x3100, 1) will result in an error code (RetCode: 7)
0x3101 TPM Pending Operation 1: None (*)
2: Clear		 This ItemCode value is READ-ONLY. Using the function .Set() will result in an error code (RetCode: 7)
0x3102 TPM 2.0 UEFI Spec Version 1: TCG 1.2
2: TCG 2.0 (*)		 This ItemCode value is READ-ONLY. Using the function .Set() will result in an error code (RetCode: 7)
0x3200 Intel Trusted Execution Technology 1: Off
2: On (*)		 Note 1: For devices with Intel i3 core processors, the default value is 1: Off. For all other devices, the default value is 2: On

Note 2: This ItemCode value is READ-ONLY. Using the function .Set() will result in an error code (RetCode: 7)
0x3210 Tamper Alert Configuration 1: Disabled (*)
2: Alert
3: Alert & Authenticate		 Note 1: This feature is available only on Galaxy Book2 Business models.

Note 2: This ItemCode value is READ-ONLY. Using the function .Set() will result in an error code (RetCode: 7)
0x5003 Select Boot Device 1: None (*)
2: SSD
3: USB Flash
5: Network		 Network boot is only available when PXE Boot: On (0x5200)
0x5100 Fast BIOS Mode 1: Off
2: On (*)
0x5200 PXE Boot 1: Off
2: On (*)		 Default value:
- 2023 models: On
- 2022 or older models: Off
0x5201 Boot Menu 1: Off
2: On (*)		 This feature is available only on the following models:
- Galaxy Book2 Business
- Galaxy Book3 with B2B SKUs
0x5202 EFI Shell Booting 1: Off
2: On (*)		 This feature is available only on Galaxy Book2 Business models.
0x5203 USB Booting 1: Off
2: On (*)		 This feature is available only on the following models:
- Galaxy Book2 Business
- Galaxy Book3 with B2B SKUs
0x5300 Secure Boot Control 1: Off
2: On (*)		 This ItemCode value is READ-ONLY. Using the function .Set() will result in an error code (RetCode: 7)

Appendix B: RetCodes

RetCode Description
0 Success
1 Unknown Failure
2 Supervisor password is wrong
3 Unsupported ItemCode
4 Failed to update value
5 Unknown command
6 Invalid command
7 Error (when trying to set a disabled value)
8 Data length is wrong
9 Invalid character in password
10 There is no supervisor password set
11 Cannot read the current setting value
12 Supervisor password is required
13 Internal Processing Error
Legal  Open Source Announcement This website is best viewed using Microsoft Edge, Google Chrome, and Mozilla Firefox browsers. Copyright© 2023 SAMSUNG All Rights Reserved.