Before updating clients bios
You typically only get one shot specifying a password when flashing the BIOS, so this is a way to overcome this limitation.When it comes to Bit Locker, it will need to be suspended before flashing the BIOS (which is one of the reasons I like using a Task Sequence).Other solutions that I found relied on Configuration Manager Applications and Package/Programs.While these may work for specific scenarios, they cannot cover all scenarios.
Do not ask me why, I just know that it does not work without it.
Now, there is a slight disclaimer that I need to put out there for the time being.
Because of certain limitations with some vendor systems, plus the fact that Configuration Manager can only have one boot image assigned to a task sequence and that you need to use the correct boot image architecture to boot a UEFI system, then you will need to have a separate task sequence to handle the bare metal/break fix scenarios (or better yet, pressure the vendor into supporting 64-bit Win PE).
Any solution that I create and implement, I like it to be as modular as possible so that I can get maximum use out of it (it is the engineer in me and probably the reason that I still enjoy playing with Legos at my age).
When flashing the BIOS, we need to be able to do it under two different operating systems – a full operating system like Windows 7/8.1/10 and a lightweight operating system called Win PE.
If it is not suspended prior, Bit Locker will detect a change to the system, and then be prepared to enter the Bit Locker recovery key upon restart.