HP Sure Recover, it’s pretty slick. Before I continue, I do work for HP, but I’m not on the team that develops or supports HP Sure Recover (or any other tools for that matter).
GitHub Script for Snips used throughout series.
Quick Overview of the Blog Series
- Overview (This Post)
- HP Connect – Create 2 of the needed certificates.
- Certs, Manifests & Signatures
- Azure Blob Storage Container to host your Agent & OS Images
- Creating your HP Secure Platform Payload files
- Deploy Payload Files
Related: HP WiFi BIOS Profiles – Auto Populate via ConfigMgr or Intune
HP Preboot WiFi whitepaper: c06630499.pdf (hp.com)
HP Sure Recover is a technology built into some business class models (more and more each generation of devices released), that will allow you to recover the operating system from the internet or onboard memory chip (if you paid for that option). This all works natively with no configuration required. BUT, it also has the ability to customize and use your own OS images or deployment Agent (WinPE/WinRE Boot image), which gives you flexibility in how you want to recover your devices.
All of my testing has been with 100% network recovers using the built-in ethernet port, or a USB network dongle, pulling all of the content from a network or internet location.
Links:
- HP Sure Recover Marketing Brochure
- HP Sure Recover Overview PDF
- HP Sure Recover User Guide
- Using the HP Sure Recover Agent Within a Corporate Firewall Guidance PDF
- HP Secure Platform Management with the HP Client Management Script Library
- Provisioning a HP Sure Recover Custom Image in a Modern Managed Cloud Environment
- Configuring HP PCs for booting your favorite Boot Image directly from BIOS
When I first started looking into the technology, those are the pages that I learned what I needed to know, and everything I’m going to post I give credit to those items for providing the building blocks.
HP Sure Recover is built on the HP Secure Platform, which also is the foundation for other HP features, like Sure Admin. HP Sure Admin is a great way to manage BIOS access with certificate-based authentication. If you want to know more, check out this, it’s great overview and gives a great demo for setup. Super Cool feature
HP Connect is our Cloud based tool (currently requires Intune) that allows you to manage HP BIOS settings and policies for pushing BIOS updates. There are a ton of enhancements coming, which I’m probably not at liberty to discuss here, but eventually, much of this manual work that I’m going to be going through will be built into HP Connect, allowing you to setup and configure via the HP Connect portal… but for now, we’re going to use it only in very limited capacity to create a couple of required certificates that we’ll need to provision the HP Secure Platform technology. If you do not have HP Connect, no worries, it’s not required, you can also create the certificates manually, and I’ll even go over that in this post, but since I will eventually want to control all of this via HP Connect, that’s where I’m starting.
In Part 2, we’ll get to work, using HP Connect as our starting point. [HP Connect User Guide]
during this series, if you have any questions, please continue to read the entire series then reach out to me on twitter @gwblok for any clarifications, and I’ll see how I can update this series to communicate the content better.
GARYTOWN