How to Use PowerShell to Extract Device BIOS & Firmware Versions for Inventory Compliance

Outdated BIOS or firmware can cause security gaps, hardware instability, and support issues. Regularly collecting BIOS/UEFI and device firmware versions is essential for compliance. Even better, automating the inventory improves visibility and helps prioritize patches across client environments.

This guide shows how to use PowerShell to get the BIOS version, tag results in the registry, and automate fleet-wide reporting.

Click to Choose a Method	💻 Best for Individual Users	💻💻💻 Best for Enterprises
Method 1: Use PowerShell to retrieve BIOS and firmware version	✓	✓
Method 2: Retrieve firmware version for UEFI-compliant devices	✓	✓
Method 3: (Optional) CMD alternatives for BIOS/firmware checks	✓

Methods to get BIOS version with PowerShell for inventory compliance

First things first, ensure the following are in place:

📌 General prerequisites:

• PowerShell 5.1 or newer
• Administrator privileges on target endpoints
• Optional: Local registry access to tag results
• Optional: RMM platform (e.g., NinjaOne) for remote script execution and reporting
• Optional: GPO for inventory schedule enforcement

Method 1: Use PowerShell to retrieve BIOS and firmware version

This method uses PowerShell to directly query Windows’ built-in WMI/CIM classes and collect core BIOS/UEFI information such as version, manufacturer, release date, and, where exposed, component-firmware entries.

📌 Use Cases: Best for auditing devices before compliance checks and building inventory reports/baselines.

Step-by-step:

1. Press Win + S, type PowerShell, right-click Windows PowerShell, and select Run as administrator. (Read #1 in ⚠️ Things to look out for.)
2. Retrieve core BIOS information using WMI/CIM:

$bios = Get-CimInstance -ClassName Win32_BIOS
$biosInfo = [PSCustomObject]@{
ComputerName = $env:COMPUTERNAME
BIOSVersion = ($bios.BIOSVersion -join " ")
ReleaseDate = [Management.ManagementDateTimeConverter]::ToDateTime($bios.ReleaseDate).ToString("yyyy-MM-dd")Manufacturer = $bios.Manufacturer
SerialNumber = $bios.SerialNumber
SMBIOSBIOSVersion = $bios.SMBIOSBIOSVersion
}

3. Export to CSV (ensure the folder exists):

$biosInfo | Export-Csv "C:\Reports\BIOS_Inventory_$env:COMPUTERNAME.csv" -NoTypeInformation

Method 2: Retrieve firmware version for UEFI-compliant devices

This method targets modern systems booted in UEFI mode. It confirms if a device is UEFI-compliant and retrieves UEFI-specific firmware information with optional cross-checks against BIOS data.

📌 Use Cases: Best suited for creating UEFI-only compliance baselines, verifying firmware versions on UEFI systems, and assessing Secure Boot posture.

Step-by-step:

1. Press Win + S, type PowerShell, right-click Windows PowerShell, and select Run as administrator.
2. Confirm boot mode (2 = UEFI, 1 = Legacy BIOS)

(Get-ItemProperty 'HKLM:\SYSTEM\CurrentControlSet\Control').PEFirmwareType

3. Use the MSFT_FirmwareInformation available starting Windows 10 1809:

Get-CimInstance -Namespace root\StandardCimv2 -ClassName MSFT_FirmwareInformation |
Select-Object FirmwareVersion, Manufacturer, Description

📌 Note: On some UEFI devices, the MSFT_FirmwareInformation class may return no results because the firmware vendor doesn’t expose these values. In such cases, continue with Step 4 (Win32_BIOS) to collect necessary BIOS/UEFI data.

4. Fallback to Win32_BIOS for older builds (legacy support):

Get-CimInstance -ClassName Win32_BIOS

Pro Tip: If PEFirmwareType returns 1, your device is in Legacy Mode. This is a security risk as modern features like Secure Boot and Device Guard cannot function. Use this inventory to identify “Legacy” devices for conversion to UEFI.

Method 3: (Optional) CMD alternatives for BIOS/firmware checks

This method is useful in environments with CMD-only access or batch scripting requirements. It uses built-in Windows command-line tools to retrieve BIOS version, manufacturer, release date, and basic system details for quick triage.

📌 Use Cases: Best for quick local checks without writing scripts, especially on restricted systems.

Step-by-step:

1. Press Win + S, type cmd, right-click Command Prompt, and select Run as administrator (optional but recommended).
2. For basic local checks:

wmic bios get smbiosbiosversion, version, releasedate, manufacturer

3. Redirect full BIOS info to a text file:

wmic bios get /format:list > C:\Reports\BIOS_Info.txt

📌 Note: If the C:\Reports doesn’t exist, either update the path to an existing directory or create the filter first:

mkdir C:\Reports

Store BIOS/firmware data in the registry for ongoing monitoring

This method writes collected BIOS/UEFI and device-firmware versions to a consistent registry path for persistent tracking. It also allows other roles or scripts to access the data for reporting and alerting.

📌 Use Cases: Best when you need centralized data for compliance audits and to monitor version changes over time.

Step-by-step:

1. Press Win + S, type PowerShell, right-click Windows PowerShell, and select Run as administrator.
2. Tag BIOS inventory status in the local registry for audit/log review: (Read #2 in ⚠️ Things to look out for.)

New-Item -Path "HKLM:\SOFTWARE\Org\BIOSInventory" -Force
Set-ItemProperty -Path "HKLM:\SOFTWARE\Org\BIOSInventory" -Name "BIOSVersion" -Value $bios.SMBIOSBIOSVersion
Set-ItemProperty -Path "HKLM:\SOFTWARE\Org\BIOSInventory" -Name "ReleaseDate" -Value $bios.ReleaseDate
Set-ItemProperty -Path "HKLM:\SOFTWARE\Org\BIOSInventory" -Name "LastCollected" -Value (Get-Date).ToString("u")

3. Verify via CMD:

reg query HKLM\SOFTWARE\Org\BIOSInventory

Automate collection via a scheduled task or RMM

BIOS/firmware data collection should be ongoing, not a one-time task. This method enables scalable inventory collection by setting up scheduled tasks on each device or deploying scripts via an RMM platform like NinjaOne.

📌 Use Cases: Best for managing multiple endpoints, automating compliance audits, and centralizing reports.

Before running automated inventory on laptops, check the power status. You don’t want to flag a device as ‘Ready for Update’ if it only has 5% battery.

$Battery = Get-CimInstance -ClassName Win32_Battery $PowerStatus = if ($Battery.BatteryStatus -eq 2) { "Plugged In" } else { "On Battery" } # Add $PowerStatus to your Registry or CSV output

Instructions:

• Schedule script to run weekly:

schtasks /create /tn "CollectBIOSInventory" /tr "powershell.exe -File C:\Scripts\BIOSCheck.ps1" /sc weekly /st 03:00 /ru SYSTEM

💡 Use Microsoft’s official guide: Microsoft Learn – schtasks /create (Task Scheduler CLI) for scheduling scripts.

• Or use NinjaOne to:
  • Run inventory scripts across all tenants
  • Collect registry values or export files
  • Trigger alerts if BIOS is below the required version
  • Tag endpoints with outdated firmware

💡 To schedule scripts via RMM, see NinjaOne’s Policy Scheduled Tasks.

📌 Note: While Windows Task Scheduler allows automation on a single device, NinjaOne policies ensure that scheduled tasks are consistently deployed and enforced across all endpoints. This centralization reduces manual effort and improves compliance monitoring.

⚠️ Things to look out for

Risks	Potential Consequences	Reversals
1. Running the core BIOS query without elevation	Access denied; null/partial results	Run PowerShell as administrator
2. Writing to HKLM for tagging without parent keys/wrong bitness	Keys not created or written under WOW6432Node	Create parents: New-Item 'HKLM:\SOFTWARE\<Org>\FirmwareInventory' -Force; then Set-ItemProperty. Verify with reg query. Use 64-bit PowerShell.

Additional considerations

Here are some additional considerations and best practices to keep in mind when collecting BIOS/UEFI version data for inventory compliance:

Virtual and non-standard hardware

Virtual machines (VMs) often report generic BIOS or firmware that don’t reflect actual hardware, which can distort inventory reports. Filter or tag entries based on manufacturer names (e.g., VMware, Microsoft) to maintain accuracy.

Standardize model-specific patching

Different hardware models may require unique BIOS updates, and compliance standards can vary by device type. Maintain a reference matrix that cross-references device model, BIOS version, and any known vulnerabilities.

Firmware update automation

Manual firmware updates can be time-consuming and prone to human error. Consider integrating vendor CLI tools such as Dell Command Update or Lenovo System Update to automate the update process.

Audit lifecycle

Devices running outdated firmware may no longer receive updates or vendor support. Track firmware age and release dates to identify systems that are past warranty or end-of-support.

Troubleshooting

Here are common issues you may encounter when collecting BIOS/UEFI data and how to resolve them:

Access denied

Querying system-level data, writing under HKLM, or creating scheduled tasks requires elevated rights. Run PowerShell as Administrator or schedule the task as SYSTEM (with the highest privileges).

Null values returned

Some firmware fields may return null or empty values, especially on older systems or virtual machines. Detect firmware first, then use a safe fallback chain. You may also use conditional checks in your script to handle missing values.

Date format inconsistencies

BIOS release dates may appear in inconsistent or raw formats. Use PowerShell to normalize the date for reporting:

(Get-Date $bios.ReleaseDate).ToString("yyyy-MM-dd")

Registry keys not created

The script may fail to create registry keys or write values if the -Force parameter is missing, the parent registry path doesn’t exist, or permissions are insufficient. Confirm that -Force is used and that the full registry hierarchy is properly defined.

Missing Serial Numbers

If Win32_BIOS returns “To be filled by O.E.M.”, try querying the Computer System Product class instead: Get-CimInstance -ClassName Win32_ComputerSystemProduct | Select-Object IdentifyingNumber

NinjaOne services

NinjaOne enhances firmware compliance visibility by:

Capability	What NinjaOne enables
Multi-tenant script deployment	Deploying BIOS inventory scripts across tenants
Registry-based inventory reporting	Reading and aggregating registry values for reporting
BIOS compliance tagging	Tagging endpoints with outdated or vulnerable BIOS versions
Automated firmware remediation	Triggering automated firmware update workflows
Cross-client reporting and exports	Exporting cross-client inventory reports for QBRs, security audits, or warranty tracking

With NinjaOne, MSPs can maintain up-to-date firmware intelligence across all managed environments.

Use PowerShell for firmware inventory management to keep BIOS/UEFI audit-ready

Tracking BIOS and firmware versions is critical for endpoint hardening, compliance, and lifecycle planning. This guide showed how to collect BIOS/UEFI and firmware data with PowerShell and CMD; tag systems locally by writing version data to the registry; automate inventory and reporting with scheduled tasks or RMM; and validate and troubleshoot data accuracy.

Finally, it showed how NinjaOne extends these practices by delivering multi-tenant visibility and centralized reporting across all clients, transforming local device checks into scalable compliance management.

Related topics:

• How to Confirm BIOS or UEFI Firmware Version in Windows 10 and Windows 11
• What Is a Firmware Update? Why and How to Update Firmware on Your Device
• What Are Firmware Over-The-Air (FOTA) Updates & How Do They Work?