MSEndpointMgr

Modern BIOS Management

Modern BIOS Management is a complete dynamic solution for maintaining and deploying BIOS updates in ConfigMgr. What this solution does, is to automate the download of BIOS updates from public system manufacturer web sites, creating packages in ConfigMgr, content distribution, dynamic BIOS package selection during operating system deployment and finally installation of the BIOS update contained in the automatically detected package. All this with only a few clicks in the Driver Automation Tool (which can be set to run on a schedule), the ConfigMgr WebService and two simple steps in your task sequence.

Below are the required components that you would need in your environment in order to leverage this automated solution for BIOS update management.

Driver Automation Tool

The Driver Automation Tool is a PowerShell GUI which automates the process of downloading, extracting, importing and distributing driver and BIOS packages. At present support is provided for Dell, Lenovo, HP and Microsoft client systems.

  • Fixed Lenovo download link logic and added further output
  • Updated package creation for all packages just to include the SKU/BaseBoard values
  • Updated link within the tool to GitHub as Technet is being retired
  • Updated custom package creation to include Windows 10 1909

  • Updated Dell Flash64w download location in order to download latest available build
  • Fixed UI elements not disabling in the admin control
  • Fixed OS selection on initial load not disabling Dell if the previous OS selection was a
  • Windows 10 build specific selection
  • Updated Find Model button to find but not select, and addded Find + Select button
  • Fix: Lenovo driver packages not extracting / creating correctly. This was due to a change in switches with Lenovo’s packaging tool.
  • Fix: Native driver package imports
  • New Feature: Support for zip compression of standard driver packages. To be used with an upcoming update to the SCConfigMgr MDM apply script.
  • NOTE
    Over the past few days it has been reported that the tool was being picked up as a virus. I have recompiled the installer as an MSI and uploaded. MD5 hashes are included.
  • Queries XML content from Dell, Lenovo, HP and Microsoft
  • Provides Driver downloads for all five manufacturers
  • Provides BIOS downloads for Dell, Lenovo or HP systems
  • Create a BIOS update package
  • Download driver package file for each model
  • Extract the drivers contained within
  • Import the extracted drivers
  • Create a category based on the machine model
  • Create a Driver Package based on the machine make, model and version of the extracted drivers
  • Import the associated drivers into the newly created driver package.  Options allow for either a standard program package or driver package to suit your deployment method
  • Create a Fallback Driver package based on vendor and operating system version
Download

ConfigMgr WebService

The ConfigMgr WebService has been designed to extend the functionality of Operating System Deployment with Configuration Manager Current Branch. In Modern BIOS Management, the ConfigMgr WebService acts as the interface between an executed task sequence and BIOS packages in ConfigMgr created with Driver Automation Tool.

General improvements

  • Improved a bug in the internal GetMDTComputerName method to only retrieve objects where the OSDComputerName property is not null.
  • Fixed a bug for Modern Driver Management when using two or more Apply Operating System steps in a Task Sequence, where one of them reference an OS Image (.wim) with a single index and the others reference an OS Image (.wim) with multiple indexes, and if the step with the WIM file containing multiple indexes are the first in sequence, the GetCMOSImageForTaskSequence method fails to match the ImageIndex with the ImagePackageID.
  • Fixed a bug where GetCMPrimaryUserByDeviceResourceId returned both Active and Inactive relationships. Method now only returns the Active relationships.
  • Changed internal code from using the LDAP:// protocol pointing to the Global Catalog instead which should better support multiple domain scenarios.

Configuration Manager

  • AddCMComputerAssociationForAllUsers

Active Directory

  • GetADComputerAttributeValue
  • GetADUserAttributeValue

General improvements

  • Improved error handling through almost all methods in ConfigMgr WebService is now available. Errors are now logged to the ConfigMgr WebService event log.
  • Method GetCMPrimaryUserByDeviceName no longer returns inactive UDA relations.
  • Method GetCMApplicationByCategory now excludes retired Applications.
  • New methods to support an upcoming release of a solution called ConfigMgr OSD Monitor is included in this release.

Configuration Manager

  • AddCMOSDMonitorData
  • GetCMCollectionByName
  • GetCMDeviceNameByMACAddress
  • GetCMDeviceNameByResourceID
  • GetCMOSDMonitorDataByUniqueID
  • GetCMOSDMonitorDataByComputer

Active Directory

  • AddADUserToGroup

Configuration Manager

  • GetCMOSImageForTaskSequence
  • GetCMDeviceUUIDByName
  • GetCMTaskSequence
  • RemoveCMDeviceByUUID
  • RemoveCMDeviceByName
  • RemoveCMDeviceByResourceID

Microsoft Deployment Toolkit

  • GetMDTComputerByName
  • RemoveMDTComputerBySerialNumber

Active Directory

  • GetADComputerDescription
  • GetADOrganizationalUnits
  • GetADDomain
  • GetADGroupMemberByComputer
Download

Script resources

Modern BIOS Management uses a custom built PowerShell script that is invoked during operating system deployment or during BIOS maintenance in a task sequence. This script automatically detects the manufacturer, SystemSKU value (used instead of model), operating system version and architecture being deployed and matches that information against the system being deployed in order to determine the matching BIOS package that should be downloaded.

After successful completion of the Invoke-CMDownloadBIOSPackage.ps1 step, a task sequence variable (NewBIOSAvailable) will be set to True if a matching BIOS update package is found. The next step is to initialise the BIOS update process, this is done using manufacturer specific scripts from respective tab above.

Below is a list of all script resources included in Modern BIOS Management:

  • Invoke-CMDownloadBIOSPackage.ps1
  • Invoke-HPBIOSUpdate.ps1
  • Invoke-DellBIOSUpdate.ps1
  • Invoke-LenovoBIOSUpdate.ps1
  • Invoke-MicrosoftBIOSUpdate.ps1

Download the Invoke-CMDownloadBIOSPackage.ps1 script from the button below.

Download

This script provides support for updating the BIOS on HP systems using package information obtained from the OSDBIOSPackage variable that gets set by the Invoke-CMDownloadBIOSPackage.ps1 script. To run this vendor specific script use the following switches:

-PasswordBin “PASSWORD.bin” -Path “%OSDBIOSPackage01%”

Store the password.bin file created with the HPQPswd64.exe utility in the same package as the Invoke-HPBIOSUpdate.ps1 script file.

If you are in a multi-vendor environment, you should apply the following WMI filter on this step to ensure that the step only runs on HP systems.

WMI namespace : root\CIMV2
Queries:
SELECT * FROM Win32_ComputerSystem WHERE Manufacturer LIKE “%HP%”
SELECT * FROM Win32_ComputerSystem WHERE Manufacturer LIKE “%Hewlett-Packard%”

Download

This script provides support for updating the BIOS on Dell systems using package information obtained from the OSDBIOSPackage variable that gets set by the Invoke-CMDownloadBIOSPackage.ps1 script. To run this vendor specific script use the following switches;

-Password “YOURPASSWORD” -Path “%OSDBIOSPackage01%”

Consider using a Set Task Sequence Variable step for storing the BIOS password, configuring the variable content to not be shown. This way helps improving security where the BIOS password is instead obfuscated rather than visible in clear text.

If you are in a multi-vendor environment, you should apply the following WMI filter on this step to ensure that the step only runs on Dell systems.

WMI namespace : root\CIMV2
Query: SELECT * FROM Win32_ComputerSystem WHERE Manufacturer LIKE “%DELL%”

Download

This script provides support for updating the BIOS on Lenovo systems using package information obtained from the OSDBIOSPackage variable that gets set by the Invoke-CMDownloadBIOSPackage.ps1 script. To run this vendor specific script use the following switches:

-Password “YOURPASSWORD” -Path “%OSDBIOSPackage01%”

Consider using a Set Task Sequence Variable step for storing the BIOS password, configuring the variable content to not be shown. This way helps improving security where the BIOS password is instead obfuscated rather than visible in clear text.

If you are in a multi-vendor environment, you should apply the following WMI filter on this step to ensure that the step only runs on Lenovo systems.

WMI namespace : root\CIMV2
Query: SELECT * FROM Win32_ComputerSystem WHERE Manufacturer LIKE “%Lenovo%”

Download

This script provides support for updating the BIOS on Microsoft systems using package information obtained from the OSDBIOSPackage variable that gets set by the Invoke-CMDownloadBIOSPackage.ps1 script. To run this vendor specific script, simply call it without any parameters:

If you are in a multi-vendor environment, you should apply the following WMI filter on this step to ensure that the step only runs on Lenovo systems.

WMI namespace : root\CIMV2
Query: SELECT * FROM Win32_ComputerSystem WHERE Manufacturer LIKE “%Microsoft%”

Download

Implementation instructions

Download and prepare BIOS Update packages

For the approach to Modern BIOS Management we need to populate ConfigMgr with regular packages for client machines. If you are running Dell, HP, Lenovo or Microsoft hardware then you can use our Driver Automation Tool to do exactly that. Read the documentation embedded in the download package for Driver Automation Tool for more information on how the tool can be utilized. For the Modern BIOS Management solution, follow these instructions to create BIOS Update packages:

  • Launch the Driver Automation Tool and connect to your ConfigMgr environment by entering the name of your Site server, the Site code and click Connect To ConfigMgr in the ConfigMgr Settings tab. Additionally, specify the Package Storage Path to a location that will be used for the Package Source of each driver package the tool will create.
  • In the Common Settings tab, specify a path to where the Driver Automation Tool will download the source files for the BIOS Update packages.
  • We now need to select the Deployment Platform as ConfigMgr – Standard Pkg, then pick BIOS as the Download Type and pick your OS and Architecture.
  • In the Manufacturer section, select the vendors you wish to display models for and then hit the Find Models button.
  • Select the models from the list you wish to download BIOS Update packages for and click Start Download | Extract | Import button to start the package creation process.
This image has an empty alt attribute; its file name is image-17-1024x640.png

Once downloaded you should end up with something like this in your ConfigMgr console:

This image has an empty alt attribute; its file name is MBM-Packages.jpg

Remember to distribute the packages created by the Driver Automation Tool, unless you’ve specifically configured the tool to do that for you.

Move on to step 2 when BIOS Update packages have been created for each desired model and vendor.

Install ConfigMgr WebService

Modern BIOS Management solution requires the ConfigMgr WebService to be installed in your environment, with the minimum of version 1.6.0. Detailed installation steps can be found in the documentation included in the ConfigMgr WebService package, downloadable from above.

This image has an empty alt attribute; its file name is 238_0.png

The web service is a key function to this process as it will be used during the task sequence to query the available BIOS Update packages from ConfigMgr (using the GetCMPackage method among other). We recommend that you install the ConfigMgr WebService on your primary site server, if possible.

Move on to step 3 once the ConfigMgr WebService has been installed successfully.

Configure your task sequence

Adding the required step in your Task Sequence for Modern BIOS Management could not be simpler. Download the script called Invoke-CMDownloadBIOSPackage.ps1 from the Script Resources above. This script will automatically detect the computer model and manufacturer, operating system image version and architecture in the executing task sequence, by calling the ConfigMgr WebService for available packages and matching those values. In the case of multiple packages that match the criteria, the most current package will be selected based upon the SourceDate property of the package object. If there are no matches at all, the script will exit, allowing the task sequence to continue.

When a BIOS Update package matching the criteria required is found, the task sequence variables used by OSDDownloadContent.exe will be set and that executable will be invoked. This automatically downloads the matching package for the model being deployed, making it available locally ready for the vendor specific BIOS update script. Once the package is available locally, and the download completed successfully, the Invoke-CMDownloadBIOSPackage.ps1 script will determine if the system requires an BIOS update by comparing the current BIOS version of the system to the newly downloaded package. Only if a system requires an update, a task sequence variable named NewBIOSAvailable will be set to True. If this task sequence variable is set to True, the manufacturer script will take over and update the BIOS with the latest firmware.

In terms of logging, the Invoke-CMDownloadBIOSPackage.ps1 script is writing to a separate log file called ApplyBIOSPackage.log located in the same directory as the smsts.log file at the time of operation. For exit codes for the manufacturer steps you should refer to the manufacture support sites as these can change over time.

Follow this simple process of using the Invoke-CMDownloadBIOSPackage.ps1 script inside your task sequence:

  • Package the Invoke-CMDownloadBIOSPackage.ps1 script together with any required vendor specific scripts from the Script resources section above and distribute the package to your Distribution Points.
This image has an empty alt attribute; its file name is image-18.png
  • Add a Run PowerShell Script step somewhere either before or after the Apply Operating System step calling the Invoke-CMDownloadBIOSPackage.ps1 script with parameters for the following:
    
    • URI – URL of the ConfigMgrWeb service – example: https://CM01.domain.com/ConfigMgrWebService/ConfigMgr.asmx
      
    • SecretKey – The secret key used to connect to the ConfigMgrWebService site
      
    • Filter – Enter the term “BIOS” or “BIOS Update Pilot” depending on the type of deployment you wish to run
      
    • DeploymentType – Here you can specify two different options:
      
      • BareMetal – This is the default option and intended for a WinPE environment. Logs are saved into the log folder within the _SMSTaskSequence\Logs folder
        
      • BIOSUpdate – This switch is intended for use in a full Windows environment. Logs are saved into the %WinDir%\Temp folder.

Example for DeploymentType BareMetal:

Invoke-CMDownloadBIOSPackage.ps1 -URI "http://CM01.domain.com/ConfigMgrWebService/ConfigMgr.asmx"  -SecretKey "12345" -Filter "BIOS"

Example for DeploymentType BIOSUpdate:

Invoke-CMDownloadBIOSPackage.ps1 -URI "http://CM01.domain.com/ConfigMgrWebService/ConfigMgr.asmx" -SecretKey "12345" -Filter "BIOS" -DeploymentType BIOSUpdate
  • Below the Run PowerShell Script step, create a new Group step named Update BIOS. Configure the condition options as shown below:
This image has an empty alt attribute; its file name is image-22.png
  • Add a Run PowerShell Step for each desired vendor specific script inside the Update BIOS group. Refer to the Script resources section above for details on how to configure the vendor scripts.
Views: 88

Categories

MSEndpointMgr.com use cookies to ensure that we give you the best experience on our website.

ACCEPT MORE INFO