Modern BIOS Management

Modern BIOS Management is a complete dynamic solution for maintaining and deploying BIOS updates in ConfigMgr. What this solution does, is to automate the download of BIOS updates from public system manufacturer web sites, creating packages in ConfigMgr, content distribution, dynamic BIOS package selection during operating system deployment and finally installation of the BIOS update contained in the automatically detected package. All this with only a few clicks in the Driver Automation Tool (which can be set to run on a schedule), the ConfigMgr WebService and two simple steps in your task sequence.

Below are the required components that you would need in your environment in order to leverage this automated solution for BIOS update management.

Driver Automation Tool

 

The Driver Automation Tool is a PowerShell GUI which automates the process of downloading, extracting, importing and distributing driver and BIOS packages. At present support is provided for Dell, Lenovo, HP and Microsoft client systems.

5.0.1

(2017-20-10) Additional tab and import function to allow for adding unsupported Makes & Models into ConfigMgr and MDT.

ConfigMgr packages can be used with the MDM solution for dynamic deployment.

Minor fixes & added support for Windows 10 1709

5.0.0

(2017-06-09) Redesigned user interface.

ConfigMgr - Added pilot option for new packages.  Added driver state management for production, pilot & retirement You can move packages between each state within the tool

MDT - Added ability to specify alternative MDT PS module location Added ability to select one or mode MDT deployment shares

4.2.1

(2017-09-15) - Acer support has been deprecated. Added additional output for downloads and conditional checks for  downloads.

4.2.0

(2017-09-09) - Updated GUI. Improved proxy server validation. Proxy server settings apply to all web retrieval methods. Fixed Acer link bug. Minor code clean up.

4.1.3

(2017-08-31) - Added HP BIOS download/packaging support Added SystemSKU details in the package descriptions for updates to Modern Driver / BIOS Management.

4.1.1

(2017-08-25) - Added checks for MDT environment and allowed for non domain accounts to set the scheduled task  where this is detected. Added Microsoft Surface WMI entries in the package description.

4.1.0

(2017-08-08) - Added the option to run silently / scheduled with the Run-DriverAutomationToolSVC.ps1 script. Updated Microsoft Surface extraction process to only copy the Driver and Firmware folders.

4.0.9

(2017-07-25) - Added full Lenovo model type listing into the BIOS description and the release date. This will  be used to more accurately match BIOS updates using the SCConfigMgr web service.

4.0.8

(2017-07-21) - Lenovo related updates including models now showing the full model name i.e. ThinkCentre M800zLenovo model WMI query from ConfigMgr will now match against the model lists by comparing the  model code against the model name in the XML, then populate known models in the selected models list box.

4.0.6

(2017-07-17) - Dell BIOS download bug fix. Updates to the XML now have models sharing the bios listed with / separators. Added a condition to check that and also to report if no matching bios was found.

4.0.5

(2017-07-15) - HP XML changes resulted in duplicate models being displayed and multiple matching URLs  for downloads. These issues have now been resolved. Lenovo FindDriver function re-written to use raw content and regex to find the driver,  this appears to be more stable than the previous Lenovo supplied function.

4.0.4

(2017-07-13) - MDT Import Bug Fix. When importing drivers into MDT as a background process I have observed instances whereby drivers are silently skipped. This does not occur when the Import-MDTDriver process runs in the foreground, so I have moved this process to the  foreground and added an entry to the log window.

4.0.3

(2017-07-12) - Dell BIOS download bug. Revised model matching based on the base number and then  cross referencing the supported models for each match for improved model matching.

4.0.2

(2017-07-11) - Added manufacturer selection export/import settings. The tool will now connect to the ConfigMgr environment automatically if the site code is present in the DATSettings.XML

4.0.1

(2017-07-11) - Bug corrected for Dell models with AIO variants resulting in the base model picking up the AIO BIOS package.

4.0.0

(2017-07-10) - Added functions to allow the tool to remember previously set values. The values are stored in a DATSettings.xml file after the initial first time use.

3.9

(2017-06-09) - Script XML use optimisations. Lenovo BIOS extract and packaging. Minor bug fixes.

  • Queries XML content from Dell, Lenovo, HP and Microsoft
  • Provides Driver downloads for all five manufacturers
  • Provides BIOS downloads for Dell, Lenovo or HP systems
  • Create a BIOS update package
  • Download driver package file for each model
  • Extract the drivers contained within
  • Import the extracted drivers
  • Create a category based on the machine model
  • Create a Driver Package based on the machine make, model and version of the extracted drivers
  • Import the associated drivers into the newly created driver package.  Options allow for either a standard program package or driver package to suit your deployment method 

ConfigMgr WebService

 

The ConfigMgr WebService has been designed to extend the functionality of Operating System Deployment with Configuration Manager Current Branch.

1.4.0
General improvements:
  • Wizard driven installation now stores configuration in registry for improved upgrade experience
  • Wizard driven installation now creates the ConfigMgr WebService Activity event log
  • Added a method to retrieve the current version of the web service
Configuration Manager
  • GetCMApplicationByCategory
  • GetCMUser
  • GetCMOSImageArchitectureForTaskSequence
Active Directory
  • SetADComputerManagedByAttribute
1.3.0
General improvements
  • Addded Description property to GetCMPackage
  • Updated Connect (SMS Provider) method with better event logging
  • Added event logging for start and end of all web methods including client IP address
Configuration Manager
  • AddCMComputerAssociationForUser
  • GetCMCollectionsForDeviceByUUID
  • GetCMOSImageVersionForTaskSequence
  • RemoveCMComputerAssociation
  • RemoveCMDeviceFromCollection
  • RemoveCMLastPXEAdvertisementForDevice
  • RemoveCMLastPXEAdvertisementForCollection
Active Directory
  • GetADSiteNameByIPAddress
1.2.0
Configuration Manager
  • GetCMUnknownDeviceByUUID
  • RemoveCMUnknownDeviceByUUID
Active Directory
  • AddADComputerToGroup
  • RemoveADComputerFromGroup
  • SetADComputerDescription
  • SetADOrganizationalUnitForComputer
1.1.0
CONFIGURATION MANAGER
  • AddCMComputerToCollection
  • GetCMDeviceCollections
  • GetCMDeviceNameByUUID
  • GetCMDeviceResourceIDByMACAddress
  • GetCMDeviceResourceIDByUUID
  • GetCMDiscoveredUsers
  • GetCMDriverPackageByModel
  • GetCMHiddenTaskSequenceDeployments (updated)
  • GetCMHiddenTaskSequenceDeploymentsByResourceId
  • GetCMPackage
  • GetCMUniqueUserName
  • ImportCMComputerByMacAddress
  • ImportCMComputerByUUID
  • UpdateCMCollectionMembership
MICROSOFT DEPLOYMENT TOOLKIT
  • AddMDTRoleMember
  • AddMDTRoleMemberByAssetTag
  • AddMDTRoleMemberByMacAddress
  • AddMDTRoleMemberBySerialNumber
  • AddMDTRoleMemberByUUID
  • GetMDTComputerByAssetTag
  • GetMDTComputerByMacAddress
  • GetMDTComputerBySerialNumber
  • GetMDTComputerByUUID
  • GetMDTComputerNameByIdentity
  • GetMDTComputerRoleMembership
  • GetMDTDetailedComputerRoleMembership
  • GetMDTRoles
  • RemoveMDTComputerFromRoles
1.0.0
Configuration Manager
  • Get Primary User by Device
  • Get Primary Device by User
  • Get Boot Image Source Version
  • Get Deployed Applications by User
  • Get Deployed Applications by Device
  • Get Hidden Task Sequence Deployments

General
  • GetWebServiceVersion
Configuration Manager
  • AddCMComputerAssociationForUser
  • AddCMComputerToCollection
  • GetCMApplicationByCategory
  • GetCMCollectionsForDeviceByUUID
  • GetCMBootImageSourceVersion
  • GetCMDeployedApplicationsByDevice
  • GetCMDeployedApplicationsByUser
  • GetCMDeviceCollections
  • GetCMDeviceNameByUUID
  • GetCMDeviceResourceIDByMACAddress
  • GetCMDeviceResourceIDByUUID
  • GetCMDiscoveredUsers
  • GetCMDriverPackageByModel
  • GetCMHiddenTaskSequenceDeployments
  • GetCMHiddenTaskSequenceDeploymentsByResourceId
  • GetCMOSImageArchitectureForTaskSequence
  • GetCMOSImageVersionForTaskSequence
  • GetCMPackage
  • GetCMPrimaryDeviceByUser
  • GetCMPrimaryUserByDevice
  • GetCMUniqueUserName
  • GetCMUnknownDeviceByUUID
  • GetCMUser
  • ImportCMComputerByMacAddress
  • ImportCMComputerByUUID
  • RemoveCMComputerAssociation
  • RemoveCMDeviceFromCollection
  • RemoveCMLastPXEAdvertisementsForDevice
  • RemoveCMLastPXEAdvertisementForCollection
  • RemoveCMUnknownDeviceByUUID
  • UpdateCMCollectionMembership
Microsoft Deployment Toolkit
  • AddMDTRoleMember
  • AddMDTRoleMemberByAssetTag
  • AddMDTRoleMemberByMacAddress
  • AddMDTRoleMemberBySerialNumber
  • AddMDTRoleMemberByUUID
  • GetMDTComputerByAssetTag
  • GetMDTComputerByMacAddress
  • GetMDTComputerBySerialNumber
  • GetMDTComputerByUUID
  • GetMDTComputerNameByIdentity
  • GetMDTComputerRoleMembership
  • GetMDTDetailedComputerRoleMembership
  • GetMDTRoles
  • RemoveMDTComputerFromRoles
Active Directory
  • AddADComputerToGroup
  • GetADSiteNameByIPAddress
  • RemoveADComputerFromGroup
  • SetADComputerDescription
  • SetADComputerManagedByAttribute
  • SetADOrganizationalUnitForComputer

Script Resources

 

Modern BIOS Management uses a custom built PowerShell script that is invoked during operating system deployment. This script automatically detects the manufacturer, SystemSKU/BaseBoard value (used instead of model), operating system version and architecture being deployed and matches that information against the system being deployed in order to determine the matching BIOS package that should be downloaded.

After successful completion of the Invoke-CMDownloadBIOSPackage.ps1 step, a task sequence variable (OSDBiosPackage) will be set if a matching update package is found. The next step is to initialise the BIOS update process, this is done using manufacturer specific scripts listed below. At present Dell and Lenovo are supported, HP support will follow shortly.

1.0.5

Updated script to support downloading the BIOS package upon a match being found and set the OSDBIOSPackage variable

1.0.4

Updated with additional logic for matching based on description for Lenovo models and version checking update for Lenovo using the release date value

1.0.3

Updated with additional condition for matching Lenovo models

1.0.2

Updated with support for downloading BIOS packages for Lenovo models

1.0.1

Updated with BIOS revision checker. Initially used for Dell systems

1.0.0

Script created

 

Exit code

Description

1

Unable to establish a connection to ConfigMgr WebService

2

An error occured while calling ConfigMgr WebService for a list of available packages

3

An error occured while calling ConfigMgr WebService to determine OS Image version

4

An error occured while calling ConfigMgr WebService to determine OS Image architecture

5

An error occured while downloading BIOS update package content (single package match)

6

An error occured while downloading BIOS update package content (multiple package matches)

7

Unable to determine a matching BIOS update package from package list array, unhandled amount of matches

8

Empty BIOS package list detected, unable to determine matching driver package

9

Call to web service for package objects returned empty

10

Unsupported computer platform detected, virtual machines are not supported

11

Unable to detect current operating system name from task sequence reference objects

12

An error occurred while attempting to download package content

13

BIOS package content download process returned an unhandled exit code: <n>

14

An error occurred while downloading BIOS update (single package match)

15

An error occurred while downloading BIOS update (multiple package match)

 

This script provides support for updating the BIOS on Dell systems using package information obtained from the OSDBIOSPackage variable. To run the script use the following switches;

-Password "YOURBIOSPASSWORD" -Path "OSDBIOSPackage01"

Script Screenshot

If you are in a multi-vendor environment, you should apply the following WMI filter on this step to ensure that the step only runs on Dell systems;

WMI NameSpace : Root\CIMV2
Manufacturer: LIKE "%DELL%"

WMI Filter Screenshot

1.0.5

Configured Flash64W.exe as the native update tool for 64-bit Full OS deployments

1.0.4

Fixed an issue where the password was not passed to Flash64W.exe utility. Added logging for this script to a separate file

1.0.3

Added checks for Flash64W.exe utility and BIOS file presence including some additional logging

1.0.2

Fixed bug in legacy update method

1.0.1

Additional checks for both in OSD and normal OS environments

1.0.0

Script created

 

This script provides support for updating the BIOS on Lenovo systems using package information obtained from the OSDBIOSPackage variable. To run the script use the following switches;

-Password "YOURBIOSPASSWORD" -Path "OSDBIOSPackage01"

Script Screenshot

If you are in a multi-vendor environment, you should apply the following WMI filter on this step to ensure that the step only runs on Lenovo systems;

WMI NameSpace : Root\CIMV2
Manufacturer: LIKE "%Lenovo%"

WMI Filter Screenshot

 

1.0.0

Script created

Implementation Instructions

Step 1 - Download and prepare BIOS packages

For our this approach to modern BIOS management we need to populate ConfigMgr with regular packages for client machines. If you are running Dell, HP or Lenovo hardware then you can use our Driver Automation Tool to do exactly that. Read the documentation embedded in the download package for Driver Automation Tool for more information on how the tool can be utilized. For the modern BIOSmanagement solution, follow these instructions:

  • Launch the Driver Automation Tool
  • Click on the ConfigMgr Settings tab, then connect to your ConfigMgr environment by entering the name of your Site Server and click Connect To SCCM.
  • Click back to the Make / Model Selection tab, we now need to select the Deployment Platform as SCCM - Standard Pkg, then pick BIOS as the Download Type and pick your OS and Architecture.
  • Select the models from the list you wish to download packages for and hit the Add to Import List button.
  • On the Common Settings tab, enter Storage Locations (UNC paths) for the Repository and Package paths.
  • Click on the Start Download and Import Process to start the BIOS downloads.

Once downloaded you should end up with something like this in your ConfigMgr console:

Note: Remember to distribute the packages created by the Driver Automation Tool, unless you've specifically configured the tool to do that for you. For manually creating the packages, use the Driver Automation Tool to create a single package and follow the naming convention and including the different property configurations.

Step 2 - Install ConfigMgr WebService

Modern BIOS Management solution requires the ConfigMgr WebService to be installed in your environment, with the minimum of version 1.4.0. Detailed installation steps can be found in the documentation included in the ConfigMgr WebService package, downloadable from above.

The web service is a key function to this process as it will be used during the task sequence to query the available packages from ConfigMgr (using the GetCMPackage method).

Step 3 - Configure your Task Sequence

Adding the required step in your Task Sequence for Modern Driver Management could not be simpler. Download the script called Invoke-CMDownloadBIOSPackage.ps1 from the Script Resources above. This script will automatically detect the computer model and manufacturer, operating system image version and architecture in the executing task sequence, by calling the ConfigMgr WebService for available packages  matching those values. In the case of multiple packages that match the criteria, the most current package will be selected based upon the SourceDate property of the package object. If there are no matches at all, the script will exit, causing the deployment to fail.

When a package matching the criteria required is found, the task sequence variable used by OSDDownloadContent.exe will be set and that executable will be invoked. This automatically downloads the matching package for the model being deployed, making it available locally ready for the vendor specific BIOS update script. Once the package is available locally, and the downloaded completed successfully, the manufacturer script takes care updating the BIOS.

In the event of this script should fail, see the Documentation tab under Script Resources for a list of return codes that could be used for troubleshooting. In terms of logging, the script is writing to a separate log file called BIOSPackageDownload.log located in the same directory as the smsts.log file at the time of operation. For exit codes for the manufacturer steps you should refer to the manufacture support sites as these can change over time.

Follow this simple process of using the Invoke-CMDownloadBIOSPackage.ps1 script inside your task sequence:

  • Package the Invoke-CMDownloadBIOSPackage.ps1 script and distribute it to your Distribution Points.

  • Add a Run PowerShell Script command somewhere after the Apply Operating System step (make sure it's executed during WinPE and not in the Full OS), calling the Invoke-CMDownloadBIOSPackage.ps1 script with parameters for the following:
    • URI - URL of the ConfigMgrWeb service - example: http://configmgr01.scconfigmgr.com/ConfigMgrWebService/ConfigMgr.asmx"
    • SecretKey - The secret key used to connect to the ConfigMgrWebService site
    • Filter - Enter the term "BIOS Update" or "BIOS Update Pilot" depending on the type of deployment you wish to run

  • Add a Run PowerShell Script command somewhere after the previous step, calling the manufacturer script you wish to run. For example use Invoke-DellBIOSUpdate.ps1 script with parameters for the following:
    • Password - The BIOS password used in your systems
    • Path- The variable name used in the previous script to store details of the available package - %OSDBIOSPackage%

See Modern BIOS Management in action

In the below video you can see the entire Modern BIOS & Driver Management processes running during OS deployment. 

 

 

For troubleshooting there is also an extensive log management process that runs during the execution of the script, exit codes are documented under the Script Resources - Documentation section of this post.


Comments are closed.