To give you a bit of background to this post, Nickolaj and I sat down back in February and discussed some of the pain points in relation to OS deployments. The main theme that community members had was around the area of driver management, with conflicts over driver package best practices, performance issues and general overhead for the ConfigMgr administrator.

Back in late March of this year we released our “Modern Driver Management” method of dynamically managing driver deployments as part of your OS deployments ( The process works by utilizing a number of tools we have developed to fully automate the process of driver management from the download step right through to deployment at the client.

Modern BIOS Management

Since then we have been thinking about some of the issues and points raised by the community around the area of BIOS deployments, and how best to handle them. Dell has been pushing their Flash64w flash BIOS tool recently allowing for BIOS upgrades during the WinPE phase of your OS deployment. Now with additions to all parts of our “Modern Driver Management” engine we are pleased to support the automatic deployment of Dell BIOS updates in your task sequence using our “Modern BIOS Management”.

Oh and for those of you who were looking for Lenovo and HP, we are working on it and we should be publishing a Lenovo update shortly and hopefully following up with HP at a later date.

How Does It Work?

The process is broken down into three key steps;

1. Automate BIOS Package Downloads & Creation (Driver Automation Tool)

This initial step uses our “Driver Automation Tool” which currently supports a number of manufacturers (Dell, HP, Lenovo, Microsoft & Acer) for drivers and a subset (Dell/Lenovo) for BIOS downloads.

It is vital that the tool is used in this process as it standardizes the naming convention of packages and includes tools which we will utilize later on in this process.

Note: Version 3.8 should be used as a minimum as there have been changes to the BIOS update process. The tool can be downloaded from Technet –

  • Launch the Driver Tool and connect the GUI to your ConfigMgr environment by entering the name of your Site Server and hitting the Connect To SCCM button
  • We now need to select the Deployment Platform as “ConfigMgr – Standard Pkg“, then pick “BIOS” as the Download Type and pick your OS/Architecture
  • On the Manufacturer Tab select the vendors you wish to display models for and then hit the “Find Models” button
  • Select the models from the list you wish to download packages for and hit the “Add to Import List” button
  • On the Driver Storage Locations tab enter in UNC path for the Repository Path
  • Click on the Distribution Tab and select the DP’s or DP Group’s you wish to distribute the content to
  • Click Enable Binary Differential Replication if required
  • Click on the Start Download and Import Process to kick off the BIOS downloads

Once downloaded you should end up with something like this in your ConfigMgr console:

Download Tool – In action:

2. Automate ConfigMgr Data Retrieval (ConfigMgr WebService)

Modern BIOS Management solution requires the ConfigMgr WebService to be installed in your environment, with the minimum of version 1.3.0. Detailed installation steps can be found in the documentation included in the package, downloadable from the following link:

The web service is a key function to this process as it will be used during the task sequence to query the available packages from ConfigMgr (using the GetCMPackage function) and through logic in a PowerShell script, match available BIOS packages to the model and manufacturer of the machine being deployed.

3. Automate Downloads & Installations

Adding the steps for Modern BIOS Management could not be simpler. Download the following scripts required from the following:

BIOS Package Detection Script:

BIOS Update Script (Dell):

The Invoke-CMDownloadBIOSPackage script will automatically detect the computer model and manufacturer, calling the ConfigMgr WebService for BIOS packages matching those values. In the case of multiple packages that match the criteria, the most current package will be selected based upon the SourceDate property of the package object.

If there’s no matches at all, the script will exit with a return code of 1, causing the deployment to fail. In terms of logging, the script is writing to a separate log file called BIOSPackageDownload.log located in the same directory as the smsts.log file at the time of operation.

Follow this four step process to implement the script referenced above:

  • Package the “Invoke-CMDownloadBIOSPackage & Invoke-DellBIOSUpdate.ps1” PowerShell scripts and distribute them
  • Add a Run PowerShell Script command after the Apply Operating System phase, calling the “Invoke-CMDownloadBIOSPackage.ps1” script with parameters for the following:
    • URI – URL of the ConfigMgrWeb service – example:”
    • SecretKey – The secret key used to connect to the ConfigMgrWebService site
    • Filter – In this instance enter the term “BIOS”

BIOSPackageDownload Log: Starting detection method
BIOSPackageDownload Log: Showing a matching package
  • The next step is to add a Download Package Content step. We recommend that you select a small package here, a determined value contained within the OSDDownloadDownloadPackages hidden task sequence variable is used to add the BIOS package to this list. The package selected here in the UI can be considered a dummy package, and will not be downloaded.A custom path should be specified for the download path, in this example we are using the built in package variable %_SMSTSMDataPath% with a sub-folder called “BIOS” – %_SMSTSMDataPath%\BIOS – and assigning it to a variable called “BIOSPackage

  • The final step is to use the Invoke-DellBIOSUpdate.ps1 powershell script to apply the BIOS update, using the %BIOSPackage01% variable as the path to the flash BIOS update (01 indicates the first package downloaded which in this case will be the only package as the newest package is selected and downloaded)

Note: Some older Dell models do not support Flash64W, so if a failure code other than “2” which indicates a reboot is detected, a task sequence variable (SMSTSBIOSInOSUpdateRequired) is set.

You can then use this as variable as a condition to re-run the powershell script in the OS section of your task sequence, as the script will detect it is no longer in WinPE and attempt to update the BIOS using the legacy method.

See Modern BIOS Management in action

Below is a capture of the Modern BIOS Management process running on a Dell Latitude E5470:

BIOS Update Log

The BIOS update log is also written into the SMS log folder during deployment so you can review this post deployment:

Things To Note:

  1. For those of you running previous versions of the tool, the individual script created for updating the BIOS has been removed as this is superseded by the Invoke-DellBIOSUpdate.ps1 script.
  2. For Lenovo downloads, please select download type as “All” and select an appropriate OS to get a model listing. I will be changing this in the next release with a different XML method.
  3. Windows 10 1xxx downloads are for HP only at present. Other vendors support for the new builds remains in the standard Windows 10 download packages.


Nickolaj Andersen
Principal Consultant and Enterprise Mobility MVP. Nickolaj has been in the IT industry for the past 10 years specializing in Enterprise Mobility and Security, Windows deployments and Automation. In 2015 Nickolaj was awarded as PowerShell Hero by the community for his script and tools contributions. Author of ConfigMgr Prerequisites Tool, ConfigMgr OSD FrontEnd, ConfigMgr WebService and a frequent speaker at user groups.
Maurice Daly
Maurice has been working in the IT industry since 1999 and was awarded his first MVP Enterprise Mobility award in 2017. Technology focus includes Active Directory, Group Policy, Hyper-V, Windows Deployment (SCCM & MDT) and Office 365.


  • Jack
    Posted at 15:05 June 6, 2017

    I’m having issues with getting this to work and was wondering if you could lend a hand, the package is detected and downloads the BIOS update to the client however it appears to fail before it runs as the DellFlashBiosUpdate.log isn’t created.

    Downloading file /NOCERT_SMS_DP_SMSPKG$/CC3001EA/sccm?/Invoke-DellBIOSUpdate.ps1 range 0-4975
    Downloaded file from$/CC3001EA/sccm?/Invoke-DellBIOSUpdate.ps1 to C:\_SMSTaskSequence\Packages\CC3001EA\Invoke-DellBIOSUpdate.ps1
    VerifyContentHash: Hash algorithm is 32780
    Content successfully downloaded at C:\_SMSTaskSequence\Packages\CC3001EA.
    Resolved source to ‘C:\_SMSTaskSequence\Packages\CC3001EA’
    Command line for extension .exe is “%1” %*
    Set command line: Run Powershell script
    Working dir ‘C:\_SMSTaskSequence\Packages\CC3001EA’
    Executing command line: Run Powershell script
    /b=C:\_SMSTaskSequence\BIOS\CC3001D6\OptiPlex_9020M_A13.exe /s /f /l=X:\WINDOWS\TEMP\SMSTSLog\DellFlashBiosUpdate.log /p=5at0r1

    • Maurice Daly
      Posted at 22:07 June 6, 2017
      Maurice Daly

      Hi Jack,

      Could you zip up an export of your task sequence, along with the SMSTS and BiosPackageDownload logs and email them over to me. My email address is


      • Jack
        Posted at 17:05 June 7, 2017

        Issue resolved, many thanks for the help and for your website 🙂

  • RL
    Posted at 00:07 June 15, 2017

    The script only mentions Dell in the name–will it update Lenovo too?

    • Maurice Daly
      Posted at 21:50 June 19, 2017
      Maurice Daly

      Lenovo support is coming at the end of the month following some more testing.


  • Sebastian
    Posted at 06:01 June 23, 2017

    Hi Maurice – I’m having issues getting the BIOS script working in my task sequence. It appears like the path variable is not being passed to the BIOS update script. The below is from the smsts.log:

    Executing command line: Run Powershell script
    /b= /s /f /l=X:\WINDOWS\TEMP\SMSTSLog\DellFlashBiosUpdate.log /p=***
    WARNING: An error occured while updating the system bios. Error message: The argument is null or empty. Provide an argument that is not null or empty, and then try the command again.

    I’ve confirmed that my settings are the same as in the post, and even tried using a different variable but I still get the same issue. Is there something that I’m missing perhaps?

    • Sebastian
      Posted at 06:57 June 23, 2017

      Never mind – my own fault on two parts:
      1) Didn’t have quotes in the variable path
      2) Package wasn’t deployed to a DP!

      Silly me.

  • Josua Baril-Aumond
    Posted at 19:21 June 28, 2017
    Josua Baril-Aumond

    Hi – I am having an issue when iam not setting a password for the bios upgrade.
    In :
    if ($Password -ne $null) {
    # Add password to the flash bios switches
    $FlashSwitches = $FlashSwitches + ” /p=$Password”
    Write-host $FlashSwitches
    I think that the password variable is never $null even if i do not put a password.
    P.S The bios package download correctly and in the command line i see /p…

    • Maurice Daly
      Posted at 23:31 June 28, 2017
      Maurice Daly

      Hi Josua,

      What do the results of the DellFlashBiosUpdate.log look like?.


      • Josua Baril-Aumond
        Posted at 13:10 June 29, 2017
        Josua Baril-Aumond

        I didn’t see this log when i got the error so i comment the password line in the script and it didn’t work either. But then i check the content of the bios package that the tool did and it didn’t contain the dell flash64 binary. It was weird but when i check the source files the binary was there just not in the distributed content. I think the content was distributed before the flash64 is copied. Thanks for your time!

  • Leave a Reply