To give you a bit of background to this post, Nickolaj and I sat down back in February and discussed some of the pain points in relation to OS deployments. The main theme that community members had was around the area of driver management, with conflicts over driver package best practices, performance issues and general overhead for the ConfigMgr administrator.
Back in late March of this year we released our “Modern Driver Management” method of dynamically managing driver deployments as part of your OS deployments (https://www.scconfigmgr.com/2017/03/29/modern-driver-management-using-web-services-during-osd-with-configmgr/). The process works by utilizing a number of tools we have developed to fully automate the process of driver management from the download step right through to deployment at the client.
Modern BIOS Management
Since then we have been thinking about some of the issues and points raised by the community around the area of BIOS deployments, and how best to handle them. Dell has been pushing their Flash64w flash BIOS tool recently allowing for BIOS upgrades during the WinPE phase of your OS deployment. Now with additions to all parts of our “Modern Driver Management” engine we are pleased to support the automatic deployment of Dell BIOS updates in your task sequence using our “Modern BIOS Management”.
Oh and for those of you who were looking for Lenovo and HP, we are working on it and we should be publishing a Lenovo update shortly and hopefully following up with HP at a later date.
How Does It Work?
The process is broken down into three key steps;
1. Automate BIOS Package Downloads & Creation (Driver Automation Tool)
This initial step uses our “Driver Automation Tool” which currently supports a number of manufacturers (Dell, HP, Lenovo, Microsoft & Acer) for drivers and a subset (Dell/Lenovo) for BIOS downloads.
It is vital that the tool is used in this process as it standardizes the naming convention of packages and includes tools which we will utilize later on in this process.
Note: Version 3.8 should be used as a minimum as there have been changes to the BIOS update process. The tool can be downloaded from Technet – https://gallery.technet.microsoft.com/scriptcenter/Driver-Tool-Automate-9ddcc010
- Launch the Driver Tool and connect the GUI to your ConfigMgr environment by entering the name of your Site Server and hitting the Connect To SCCM button
- We now need to select the Deployment Platform as “ConfigMgr – Standard Pkg“, then pick “BIOS” as the Download Type and pick your OS/Architecture
- On the Manufacturer Tab select the vendors you wish to display models for and then hit the “Find Models” button
- Select the models from the list you wish to download packages for and hit the “Add to Import List” button
- On the Driver Storage Locations tab enter in UNC path for the Repository Path
- Click on the Distribution Tab and select the DP’s or DP Group’s you wish to distribute the content to
- Click Enable Binary Differential Replication if required
- Click on the Start Download and Import Process to kick off the BIOS downloads
Once downloaded you should end up with something like this in your ConfigMgr console:
Download Tool – In action:
2. Automate ConfigMgr Data Retrieval (ConfigMgr WebService)
Modern BIOS Management solution requires the ConfigMgr WebService to be installed in your environment, with the minimum of version 1.3.0. Detailed installation steps can be found in the documentation included in the package, downloadable from the following link:
The web service is a key function to this process as it will be used during the task sequence to query the available packages from ConfigMgr (using the GetCMPackage function) and through logic in a PowerShell script, match available BIOS packages to the model and manufacturer of the machine being deployed.
3. Automate Downloads & Installations
Adding the steps for Modern BIOS Management could not be simpler. Download the following scripts required from the following:
BIOS Package Detection Script:
BIOS Update Script (Dell):
The Invoke-CMDownloadBIOSPackage script will automatically detect the computer model and manufacturer, calling the ConfigMgr WebService for BIOS packages matching those values. In the case of multiple packages that match the criteria, the most current package will be selected based upon the SourceDate property of the package object.
If there’s no matches at all, the script will exit with a return code of 1, causing the deployment to fail. In terms of logging, the script is writing to a separate log file called BIOSPackageDownload.log located in the same directory as the smsts.log file at the time of operation.
Follow this four step process to implement the script referenced above:
- Package the “Invoke-CMDownloadBIOSPackage & Invoke-DellBIOSUpdate.ps1” PowerShell scripts and distribute them
- Add a Run PowerShell Script command after the Apply Operating System phase, calling the “Invoke-CMDownloadBIOSPackage.ps1” script with parameters for the following:
- URI – URL of the ConfigMgrWeb service – example: https://configmgr01.scconfigmgr.com/ConfigMgrWebService/ConfigMgr.asmx”
- SecretKey – The secret key used to connect to the ConfigMgrWebService site
- Filter – In this instance enter the term “BIOS”
- The next step is to add a Download Package Content step. We recommend that you select a small package here, a determined value contained within the OSDDownloadDownloadPackages hidden task sequence variable is used to add the BIOS package to this list. The package selected here in the UI can be considered a dummy package, and will not be downloaded.A custom path should be specified for the download path, in this example we are using the built in package variable %_SMSTSMDataPath% with a sub-folder called “BIOS” – %_SMSTSMDataPath%\BIOS – and assigning it to a variable called “BIOSPackage“
- The final step is to use the Invoke-DellBIOSUpdate.ps1 powershell script to apply the BIOS update, using the %BIOSPackage01% variable as the path to the flash BIOS update (01 indicates the first package downloaded which in this case will be the only package as the newest package is selected and downloaded)
Note: Some older Dell models do not support Flash64W, so if a failure code other than “2” which indicates a reboot is detected, a task sequence variable (SMSTSBIOSInOSUpdateRequired) is set.
You can then use this as variable as a condition to re-run the powershell script in the OS section of your task sequence, as the script will detect it is no longer in WinPE and attempt to update the BIOS using the legacy method.
See Modern BIOS Management in action
Below is a capture of the Modern BIOS Management process running on a Dell Latitude E5470:
BIOS Update Log
The BIOS update log is also written into the SMS log folder during deployment so you can review this post deployment:
Things To Note:
- For those of you running previous versions of the tool, the individual script created for updating the BIOS has been removed as this is superseded by the Invoke-DellBIOSUpdate.ps1 script.
- For Lenovo downloads, please select download type as “All” and select an appropriate OS to get a model listing. I will be changing this in the next release with a different XML method.
- Windows 10 1xxx downloads are for HP only at present. Other vendors support for the new builds remains in the standard Windows 10 download packages.
Maurice has been working in the IT industry for the past 18 years and currently working in the role of Principal Consultant with TrueSec. With a focus on OS deployment through SCCM/MDT, group policies, active directory, virtualisation and office 365, Maurice has been a Windows Server MCSE since 2008 and was awarded Enterprise Mobility MVP in March 2017.