MSEndpointMgr

Drivers as a Service – Version 1.0.0 Released

About a year ago I published a script which provided dynamic updates for Dell, HP, Lenovo and Microsoft systems which are managed by Intune. The script uses the Intune Management Extension to run the dynamic driver update process in a autopilot enrollment of a system, ensuring that you have the latest and therefore hopefully the most stable drivers. Recently however I have thought about developing a script or a tool that would always keep your Intune or standalone system up to date, similar to some OEM included applications.

Introducing Drivers as a Service version 1.0.0

This is the first version of what I like to call “Drivers as a Service”, a PowerShell developed solution that provides continuous automatic updating of drivers on supported hardware platforms. The solution consists of the following;

  • Single MSI installation
  • Supports the following environments;
    • Intune
    • Standalone
    • Configuration Manager
  • Two core components;
    • Windows Service
      The Windows service runs under local system context and therefore allows update operations that the client can’t or at least should not be able to perform
    • Tray Application
      The tray application runs under the local user context in order to provide some functions to the Windows service along with presenting toast style notifications to the end user
  • Supported hardware platforms;
    • Dell
    • HP
    • Lenovo
    • Microsoft (coming in version 1.01)
  • Supported Operating Systems;
    • Windows 10

Lets look at the solution and see how it works;

Installing DaaS

Download the DaaS installation MSI from Microsoft Technet (https://gallery.technet.microsoft.com/scriptcenter/Drivers-as-a-Service-ef36f155), in this example we will manually run the installation but of course you can silently deploy the MSI.

  • Launch the installer;

  • Click on next to view the read me and proceed through to complete the installation

  • A restart is required in order to complete the installation

Once installed you will now notice that you have a new service listed in the list of your Windows services;

After restarting your machine the service will start up the tray application will receive status messages from the running service which will be presented to the user. These status messages are not verbose in nature and with feedback I might also introduce an issue to either make these more verbose or remove them entirely with the exception of update events. For now here is the experience for the end user;

  • Initial notification message – Checking for driver updatesZoomed notification;

Driver Update Maintenance Window

When coming up with the idea for this one thing that was an issue with updates is the fact that Intune in its current state does not have maintenance windows. I thought about adding in registry entries to allow you to specify these, however the Windows active hours is an option which the initial version of this tool to will use to prevent the updates applying within “business” hours. If a new version of the driver package is available to install, the end user receives a notification of this and the impending update;

In the above example we can see that the machine is running within the active hours specified in Windows, which by default at 8am to 5pm. After changing the active hours for demonstration purposes, we now can see that the drivers installation process starts;

  • The end user is notified of the update process taking place

  • Driver installation commences

  • Should a restart be required the end user will be prompted, otherwise they will be advised of the next check

Deployment via Intune

Deployment of the tool is very straight forward;

  • Simply log onto your tenant, go to Apps and click on the “+” icon to add an application
  • Select “Line-of-business app”
  • Select the MSI installer;

  • Click on the App Information section and fill in additional required fields;

  • Now deploy the application to a group or make it available as the example below;

Logs

The service by default automatically adds key steps to the application log;

Verbose logs are located at the following path: C:\Program Files\SCConfigMgr\Drivers As A Service\Logs. Below is a sample output from the Run-DriversAsAService log which contains output from the Windows service;

What about ConfigMgr environments?

For environments where ConfigMgr is managing your client estate you can also use the same solution, however the difference is that the administrator must have a task sequence configured to run the modern driver management solution in “DriverUpdate” mode. This value should be set in HKLM:\Software\SCConfigMgr\Drivers As A Servce\ConfigMgrTSID as below;

The client will then call the task sequence (which obviously will need to be deployed) in order to start the upgrade process and offload the restarting function to the task sequence / ConfigMgr client.

  • Invoke the Invoke-CMApplyDriverPackage.ps1 with the -DeploymentType “DriverUpdate” switch

  • Restart the computer to apply the updates

  • In this instance the user will be informed of the maintenance but the task sequence will restart the computer;

For more information on the Modern Driver Management solution, please visit – https://msendpointmgr.com/modern-driver-management/

Feedback

As always, test in isolation and if you find bugs, or have feedback please send an email through to [email protected].

Maurice Daly

Maurice has been working in the IT industry for the past 20 years and currently working in the role of Senior Cloud Architect with CloudWay. With a focus on OS deployment through SCCM/MDT, group policies, active directory, virtualisation and office 365, Maurice has been a Windows Server MCSE since 2008 and was awarded Enterprise Mobility MVP in March 2017. Most recently his focus has been on automation of deployment tasks, creating and sharing PowerShell scripts and other content to help others streamline their deployment processes.

24 comments

  • This is really great work. Any thoughts on releasing the source code and putting it under the MIT License? Assuming you don’t want to turn it into a paid product and escrow the source, it would allow a much larger group to use this solution. A lot of us aren’t in a position to take closed-source solutions without a commercial license (which can be reviewed by legal.)

    • Hi Nick,

      I appreciate where you are coming from in this respect. Yes, being a community solution I could provide the source code as I already do with the driver automation tool. I will post the code in the next update.

      Maurice

  • Will this service only upgrade drivers? Can it be used to install all needed drivers on a plain Win10 install?
    Maybe you should use HPIA for HP drivers? New tool that is very good.

    • This solution is designed primarily for use wit machines that are already deployed, either via OEM, Windows Autopilot or SCCM. In this instance the initial driver injections should be handled separately and thus maintaining the machine is the goal.

  • Hello Maurice first I would like to say that I am really impressed with this tool, however regarding to Microsoft Devices (I suppose is the Surface line of products), in theory the updated drivers are deployed to the Surface devices directly from the Windows Update Service which deployment can be already controlled from for example, which is the advantage of using this system?

    • Hi Alfredo,

      Drivers as a Service is intended for environments with multiple manufactures or at least where the content is not readily available in WSUS. The main consideration I had when coming up with this was Intune managed environments, as this gives you a solution to control updates through it. In the next updates however I will be publishing version control options where you can define if you want to move to the latest release, in this instance then you have additional control over a WSUS implementation.

      Maurice

  • Has anyone been able to leave SCCM as the auth but allowed internet based driver update for machines that don’t need to be micromanaged?

  • I assume your script uses PNPUtil.exe to install drivers. How do you overcome issues with unsigned drivers requiring user input?

  • Has anyone figured out how to leave ConfigMgr local authority but allow internet based driver updates? I think it’d be a great solution for internet based updates of drivers when required vs micromanaging for all groups.

  • What does it mean the “Supports the following environment” -> Standalone. Is this also running without having a ConfigMgr or a Intune Subscription?

      • thanks for the Reply. i can run the DaaS Client with unmanaged devices and it works fine. for devices managed by sccm i got a Little bit of a Problem while the Service is scanning for the tasksequence. After insert the Reg with the TS ID the DaaS log is not using the TSID (ConfigMgr task sequence package ID for modern driver management: ) the Tasksequence is available for the Client (also shown in the Softwarecenter) and a Manual start of the tasksequence is deploying the Invoke.ps1 as well. the modern Driver Management works fine, but not triggert via the Daas Client

      • Hei Chris. i have the same issue. have you found a workaround for it.

    • If you are managing the tool via SCCM then it is only going to call the task sequence you specify in the registry, if you are using Intune however it will pull content direct from the internet. It is all about testing a roll out and seeing what impact it has on your environment before deploying to the entire enterprise.

      • Is there a way to run this tool in Intune/Stand-alone mode even if there is an SCCM client on the machine?

      • So are you saying you would like the ability for the client to reach out to the vendor sources if the machine is on the internet zone for example?

      • Yes, actually both intranet and internet mode.

        We currently do not have the webservice needed for modern driver management + the stand-alone mode of modern drive managment (using a fileshare) is not a great solution for internet machines.

      • Hi Jo,

        I will include a switch you can specify in the BIOS to allow you to do this then in a build I’ll put up this evening. The standalone method is really the only alternative to using the web service as it currently stands due to the fact some form of matching and local repository needs to take place if you want to limit your network traffic. There might be something on the horizon that could cater for the dynamic method without the web service or standalone file share however..

        Maurice

Sponsors