Hi,
I’ve been tasked to look for Bigfix solution to deploy updates on BIOS, firmware and Device driver similar to Dell patching with Dell command update catalog…
https://www.dell.com/support/article/us/en/04/sln311138/dell-command-update-catalog?lang=en
Thanks.
Mike
I do this regularly with some tasks based on code by @jgstew but I also take into account the Bitlocker State and Bios password… that means I have (For the Enterprise) two tasks for each Bios. One for Unbitlocked and one for Bitlockered. No Doubt if I had time, I could edit the actionscript to take this into account and reduce that total number, but for now, what I have , works well for us.
Here is jgstews original fixlet
https://bigfix.me/fixlet/details/3912
We also make custom tasks for BIOS, firmware, and drivers. Like Pete_F said, you’ll want to suspend BitLocker and clear any BIOS passwords and suspend any security software products you may be running before your actually run these types of updates. Afterwards you’ll need corresponding tasks to re-enable all the issues that you suspended.
The good news is that once you do the heavy lifting the first time to create a baseline, subsequent updates are usually a freeze as you can re-use the same overall baseline, but just insert the new BIOS update in a task in the middle of it.
Take special care to suppress any interactive prompts. Clearing the BIOS password, for example, should help to eliminate prompting.
One thing i did was created my Bios updates as individual software task. Tied relevance to the BIOS and the model of the PC, also i would have relevance that looked to see if Bitlocker was suspended. Next i had a suspend bitlocker task that would run before the BIOS update. I also had a renable bitlocker Once the bios update was run. So i had a two part baseline that ran the suspend bitlocker and then the bios update. Then part 2 was to activate bitlocker back after the computer had updated the BIOS and rebooted.
@bradsexton81 can you please share sample .bes file so I can take a look and perhaps get some ideas?
Thanks.
-Mike
Sorry i do not have any .bes files as it was with my old company. Dell you can install the BIOS updates with the /s command. So you would have to create a custom software deployment task and add the /s switch. Once you do that would want to set relevance so it checks for the correct model along with the bios verison
@davincecode, The key suggestions are to suspend BitLocker and clear any BIOS passwords and suspend any security software products you may be running before your actually run these types of updates. Then include relevance to target by specific make/model. Afterwards you’ll need corresponding tasks to re-enable all the issues that you suspended.
It is helpful to establish a baseline per model with all these tasks. When a new BIOS/firmware comes out, just copy the baseline and insert the new update into the middle of it.
I just came across this for WIndows 10 bitlocker. These actions will help you suspend bitclocker and reenable as part of the BIOS update. I created task for these items and then added them to a baseline and had the BIOS update at the end of the baseline.