26 July 2017

Dell BIOS Reporting Tool

Recently, we ran into a problem when we discovered some of the newer laptops were not automatically disabling the WiFi when connected to ethernet. What made the task even more difficult was that all of our Dell Latitude 7480 systems were already deployed. Being in the legal industry, it is more difficult to ask for time to troubleshoot problems when attorneys bill by the hour.

We knew there was either a new BIOS setting for the 7480 or it had been taken away. To get a list of all the BIOS settings for the 7480, I wrote the script below that uses the Dell Command | Configure to get the BIOS options, settings, and descriptions. You can use the Dell Command | Configure GUI application, but that also requires getting time on the remote machine. This script will grab the info in the background without any interruption to the user.

The script first gets a list of all the available BIOS settings and filters out the following items since I did not see the need for these in the reports:


  • help
  • version
  • infile
  • logfile
  • outfile
  • ovrwrt
  • setuppwd
  • sysdefaults
  • syspwd
The next thing it does it to grab the set value for each setting and then it retrieves the description of the setting. The script formats this data into a table that is exported to a .CSV file for easy viewing. In future models, there will likely be new data, so the script will likely need to be updated. There may also be some data the script did not have access to as the firm I work at only has 8 models of Dell systems. 

The first thing you need to do is to get a list of all systems with their BIOS version. You will want to run this in SCCM in order to find the systems with the latest BIOS version to generate the report on. Here is the WQL code for performing a query in SCCM. 

 select SMS_G_System_COMPUTER_SYSTEM.Manufacturer, SMS_G_System_COMPUTER_SYSTEM.Model, SMS_G_System_PC_BIOS.SMBIOSBIOSVersion, SMS_R_System.Name from SMS_R_System inner join SMS_G_System_PC_BIOS on SMS_G_System_PC_BIOS.ResourceID = SMS_R_System.ResourceId inner join SMS_G_System_COMPUTER_SYSTEM on SMS_G_System_COMPUTER_SYSTEM.ResourceId = SMS_R_System.ResourceId order by SMS_G_System_COMPUTER_SYSTEM.Manufacturer, SMS_G_System_PC_BIOS.SMBIOSBIOSVersion, SMS_G_System_COMPUTER_SYSTEM.Model  

Once you get a list of the systems and choose which one to execute the script on, you have some options. You could either deploy the script through SCCM or you could execute it remotely using PSEXEC. Personally, I used PSEXEC. The only parameter you will need to define is the FilePath, which is the location where the .CSV will be written to.

Here is an example of a .CSV file I ran on my own machine. Some values are left blank because the output exceeded a reasonable amount for this spreadsheet, such as hddinfo. Some are also blank due to security, such as hddpwd.



You can download the script from my GitHub repository located here.


 <#  
      .SYNOPSIS  
           BIOS Reporting Tool  
        
      .DESCRIPTION  
           This script will query the BIOS of Dell machines using the Dell Command | Configure to report the data to SCCM via WMI.  
        
      .PARAMETER FilePath  
           UNC path where to write the file output  
        
      .NOTES  
           ===========================================================================  
           Created with:     SAPIEN Technologies, Inc., PowerShell Studio 2017 v5.4.141  
           Created on:       7/18/2017 9:31 AM  
           Created by:       Mick Pletcher  
           Filename:         DellBIOSReportingTool.ps1  
           ===========================================================================  
 #>  
 [CmdletBinding()]  
 param  
 (  
      [ValidateNotNullOrEmpty()][string]$FilePath  
 )  
   
 function Get-Architecture {  
 <#  
      .SYNOPSIS  
           Get-Architecture  
        
      .DESCRIPTION  
           Returns whether the system architecture is 32-bit or 64-bit  
        
      .EXAMPLE  
           Get-Architecture  
        
      .NOTES  
           Additional information about the function.  
 #>  
        
      [CmdletBinding()][OutputType([string])]  
      param ()  
        
      $OSArchitecture = (Get-WmiObject -Class Win32_OperatingSystem | Select-Object OSArchitecture).OSArchitecture  
      Return $OSArchitecture  
      #Returns 32-bit or 64-bit  
 }  
   
 function Get-RelativePath {  
 <#  
      .SYNOPSIS  
           Get the relative path  
        
      .DESCRIPTION  
           Returns the location of the currently running PowerShell script  
        
      .NOTES  
           Additional information about the function.  
 #>  
        
      [CmdletBinding()][OutputType([string])]  
      param ()  
        
      $Path = (split-path $SCRIPT:MyInvocation.MyCommand.Path -parent) + "\"  
      Return $Path  
 }  
   
 function Get-CCTK {  
 <#  
      .SYNOPSIS  
           Find CCTK.EXE  
        
      .DESCRIPTION  
           Find the Dell CCTK.EXE file.  
        
      .EXAMPLE  
                     PS C:\> Get-CCTK  
        
      .NOTES  
           Additional information about the function.  
 #>  
        
      [CmdletBinding()]  
      param ()  
        
      $Architecture = Get-Architecture  
      If ($Architecture -eq "64-bit") {  
           $Directory = ${env:ProgramFiles(x86)} + "\Dell\"  
           $File = Get-ChildItem -Path $Directory -Filter cctk.exe -Recurse | Where-Object { $_.Directory -like "*_64*" }  
      } else {  
           $Directory = $env:ProgramFiles + "\Dell\"  
           $File = Get-ChildItem -Path $Directory -Filter cctk.exe -Recurse | Where-Object { $_.Directory -like "*x86" }  
      }  
      Return $File  
 }  
   
 function Get-ListOfBIOSSettings {  
 <#  
      .SYNOPSIS  
           Retrieve List of BIOS Settings  
        
      .DESCRIPTION  
           This will get a list of all BIOS settings  
        
      .PARAMETER Executable  
           CCTK.exe  
        
      .EXAMPLE  
           PS C:\> Get-ListOfBIOSSettings  
        
      .NOTES  
           Additional information about the function.  
 #>  
        
      [CmdletBinding()]  
      param  
      (  
           [ValidateNotNullOrEmpty()]$Executable  
      )  
        
      #Get the path this script is executing from  
      $RelativePath = Get-RelativePath  
      #Get list of exclusions to omit from list of BIOS settings  
      $File = $RelativePath + "BIOSExclusions.txt"  
      $BIOSExclusions = Get-Content -Path $File | Sort-Object  
      #Rewrite list of sorted exclusion back to text file  
      $BIOSExclusions | Out-File -FilePath $File -Force  
      #Get list of BIOS settings -- Script must be executed on a local machine and not from a UNC path  
      $Output = cmd.exe /c $Executable.FullName  
      #Remove instructional information  
      $Output = $Output | Where-Object { $_ -like "*--*" } | Where-Object { $_ -notlike "*cctk*" }  
      #Format Data and sort it  
      $Output = ($Output.split("--") | Where-Object { $_ -notlike "*or*" } | Where-Object{ $_.trim() -ne "" }).Trim() | Where-Object { $_ -notlike "*help*" } | Where-Object { $_ -notlike "*version*" } | Where-Object { $_ -notlike "*infile*" } | Where-Object { $_ -notlike "*logfile*" } | Where-Object { $_ -notlike "*outfile*" } | Where-Object { $_ -notlike "*ovrwrt*" } | Where-Object { $_ -notlike "*setuppwd*" } | Where-Object { $_ -notlike "*sysdefaults*" } | Where-Object { $_ -notlike "*syspwd*" } | ForEach-Object { $_.Split("*")[0] } | Where-Object { $_ -notin $BIOSExclusions }  
      #Add bootorder back in as -- filtered it out since it does not have the -- in front of it  
      $Output = $Output + "bootorder" | Sort-Object  
      Return $Output  
 }  
   
 function Get-BIOSSettings {  
 <#  
      .SYNOPSIS  
           Retrieve BIOS Settings Values  
        
      .DESCRIPTION  
           This will retrieve the value associated with the BIOS Settings  
        
      .PARAMETER Settings  
           List of BIOS Settings  
        
      .PARAMETER Executable  
           CCTK.exe file  
        
      .EXAMPLE  
           PS C:\> Get-BIOSSettings  
        
      .NOTES  
           Additional information about the function.  
 #>  
        
      [CmdletBinding()]  
      param  
      (  
           [ValidateNotNullOrEmpty()]$Settings,  
           [ValidateNotNullOrEmpty()]$Executable  
      )  
        
      #Create Array  
      $BIOSArray = @()  
      foreach ($Setting in $Settings) {  
           switch ($Setting) {  
                "advbatterychargecfg" {  
                     $Arguments = [char]34 + $Executable.FullName + [char]34 + [char]32 + "--" + $Setting  
                     $Value = (cmd.exe /c $Arguments).split("=")[1]  
                     $Arguments = [char]34 + $Executable.FullName + [char]34 + [char]32 + "-h" + [char]32 + "--" + $Setting  
                     $Description = (cmd.exe /c $Arguments | Where-Object { $_.trim() -ne "" }).split(":")[1].Trim()  
                }  
                "advsm" {  
                     $Value = ""  
                     $Arguments = [char]34 + $Executable.FullName + [char]34 + [char]32 + "-h" + [char]32 + $Setting  
                     $Description = ((cmd.exe /c $Arguments) | where-object {$_.trim() -ne ""}).split(":")[1].Trim().split(".")[0]  
                }  
                "bootorder" {  
                     $Arguments = [char]34 + $Executable.FullName + [char]34 + [char]32 + $Setting  
                     $Output = (((((cmd.exe /c $Arguments | Where-Object { $_ -like "*Enabled*" } | Where-Object { $_ -notlike "*example*" }) -replace 'Enabled', '').Trim()) -replace '^\d+', '').Trim()) | ForEach-Object { ($_ -split ' {2,}')[1] }  
                     $Output2 = "bootorder="  
                     foreach ($item in $Output) {  
                          [string]$Output2 += [string]$item + ","  
                     }  
                     $Value = $Output2.Substring(0,$Output2.Length-1)  
                     $Arguments = [char]34 + $Executable.FullName + [char]34 + [char]32 + "-h" + [char]32 + $Setting  
                     $Description = ((cmd.exe /c $Arguments) | where-object { $_.trim() -ne "" }).split(":")[1].Trim().split(".")[0]  
                }  
                "hddinfo" {  
                     $Value = ""  
                     $Arguments = [char]34 + $Executable.FullName + [char]34 + [char]32 + "-h" + [char]32 + $Setting  
                     $Description = ((cmd.exe /c $Arguments) | where-object {$_.trim() -ne ""}).split(":")[1].trim().split(".")[0]  
                }  
                "hddpwd" {  
                     $Value = ""  
                     $Arguments = [char]34 + $Executable.FullName + [char]34 + [char]32 + "-h" + [char]32 + $Setting  
                     $Description = ((cmd.exe /c $Arguments) | Where-Object {$_.trim() -ne ""}).split(":")[1].split(".")[0].trim()  
                }  
                "pci" {  
                     $Value = ""  
                     $Arguments = [char]34 + $Executable.FullName + [char]34 + [char]32 + "-h" + [char]32 + $Setting  
                     $Description = ((cmd.exe /c $Arguments) | Where-Object { $_.trim() -ne "" }).split(":")[1].split(".")[0].trim()  
                }  
                "propowntag" {  
                     $Arguments = [char]34 + $Executable.FullName + [char]34 + [char]32 + "--" + $Setting  
                     $Value = ((cmd.exe /c $Arguments).split("=")[1]).trim()  
                     $Arguments = [char]34 + $Executable.FullName + [char]34 + [char]32 + "-h" + [char]32 + $Setting  
                     $Description = ((cmd.exe /c $Arguments) | Where-Object { $_.trim() -ne "" }).split(":")[1].trim()  
                }  
                "secureboot" {  
                     $Arguments = [char]34 + $Executable.FullName + [char]34 + " --" + $Setting  
                     $Output = cmd.exe /c $Arguments  
                     if ($Output -like "*not enabled*") {  
                          $Value = "disabled"  
                     } else {  
                          $Value = "enabled"  
                     }  
                     $Arguments = [char]34 + $Executable.FullName + [char]34 + [char]32 + "-h" + [char]32 + $Setting  
                     $Description = ((cmd.exe /c $Arguments) | where-object { $_.trim() -ne "" }).split(":")[1].Trim().split(".")[0]  
                }  
                default {  
                     #Get BIOS setting  
                     $Output = $null  
                     $Arguments = [char]34 + $Executable.FullName + [char]34 + [char]32 + "--" + $Setting  
                     $Output = cmd.exe /c $Arguments  
                     #Get BIOS Description  
                     $Arguments = [char]34 + $Executable.FullName + [char]34 + [char]32 + "-h" + [char]32 + "--" + $Setting  
                     $Description = ((cmd.exe /c $Arguments) | Where-Object { $_.trim() -ne "" }).split(":").Trim()[1]  
                     $Value = $Output.split("=")[1]  
                }  
           }  
           #Add Items to object array  
           $objBIOS = New-Object System.Object  
           $objBIOS | Add-Member -MemberType NoteProperty -Name Setting -Value $Setting  
           $objBIOS | Add-Member -MemberType NoteProperty -Name Value -Value $Value  
           $objBIOS | Add-Member -MemberType NoteProperty -Name Description -Value $Description  
           $BIOSArray += $objBIOS  
      }  
      Return $BIOSArray  
 }  
 #Find the CCTK.exe file  
 $CCTK = Get-CCTK  
 #Get List of BIOS settings  
 $BIOSList = Get-ListOfBIOSSettings -Executable $CCTK  
 #Get all BIOS settings  
 $BIOSSettings = Get-BIOSSettings -Executable $CCTK -Settings $BIOSList  
 #Add Computer Model to FileName  
 $FileName = ((Get-WmiObject -Class win32_computersystem -Namespace root\cimv2).Model).Trim()  
 #Add BIOS version and .CSV extension to computer name  
 $FileName += [char]32 + ((Get-WmiObject -Class win32_bios -Namespace root\cimv2).SMBIOSBIOSVersion).Trim() + ".CSV"  
 #Get full path to the output .CSV file  
 If ($FilePath[$FilePath.Length - 1] -ne "\") {  
      $FileName = $FilePath + "\" + $FileName  
 } else {  
      $FileName = $FilePath + $FileName  
 }  
 #Delete old .CSV if it exists  
 If ((Test-Path $FileName) -eq $true) {  
      Remove-Item -Path $FileName -Force  
 }  
 #Screen output  
 $BIOSSettings  
 #File output  
 $BIOSSettings | Export-Csv -Path $FileName -NoTypeInformation -Force  
   

17 July 2017

TPM Readiness Verification

A while back, I posted a PowerShell script that verified if the TPM was ready for BitLocker to be applied in a build. Recently, the script stopped working. I decided to decipher the code I had borrowed to make the script work. In looking at it, I found a way to significantly simplify the code down to one-liners.

The objective is to verify the TPM is ready for BitLocker encryption before an image is laid down. This is so that if the technician forgets to ready the TPM, it won't go through the entire build process and then fail near the end, thereby wasting a lot of time. There are five steps to verifying this. They are:

NOTE: As stated in this Dell article, Windows 10 takes ownership of the TPM once the OS is laid down and booted up. It will retake ownership everytime the OS starts unless otherwise stopped by the Disable-TPMAutoProvisioning cmdlet. This means that if you use the Verify No TPM Ownership script after the OS is laid down, it will fail.
  • Verify TPM Ownership is Allowed
  • Verify TPM is Enabled
  • Verify No TPM Ownership
  • Verify TPM is Activated
  • Set the BIOS Password
Each of these steps can be accomplished as a one-liner using PowerShell. As a one-liner, they can be implemented as individual task sequences as shown below.


Each task is set up as a Run Command Line. When WinPE loads, it gathers data in the WMI of the TPM status. I started out using the Get-WMIObject which returned a boolean value. The problem was that MDT does not recognize boolean values. It had to be converted to an integer. The second problem was that executing this via PowerShell would not return the boolean value. It only returned if the expression was successfully executed. That is what the if then else does with the exit 1 or 0. Here are the command lines used along with the required success code.

  • Verify TPM Ownership is Allowed
    • powershell.exe -executionpolicy bypass -command "&{Write-Host 'TPM OwnerShip: ' -NoNewLine;if (([int]((Get-WmiObject -Namespace ROOT\CIMV2\Security\MicrosoftTpm -Class Win32_Tpm).IsOwnerShipAllowed().IsOwnerShipAllowed)) -eq 1) {Write-Host 'Allowed' -ForegroundColor Yellow;Exit 0 } else {Write-Host 'Not Allowed' -ForegroungColor Red;Exit 1}}"
    • Success Code: 1
    • Success Exit Code: 0
  • Verify TPM is Enabled
    • powershell.exe -executionpolicy bypass -command "&{Write-Host 'TPM Enabled: ' -NoNewLine;if (([int]((Get-WmiObject -Namespace ROOT\CIMV2\Security\MicrosoftTpm -Class Win32_Tpm).IsEnabled().isenabled)) -eq 1) {Write-Host 'Yes' -ForegroundColor Yellow;Exit 0 } else {Write-Host 'No' -ForegroundColor Red;Exit 1}}"
    • Success Code: 1
    • Success Exit Code: 0
  • Verify No TPM Ownership
    • powershell.exe -executionpolicy bypass -command "&{Write-Host 'TPM Owned: ' -NoNewLine;if (([int]((Get-WmiObject -Namespace ROOT\CIMV2\Security\MicrosoftTpm -Class Win32_Tpm).isowned().isowned)) -eq 1) {Write-Host 'No' -ForegroundColor Yellow;Exit 0 } else {Write-Host 'No' -ForegroundColor Red;Exit 1}}"
    • Success Code: 1
    • Success Exit Code: 0
  • Verify TPM is Activated
    • powershell.exe -executionpolicy bypass -command "&{Write-Host 'TPM Activated: ' -NoNewLine;if (([int]((Get-WmiObject -Namespace ROOT\CIMV2\Security\MicrosoftTpm -Class Win32_Tpm).IsActivated().isactivated)) -eq 1) {Write-Host 'Yes' -ForegroundColor Yellow;Exit 0 } else {Write-Host 'No' -ForegroundColor Red;Exit 1}}"
    • Success Code: 1
    • Success Exit Code: 0
The other part to this is setting the BIOS password, which also requires CCTK to be installed. For more information on installing the CCTK within the WinPE environment, please refer to this blog entry.

The task sequence to set the BIOS password is shown below. This occurs after the installation of CCTK is done. The task sequence needs to be setup as a Run Command Line. The command line for it is as follows:


  • Set BIOS Password
    • powershell.exe -command "&{If (((Start-Process -FilePath x:\CCTK\cctk.exe -ArgumentList '--setuppwd=<BIOS Password>' -wait -passthru).ExitCode) -eq 115) {(Start-Process -FilePath x:\CCTK\cctk.exe -ArgumentList '--valsetuppwd=<BIOS Password> --setuppwd=<BIOS Password>' -wait -passthru).ExitCode}}"
This command line first tries to set the BIOS password if it is not set. If it is, an error code of 115 is returned and the command line entering the BIOS password is then executed. 

This is all that is required to execute this. Here is a video of the task sequences executing in the build process. 

Here is a video of the task sequences executing at the beginning of the build. 





There is also an alternative to failing at the beginning of the build process. You could have the one-liner create a task sequence variable that would be a flag for a later task just before the BitLocker process starts that would pause the build by initiating the LTISuspend.wsf and pop-up an alert saying to ready the TPM before unpausing the build. We decided to stop the build initially because that reminds the technician that they needed to ready the TPM first. 

MDT: Executing an application multiple times in a task sequence

Recently, I published a new script that updates all of the Dell drivers on a system automatically. I wanted the script to execute twice in the task sequence with a reboot in between executions. This is so if some drivers or apps do not install the first try due to conflicts with another installation, they will install on the second try.

The first thing I tried was entering the execution as an application and putting the App install in the task sequence twice. During the build, the application would only install once. The second time it skipped over it. To accomplish this, I ended up using a Run Command Line to execute the application more than once and it worked. So if you need to execute an application more than once, use the Run Command Line to do so. 

12 July 2017

Pending Reboot Reporting

Recently, I implemented Kent Agerlund's technique for monitoring pending reboots located here. This works great, but I also found out there are additional reboot flags on systems that I wanted to monitor. I must say a big thank you to Dean Attali's blog How to Check if a Server Needs a Reboot for providing the information on which registry keys and WMI entries indicate a system is waiting for a reboot. After getting that information, I changed step 5 from Kent's blog with the script below.

The new PowerShell code checks if the system is waiting for a reboot due to windows updates, changes to OS components, pending file rename operations, and if Configuration Manager reboot is pending. All of these are registry queries, except for the Configuration Manager, which is a WMI query.

If you do not want the pending file rename operation, you can comment that line out with a # ($PendingFileRenameOperations = (Get-ItemProperty -Path REGISTRY::"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager" -ErrorAction SilentlyContinue).PendingFileRenameOperations)

To test this, I implemented the new code in the configuration item in SCCM yesterday, already knowing one of the servers needed a reboot. It popped into the collection this morning.


You can download this code from my GitHub site located here.


 <#  
      .SYNOPSIS  
           Reboot Pending Detection  
        
      .DESCRIPTION  
           This script will the four reboot pending flags to verify if a system is pending a reboot. The flags include Windows patches, component based servicing, session manager, and finally configuration manager client.   
        
      .NOTES  
           ===========================================================================  
           Created with:     SAPIEN Technologies, Inc., PowerShell Studio 2017 v5.4.141  
           Created on:       7/11/2017 1:10 PM  
           Created by:       Mick Pletcher  
           Filename:         PendingRebootReporting.ps1  
           ===========================================================================  
 #>  
   
 #Checks if the registry key RebootRequired is present. It is created when Windows Updates are applied and require a reboot to take place  
 $PatchReboot = Get-ChildItem -Path REGISTRY::"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\RebootRequired" -ErrorAction SilentlyContinue  
 #Checks if the RebootPending key is present. It is created when changes are made to the component store that require a reboot to take place  
 $ComponentBasedReboot = Get-ChildItem -Path REGISTRY::"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\RebootPending" -ErrorAction SilentlyContinue  
 #Checks if File rename operations are taking place and require a reboot for the operation to take effect  
 $PendingFileRenameOperations = (Get-ItemProperty -Path REGISTRY::"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager" -ErrorAction SilentlyContinue).PendingFileRenameOperations  
 #Performs a WMI query of the configuration manager service to check if a reboot is pending  
 $ConfigurationManagerReboot = Invoke-WmiMethod -Namespace "ROOT\ccm\ClientSDK" -Class CCM_ClientUtilities -Name DetermineIfRebootPending | select-object -ExpandProperty "RebootPending"  
 If (($PatchReboot -eq $null) -and ($ComponentBasedReboot -eq $null) -and ($PendingFileRenameOperations -eq $null) -and ($ConfigurationManagerReboot -eq $false)) {  
      Return $false  
 } else {  
      Return $true  
 }  
   

07 July 2017

Dell Automatic BIOS, Application, and Driver Updates in Build

Recently, the Install Dell Command Update and Flash BIOS in WinPE solution I published stopped working when we purchased the Dell E7280. The Dell Command | Update was installing a driver in the WinPE environment that would stick in a continuous installation. Before, it was an all or nothing thing on using the DCU-CLI.exe within WinPE. It could not accept any parameters. I finally figured that problem out. I injected MSI.dll into the %WINDIR%\system32 folder and full functionality of the executable was enabled.

I decided to rework the entire script at that point. The script now operates in both WinPE and the Windows environment. You may ask why you would want to execute this in WinPE. The reason is that if there is a BIOS update needed and you also configure BIOS settings before the OS is laid down, you will want this to be performed first as some BIOS settings cannot be changed after the OS is laid down.

The script detects if it is running in WinPE and will only execute a BIOS update at that point. The way the script works is that it executes the DCU-CLI.exe and uses the /report parameter to only generate a report on what to install. Here is a sample report:




The script then reads the XML report file as shown above to find what to install. In WinPE, it automatically knows to only run the BIOS update. In Windows, it will install all updates if no parameter is defined. You can see in the script that I have defined BIOS, Drivers, and Applications meaning if you select any of these, that is all that will be installed. If you don't select any, all will be installed.

Inside the XML file, there is the <file> field that gives the download address for downloading the driver. After talking with Warren Byle from Dell, I verified that types of updates to include in this script. Warren also verified the release code is unique for every new version of a driver. This gave me the idea to create a local driver repository so they can be downloaded and then executed locally. This saves a lot on time and bandwidth, especially when talking about hundreds of megabytes of data downloads.

The script downloads every driver listed in the XML file to the specified network share outlined in the WindowsRepository parameter. It will first scan the repository folders for one named after the release code and verify the contents matches the file download. If so, it skips downloading.

The next step is installing the drivers. I found that /S works on all Dell driver installations. The only part I had to figure out were the return codes, which are 0, 2, and 3010 for a successful installation.

Another thing I changed was the process of setting this up in MDT. Here are the steps I put in the task sequence processes for running this within WinPE.


I chose to use T: for my mapped drive since I know that driver letter is not used for anything else here. The Map T: Drive task is as shown.


The next step was copying the Dell Client | Update files to WinPE.


These files I copy over were grabbed from the Dell Command | Update directory after it had been installed on a PC.


The next thing I do is to copy the MSI.DLL file to the WinPE system32 directory. I grabbed this file initially from the system32 directory on my Win10 machine.


The next step is unmapping the T: drive. This is necessary because we are going to map that drive letter to the next UNC path.



The next step is to map to the repository location, where the PowerShell script also resides.


We're now going to copy over the PowerShell script. You may wonder why I chose here. That is because this script is intended to be executed both in WinPE and Windows. This directory will be used in Windows, so why not keep the script in the same place instead of having to make a copy of it?


The next step is executing the script. Here is the command line I use: powershell.exe -executionpolicy bypass -file %SystemDrive%\DCU\DellBIOSDriverUpdate.ps1 -WindowsRepository \\<FileShare Repository> -BIOSPassword <Password> -WinPERepository "t:"


The next step is deleting the old XML file. I have the task sequences copy over the XML file to the repository directory in the event I want to look at it. This task sequence deletes the file if it exists.


The next step is to copy the XML to the repository.


Finally, we unmap the T: drive again.


This is all that is to use this script in the WinPE environment.

Next, is using it in the windows environment. This one is much easier. The first thing, don't enter it as an application. If you do, it can only be executed one time in the task sequence. Enter it as a Run Command line task sequence as shown below.



You do need to use the full UNC path and filename for the command line and enter the UNC path under start in.


You maybe wondering what the repository looks like. Here is a pic of the repository that contains the directories labeled after each release version containing the update. The XML files contain the report of all needed drivers derived from the dcu-cli.exe. This is also where I keep this script.



This is a video showing the process of the script in action. I exposed the steps to display on the screen so you could see what it is doing here.


Here is a video of it operating during the build after the OS was laid down.



You can download this script from my GitHub site located here.



 <#  
      .SYNOPSIS  
           Update the BIOS and Drivers  
        
      .DESCRIPTION  
           This script will update the BIOS, Applications, and Drivers. It can detect if it is running within the WinPE or Windows environments. If it is running within WinPE, it will only update the BIOS, otherwise it will run all updates.  
        
      .PARAMETER WindowsRepository  
           UNC path to the updates Windows Repository that is accessible if the operating system is present  
        
      .PARAMETER BIOSPassword  
           Password for the BIOS  
        
      .PARAMETER BIOS  
           Perform BIOS updates only  
        
      .PARAMETER Drivers  
           Perform drivers updates only  
        
      .PARAMETER Applications  
           Perform applications updates only  
        
      .PARAMETER WinPERepository  
           Path to the updates Windows Repository that is accessible if running within WinPE  
        
      .EXAMPLE  
           Running in Windows only and applying all updates  
                powershell.exe -file DellBIOSDriverUpdate.ps1 -WindowsRepository "\\UNCPath2Repository"  
   
           Running in WinPE Only  
                powershell.exe -file DellBIOSDriverUpdate.ps1 -WinPERepository "t:"  
   
           Running in both Windows and WinPE  
                powershell.exe -file DellBIOSDriverUpdate.ps1 -WindowsRepository "\\UNCPath2Repository" -WinPERepository "t:"  
   
      .NOTES  
           ===========================================================================  
           Created with:    SAPIEN Technologies, Inc., PowerShell Studio 2017 v5.4.140  
           Created on:      6/21/2017 3:16 PM  
           Created by:      Mick Pletcher  
           Filename:        DellBIOSDriverUpdate.ps1  
           ===========================================================================  
 #>  
   
 param  
 (  
      [string]$WindowsRepository,  
      [string]$BIOSPassword,  
      [switch]$BIOS,  
      [switch]$Drivers,  
      [switch]$Applications,  
      [string]$WinPERepository  
 )  
   
 function Get-Architecture {  
 <#  
      .SYNOPSIS  
           Get-Architecture  
        
      .DESCRIPTION  
           Returns 32-bit or 64-bit  
        
      .EXAMPLE  
           Get-Architecture  
        
      .NOTES  
           Additional information about the function.  
 #>  
        
      [CmdletBinding()][OutputType([string])]  
      param ()  
        
      $OSArchitecture = (Get-WmiObject -Class Win32_OperatingSystem | Select-Object OSArchitecture).OSArchitecture  
      Return $OSArchitecture  
 }  
   
 function Get-WindowsUpdateReport {  
 <#  
      .SYNOPSIS  
           Get list of updates to install  
        
      .DESCRIPTION  
           Execute the dcu-cli.exe to get a list of updates to install.  
        
      .EXAMPLE  
           PS C:\> Get-WindowsUpdateReport  
        
      .NOTES  
           Additional information about the function.  
 #>  
        
      [CmdletBinding()][OutputType([xml])]  
      param ()  
        
      #Test if this is running in the WinPE environment  
      If ((test-path -Path 'REGISTRY::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinPE\') -eq $true) {  
           $Executable = Get-ChildItem -Path "x:\DCU" -Filter dcu-cli.exe  
           $ReportFile = "x:\DCU\DriverReport.xml"  
      } else {  
           $Architecture = Get-Architecture  
           If ($Architecture -eq "32-Bit") {  
                $Executable = Get-ChildItem -Path $env:ProgramFiles"\Dell\CommandUpdate" -Filter dcu-cli.exe  
           } else {  
                $Executable = Get-ChildItem -Path ${env:ProgramFiles(x86)}"\Dell\CommandUpdate" -Filter dcu-cli.exe  
           }  
           #Name and location of the report file  
           If ($WindowsRepository[$WindowsRepository.Length - 1] -ne "\") {  
                $ReportFile = $WindowsRepository + "\" + "DriverReport.xml"  
           } else {  
                $ReportFile = $WindowsRepository + "DriverReport.xml"  
           }  
      }  
      #Delete XML report file if it exists  
      If ((Test-Path -Path $ReportFile) -eq $true) {  
           Remove-Item -Path $ReportFile -Force -ErrorAction SilentlyContinue  
      }  
      #Define location where to write the report  
      $Switches = "/report" + [char]32 + $ReportFile  
      #Get dcu-cli.exe report  
      $ErrCode = (Start-Process -FilePath $Executable.FullName -ArgumentList $Switches -Wait -Passthru).ExitCode  
      #Retrieve list of drivers if XML file exists  
      If ((Test-Path -Path $ReportFile) -eq $true) {  
           #Get the contents of the XML file  
           [xml]$DriverList = Get-Content -Path $ReportFile  
           Return $DriverList  
      } else {  
           Return $null  
      }  
 }  
   
 function Get-WinPEUpdateReport {  
 <#  
      .SYNOPSIS  
           Get Dell Client Update Report  
        
      .DESCRIPTION  
           Execute the Dell Client | Update to generate the XML file listing available updates  
        
      .EXAMPLE  
           PS C:\> Get-WinPEUpdateReport  
        
      .NOTES  
           Additional information about the function.  
 #>  
        
      [CmdletBinding()]  
      param ()  
        
      #Define XML Report File  
      $ReportFile = $env:SystemDrive + "\DCU\DriversReport.xml"  
      #Delete XML Report file  
      If ((Test-Path $ReportFile) -eq $true) {  
           Remove-Item -Path $ReportFile -Force | Out-Null  
      }  
      #Define Dell Client | Update commandline executable  
      $Executable = $env:SystemDrive + "\DCU\dcu-cli.exe"  
      #Define switches for Dell Client | Update  
      $Switches = "/report" + [char]32 + $ReportFile  
      #Execute Dell Client | Update  
      $ErrCode = (Start-Process -FilePath $Executable -ArgumentList $Switches -Wait -Passthru).ExitCode  
      #Retrieve list of drivers if XML file exists  
      If ((Test-Path -Path $ReportFile) -eq $true) {  
           #Get the contents of the XML file  
           [xml]$DriverList = Get-Content -Path $ReportFile  
           Return $DriverList  
      } else {  
           Return $null  
      }  
 }  
   
 function Update-Repository {  
 <#  
      .SYNOPSIS  
           Update the repository  
        
      .DESCRIPTION  
           This function reads the list of items to be installed and checks the repository to make sure the item is present. If it is not, the item is downloaded to the repository.  
        
      .PARAMETER Updates  
           List of Updates to be installed  
        
      .EXAMPLE  
           PS C:\> Update-Repository  
        
      .NOTES  
           Additional information about the function.  
 #>  
        
      [CmdletBinding()]  
      param  
      (  
           [ValidateNotNullOrEmpty()]$Updates  
      )  
        
      #Set the variable to the to the repository  
      If ((test-path -Path 'REGISTRY::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinPE\') -eq $true) {  
           If ($WinPERepository[$WinPERepository.Length - 1] -ne "\") {  
                $Repository = $WinPERepository + "\"  
           } else {  
                $Repository = $WinPERepository  
           }  
      } elseif ($WindowsRepository[$WindowsRepository.Length - 1] -ne "\") {  
           $Repository = $WindowsRepository + "\"  
      } else {  
           $Repository = $WindowsRepository  
      }  
      foreach ($Update in $Updates.Updates.Update) {  
           #Define the storage location of this driver  
           $UpdateRepository = $Repository + $Update.Release  
           #Get the URI to download the file from  
           $DownloadURI = $Update.file  
           $DownloadFileName = $UpdateRepository + "\" + ($DownloadURI.split("/")[-1])  
           #Create the new directory if it does not exist  
           If ((Test-Path $UpdateRepository) -eq $false) {  
                New-Item -Path $UpdateRepository -ItemType Directory -Force | Out-Null  
           }  
           #Download file if it does not exist  
           If ((Test-Path $DownloadFileName) -eq $false) {  
                Invoke-WebRequest -Uri $DownloadURI -OutFile $DownloadFileName  
           }  
      }  
 }  
   
 function Update-Applicatons {  
 <#  
      .SYNOPSIS  
           Update Dell Applications  
        
      .DESCRIPTION  
           This function only updates Dell Applications  
        
      .PARAMETER Updates  
           List of updates to install  
        
      .EXAMPLE  
           PS C:\> Update-Applicatons  
        
      .NOTES  
           Additional information about the function.  
 #>  
        
      [CmdletBinding()]  
      param  
      (  
           [ValidateNotNullOrEmpty()]$Updates  
      )  
        
      if ($WindowsRepository[$WindowsRepository.Length - 1] -ne "\") {  
           $Repository = $WindowsRepository + "\"  
      } else {  
           $Repository = $WindowsRepository  
      }  
      foreach ($Update in $Updates.Updates.Update) {  
           #Check if update is a application update  
           If ($Update.type -eq "Application") {  
                #Get application update file  
                $UpdateFile = $Repository + $Update.Release + "\" + (($Update.file).split("/")[-1])  
                #Verify application update file exists  
                If ((Test-Path $UpdateFile) -eq $true) {  
                     $Output = "Installing " + $Update.name + "....."  
                     Write-Host $Output -NoNewline  
                     # /s to suppress user interface  
                     $Switches = "/s"  
                     $ErrCode = (Start-Process -FilePath $UpdateFile -ArgumentList $Switches -WindowStyle Minimized -Wait -Passthru).ExitCode  
                     If (($ErrCode -eq 0) -or ($ErrCode -eq 3010)) {  
                          Write-Host "Success" -ForegroundColor Yellow  
                     } else {  
                          Write-Host "Failed" -ForegroundColor Red  
                     }  
                }  
           }  
      }  
 }  
   
 function Update-BIOS {  
 <#  
      .SYNOPSIS  
           Update the BIOS  
        
      .DESCRIPTION  
           This function will update the BIOS on the system  
        
      .PARAMETER Updates  
           List of updates to install  
        
      .PARAMETER Update  
           XML info of the BIOS update  
        
      .EXAMPLE  
           PS C:\> Update-BIOS  
        
      .NOTES  
           Additional information about the function.  
 #>  
        
      [CmdletBinding()]  
      param  
      (  
           [ValidateNotNullOrEmpty()]$Updates  
      )  
        
      #Set the variable to the to the repository  
      If ((test-path -Path 'REGISTRY::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinPE\') -eq $true) {  
           If ($WinPERepository[$WinPERepository.Length - 1] -ne "\") {  
                $Repository = $WinPERepository + "\"  
           } else {  
                $Repository = $WinPERepository  
           }  
      } elseif ($WindowsRepository[$WindowsRepository.Length - 1] -ne "\") {  
           $Repository = $WindowsRepository + "\"  
      } else {  
           $Repository = $WindowsRepository  
      }  
      foreach ($Update in $Updates.Updates.Update) {  
           #Check if update is a BIOS update  
           If ($Update.type -eq "BIOS") {  
                #Get BIOS update file  
                $UpdateFile = $Repository + $Update.Release + "\" + (($Update.file).split("/")[-1])  
                #Verify BIOS update file exists  
                If ((Test-Path $UpdateFile) -eq $true) {  
                     $Output = "Installing " + $Update.name + "....."  
                     Write-Host $Output -NoNewline  
                     # /s to suppress user interface  
                     $Switches = "/s /p=" + $BIOSPassword  
                     $ErrCode = (Start-Process -FilePath $UpdateFile -ArgumentList $Switches -WindowStyle Minimized -Wait -Passthru).ExitCode  
                     If (($ErrCode -eq 0) -or ($ErrCode -eq 2) -or ($ErrCode -eq 3010)) {  
                          Write-Host "Success" -ForegroundColor Yellow  
                     } else {  
                          Write-Host "Failed" -ForegroundColor Red  
                     }  
                }  
           }  
      }  
 }  
   
 function Update-Drivers {  
 <#  
      .SYNOPSIS  
           Update Dell Drivers  
        
      .DESCRIPTION  
           This function only updates Dell drivers  
        
      .PARAMETER Updates  
           List of updates to install  
        
      .EXAMPLE  
           PS C:\> Update-Drivers  
        
      .NOTES  
           Additional information about the function.  
 #>  
        
      [CmdletBinding()]  
      param  
      (  
           [ValidateNotNullOrEmpty()]$Updates  
      )  
        
      if ($WindowsRepository[$WindowsRepository.Length - 1] -ne "\") {  
           $Repository = $WindowsRepository + "\"  
      } else {  
           $Repository = $WindowsRepository  
      }  
      foreach ($Update in $Updates.Updates.Update) {  
           #Check if update is a application update  
           If ($Update.type -eq "Driver") {  
                #Get driver update file  
                $UpdateFile = $Repository + $Update.Release + "\" + (($Update.file).split("/")[-1])  
                $UpdateFile = Get-ChildItem -Path $UpdateFile  
                #Verify driver update file exists  
                If ((Test-Path $UpdateFile) -eq $true) {  
                     $Output = "Installing " + $Update.name + "....."  
                     Write-Host $Output -NoNewline  
                     # /s to suppress user interface  
                     $Switches = "/s"  
                     $ErrCode = (Start-Process -FilePath $UpdateFile.Fullname -ArgumentList $Switches -WindowStyle Minimized -Passthru).ExitCode  
                     $Start = Get-Date  
                     Do {  
                          $Process = (Get-Process | Where-Object { $_.ProcessName -eq $UpdateFile.BaseName }).ProcessName  
                          $Duration = (Get-Date - $Start).TotalMinutes  
                     } While (($Process -eq $UpdateFile.BaseName) -and ($Duration -lt 10))  
                     If (($ErrCode -eq 0) -or ($ErrCode -eq 2) -or ($ErrCode -eq 3010)) {  
                          Write-Host "Success" -ForegroundColor Yellow  
                     } else {  
                          Write-Host "Failed with error code $ErrCode" -ForegroundColor Red  
                     }  
                }  
           }  
      }  
 }  
   
   
 Clear-Host  
 #Check if running in WinPE environment and get Windows Updates Report  
 If ((test-path -Path 'REGISTRY::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinPE\') -eq $true) {  
      $Updates = Get-WinPEUpdateReport  
 } Else {  
      #Get list of drivers  
      $Updates = Get-WindowsUpdateReport  
 }  
 $Updates.Updates.Update.Name  
 #Process drivers if there is a list  
 If ($Updates -ne $null) {  
      Update-Repository -Updates $Updates  
 }  
 #Check if running in WinPE environment  
 If ((test-path -Path 'REGISTRY::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinPE\') -eq $true) {  
      #Perform BIOS Update  
      Update-BIOS -Updates $Updates  
 } Else {  
      #Install Applications (APP)  
      If (($Applications.IsPresent) -or ((!($Applications.IsPresent)) -and (!($BIOS.IsPresent)) -and (!($Drivers.IsPresent)))) {  
           Update-Applicatons -Updates $Updates  
      }  
      #Install BIOS (BIOS)  
      If (($BIOS.IsPresent) -or ((!($Applications.IsPresent)) -and (!($BIOS.IsPresent)) -and (!($Drivers.IsPresent)))) {  
           Update-BIOS -Updates $Updates  
      }  
      #Install Bundle (SBDL)  
      #Install Drivers (DRVR)  
      If (($Drivers.IsPresent) -or ((!($Applications.IsPresent)) -and (!($BIOS.IsPresent)) -and (!($Drivers.IsPresent)))) {  
           Update-Drivers -Updates $Updates  
      }  
      #Install Firmware (FRMW)  
      #Install ISV Driver (ISVDRVR)  
 }