/build/static/layout/Breadcrumb_cap_w.png

Dell Server Bios and driver patching? Anyone?

Wondering if this is possible and if anyone has done it?

Asked 2 years ago 0 views
0 Comments   [ + ] Show comments

Answers (1)

Posted by: Nico_K 2 years ago
Red Belt
1

Endorsed by Nick The Ninja

yes, the KACE SMA can do it.
And it worked well (I replaced my personal Dell servers 2 years ago due to age with another solution for my lab) and it has the same effects like workstations.

Regarding BIOS updates:
Since the Dell Updater, which is used by KACE (the one you will also use if you use a Dell solution) has a few flaws I suggest not to use it for BIOS updates.
The updater cannot work with two important things:
1. BIOS passwords -> it simply fails
2. Bitlocker encrypted hard drives -> you may enter the recovery key

A 3rd issue (but this is not the updater but the Dell Update feed for it) is that Dell only provides the last versions, which is not a problem with drivers but not all BIOS can be updated over large version jumps. (and this only affects you if you use ancient systems which were never updated)

So you should setup a D+D or a Detect and a Deploy task as you know it with Patching.

For BIOS updates if you feel one or more of the 3 mentioned "issues" is affecting you you should create an update script:
1. setup a label to check for the BIOS minimum level you need to update (see the release notes of the BIOS)
as an example see this for an older Latitude (Latitude E7450 with BIOS less than A24 needed to be updated to A24 in that case, since all models had relatively modern BIOSes a deeper check was not nessesary) :

SELECT MACHINE.NAME AS SYSTEM_NAME, SYSTEM_DESCRIPTION, MACHINE.IP, MACHINE.MAC, MACHINE.ID as TOPIC_ID FROM MACHINE  WHERE ((BIOS_VERSION < 'A24') AND (CS_MODEL like '%Latitude E7450%'))  

2. setup a script (just a few hints, for instance you can allso pause and resume bitlocker if you like it)
2.1 Add manage-bde -on C: to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce (this reenables the bitlocker for C: by adding the command running ONE TIME! after the next reboot (and never again afterwards except you add it again)
2.2. disable bitlocker by running manage-bde -off  C: (which disables bitlocker for drive c:)
2.3. run the downloaded BIOS.exe via BIOS.exe /s /f /r /p=YOURSECUREPASSWORD (runs it silently (/s), forces it (/f, means ignores messages) and reboots the system (/r) and automaticly enters the BIOS-Password (/p=password) 

If you don't run into these issues (means: dont use Bitlocker (but another better working encryption solution), having no BIOS passwords (you should have!) and have really current BIOS versions (current 2.14 and you are using 2.12 or like that) then this is not nessesary.

Comments:
  • Sorry for the late response on this.. looks like we are going to take a whack at this.. Appreciate this as we do use bitlocker. Even with Dell Command we have had requests come in for the bitlocker key..
    So Im going to try a task chain to suspend bitlocker as you mentioned. I especially love the runonce idea.. so thanks. I will probably have some more questions as I venture down this road.

    We are doing company-wide dell driver patching now.. and are even venturing into servers. - barchetta 2 years ago

Posted by:

barchetta 4th Degree Black Belt
Ninja since: 4 years ago

Don't be a Stranger!

Sign up today to participate, stay informed, earn points and establish a reputation for yourself!

Sign up! or login

View more:

KACE Product Support Questions
question

Related Questions

Link

Related Links

Post

Related Posts

Share

 
This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ