Highly recommended setup. Use it if you can. This will be the whole guide and I will cut this into two posts of BIOS and Drivers later on.
Shoutout to guys in Modern Driver Management – MSEndpointMgr. They are really helping out the IT community with their tutorials.
So big thanks to them!
So lets start on where you should setup driver and bios install steps in SCCM task sequence:
Here are the steps in my demo task sequence. These steps setup a variety of things, like read-only account that looks through the packages in driver or bios folders.
So you need to set username and password. To have it somewhat secret use do not display this value as you setup the account. This means your account is logged in a format that hides every second letter to _-mark. Meaning if you use driver@de.mo your logged information about the account would be d_i_e_@_e_m_. Password is a no show all together, but this account has rights to read your SCCM so you really should precaution when using this. If you use security scope and apply it for MDM resources only then its not so big deal.
There is also Lenovo and Dell being setup here and those are passwords also and we will be talking about them later on as well.
BIOS updates
So lets get into bios updates first. You need to get the base script: ModernBIOSManagement/Invoke-CMDownloadBIOSPackage.ps1 at main · MSEndpointMgr/ModernBIOSManagement · GitHub
After you have run this step you need to place a folder that is guided by NewBIOSAvailable task sequence variable.
Then you need device based scripts:
HP
ModernBIOSManagement/Invoke-HPBIOSUpdate.ps1 at main · MSEndpointMgr/ModernBIOSManagement · GitHub
SELECT * FROM Win32_ComputerSystem WHERE Manufacturer LIKE “%HP%”
DELL
ModernBIOSManagement/Invoke-DellBIOSUpdate.ps1 at main · MSEndpointMgr/ModernBIOSManagement · GitHub
SELECT * FROM Win32_ComputerSystem WHERE Manufacturer LIKE “%DELL%”
Lenovo
NOTE: There could be -Password %LENOVO% here as the variable is placed before.
SELECT * FROM Win32_ComputerSystem WHERE Manufacturer LIKE “%Lenovo%”
Microsoft
Note to have these running you have to have the read-only account in your environment.
SELECT * FROM Win32_ComputerSystem WHERE Manufacturer LIKE “%Microsoft%”
Drivers
If you have setup the above Bios variables also, then you don’t need to these once again. But to have MDM to only use drivers then you need 2 steps in your task sequence:
Setup user variables. Remember to use Do not display this value when setting these.
Read-only account
Easily done. Create a domain user that will the have the rights on SCCM database in Read-only mode.
Leave a Reply