Deploying BIOS updates during SCCM Task Sequence or Advertised Program

As part of a desktop deployment project it is always a good time to make sure that all workstations have been updated to a consistent BIOS revision level to make sure any problems are not related to BIOS inconsistencies between workstations.

First you need to download the required BIOS update from your hardware vendor and create a normal SCCM Package and Program for it.  For most recent Dell hardware the typical command line to deploy the BIOS update silently and without rebooting looks like this for a Dell Latitude E6420 laptop:

“E6420A02.exe” -NOPAUSE -NOREBOOT

Then once the Package and Program are built you can create a new step in your Task Sequence that installs a the Package (just like any other software Package).  First, make a folder that limits the new BIOS software to only run on the correct model type using a WMI query (this process is not covered in this post).   With the folder limited to a particular model type it isn’t necessary to limit each installation to a particular model type, but only to the particular BIOS version.  The folder and package steps should look like this in the Task Sequence:

Task Sequence Folder

Once the installation package has been created in the task sequence and named appropriately, click on the Options tab and click the “Add Condition” button and choose “Query WMI”.

Make sure your WMI Namespace is:

root\cimv2

Then paste the following in your WQL Query:

select * from WIN32_BIOS where SMBIOSBIOSVersion < “A02″

SCCM WMI BIOS Query

This will run this Task Sequence step on all Dell Latitude E6420 laptops (based on the WMI query set at the folder level) that have a BIOS version less than A02, and will skip this step for all computers that have already been upgraded to version A02 or above.

Remember to also add a “Restart Computer” step afterwards to apply the new BIOS to the workstation.

While the above steps will cover any computers that are being reimaged, computers on the floor may still be running older versions of the BIOS.   To update the computer BIOS after initial deployment you need to create a new SCCM Collection.  Again, I already have Collections created in SCCM that limits by Model type (not covered by this post), so this new Collection is built using the parent collection using the “Limit to collection” setting:

SCCM Collection Limited to Parent

Then under the “Edit Query Statement” click the “Show Query Language” and paste in the following WQL query:

select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System inner join SMS_G_System_PC_BIOS on SMS_G_System_PC_BIOS.ResourceID = SMS_R_System.ResourceId where SMS_G_System_PC_BIOS.SMBIOSBIOSVersion < “A02″

Click OK to get back to the Configuration Manager Console and then go Advertise the BIOS program you previously created to this new Collection.  Now only users on a Dell Latitude E6420 without the A02 BIOS installed on their workstation will be able to run this update now, helping to keep all your workstations up to date.

Note: This article also posted to my work blog here.

2 thoughts on “Deploying BIOS updates during SCCM Task Sequence or Advertised Program”

  1. Just a point of clarification. Where in your Task Sequence are you placing this? Before you apply the OS while you’re still working in PE, or after the OS has been applied and configured and you’re working in the OS? And for your restarts, are you restarting into PE or into the OS (obviously, that would depend on where in the sequence your BIOS steps are).

    Thanks!

  2. Thanks for the comment. In most of the deployments that I’ve done the BIOS isn’t considered critical so it is usually done as a best practice after the OS has been applied and configured, and the restart is then starting into the default OS (not WinPE). In some cases I have heard that the BIOS update may be a requirement to help decrease imaging time in which case it may be necessary to move it earlier in the process while still in WinPE. Installing from WinPE might be possible depending on the hardware vendor’s support for deploying in this manner. Hope that helps.

Leave a Reply

Your email address will not be published.

 

This site uses Akismet to reduce spam. Learn how your comment data is processed.