Updating BIOS versions is best done while the machine is imaging. Fortunately for us, the Microsoft Deployment Toolkit (MDT) provides a built-in mechanism for updating BIOS versions. In this How-To guide, we are going to cover:
- Creating a central BIOS version repository
- Modifying your Task Sequence to install the BIOS Update
The examples shown are geared toward Dell machines. This layout should work for any Make and Model though. The only client requirements relate to the actual BIOS update file. It must initiate silently. If you are ready to get your BIOS updates under control, keep reading!
Creating a Central BIOS Version Repository
I am all about some central “stores”! In the past, we’ve covered creating a central Group Policy store and a central hardware/drive store. Today, we will build a BIOS version store. Before getting started, you will need a list of every model that you support. If you don’t have a list, you can use Active Directory to inventory this type of information.
If you do write your hardware models to Active Directory, you can use this command to retrieve them:
Get-QADComputer * -SizeLimit 0 -IncludedProperties Comment | Select-Object Comment -Unique | Sort-Object Comment
Now, navigate to your MDT Deployment Share and open up the Applications folder. Create a new folder named BIOS Updates (or something similar). Because we only support Dell machines in our environment, my folder is simply called Dell.
Create a sub-folder for each model that you support. Ensure that the folder name exactly matches the reported model. For example, we have some Dell Latitude E5430s. When querying with WMI, the model is actually Latitude E5430 non-vPro. You can double check any model by running wmic computersystem get model from the machine in question.
Populating the BIOS Update Repository
Now for the tedious work. Find the latest BIOS Update for each model that you support. If you support just Dell models, you can open up this URL (http://www.dell.com/support/drivers/us/en/555/Product/optiplex-9010) and change the model name at the end for each of your products.
Download the latest BIOS version and rename the file to BIOSUpdate.exe. Save that file to the correct model sub-folder. Finally, create a blank file or text document in that subfolder and name it with the current BIOS version. In the screenshot above, the BIOSUpdate.exe is version A11. This will help you identify future updates.
Editing the Task Sequence
Within MDT, open up your Task Sequence and head down to the Preinstall phase/group. Just below the configure task, add a new Run Command Line task. Rename this task to BIOS Updates.
Set the command line to: BIOSUpdate.exe -nopause -noreboot
As a note, these commands are specific to Dell Models. For HP machines, the silent command should be /s . If you support other models, leave a comment below with their BIOS Update switches and I will extend this list.
Set the start in to: Z:\Applications\BIOS Updates\%MODEL%\
Finally, select the Options tabs and select Continue on error.
Supporting Multiple Makes?
MDT Tasks allow you to tap into the power of WMI. This means that you can have your Task run on certain makes or models. If you haven’t played with WMI much, here is a decent primer.
On your BIOS Update task, select Options. Then select Add – Query WMI. If you would like to exclude certain models, you can use this WMI query:
Select * From Win32_ComputerSystem WHERE NOT Model LIKE “%Latitude D610%”
If you would like to include only one Make (like Dell) when running a task, you can use this WMI query:
Select * from Win32_Bios where Manufacturer = “Dell Inc.”
Regular Maintenance
Congratulations! You now have a central way to ensure your BIOS versions are up to date. Before bounding off to the next project, you will need to setup a check to ensure this system doesn’t break down over time.
Create a simple calendar reminder to replace any outdated BIOS versions in your store. In our environment, most wide spread replacements/reimaging happens right before the Christmas break and during the Summer. I have reminders set so that I download the latest BIOS versions into the central store.
How can you help?
The method above is how I push BIOS Update versions in our (largely homogeneous) environment. I would like your suggestions on how to improve this. Here is how you can help:
- Do you know of a better way to get BIOS updates?
- Do you know of a better way to get notified of new BIOS updates?
- Do you know how to manage other BIOS version besides Dell and HP?
If you answered yes to any of these questions, leave a comment below! Preferably, include your answer in the comment. If this post got you thinking or if you have a great idea to share with the community, consider writing a guest post for DeployHappiness! You can read more about guest posting and the eternal glory that you will obtain here.
How are you linking the %MODEL% variable. Mine is failing because this environmental variable does not exist. I do not want to exclude any models, I just want it to find the correct folder and apply for multiple models. I don’t understand how you have got your WMI query to link unless you are using the full path name like:
Z:\Applications\BIOS Updates\Optiplex 3070\
in which case there is no need for the WMI query at all? What am I missing?
Great write-up. Note, to apply BIOS updates when your workstations have a BIOS password set, change the command line to “BIOSUpdate.exe /s /p=password”
Thanks! And thank you for the password tip.
How does this get installed during MDT (WinPE) or from the desktop if the supervisor password is set in the BIOS? That is the issue I am facing…it fails to install because the BIOS has a password set (which is by preference).
You can use CCTK or the newer client configuration tools to remove the password first. See the other articles in this series or reach out to me by email.
Hi Joseph,
I just sent you an email with couple questions! Thanks so much!
Can you explain the logic behind start in being “Z:\…” I just updated to update 2 and made a new task sequence and all of the sudden the step is throwing “not found”
Normally, Z:\ is the mapped located of your MDT Deployment share in Windows PE.
This has also stopped working for me, I’ve tried both z:\ and %deployroot% and the command never runs – always a “file or path not found”
It was working before update 2 as well
Mine was working as well and then stopped working after update 2. It just skips right by the task like it doesn’t even exist. Any ideas?
I had the same issue as well – “file or path not found”. I had to add it as an application, then then the task sequence was able to find the executable.
Hi Bill,
Could you show us what do you have in your Application settings – are you still using the %MODEL% variable?
Have you had luck with Optiplex 7040? This seems like a different type of exe.
I haven’t tried a 7040, Sam.
I got this work, it took changes when compared to the old BIOS updates in the TS.
1. The switch to use is /s and I found this by running a /? against the exe that I downloaded.
2. On the Success Code of the the TS step you need to add a value of 2. The exit code with /s is a 2 which means a reboot is required. If you do not do this the TS will fail as it will not know how to handle this code.
Thank you for the update! And good troubleshooting.
how do you add a success code? can you give an example of your cmd line? Mine needs a /s as well.
Do you mean:
EECHO 2 | BIOSUpdate.exe /s
OK, I found the latest BIOS for my machines but the question I have is how do you save it to the sub-folder under applications? Do you start a new application and if so, would the “command line” and “Working Directory” area have the same info, i.e. BIOSUpdate.exe -nopause -noreboot in the working directory have Z:\Applications\BIOS Updates\%MODEL%\ ?
Hello,
great article.
Are there also any options to change bios-settings with MDT and/or Group Policy?
For all my laptops i want to turn on lan/wlan-switching.
Thx
Read all of Joseph’s BIOS articles here on his site, he lays it all out there for you. Here is the group policy one: https://deployhappiness.com/pushing-bios-settings-with-group-policy/
Just remember that in order to update the BIOS each computer will have to reboot. I did the exact same update, but did not push with group policy, I just pushed the package as an app in the background, and did not force the restart. If my users restarted within a couple of hours after I pushed the app, then it worked, but some don’t restart for days and those failed to update the BIOS.
Good explanation! 🙂
Great post…
I’m testing it with MDT 2013.
Same problem as Matthew Robertson, in the preinstall phase, doesn’t work.
I’m actually testing it in the state restore phase…
But one question… We only have DELL too, but how do you manage intermediate Bios versions ?
I’m explaining… If you have a PC with bios A01 and you want to upgrade to last version, for example, A15. It doesn’t work if you don’t push intermediates version.
Thanks for your reply
Thank you! I think the issue is with permissions to that folder with some setups. I am not sure why though.
I’ve had that rollup issue once with some 390s. We plugged in the first BIOS upgrade into the task sequence and then pushed the second BIOS upgrade with Group Policy as a shutdown script.
I put this on the back burner for a while, but have now come back to it, knowing more than I knew the first time I tried it, but it still does not work for me. I am wondering if I am missing something from a previous post of yours that would explain my issue. Maybe there was something I was supposed to have earlier int eh task sequence or something. The task sequence just goes right on past the BIOS update, regardless of where I put it. I know it works, because I can run the executable just fine when I am in Windows. How does MDT know that it is the correct version? Do i have to have a wmi query to make it work? Thanks for your help on this, it will be awesome if i can get it to work. 🙂
In the top left of this page, you will see a contact (mail) button. Email me a screenshot showing me your entire task sequence and a screenshot showing the details of the BIOS update task.
Thank you for the email back. I was unaware that MDT mapped the Z drive to the deployment share, so I was using the UNC path as my start in folder. Before that I tried using my D: drive path, because that is the physical location of my deployment share. After you taught me that the system maps the Z drive, I tested it and failed in the Pre-install area, but then was successful when I put it in the State Restore area as ACCEOtech suggested. It runs even if the latest update is already installed, but that is not the worst thing in the world. I will see if I can make it a little smarter and skip it if it is already up to date.
Glad you got it worked out! Mapping to Z is a handy way to ensure that a machine can access the DeploymentShare resources.
Hi Matt,
Have you been able to find a solution for this one? I am just like you: the task just goes right pass the BIOS update… Any idea?
Great guide. Thanks!!!
Is there a way to handle situations where you have a very old version of the bios installed and you need to upgrade the bios twice. i.e. I have A03 and I want to go to A15, but it says I need to install A07 before I can install A15.
Thanks Paul!
You can add in an optional task above your BIOS update task to install the needed update. Make sure to set that update as “continue on error” and to scope it to your one model.
Test this out though and let me know what you find!
You wrote “Within MDT, open up your Task Sequence and head down to the Preinstall phase/group. Just below the configure task, add a new Run Command Line tasks.” Wh en i place the file ther it seems to fail deployment. I moved in the State Restore Phase and that seems work. Did I miss something to make it work from the Preinstall Phase?. BTW great site/information!
I stick the task in the Preinstall phase because I like to update the BIOS before an OS is installed. Does the preinstall failure give you an error?
You can certainly run the update in the State Restore phase though.
I tried it in both areas and i get no results. I think I may be missing something. I get no errors, but the BIOS is simply not updated. I created the folders within my deployment share, but not using MDT, as you cannot copy the files to the folder in MDT, at least I cannot see a way. Any help would be much appreciated.
Thanks
You would need to create the folders manually in the deployment share. “Folders” within the deployment workbench don’t really exist in the deployment share.
What happens if you manually run the BIOSupdate.exe file?
That is what I thought. I originally created the folder structure using windows explorer in my deployment share. nothing happened, it never ran.
It works if I run it manually and it works if I install it as part of the task sequence as an application, though then it isn’t checking if it is on the latest version, so it updates the BIOS regardless. Why would you install it from the command line instead of as an application? I am guessing that I can create a wmi query to tell it not to run if it has the latest version, though I have no clue how to do that at the moment. I am hopeful I will learn that by the ned of the day.
Thanks for your help.
As a condition to run, you could add a query that queries the current BIOS version. From the command prompt, that query would look like this:
wmic bios get SMBIOSBIOSVersion
You can run wmic bios get to see possible values. That should at least get you started!
Do you need to do any checking if the BIOS is already at the version you are attempting to install, or is the installer smart enough to know it is already current? I’ve got Dell machines too, and this is a really intriguing idea.
You don’t! The installer is smart enough to know the current BIOS version.
Awesome thanks! One other question: are you using 64-bit WinPE or 32-bit? Just doing some research and found a discussion on Dell forums about someone not being able to update the BIOS when on 64-bit WinPE. Don’t know if this is an old issue or still a problem. Thanks for your help. These were good posts!
Not a problem James!
We have used both without issue. We use 32-bit right now for most deployments though.
How can you configure the WMI query to detect the VERSION of the BIOS? This way it’ll detect if the BIOS already has the update and then skips the installation (for reimaging of the same device and avoiding reinstalling the BIOS).
In Command Prompt, you can query the version with wmic bios get version. To modify that for MDT/GroupPolicy, you would have something like: Select * from Win32_Bios where NOT Version = “A11”. Just sub in the current BIOS version for A11. Let me know how your project turns out.
Actually, I found the WMI query on another forum, but this is exactly what I was needing – so thanks. As for using “NOT” I decided to go with using “<" as to not attempt and downgrade a BIOS version.. and even if the installer would detect it and back out, why even allow it to attempt.
Though I'll need this for the slew of Dell machines we support, I am also doing this on a Lenovo Helix device which makes the string:
select * from Win32_BIOS where Version < "LENOVO – 1160"
Thanks for your input!
Great! Let me know if you have any more questions.