Dell Bios Upgrade in OSD WinPE x64

Ok, So for a long time, You couldn’t upgrade Dell’s Bios in WinPE x64 because they didn’t have native x64 bios installer, this has recently changed. – Download HERE
Mike wrote up a nice intro to the new utility HERE

I do all of our bios updates using the “Application Model” after the OS is laid down, so it has the 32bit subsystem, it works fine. But I know many people like to do it during PE.  So I thought I’d play with it this morning and write up a script.

PreReqs for my script: Enabled PowerShell.  Here are the things we’ve enabled: (Win10 1607 Boot Media)
image

Benefits of doing it how I’ve setup. 

  1. One Script works for all models, you just have to setup your folder structure to match the Computer Model in WMI.
  2. Grabs Bios Password from File, you only have to update one File if you change your Bios Password
  3. Creates TS Variables to avoid Rebooting if already on same bios version.
  4. Creates Log file based on the Bios Update in the %temp%\SMSTSLog Folder (X:\windows\temp\SMSTSLog\BiosFileName.log)
  5. New Bios version release? No Problem, delete the old one, add the new one, update Package, done, no script change required.
  6. It’s Fun

Package Folder Structure.  Make sure the subfolders exactly match the WMI Model Name
Get-WmiObject -Class Win32_computersystem | Select-Object -ExpandProperty Model
image

image

Once you’ve created your Folder Structure, populate it with the latest Bios files for each model. (Just download and place in the folder, no renaming required)
Also, create a txt file in the package root called Bios.txt and put your Dell Bios password in that file.
image

Now, the PowerShell script will query WMI for the Model, look for the bios file inside of the corresponding folder and apply it to the system using the Flash64w.exe utility. (It will pull the password from the bios.txt file in the root of your package)

Script: Download HERE
Full Folder Structure: HERE (Updated as of 2/21/2017) – 185MB
image

Based on the Exit Code of the Bios Update, it will create a TS Variable you can use to reboot, retry if low battery or continue on with your TS. – More info about Dell Exit Codes here… I noticed it didn’t have them all though: http://en.community.dell.com/techcenter/enterprise-client/w/wiki/3462.dup-bios-updates.  I trigger events based on Exit Code 2 (Successful but requires Reboot) and Exit Code 10 (Battery too Low).  You can easily add additional Exit Codes and create custom variables to have your TS do other thing based on those Exit codes.

Now in your TS:
Create Dell Upgrade Bios Group, and set to only run if a Dell Computer:
select * from Win32_ComputerSystem where Manufacturer like "%Dell%"
image
Create Run Command Line Step:
powershell.exe -NoProfile -ExecutionPolicy ByPass -file .\DellBiosUpgradePackage-2.0.ps1
image

Create another Group, This will run if the battery was too low to update the Bios.  It will wait 10 minutes and try again.  If the Battery is still too low after that Point, it will continue on without updating Bios. – You can easily put a step here that will popup a message box about how the Bios Didn’t update, etc.
SMSTS_BiosUpdateBatteryCharge = True
image
Command Line Step: powershell.exe -NoProfile -ExecutionPolicy ByPass -Command "Start-Sleep -s 600"
image
image

It will then wait 10 minutes and try again, if successful, it will set variable SMSTS_BiosUpdateRebootRequired = true and continue onto the next group to reboot.  If it fails due to battery again, it will set SMSTS_BiosUpdateBatteryCharge = True and show a Message that it probably has faulty battery.  At this Point, you can click “OK” and let it continue, or turn it off and replace battery.

image

Create another Group which will reboot the computer and any other steps needed to get back to where you were before the reboot. (TS Variable = SMSTS_BiosUpdateRebootRequired equals true)
I added a “Format” step, just to ensure there was a place for the Boot Image to download too, this might not be needed in your environment depending on placement of the Bios Upgrade.
image

Ok, that should be it.

Note, I was running into some issues with the flashw64.exe utility from Dell, getting this error:
image

Once I added another line into the script to launch the software once with minimal arguments, it worked fine. I’ve contacted Dell Support to see if they have any ideas on that.

If you run into any problems, let me know and I’ll test that model if I have it.
Tested on so Far:

  1. Laptops
    1. Latitude E5550
    2. Latitude E5470
    3. Latitude E6540
    4. Latitude E6530
    5. Latitude E6430
    6. Latitude E7250
    7. Latitude E7240
    8. Precision 7510
  2. Desktops
    1. OptiPlex 7010

Enable Mouse Support in Win10 OSD during State Restore.

I’ve been annoyed not having mouse support in Windows 10 OSD, TS Fails, I hit F8, then it’s all trying to navigate with keyboard commands.  I finally ran across a fix to enable mouse support during this stage of OSD. 

Thanks MDT Facebook group for this, and a Dell Engineer Elliot who pointed me to a Dell white paper HERE

Towards the end is this little nugget:
image

I added that to my TS:
image

Now when I open F8 / CMTrace, I have mouse control!

At the end of the TS, I have a step to undo the change and set it back to the original setting of “1”
image

Note: The mouse does NOT show up in the black areas of the setup screen, it has to be over a application window (CMD, Notepad, CMtrace, etc).  Once you move it outside of the window, it disappears again until you wiggle it back above a window. Recommend maximize your active window. Smile

image

Windows 10 Creator Update–Disable Edge Button in IE

In IE, after upgrading to Creator Edition Insider Preview, I noticed a new Edge button in IE.
image

I clicked on it, and it opened Edge to a default performance Page.  Just seems like more advertising to me.  I was hoping it would open the current page I had active in Edge. (Maybe they make it useful in RTM??, one can hope)

FulLScreen

I’d like that button gone please, not finding anything in options, I went to the registry, I found this:
image

While changing these settings did nothing, I took the info here and create a new setting:

IEEdgeTabDisableRegistrySetting

Once I created that setting and set it to “1”, IE removed the button.

IEEdgeTabDisable

Worked instantly, closed and opened IE, button Gone!

To fix on your personal computer, open elevated command prompt and enter:
Reg.exe ADD "HKLM\Software\Microsoft\Internet Explorer\Main" /v HideNewEdgeButton /T REG_DWORD /D "1" /F
DisableCommand

For OSD, just add that line into a “Run Command Line” step

image

Hope you find this helpful

How To Setup Report Builder to Create or Edit ConfigMgr CB Reports.

There are a few tricks to getting Report Builder to be able to edit or create reports in your ConfigMgr SSRS environment. I have had to do this several times, as I often change workstations, so I thought I’d finally blog it.  I’ll cover a few things in this post to help you get started.
In this Post, I’ll cover the simple setup of SQL Report Builder, connecting it into your ConfigMgr SSRS (Written and tested with CB 1610), and testing the queries to make sure you have permissions.

  1. Download and install SQL Report Builder
    1. Download HERE
    2. To Install, just follow the wizard.
  2. Export the SQL Cert on your ConfigMgr DB server.
    image
    1. Right Click on the ConfigMgr SQL Server Identification Cert and choose Export
    2. Yes, export Private Key (Keep this in a secure location)
    3. Leave file Format Screen defaulted, and click Next
      image
    4. Recommend Using a password to protect the Certificate
      image
    5. Save the Cert somewhere secure for use later.
  3. Connecting SQL RB to your CM SSRS Database
    1. Launch SQL RB 2016, (Make sure you launch the software as a user that has RIGHTS to modify Reports, you might have to check permissions.  My account is a ConfigMgr Admin, so it does have rights, but you can grant others less rights to work on reports, using the Security roles in ConfigMgr) – Good Blog article about setting up roles HERE
    2. Now, lets open a canned report - File –> Open
    3. Point it at your SSRS URL String, you can get this by pulling up your Reports in IE, then grab the URL and modify it.  Delete everything after “Reports” and change “Reports” to “ReportServer”
      image
      image
    4. You should now see your Site Code Folder, go ahead and drill down to Hardware – General, Computer Information for a specific computer and click open
      image
    5. It should now load that report in the Builder and you can see the Data Source & DataSets
      image
    6. Go ahead and look at the DataSet0 Properties, this will be the Query used to gather the data for the report.
      image
    7. Go ahead and click Query Designer, you should be prompted for username / password, choose “Use the current Windows user”.  At this point, I get an error: Unable to connect to data source – The certificate chain was issued by an authority that is not trusted.
      image
    8. Remember that Cert we exported, this is when it comes into play. 
      1. Right Click on that Cert and Install (You can leave Report Builder open while you do this)
      2. Choose Local Machine, click Next, then insert the password you chose.
        image image
      3. Click “Place all certificates in the following store and click browse, choose “Trusted Root Certification Authorities.
        image
      4. Click Finish, and it will then give you the “Success” box.
    9. Going back to the Report Builder, click Query Builder again, and choose “Use current logged on user”, it should now work and bring you to the query designer.
      1. To test the Query, you can hit the red Exclamation mark
      2. It will now prompt for 2 pieces of information, @UserSIDs & @variable (Computer Name)
        1. @UserSIDs, this one is a bit of fun, you’ll need to get your SID for your account, then convert it to what SSRS is looking for. – PowerShell Time
          [wmi] "win32_userAccount.Domain='YourDomain',Name='YourAccount'"
          image
        2. Grab the SID from there and go back to Report Builder
          Open the properties of the “DataSetAdminID” dataset
          Go to Query Designer, click the Red exclamation Mark, when prompted, enter the SID
          image
          This will give you the UserSIDs
          image
          Save your UserSID in a safe place, as you’ll need it for working with other canned reports.
    10. Going back into the DataSet0 Query, run the query and insert info
      image
      Click OK
    11. Now you’ll see the data pulled via the Query:
      image
  4. At this point, you’re able to connect, run queries, and see how it’s working.  You can now start modifying the Queries to add additional info, remove info, modify how the report itself looks, etc.

At a later date, I’ll go over importing reports, building one from scratch, and modifying the canned reports. – If you’re interested, please leave comments on any suggestions you’d like to see pertaining to ConfigMgr reports.

 

Other worthy notes:

  1. To disable the RBA (@UserSIDs) stuff, check out this link: https://blogs.technet.microsoft.com/michaelgriswold/2014/09/17/disabling-rbac-during-custom-report-creation/
  2. Report Builder Tutorials – This is where I learned a lot of what I know (Besides just messing around) - https://msdn.microsoft.com/en-us/library/dd239338.aspx

AppV for Windows 10 1607–Update Packages / Enable in Windows

I’m going to cover two topics, both updating your old Packages to install without error on 1607, and how to enable AppV in 1607 with Powershell / AppModel Deployment.

We have a few AppV Packages that we use, when doing inplace upgrade from 1511 –> 1607, it automatically enables the new AppV that’s built into Windows, and the AppV Apps that were previously installed just work, that’s great!

However, when trying to deploy AppV Packages via ConfigMgr to newly installed 1607 clients, we’d get error:
Windows Installer packages (.msi files) generated by the App-V sequencer (version 5.1 and earlier) fail to install on computers with the in-box App-V client  Searching for that error led me to:https://technet.microsoft.com/en-us/itpro/windows/manage/appv-release-notes-for-appv-for-windows

I also tried to run the MSI, which showed the error that the MSI couldn’t find AppV Client:
image

 

From that TechNet article, I tried to follow the directions to update the MSI for the workaround, but would get this error:
image

The process outlined worked, just that the script included in the Windows 10 ADK doesn’t.   It has some references to old file locations from older SDKs.  After minor modification to the Update-AppvMsiPackage.ps1 script, we were able to make it work. (Changes shown in Picture below)

You can download our Modified Script HERE – Thanks Mark (@Geodesicz)

image

Requirements:

When you install the ADK, it will install the Sequencer and add the PowerShell Script, that's the one you need to modify / replace.
image

Steps to upgrade package

  1. Open Elevated Powershell
  2. Import-Module “Update-AppvMsiPackage.ps1” (Use the modified version you created or downloaded)
  3. Update-AppvMsiPackage –msiPackage c:\folder\appvpackage.msi

image

Now when you deploy that package to a 1607 machine, it works!

AppV in 1607 - https://technet.microsoft.com/en-us/itpro/windows/manage/appv-enable-the-app-v-desktop-client

  • AppV Status: Powershell: get-appvstatus
    image
  • Enable: Powershell: Enable-AppV
    image
  • Corresponding Registry Key:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\AppV\Client  Enabled = 1
    image

Deploy via Catalog (App Model)

image

 

Here’s how to make it:
image

image

image

I have two deployment types, one for the MSI installer & one to activate the built-in 1607
First one will run if build NOT equal 14393, and the second will run if 14393
Only covering the new 1607 method here

image

image

Content: You can just put anything, you can probably leave it blank.  I just have it pointed to my folder for the PowerShell Script and documentation.  Just so I remember where to find it.

image

Program: powershell.exe -Command Enable-Appv
image

Detection Method = the Registry key I talked about earlier
image

image

 

Requirements: Set to require build 14393 (1607) – You can add this Custom Global Condition by following this awesome guide: http://ccmexec.com/2016/08/using-windows-10-build-numbers-as-global-condition-in-configmgr/

image

You should now have the ability to use this Application model as a prereq for your AppV Package deployments.

Also, recommend updating your AppV 5.1 Client install to include the detection method for 1607’s.  Consider this Senario.  You have Several AppV Packages you deploy. You have the 5.1 AppV Client as a pre-req for your AppV Package Deployments.  On Windows pre-1607,  it will then install the 5.1 Client.  On Windows 1607, it will fail the install of the client, and not continue with the AppV Package deployment. However, if you already have AppV enabled on 1607 via GPO or OSD, etc, then you can just add the 1607 detection method to 5.1’s install, then when you deploy your AppV Package, it will see the pre-reqs are already installed if 1607, and continue on.

image

 

Found a post about an overview of the new AppV in 1607, along with Group Policy info:
http://app2pack.blogspot.com/2016/08/exploring-app-v-ue-v-in-windows-10.html

Hope you find this useful, took me a day dealing with the incorrect PowerShell Script provided.