Auto Updates of your BIOS & Drivers with HPIA, HPCMSL, HP Connect

TLDR: BIOS Updates: Use HP Connect or HPCMSL | Driver Updates: Use HPIA w/ Scheduled Task

So you want to keep your HP device drivers & BIOS updated, set it and forget it. There are some options for you. If you’re using Windows Update for Business, (or Intune), you have some options there to let that apply any updates it finds available, or you can use HP’s tools.

Lets quick go over the current tools as of Today, March 8, 2023. I know of many planned changes for the next year on these tools, which will hopefully even make this post obsolete, as the new features will remove some of this need, but I can’t speak to that… so… today, here are some tools to help you keep updated and how you manage them.

• HP Connect – Direct connection from HP’s Cloud to your Intune tenant. Leverages Intune Proactive Remediations – Lets you set BIOS Settings and BIOS updates. By far the most simple way for you to manage HP BIOS Settings and Updates. I highly recommend starting here.
  • Very easy way to get HP Sure Admin setup, and leverage improved BIOS authentication.
  • Lots of development coming in this product.
• HP Image Assistant (HPIA) originally designed to assist in creating Images, it is typically used for keeping devices updated with BIOS & Drivers with its scanning and updating command line tools and GUI
  • for example, to point to a repository and avoid contacting the Internet add the /OfflineMode parameter
• HP Client Management Script Library (HPCMSL), a powershell module to help in scripting and automation of your HP devices.
  • Update all of your driver packs in your deployment management system like ConfigMgr
  • Create offline repositories for HPIA that you can keep on a file share or in ConfigMg
  • Trigger individual updates on endpoints with simple commands.
  • Get detailed information about devices in your fleet.
  • Install-HPImageAssistant with automatically download and install HPIA for you.
  • So much more…

If you are using Intune, I’d start with managing your BIOS with HP Connect, both your settings and your updates. With that out of the way, I’d setup HPIA to do your driver updates on your endpoints using a scheduled task. (You can still use HPIA for BIOS updates depending on your command line, I’m just not covering it in this post)

At this point, I want to plug this nugget I found a couple years back and gleaned a lot from looking at the code: Deploying HP BIOS Updates – a real world example (smsagent.blog)

Updating with HP Image Assistant

There are a few methods to setting this up for automating your updates, I’ll cover a couple here, and pick what works best for you. [HPIA Documentation]

Scheduled Task with HPIA Command line to install updates | Manual Setup

This is a pretty simple solution, using your current management solution, install HPIA to a location of your choosing, then setup a Scheduled Task to run it using the various command line options available. I recommend looking over the HPIA User Guide PDF, which I personally reference a ton myself as I build out different commands for situations.

• Download from: HP Image Assistant | HP Client Management Solutions
• Extract to Location: hp-hpia-5.1.7.exe /s /e /f “%ProgramFiles%\HPIA”
• Create Scheduled Task with command line:
  • Program: “C:\Program Files\HPIA\HPImageAssistant.exe”
  • Arguments: /Operation:Analyze /Category:Drivers /Selection:All /Action:Install /Silent /Debug /ReportFolder:%temp%
  • Set the Task to run as SYSTEM

Simple and effective. Change the Arguments to match your desired effects.
If you want help to write a script to create a scheduled task, I recommend asking Bing:

While the script isn’t perfect, it gets you most of the way there, just replace application.exe with HPIA… and the argument with what you want to pass to HPIA.

Scheduled Task with HPIA Command line to install updates | Automated Setup

This is going to be a bit more complex, and will require you have a good working knowledge of PowerShell. This solution involves a script embedded into the deployment script. The deployment script will setup the Scheduled Task, and build the HPIA Automation Script in ProgramFiles\HP\HPIA which is triggered by the scheduled task. Based on this script, you should be able to customize however you like and get pretty creative, like using custom reference files and leveraging baselines: HP Image Assistant – Locking in Update Versions with Reference Files

Script on GitHub: garytown/HPIA-AutoUpdate-Setup.ps1

Please read over the script and modify the scheduled task to meet your needs, along with any of the other variables including the parameters for HPIA.

You can deploy the script with Intune, ConfigMgr, or any other management system. Once deployed, it will keep HPIA updated by itself.

Once Deployed, you’ll see the scheduled task:

Log Files:

• %ProgramData%\HP\HPIAUpdateService\LogFiles\HPIAUpdateService.log
  • Combined Log for each time the task runs
• %ProgramData%\HP\HPIAUpdateService\Reports\%Date%\HP Image Assistant.log
  • detailed log of individual executions of HPIA [Debug Log]

Test Machine: HP Elitedesk 705 G3 | Platform: 8266 | Clean Image Win10 22H2

Updating BIOS with HPCMSL

Pre-Req… having HPCMSL module on the endpoint.

HPCMSL has two different commands for updating BIOS, which do things slightly different ways.

• Get-HPBIOSUpdates
  • This commandlet has a lot of options, showing you the latest & several previous BIOS updates available. It allows you to download the update and use in your packages, as well as install updates directly from HP or from previous cache (that you could be hosting in CM or other).
  • This is the command I’ve used to build out our entire Offline BIOS update repository to manage BIOS deployments to endpoints in a 400K client business. It worked great.
  • Will automatically suspend bitlocker if needed
  • Requires you to provide authentication if BIOS requires it.
• Get-HPBIOSWindowsUpdate
  • This commandlet will use a Windows Update encapsulated BIOS update, allowing it to bypass authentication or encryption. This really simplifies deployment, and I’m going to quick demo this command.

“Get-HPBIOSWindowsUpdate”

Command to Update: Get-HPBIOSWIndowsUpdate -Flash -Yes

You could then create a scheduled task that runs powershell.exe with that command, and run it on a regular basis to update the BIOS.
For scripts on automatically setting up HPCMSL on endpoints: HP CMSL – ConfigMgr CIs | /hardware/HP/ConfigItems

GARYTOWN.COM