TLDR: BIOS Updates: Use HP Connect or HPCMSL | Driver Updates: Use HPIA w/ Scheduled Task
So you want to keep your HP device drivers & BIOS updated, set it and forget it. There are some options for you. If you’re using Windows Update for Business, (or Intune), you have some options there to let that apply any updates it finds available, or you can use HP’s tools.
Lets quick go over the current tools as of Today, March 8, 2023. I know of many planned changes for the next year on these tools, which will hopefully even make this post obsolete, as the new features will remove some of this need, but I can’t speak to that… so… today, here are some tools to help you keep updated and how you manage them.
- HP Connect – Direct connection from HP’s Cloud to your Intune tenant. Leverages Intune Proactive Remediations – Lets you set BIOS Settings and BIOS updates. By far the most simple way for you to manage HP BIOS Settings and Updates. I highly recommend starting here.
- Very easy way to get HP Sure Admin setup, and leverage improved BIOS authentication.
- Lots of development coming in this product.
- HP Image Assistant (HPIA) originally designed to assist in creating Images, it is typically used for keeping devices updated with BIOS & Drivers with its scanning and updating command line tools and GUI
- for example, to point to a repository and avoid contacting the Internet add the /OfflineMode parameter
- HP Client Management Script Library (HPCMSL), a powershell module to help in scripting and automation of your HP devices.
- Update all of your driver packs in your deployment management system like ConfigMgr
- Create offline repositories for HPIA that you can keep on a file share or in ConfigMg
- Trigger individual updates on endpoints with simple commands.
- Get detailed information about devices in your fleet.
- Install-HPImageAssistant with automatically download and install HPIA for you.
- So much more…
If you are using Intune, I’d start with managing your BIOS with HP Connect, both your settings and your updates. With that out of the way, I’d setup HPIA to do your driver updates on your endpoints using a scheduled task. (You can still use HPIA for BIOS updates depending on your command line, I’m just not covering it in this post)
At this point, I want to plug this nugget I found a couple years back and gleaned a lot from looking at the code: Deploying HP BIOS Updates β a real world example (smsagent.blog)
Updating with HP Image Assistant
There are a few methods to setting this up for automating your updates, I’ll cover a couple here, and pick what works best for you. [HPIA Documentation]
Scheduled Task with HPIA Command line to install updates | Manual Setup
This is a pretty simple solution, using your current management solution, install HPIA to a location of your choosing, then setup a Scheduled Task to run it using the various command line options available. I recommend looking over the HPIA User Guide PDF, which I personally reference a ton myself as I build out different commands for situations.
- Download from: HP Image Assistant | HP Client Management Solutions
- Extract to Location: hp-hpia-5.1.7.exe /s /e /f “%ProgramFiles%\HPIA”
- Create Scheduled Task with command line:
- Program: “C:\Program Files\HPIA\HPImageAssistant.exe”
- Arguments: /Operation:Analyze /Category:Drivers /Selection:All /Action:Install /Silent /Debug /ReportFolder:%temp%
- Set the Task to run as SYSTEM
Simple and effective. Change the Arguments to match your desired effects.
If you want help to write a script to create a scheduled task, I recommend asking Bing:
While the script isn’t perfect, it gets you most of the way there, just replace application.exe with HPIA… and the argument with what you want to pass to HPIA.
Scheduled Task with HPIA Command line to install updates | Automated Setup
This is going to be a bit more complex, and will require you have a good working knowledge of PowerShell. This solution involves a script embedded into the deployment script. The deployment script will setup the Scheduled Task, and build the HPIA Automation Script in ProgramFiles\HP\HPIA which is triggered by the scheduled task. Based on this script, you should be able to customize however you like and get pretty creative, like using custom reference files and leveraging baselines: HP Image Assistant β Locking in Update Versions with Reference Files
Script on GitHub: garytown/HPIA-AutoUpdate-Setup.ps1
Please read over the script and modify the scheduled task to meet your needs, along with any of the other variables including the parameters for HPIA.
You can deploy the script with Intune, ConfigMgr, or any other management system. Once deployed, it will keep HPIA updated by itself.
Once Deployed, you’ll see the scheduled task:
Log Files:
- %ProgramData%\HP\HPIAUpdateService\LogFiles\HPIAUpdateService.log
- Combined Log for each time the task runs
- %ProgramData%\HP\HPIAUpdateService\Reports\%Date%\HP Image Assistant.log
- detailed log of individual executions of HPIA [Debug Log]
Test Machine: HP Elitedesk 705 G3 | Platform: 8266 | Clean Image Win10 22H2
Updating BIOS with HPCMSL
Pre-Req… having HPCMSL module on the endpoint.
HPCMSL has two different commands for updating BIOS, which do things slightly different ways.
- Get-HPBIOSUpdates
- This commandlet has a lot of options, showing you the latest & several previous BIOS updates available. It allows you to download the update and use in your packages, as well as install updates directly from HP or from previous cache (that you could be hosting in CM or other).
- This is the command I’ve used to build out our entire Offline BIOS update repository to manage BIOS deployments to endpoints in a 400K client business. It worked great.
- Will automatically suspend bitlocker if needed
- Requires you to provide authentication if BIOS requires it.
- Get-HPBIOSWindowsUpdate
- This commandlet will use a Windows Update encapsulated BIOS update, allowing it to bypass authentication or encryption. This really simplifies deployment, and I’m going to quick demo this command.
“Get-HPBIOSWindowsUpdate”
Command to Update: Get-HPBIOSWIndowsUpdate -Flash -Yes
You could then create a scheduled task that runs powershell.exe with that command, and run it on a regular basis to update the BIOS.
For scripts on automatically setting up HPCMSL on endpoints: HP CMSL β ConfigMgr CIs | /hardware/HP/ConfigItems
GARYTOWN.COM
Hi gary,
I have deployed the HPIA via Intune using win32 method. And it got installed successfully. How to know the package has downloaded the latest driver and updated the PC. Is that can be achieved by any report from Intune to know the BIOS and drivers for the model is up to date?
Thanks
Narayanan
You would have to write something completely custom. Based on the XML reports HPIA creates, you could have a script parse that information, then upload it to Log Analytics. Here is an example of doing additional inventory with PR & LA.
https://msendpointmgr.com/2021/04/12/enhance-intune-inventory-data-with-proactive-remediations-and-log-analytics/
Hi Gary,
Would you have any idea why the script wouldn’t create the Setup Folders in Program Files? The Setup Folders are being created in Program Files (x86).
you’ll want to walk through the script and make sure that the variables are enumerating properly:
The solution should be writing the setup to: $HPIAStagingProgram = “$env:ProgramFiles\HPIA”
Hey Gary,
Just getting around to use this script for HPIA and the scheduled task. Thank you!!
I am trying to figure something out though, and I can’t figure it out. By default, your script “HPIA-AutoUpdate-Setup.ps1”, has the Category set as “Drivers” in the Params and I see at the bottom for Run-HPIA is also set for drivers (-Category). How do I go about adding in “Accessories”. Do I put that in the Params – “Drivers”,”Accessories” (which throws a validate error), or do I put in the run command for “Run-HPIA” -Category ‘drivers’,’accessories’ I have tried a couple things, but it keeps telling me there is nothing to update. (even though I ran HPIA manually and it does show an accessory available to install)
Plus the command line looks wrong when it does run and returns 257
Running HPIA with Args: /Operation:Analyze /Category:drivers accessories…etc.
thanks for any help..I’m stumped! π
I’ll have to go back and look into this. I don’t think I accounted for Accessories when I created it.
You ever get this figured out Vern? This same thing happens in our environment even without all the fancy powershell stuff. Just calling HPIA.exe, it will happen on some systems and return 257.
Does the Hp-connect method stop bitlocker kicking in when deploying Bios updates?
Been trying the Windows Update method for drivers including bios updates and have found on some models bitlocker kicks in
Any way around this so we can keep bios updated but keep bitlocker happy
HP Connect, when it loads the BIOS Updates, it will suspend BitLocker, and that’s been working well in my experience. I’ve heard of some folks having BitLocker lockouts RANDOMLY, but very sporadic to the point it’s been hard to troubleshoot.