This post will be building on the last post which created the Global Condition needed for this App model deployment to work. If you haven't already done so, check it out and build it.
- Create applications - Configuration Manager | Microsoft Learn
- HP Dock ConfigMgr Global Condition – GARYTOWN ConfigMgr Blog
- HP White Paper: HP_Firmware_Installer_for_Docks_L33010-004.pdf.
- Updating HP Docks with Intune or ConfigMgr using PowerShell
Docks Tested so far:
- Thunderbolt G2 (Limited Testing)
- USB-C G5
- USB-C G5 Essential
Download of App Export... keep reading until the bottom.
On docks that support the staging ( -stage) of the firmware, that's the method I'm going with, as for the rest, I'm having it run with Non-Interactive (-ni), which will install the firmware when the deployment runs, but provides a UI for the upgrade process, so users see it going on.
This makes it tricky for the detection methods, as after the firmware is staged, the dock isn't actually upgraded. So the detections methods differ based on being staged or not.
About Staged Firmware Updates
This is a really slick method for getting updates out without must user impact. Essentially what it is, when you run the firmware upgrade with -stage, it will stage the firmware payload onto the dock itself into a small storage area, then when the user disconnects their device from the dock, it triggers the dock to update the firmware. It works great in shared spaces, but can be a challenge when laptops are treated like desktops and never disconnect from the docks. In this scenario, I'd recommend having a couple of different Applications, one set for Staging and one for just forcing, then plan your deployments accordingly.
Application & App DTs
The Install script is kept with the source content which includes the HP Softpaq Firmware updates for each Dock. For details about getting the Firmware Updates for the docks, please see this post which I have placed all of the HP Dock information: Updating HP Docks with Intune or ConfigMgr using PowerShell – GARYTOWN ConfigMgr Blog - Sample from that page:
In my source, I have the script and update exe files. During the installation, they will be extracted and the embedded updater exe file will be called.
I'm using the same script for each application deployment type.
Script on GitHub: CM_AppModel_DockUpdaterScript.ps1
powershell.exe -ExecutionPolicy Bypass -NoLogo -NonInteractive -NoProfile -WindowStyle Hidden -File CM_AppModel_DockUpdaterScript.ps1
The script will default to using -stage on the devices that support it, and -ni (NonInteractive) on the other docks. This is all customizable in the script via parameters, allowing you to have the docks that support staging to update right away (skip staging).
The script will:
- Create Folder structure for Dock update process (c:\swsetup\dockfirmware\spXXXXX)
- Extract the spXXXXXX.exe to that folder
- run a firmware update check (-c) to determine if an update is required
- if no update needed, exit code 0 (Success)
- This is needed to deal with hotelling scenarios.
- build the installer command line and run it.
- detect if HPCMSL is on device, if it is, create a toast notification about the device being updated (optional)
- Exit with Firmware Exit code.
This is where we use the Global Condition we created in the last post, where each Dock is associated with a different number.
The return codes for the HP Firmware Updater have been added into the CM App, which are found in the HP White Paper.
Detection Methods in Detail
Detection Method Scripts: garytown/CM_AppModel_DockDetectionMethodScripts.ps1
Staged Firmware Update Detection
Because the dock isn't being updated when the deployment runs, and the firmware is only being staged, to detect if this has happened, we're going to have the installer logs to to specific locations, then parse those logs to ensure the firmware was staged, as well as depend on the exit code from the firmware updater.
The detection script requires that you keep the $UpdateVersion updated to match the version of the firmware you're deploying. First check is to match WMI, if versions match, then we know the firmware is already current. Second check is to look at the firmware update log and confirm that the correct version was being deployed, and if so, check for "Success" in the log. If so, we'll ASSUME that the firmware was staged and mark that as compliant for detection.
If both the version in WMI is wrong, and the Firmware Update log doesn't list the correct version and success, then it would return null and be "Not Detected"
Forced Firmware Update Detection (non-staged)
- Essential Dock G5
This I thought was going to be easier, I ended up revisiting this process several times during writing this post and finally landed on calling the firmware updater with a check function to determine if the firmware requires an update.
- Thunderbolt G2
This one I thought was going to be straight forward and just be a registry detection, then I remembered the registry detection won't be there in a "hotelling" situation. A dock might have been upgraded via a different device, so we need to create a process that will accommodate that. So basically, I'm landing on calling the Firmware Updater to do a check to determine if an update is required or not. It's the only way that I can figure will give me 100% accuracy if a Dock (that doesn't support WMI) requires an update.
In this detection, it runs the firmware updater, if it doesn't find it, it assumes the dock needs to run the install script. If you don't deal with hotelling, then you can do this detection a bit differently, as you can rely on the logs files and registry items being present after an upgrade.
In Action - Staging Firmware Update
Test machine with the USB-C G5 Dock
Checking WMI confirms that this dock is on 126.96.36.199 (not the latest)
Custom Function: garytown/Function_Get-HPDockUpdateDetails.ps1
Triggering the App from software center.. it is running completely silent since it's a dock that supports staging:
When completed, since my HP end points all have HPCMSL, I get a notification as well as Software Center saying Successful.
At this point, the dock only has the firmware staged, it is not yet upgraded. WMI Confirms:
Now... I'm going to disconnect the dock, wait 15 minutes and reconnect..... 15 minutes later... refresh instances
The Dock has been updated with no user disruption.
In Action - Upgrading Realtime as deployment runs
HP USB-C G5 Essential Dock
This dock does not have WMI support, or staging of the firmware support. So when this App DT runs, it will update the firmware ASAP.
Confirmed the device requires update, lets trigger it in Software Center:
When complete, the Firmware Update UI will disappear, and if you have HPCMSL installed, a Toast Notification will popup notifying the user it has been completed.
Note, the detection for this Dock relies on files created during the update, since this dock does not have WMI suppport. "C:\swsetup\dockfirmware\$SoftPaqNumber\"
If that folder gets deleted, then the application will no longer be seen as "Installed" for that Dock, and the Firmware will be made available again. However... if it runs again, it will quickly detect that the firmware is current and not run the full install. The install script will recreate that folder structure and populate what is needed for detection (which is the firmware updater to run a check on)
I'm deleting the folder & triggering app eval: Now shows the App as needed again. This would also be common in "hotelling" situations where a different laptop might have updated the Dock firmware then the one that is now using the dock. Lets quick demo what that would look like.
This is the device I just used to update the Dock on, but I delete the dockfirmware folder and triggered an App Eval, the App is now showing as available to Install
Installing again goes very quickly, as the script will exit out after the check has completed.
The Full Install took about 7 minutes:
The Install when the firmware is already current, about 12 seconds, and the status goes to "Installed"
I was trying to test my TB G2 device, but I back flashed it enough times that I think I killed it. I can't get it to fully install any firmware now. Oops..
You made it this far... here is a link to the export of the Application.|
HP Dock Updates - CM App Model (595 downloads)
Hit me up with questions, or if anything needs clarification, I'd be happy to explain in more detail.