TLDR: Function on GitHub | ConfigMgr CI / Intune PR Script on GitHub
So I’m going to cover several docks in one process. I originally started out with supporting the HP USB-C G5 Essential Dock, but I ended up going down a rabbit hole and adding several with the collaboration of my coworker Dan Felman.
Related Posts
- HP Dock WMI Provider Deployment & Inventory with ConfigMgr
- HP Dock Registry & Inventory with ConfigMgr
HP White Paper: HP_Firmware_Installer_for_Docks_L33010-004.pdf
Supported Docks | Firmware Softpaq Downloads (as of 2024.04.01 when I checked last)
- HP USB-C G5 Essential Dock* | Softpaq Info | sp151760.exe | 01.00.10.00 | Mar 14, 2024
- HP Thunderbolt Dock G4* | Softpaq Info | sp151762.exe | 1.5.22.0 | Mar 14, 2024
- HP Thunderbolt Dock G2* | Softpaq Info | sp143977.exe | 1.0.71.1 | Dec 15, 2022
- HP USB-C Dock G5* | Softpaq Info | sp150455.exe | 1.0.20.0 | Dec 20, 2023
- HP USB-C Universal Dock G2** | Softpaq Info | sp150473.exe | 1.1.20.0 | Dec 4, 2023
Recently added support in my function, but uses completely different process then newer devices, so connect with me if you run into any issues, as a lot of additional code was needed.
- HP USB-C Dock G4* | Softpaq Info | sp88999.exe | F.37 | Jul 15, 2018
* Tested myself with units I have on hand
** Waiting for test Units to arrive… will update post if anything is wrong from my original findings.
Overall Process
- Detect Dock that is attached to device
- Download latest firmware for device (via HPCMSL if available or hardcoded URL in script)
- Run HPFirmwareInstaller -C to run a check of the system.
- If Check determines Update needed… continue to update… else exit
Methods to detect current HP Dock Firmware
HP Thunderbolt docks and others as well have their information in the Registry, ONCE you run the HPFirmwareInstaller.exe command. You can run this as a check, and it will add the values. However, this information for the Thunderbolt G4 dock is also available via WMI like the HP USB-C Dock G5 (see below), so that’s a good way to standardize gathering the information:
The subkey is unique as it is the Serial Number of the dock. The script I wrote will look in all child keys to find the “InstalledPackageVersion”.
HP USB-C Dock G5 (NOT the Essential dock) have their information in WMI (from what I’ve read, I’m still waiting on my test device to confirm). You do need to install the WMI provider for it, which would be in the firmware downloads for the docks. I’m using WMIExplorer to show where it is…
$computer = $env:COMPUTERNAME
$namespace = "ROOT\HP\InstrumentedServices\v1"
$classname = "HP_DockAccessory"
Write-Output "====================================="
Write-Output "COMPUTER : $computer "
Write-Output "CLASS : $classname "
Write-Output "====================================="
Get-WmiObject -Class $classname -ComputerName $computer -Namespace $namespace |
Select-Object * -ExcludeProperty PSComputerName, Scope, Path, Options, ClassPath, Properties, SystemProperties, Qualifiers, Site, Container |
Format-List -Property [a-z]*Related Posts: HP Dock WMI Provider Deployment & Inventory with ConfigMgr – GARYTOWN ConfigMgr Blog
If you download the firmware, you can grab the WMI Provider in the Manageability Folder and deploy it out, then you can use that to collect the inventory in ConfigMgr pretty easy by adding that WMI namespace for hardware inventory. Once I get one of these docks, I’ll plan to blog that process too. On my test machine, I ran HPDockWMIProvider.exe, and let it do it’s thing. The “HP Dock Accessory WMI Provider” App shows under Add / Remove programs.
HP USB-C G5 Essential Dock.. I haven’t found any place to get this without running the HPFirmwareInstaller.exe tool, which creates an output file with the information, so that’s what I end up doing.
HPFirmwareInstaller.exe -C to run a check, which creates a file called: HPFI_Version_Check.txt
Note: Error Code:105 = ‘Out – of – date firmware detected when running with ‘check’ flag.’
Custom Function: Get-HPDockUpdateDetails
Based on what I learned and how to test if an update is needed, I, with the help of coworker Dan Felman, wrote a function to get information about the HP Dock attached, and update with additional parameters.
Using Get-HPDockUpdateDetails Function to Update Dock & Create Log
I’ll be running the function with three parameters:
- UIExperience set to NonInteractive = Shows the display for the update, so user can see progress but not interfere.
- -Update = To allow the update to happen if device finds an update available
- -Transcript = Create a transcript log of the process in C:\swsetup\dockfirmware
Get-HPDockUpdateDetails -UIExperience NonInteractive -Update -Transcript
HP Dock Updates via Intune Proactive Remediation
For this, you’ll want to take the main script in GitHub, create two copies of it.
- HPDockUpdater_Detect.ps1
- Set variables: $Purpose = “IntunePR” & $Remediate = $false
- HPDockUpdater_Remediate.ps1
- Set variables: $Purpose = “IntunePR” & $Remediate = $true
Then upload to Intune:
HP Dock Updates via ConfigMgr Configuration Items
For this, you’ll want to take the main script in GitHub & the Detection Script in GitHub, then create a new Configuration item, choosing Windows Desktops & Servers and check the box for “This configuration item contains application settings.”
On the Detection Methods Screen, paste the Detection Script in from GitHub:
In both the Discovery & Remedition script areas, you’ll paste in the script from GitHub
Make minor adjustments on both scripts:
- Discovery
- Set variables: $Purpose = “ConfigMgr” & $Remediate = $false
- Remediation
- Set variables: $Purpose = “ConfigMgr“ & $Remediate = $true
On the Compliance Rules Tab, click “New”, set the Value to “Compliant”, and check the two boxes.
Then finish up, and add it to one of your baselines, or create one for it to deploy. I’ve added it to my HP Clients Baseline and make sure you set it to optional, so it only runs on devices that has a dock detected.
Note, This did work for me, however due to the amount of time the script takes to run, I did get a time out error:
But it did successfully update the Dock Firmware:
And the next time the Baseline Ran, it went back into compliance:
If a dock is not connected, it will report “Not Detected” and not impact your compliance.
PowerShell Simple Method..
If you just want to play with the function and test updating a system, grab this code, then grab the function from github and paste into that area, and trigger it.
### Grab Function Get-HPDockUpdateDetails and Paste Here: https://github.com/gwblok/garytown/edit/master/hardware/HP/Docks/Function_Get-HPDockUpdaterDetails.ps1
### Function Ends
$DockInfo = Get-HPDockUpdateDetails
if ($DockInfo.UpdateRequired -eq $true){ #Update Required
Get-HPDockUpdateDetails -UIExperience NonInteractive -Update -Transcript
}
Wrapping Up
With the examples I’ve provided, you can either create your own Proactive Remediation or Configuration baseline based on these two examples, or you can use any method you want leveraging the custom Get-HPDockUpdateDetails function, like scheduled tasks, Tanium, or other endpoint management systems.
Please provide feedback, as I had very limited ability to test.
GARYTOWN.COM
I think I know the answer, but will there be an updated WMI Provider to accommodate the essentials dock eventually?
No, it’s not a matter of adding support to the WMI Provider, the essential’s dock is missing an required chip in the device that would allow for WMI Management. This was due to chip shortages and supply chain issues (I’ve been told). If it were a matter of updating code and pushing firmware update, it would have been done by now. It’s just not possible due to that hardware limitation of the dock.
Testing with a HP USB-C Dock G5, not returning the InstalledFirmware version
This line (417)
$VersionFile = “$PSScriptRoot\HPFI_Version_Check.txt”
Should be
$VersionFile = “.\HPFI_Version_Check.txt”
Would work fine if the script is in the current working directory, but during my testing, it’s not.
Thanks. I’ve updated the Function as you suggested. Once I get one of those docks for testing, I will double check things.
hi,
Is there a switch to update on disconnect if docks supports it. I know that the G5 can do this but the G5 essential not.
In the current script, there is not. I’ll add it to my list.
Not nearly as elegant as what you’ve composed, but this how I’ve handled firmware for these to date. For me, it was essential to be able to stage the update, and support the install upon disconnect, as the install performed while docked disconnects network and monitors, and disrupts the user and creates helpdesk tickets.
– push the extracted wmi installer to all laptops via Intune or RMM of choice
– Run a detection script to detect existing firmware version:
$namespace = “ROOT\HP\InstrumentedServices\v1”
$classname = “HP_DockAccessory”
Get-WmiObject -Class $classname -Namespace $namespace | Select-Object -expandproperty firmwarepackageversion
– Use a regex to trigger the remediation script based on output value. Say if less than “1.0.\b([1-9]|1[0-3])\b.0”
– download the softpaq
cd c:\HPassets
Get-Softpaq -number 134241 -quiet -overwrite skip
-install the firmware msi
msiexec /i C:\hpassets\SP134241\Manageability\HPFirmwareInstaller64.msi /qn /L*v C:\hpassets\dock.log
-execute the stage install upon dock disconnect
cd “C:\Program Files\HP\HP Firmware Installer\HP USB-C Dock G5”
HPFirmwareInstaller.exe -stage -silent
Looking forward to you updating yours to support upon disconnect so I can dump my janky method 🙂
-As an additional note, if you run Windows Defender with ASR rules, the hpfirmwareinstaller will get blocked by the WMI based ASR rules, so make sure to exclude it as an exception.
Thanks for the feedback, really appreciate your thoughts.
I’ve added “install firmware upon disconnect” to my backlog. I’m waiting for some more test devices.
Thanks for the tip on Windows Defender ASR rules, I hadn’t run into that yet.
I’ve added a switch for -stage into the function, however I don’t have any of those docks on hand that support that feature, so I haven’t done any testing.
https://github.com/gwblok/garytown/blob/master/hardware/HP/Docks/Function_Get-HPDockUpdaterDetails.ps1
Awesome! It works. Tested so far on a few G5 docks with -stage and it worked perfectly! Will be trying a few “essential” docks later today. I don’t believe they support the -stage switch so I’ll let you know what happens 🙂
I don’t think I setup the Essentials dock to work with -stage, I think I limit that to: USB-C Dock G5 & HP USB-C Universal Dock G2 & HP Thunderbolt Dock G4
If you are able to verify the Essentials dock DOES support the -stage, I’ll update the script to allow the Essentials dock to accept the -stage.
Line 454 as of today: https://github.com/gwblok/garytown/blob/master/hardware/HP/Docks/Function_Get-HPDockUpdaterDetails.ps1#L454
Attached Dock Name: ‘HP USB-C Dock G5’
Update on peripheral disconnect
[code]
Get-HPDockUpdateDetails -Update -Stage -UIExperience NonInteractive
[/code]
[quote]
Success
[/quote]
Big thanks for your work! We apply with succes your script Function_Get-HPDockUpdaterDetails.ps1 in Ivanti End point manager for G5, G5 essential and TB G4…
Cheers
Thanks for letting me know. It’s great to hear from people who have used these processes. Glad it has helped!
Many thanks for the good work.
Could you add an option to the script that interactively asks the user whether they want to perform the update now? The user must have the option of not carrying out the update for the moment.
If the user is in a meeting or doing urgent work, network interruptions and monitor fluctuations are not desirable.
I’d recommend using the stage parameter, so if the dock supports staging the update, it will not install until the laptop is disconnected.
Other, use the function to help inventory your docks, then use your current management solution to deploy the updates using the user controls you desire.
Example, you can use PSADT to create a process that prompts the user. You could also use a Task Sequence to achieve your goals.
You could also have HPIA available in Software Center / Company Portal for end users to trigger manually which will also update dock firmware.