I’m a big fan of Dell’s Command Update utility. Dell Command update is a program that makes updating Dell based devices super easy, a single utility that you can install on any workstation to update all devices is great. We always deploy Dell Command update with any machine we hand out to clients.
The next issue that occurs is that we need to know if the updates are running well. For this, I’ve made a monitoring set. To make sure that you don’t just monitor without action, we also created a set that automatically remediates.
The monitoring script
The monitoring script downloads a zip file with the Dell Command Update utility. You can create this zip-file yourself by installing Dell Command Update and simply zipping the install location. It then unzips the downloaded file, and runs the DCU-cli with the Report Parameter, I would advise to only run this set on an hourly or even daily schedule, using your RMM system of course.
#Replace the Download URL to where you've uploaded the ZIP file yourself. We will only download this file once.
$DownloadURL = "https://www.cyberdrain.com/wp-content/uploads/2019/09/DCU.zip"
$DownloadLocation = "$($Env:ProgramFiles)\DCU"
#Script:
$TestDownloadLocation = Test-Path $DownloadLocation
if(!$TestDownloadLocation){
new-item $DownloadLocation -ItemType Directory -force
Invoke-WebRequest -Uri $DownloadURL -OutFile "$($DownloadLocation)\DCU.zip"
Expand-Archive "$($DownloadLocation)\DCU.zip" -DestinationPath $DownloadLocation -Force
}
#We start DCU with a reporting parameter set. We wait until the report has been generated.
Start-Process "$($DownloadLocation)\DCU-CLI.exe" -ArgumentList "/report `"$($DownloadLocation)\Report.xml`"" -Wait
$XMLReport = get-content "$($DownloadLocation)\Report.xml"
$BIOSUpdates = ($XMLReport.updates.update | Where-Object {$_.type -eq "BIOS"}).name.Count
$ApplicationUpdates = ($XMLReport.updates.update | Where-Object {$_.type -eq "Application"}).name.Count
$DriverUpdates = ($XMLReport.updates.update | Where-Object {$_.type -eq "Driver"}).name.Count
$FirmwareUpdates = ($XMLReport.updates.update | Where-Object {$_.type -eq "Firmware"}).name.Count
$OtherUpdates = ($XMLReport.updates.update | Where-Object {$_.type -eq "Other"}).name.Count
$PatchUpdates = ($XMLReport.updates.update | Where-Object {$_.type -eq "Patch"}).name.Count
$UtilityUpdates = ($XMLReport.updates.update | Where-Object {$_.type -eq "Utility"}).name.Count
$UrgentUpdates = ($XMLReport.updates.update | Where-Object {$_.Urgency -eq "Urgent"}).name.Count
As this is a number monitor, if something is 0 you are completely up to date, we monitor all type of updates. We also like knowing if an update is urgent, which has a separate category.
Remediation
So remediation can be done quickly, In theory we would only have to run a single command, which is the following script
$DownloadLocation = "$($Env:ProgramFiles)\DCU" Start-Process "$($DownloadLocation)\DCU-CLI.exe" -Wait
The problem with running this script directly that by default all updates that the DCU finds will be installed, and you cannot set a classification to be excluded. If you would like to exclude specific update types such as BIOS updates or utility software, you’ll have to do this:
- Open DCU on your administrator workstation
- click on the cog in the top right corner
- update filter:, unselect the updates you want to exclude.
- Export/Import: and export the MySettings.xml file.
- Add this MySettings.xml file to your self-hosted DCU zip file.
If you’ve done this small list of tasks, then use the following script to install the updates instead:
$DownloadLocation = "$($Env:ProgramFiles)\DCU" Start-Process "$($DownloadLocation)\DCU-CLI.exe" -ArgumentList "/import /policy `"$($DownloadLocation)\MySettings.xml`"" -Wait Start-Process "$($DownloadLocation)\DCU-CLI.exe" -Wait
When executing Thunderbolt or BIOS updates. You will also need to suspend Bitlocker. You can use the following script for this. My advice would be to execute the reboot immediately in this case – and only use this if you are certain that the device is in a secure environment during execution.
$DownloadLocation = "$($Env:ProgramFiles)\DCU" Start-Process "$($DownloadLocation)\DCU-CLI.exe" -ArgumentList "/import /policy `"$($DownloadLocation)\MySettings.xml`"" -Wait Suspend-BitLocker -MountPoint 'C:' -RebootCount 1 Start-Process "$($DownloadLocation)\DCU-CLI.exe" -Wait
the AMP file can be found here. As always, Happy PowerShelling!
Thank you sir! I have been using Command Update to automate different Windows deployments for a while now. I have been getting more SCCM exposure lately so I have been trying to figure out the best way to automate driver updates for different device collections in my current environment.
No problem! I’m glad I was able to help!
Nice script. I noticed its for Dell Command Update 2.4.
We have had some systems where only Dell Command Update 3.0 seems to get the correct updates. Any word on when / if 3.0 will be scriptable?
Due to being a UWP application, 3.0 will not get a CLI/non-gui option. I was recently told that Dell will release a new tool similar to DCU 2.4, which will be able to pick those updates up.
Ever get this error when running dcu.cli?
Error: Check for updates ended. (System Scan failed)
Running DellCommandUpdate.exe manually works and find updates.
I see DCU 3.1 has been released with a return of the CLI, but running the ‘portable’ version doesnt seem to work. I only get Program exited with return code: xxx.
Pingback: Monitoring with PowerShell: Monitoring Dell Driver Updates (DCU 3.1) - CyberDrain