Monitoring with PowerShell: Monitoring Dell Driver Updates (DCU 3.1)

Previously I’ve written a blog about Dell Command Update and its ability to monitoring and download updates. This blog was based on Dell Command Update 2. As it is with all applications this started working less on newer machines. To resolve this Dell released a new major update for Dell Command Update which according to Dell, works on 99% of the Dell devices.

I really like monitoring if the device drivers are up to date, and all versions are as current as can be. Dell Command Update also allows you to install the updates on the device for remediation\

Updates Detection Script

The monitoring script downloads the installation file with the Dell Command Update utility. You can host the file yourself if you do not trust Dell as a source. The script installs DCU, sets the DCU service to manual, and runs the DCU-cli with the Report Parameter, I would advise to only run this set on an hourly or even daily schedule, using your RMM system of course.

You can choose what variables to alert on yourself – I like reporting on the count of updates, but I know others rather would alert on the title. At the bottom of the scripts I’ve added specific alerting options – You can choose which of these you find important.

$DownloadURL = "https://dl.dell.com/FOLDER05944445M/1/Dell-Command-Update_V104D_WIN_3.1.0_A00.EXE"
$DownloadLocation = "C:\Temp"

try {
    $TestDownloadLocation = Test-Path $DownloadLocation
    if (!$TestDownloadLocation) { new-item $DownloadLocation -ItemType Directory -force }
    $TestDownloadLocationZip = Test-Path "$DownloadLocation\DellCommandUpdate.exe"
    if (!$TestDownloadLocationZip) { 
        Invoke-WebRequest -UseBasicParsing -Uri $DownloadURL -OutFile "$($DownloadLocation)\DellCommandUpdate.exe"
        Start-Process -FilePath "$($DownloadLocation)\DellCommandUpdate.exe" -ArgumentList '/s' -Verbose -Wait
        set-service -name 'DellClientManagementService' -StartupType Manual
    }

}
catch {
    write-host "The download and installation of DCUCli failed. Error: $($_.Exception.Message)"
    exit 1
}

start-process "C:\Program Files\Dell\CommandUpdate\dcu-cli.exe" -ArgumentList "/scan -report=$DownloadLocation" -Wait
[ xml]$XMLReport = get-content "$DownloadLocation\DCUApplicableUpdates.xml" 
#We now remove the item, because we don't need it anymore, and sometimes fails to overwrite
remove-item "$DownloadLocation\DCUApplicableUpdates.xml" -Force

$AvailableUpdates = $XMLReport.updates.update

$BIOSUpdates = ($XMLReport.updates.update | Where-Object { $_.type -eq "BIOS" }).name.Count
$ApplicationUpdates = ($XMLReport.updates.update | Where-Object { $_.type -eq "Application" }).name.Count
$DriverUpdates = ($XMLReport.updates.update | Where-Object { $_.type -eq "Driver" }).name.Count
$FirmwareUpdates = ($XMLReport.updates.update | Where-Object { $_.type -eq "Firmware" }).name.Count
$OtherUpdates = ($XMLReport.updates.update | Where-Object { $_.type -eq "Other" }).name.Count
$PatchUpdates = ($XMLReport.updates.update | Where-Object { $_.type -eq "Patch" }).name.Count
$UtilityUpdates = ($XMLReport.updates.update | Where-Object { $_.type -eq "Utility" }).name.Count
$UrgentUpdates = ($XMLReport.updates.update | Where-Object { $_.Urgency -eq "Urgent" }).name.Count

So that’s the detecting updates portion, of course we also have the commandline to install the updates. Lets get started with that.

Remediation

Remediation is fairly straight forward. When using the switch /ApplyUpdates the updates start immediately. Of course we like having a little more control, so all the options are listed here. I’ve also included some examples:

Installing all updates, disable bitlocker, and reboot if required:

$DownloadLocation = "C:\Program Files\Dell\CommandUpdate"
start-process "$($DownloadLocation)\dcu-cli.exe" -ArgumentList "/applyUpdates -autoSuspendBitLocker=enable -reboot=enable" -Wait

This installs all available update found during the last scan including BIOS updates, suspends bitlocker, and reboots the computer immediately.

Installing all updates, do not disable Bitlocker, and do not reboot

$DownloadLocation = "C:\Program Files\Dell\CommandUpdate"
start-process "$($DownloadLocation)\dcu-cli.exe" -ArgumentList "/applyUpdates -autoSuspendBitLocker=disable -reboot=disable" -Wait

This installs all available update found during the last scan excluding BIOS updates, because we aren’t suspending bitlocker, and lets the user reboot the computer.

Install BIOS updates, suspend bitlocker, reboot

$DownloadLocation = "C:\Program Files\Dell\CommandUpdate"
start-process "$($DownloadLocation)\dcu-cli.exe" -ArgumentList "/applyUpdates -autoSuspendBitLocker=enable -reboot=enable -updateType=bios" -Wait

And this one installs only the BIOS updates. I think with these examples and the manual I’ve posted above you can figure out your exact preferred settings.

So that’s it! As always, Happy PowerShelling!

17 Comments

  1. Wessel March 4, 2020 at 4:39 pm

    Hello, I tried multiple times to get this script to work, but whatever I do, when it gets to get-content i get an error saying permission denied, or an error saying file not found.
    I can’t figure it out.

    1. Kelvin Tegelaar March 4, 2020 at 5:02 pm

      It might be that your temp path is in a protected location. Try this:


      new-item "C:\DCU\" -ItemType Directory -Force -ErrorAction SilentlyContinue
      start-process "$($DownloadLocation)\dcu-cli.exe" -ArgumentList "/scan -report=C:\DCU" -Wait
      [xml]$XMLReport = get-content "C:\DCU\DCUApplicableUpdates.xml"
      #We now remove the item, because we don't need it anymore, and sometimes fails to overwrite
      remove-item "C:\DCU\DCUApplicableUpdates.xml" -Force

  2. Travis Phipps March 7, 2020 at 5:07 am

    We’ve been using this with DCU version 2.4 for awhile now but are wanting to move to the newer 3.1.1 version. However, after zipping up the CommandUpdate folder and then unzipping and running on a ‘clean’ Dell system, we’re getting an error message stating “Dell Command | Update requires the DellClientManagementService.”

    We prefer not installing the DCU tool on client systems and just using the ‘portable’ CLI version to avoid user prompts. But it appears 3.1+ of the DCU tool may require some level of Dell Client management software being installed already. Anybody clear on what’s needed and if it’s possible to keep this fully silent?

    1. Kelvin Tegelaar March 8, 2020 at 2:56 pm

      I haven’t seen that error on clean systems, I’ll investigate and get back to you on this. πŸ™‚

      1. Travis Phipps April 23, 2020 at 5:24 am

        Just wanted to update that we’ve confirmed this version of DCU does indeed require the DCU application stack to be installed on the computer before you can use dcu-cli.exe. Specifically, the “Dell Client Management Service” has to be installed and working. Since we have an imaging process for all new systems that strips away any vendor apps, we were having issues. But you can easily script the silent installation of DCU by just running the exe installer with /s on the end. For good measure to ensure nothing automatic runs with user prompts (our paranoia), we just immediately stop the service and set it to manual after install. When DCU-CLI runs, it automatically starts the service (and then we stop it again). Hope that helps anyone else hitting this error.

        1. Kelvin Tegelaar April 23, 2020 at 10:01 am

          Thanks for testing! I’ve uploaded the blog to fix this. πŸ™‚

  3. MD2Tech March 11, 2020 at 6:37 pm

    I never used DCU before. I just installed it on my machine to check it out and see the dcu-cli.exe in the Program Data folder. My question is… what exactly am I zipping? Is it the whole program folder or just the dcu-cli.exe?

    Posted this question on the wrong blog… I’m looking at multiple of yours lol

  4. Travis Phipps April 27, 2020 at 12:56 am

    Well, I think we found another issue. We realize it’s not ideal, but due to the large number of laptop devices we support, we need to apply BIOS updates and then just prompt the user to reboot on their own schedule. So we tried using the syntax below. But the problem we’re seeing is that BIOS updates and/or the Thunderbolt Controller update seem to ignore the reboot=disable command. Machines are still rebooting immediately when we run the script. Anybody have any ideas??

    start-process “$($DownloadLocation)\dcu-cli.exe” -ArgumentList “/applyUpdates -autoSuspendBitLocker=enable -reboot=disable -outputLog=C:\Dell\DCU_Update.log” -Wait

    1. Kelvin Tegelaar April 27, 2020 at 11:11 pm

      I haven’t seen that yet, but I think I know someone that might’ve. Do you have a model number and an update ID? that way I can simulate some tests here. πŸ™‚

      1. Travis Phipps May 3, 2020 at 10:55 pm

        Sorry for delayed response. I don’t get emails when you reply.
        Model: Latitude 7490
        Not sure what Update ID you’re looking for. These were the two that installed:
        F6N5H, Dell Latitude 7290/7390/7490 System BIOS, 1.13.1
        TBT79, Intel Thunderbolt Controller Driver, 17.4.79.510

      2. Jay March 24, 2021 at 8:33 pm

        We are seeing the same issue with Latitude 7410 (09BE). I believe this is the offender in the bunch (Dell Latitude 7310/7410 System BIOS, 1.5.2 )
        Haven’t found anything online on how to get around it…

  5. Sean Cornelius November 9, 2020 at 10:57 pm

    Is there a way to run this with /s to suppress the cmd window. I’m asking because we have some users that exit out of it before it finishes and it seems the xml file is not created. I added /s but got error that the .xml does not exist when I do. Am I doing something wrong.

    start-process “C:\Program Files\Dell\CommandUpdate\dcu-cli.exe” -ArgumentList ” /scan -silent -report=$DownloadLocation ” -Wait
    [ xml]$XMLReport = get-content “$DownloadLocation\DCUApplicableUpdates.xml”

  6. Jim Richardson June 5, 2021 at 5:06 pm

    This looks to be very useful. Is there an updated version referencing Dell Command | UpdateVersion 4.x?

  7. Robbie August 27, 2021 at 10:02 pm

    A lot of my workstations are returning the error “The download and installation of DCUCli failed. Error: The remote server returned an error: (304) Not Modified. (No variables)”

  8. Asher September 2, 2021 at 1:47 pm

    Hey..I have been getting alerts for multiple computers on my Datto RMM regarding a failed Dell command update.

    β€œAlert: The download and installation of DCUCli failed. Error: The remote server returned an error: (304)”.

    I have tried updating the DCU app – even tried reinstalling it on some computers, but the alerts are still coming in. Also, the DCU app is not showing any pending updates. :/

    1. Kelvin Tegelaar September 2, 2021 at 9:02 pm

      This error means you’re getting rate limited by Dell, replace the URL with the latest version to prevent this.

Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.