Monitoring with PowerShell: Monitoring Dell Driver Updates (DCU 3.1)

Previously I’ve written a blog about Dell Command Update and its ability to monitoring and download updates. This blog was based on Dell Command Update 2. As it is with all applications this started working less on newer machines. To resolve this Dell released a new major update for Dell Command Update which according to Dell, works on 99% of the Dell devices.

I really like monitoring if the device drivers are up to date, and all versions are as current as can be. Dell Command Update also allows you to install the updates on the device for remediation\

Updates Detection Script

The monitoring script downloads the installation file with the Dell Command Update utility. You can host the file yourself if you do not trust Dell as a source. The script installs DCU, sets the DCU service to manual, and runs the DCU-cli with the Report Parameter, I would advise to only run this set on an hourly or even daily schedule, using your RMM system of course.

You can choose what variables to alert on yourself – I like reporting on the count of updates, but I know others rather would alert on the title. At the bottom of the scripts I’ve added specific alerting options – You can choose which of these you find important.

$DownloadURL = "https://dl.dell.com/FOLDER05944445M/1/Dell-Command-Update_V104D_WIN_3.1.0_A00.EXE"
$DownloadLocation = "C:\Temp"

try {
    $TestDownloadLocation = Test-Path $DownloadLocation
    if (!$TestDownloadLocation) { new-item $DownloadLocation -ItemType Directory -force }
    $TestDownloadLocationZip = Test-Path "$DownloadLocation\DellCommandUpdate.exe"
    if (!$TestDownloadLocationZip) { 
        Invoke-WebRequest -UseBasicParsing -Uri $DownloadURL -OutFile "$($DownloadLocation)\DellCommandUpdate.exe"
        Start-Process -FilePath "$($DownloadLocation)\DellCommandUpdate.exe" -ArgumentList '/s' -Verbose -Wait
        set-service -name 'DellClientManagementService' -StartupType Manual
    }

}
catch {
    write-host "The download and installation of DCUCli failed. Error: $($_.Exception.Message)"
    exit 1
}

start-process "C:\Program Files\Dell\CommandUpdate\dcu-cli.exe" -ArgumentList "/scan -report=$DownloadLocation" -Wait
[ xml]$XMLReport = get-content "$DownloadLocation\DCUApplicableUpdates.xml" 
#We now remove the item, because we don't need it anymore, and sometimes fails to overwrite
remove-item "$DownloadLocation\DCUApplicableUpdates.xml" -Force

$AvailableUpdates = $XMLReport.updates.update

$BIOSUpdates = ($XMLReport.updates.update | Where-Object { $_.type -eq "BIOS" }).name.Count
$ApplicationUpdates = ($XMLReport.updates.update | Where-Object { $_.type -eq "Application" }).name.Count
$DriverUpdates = ($XMLReport.updates.update | Where-Object { $_.type -eq "Driver" }).name.Count
$FirmwareUpdates = ($XMLReport.updates.update | Where-Object { $_.type -eq "Firmware" }).name.Count
$OtherUpdates = ($XMLReport.updates.update | Where-Object { $_.type -eq "Other" }).name.Count
$PatchUpdates = ($XMLReport.updates.update | Where-Object { $_.type -eq "Patch" }).name.Count
$UtilityUpdates = ($XMLReport.updates.update | Where-Object { $_.type -eq "Utility" }).name.Count
$UrgentUpdates = ($XMLReport.updates.update | Where-Object { $_.Urgency -eq "Urgent" }).name.Count

So that’s the detecting updates portion, of course we also have the commandline to install the updates. Lets get started with that.

Remediation

Remediation is fairly straight forward. When using the switch /ApplyUpdates the updates start immediately. Of course we like having a little more control, so all the options are listed here. I’ve also included some examples:

Installing all updates, disable bitlocker, and reboot if required:

$DownloadLocation = "C:\Program Files\Dell\CommandUpdate"
start-process "$($DownloadLocation)\dcu-cli.exe" -ArgumentList "/applyUpdates -autoSuspendBitLocker=enable -reboot=enable" -Wait

This installs all available update found during the last scan including BIOS updates, suspends bitlocker, and reboots the computer immediately.

Installing all updates, do not disable Bitlocker, and do not reboot

$DownloadLocation = "C:\Program Files\Dell\CommandUpdate"
start-process "$($DownloadLocation)\dcu-cli.exe" -ArgumentList "/applyUpdates -autoSuspendBitLocker=disable -reboot=disable" -Wait

This installs all available update found during the last scan excluding BIOS updates, because we aren’t suspending bitlocker, and lets the user reboot the computer.

Install BIOS updates, suspend bitlocker, reboot

$DownloadLocation = "C:\Program Files\Dell\CommandUpdate"
start-process "$($DownloadLocation)\dcu-cli.exe" -ArgumentList "/applyUpdates -autoSuspendBitLocker=enable -reboot=enable -updateType=bios" -Wait

And this one installs only the BIOS updates. I think with these examples and the manual I’ve posted above you can figure out your exact preferred settings.

So that’s it! As always, Happy PowerShelling!

11 thoughts on “Monitoring with PowerShell: Monitoring Dell Driver Updates (DCU 3.1)

  1. Wessel

    Hello, I tried multiple times to get this script to work, but whatever I do, when it gets to get-content i get an error saying permission denied, or an error saying file not found.
    I can’t figure it out.

    Reply
    1. Kelvin Tegelaar Post author

      It might be that your temp path is in a protected location. Try this:


      new-item "C:\DCU\" -ItemType Directory -Force -ErrorAction SilentlyContinue
      start-process "$($DownloadLocation)\dcu-cli.exe" -ArgumentList "/scan -report=C:\DCU" -Wait
      [xml]$XMLReport = get-content "C:\DCU\DCUApplicableUpdates.xml"
      #We now remove the item, because we don't need it anymore, and sometimes fails to overwrite
      remove-item "C:\DCU\DCUApplicableUpdates.xml" -Force

      Reply
  2. Travis Phipps

    We’ve been using this with DCU version 2.4 for awhile now but are wanting to move to the newer 3.1.1 version. However, after zipping up the CommandUpdate folder and then unzipping and running on a ‘clean’ Dell system, we’re getting an error message stating “Dell Command | Update requires the DellClientManagementService.”

    We prefer not installing the DCU tool on client systems and just using the ‘portable’ CLI version to avoid user prompts. But it appears 3.1+ of the DCU tool may require some level of Dell Client management software being installed already. Anybody clear on what’s needed and if it’s possible to keep this fully silent?

    Reply
      1. Travis Phipps

        Just wanted to update that we’ve confirmed this version of DCU does indeed require the DCU application stack to be installed on the computer before you can use dcu-cli.exe. Specifically, the “Dell Client Management Service” has to be installed and working. Since we have an imaging process for all new systems that strips away any vendor apps, we were having issues. But you can easily script the silent installation of DCU by just running the exe installer with /s on the end. For good measure to ensure nothing automatic runs with user prompts (our paranoia), we just immediately stop the service and set it to manual after install. When DCU-CLI runs, it automatically starts the service (and then we stop it again). Hope that helps anyone else hitting this error.

        Reply
  3. MD2Tech

    I never used DCU before. I just installed it on my machine to check it out and see the dcu-cli.exe in the Program Data folder. My question is… what exactly am I zipping? Is it the whole program folder or just the dcu-cli.exe?

    Posted this question on the wrong blog… I’m looking at multiple of yours lol

    Reply
  4. Travis Phipps

    Well, I think we found another issue. We realize it’s not ideal, but due to the large number of laptop devices we support, we need to apply BIOS updates and then just prompt the user to reboot on their own schedule. So we tried using the syntax below. But the problem we’re seeing is that BIOS updates and/or the Thunderbolt Controller update seem to ignore the reboot=disable command. Machines are still rebooting immediately when we run the script. Anybody have any ideas??

    start-process “$($DownloadLocation)\dcu-cli.exe” -ArgumentList “/applyUpdates -autoSuspendBitLocker=enable -reboot=disable -outputLog=C:\Dell\DCU_Update.log” -Wait

    Reply
    1. Kelvin Tegelaar Post author

      I haven’t seen that yet, but I think I know someone that might’ve. Do you have a model number and an update ID? that way I can simulate some tests here. πŸ™‚

      Reply
      1. Travis Phipps

        Sorry for delayed response. I don’t get emails when you reply.
        Model: Latitude 7490
        Not sure what Update ID you’re looking for. These were the two that installed:
        F6N5H, Dell Latitude 7290/7390/7490 System BIOS, 1.13.1
        TBT79, Intel Thunderbolt Controller Driver, 17.4.79.510

        Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.