Monitoring with PowerShell: Monitoring Dell Driver Updates (DCU 3.1)

Previously I’ve written a blog about Dell Command Update and its ability to monitoring and download updates. This blog was based on Dell Command Update 2. As it is with all applications this started working less on newer machines. To resolve this Dell released a new major update for Dell Command Update which according to Dell, works on 99% of the Dell devices.

I really like monitoring if the device drivers are up to date, and all versions are as current as can be. Dell Command Update also allows you to install the updates on the device for remediation\

Updates Detection Script

The monitoring script downloads a zip file with the Dell Command Update utility. You can create this zip-file yourself by installing Dell Command Update and simply zipping the install location. It then unzips the downloaded file, and runs the DCU-cli with the Report Parameter, I would advise to only run this set on an hourly or even daily schedule, using your RMM system of course.

So I’d really suggest to host the file yourself, either by creating your own DCU.zip or downloading the one included in the script below. I will be removing this from my web host in the future. πŸ™‚

You can choose what variables to alert on yourself – I like reporting on the count of updates, but I know others rather would alert on the title. At the bottom of the scripts I’ve added specific alerting options – You can choose which of these you find important.

#Replace the Download URL to where you've uploaded the ZIP file yourself. We will only download this file once. 
$DownloadURL = "https://cyberdrain.com/wp-content/uploads/2020/02/DCU.zip"
$DownloadLocation = "$($Env:ProgramData)\DCU"
try {
    $TestDownloadLocation = Test-Path $DownloadLocation
    if (!$TestDownloadLocation) { new-item $DownloadLocation -ItemType Directory -force }
    $TestDownloadLocationZip = Test-Path "$DownloadLocation\DCU.zip"
    if (!$TestDownloadLocationZip) { Invoke-WebRequest -UseBasicParsing -Uri $DownloadURL -OutFile "$($DownloadLocation)\DCU.zip" }
    $TestDownloadLocationExe = Test-Path "$DownloadLocation\dcu-cli.exe"
    if (!$TestDownloadLocationExe) { Expand-Archive "$($DownloadLocation)\DCU.zip" -DestinationPath $DownloadLocation -Force }
}
catch {
    write-host "The download and extraction of DCUCli failed. Error: $($_.Exception.Message)"
    exit 1
}

start-process "$($DownloadLocation)\dcu-cli.exe" -ArgumentList "/scan -report=$ENV:temp\DCU" -Wait
[ xml]$XMLReport = get-content "$ENV:temp\DCU\DCUApplicableUpdates.xml" 
#We now remove the item, because we don't need it anymore, and sometimes fails to overwrite
remove-item "$ENV:temp\DCU\DCUApplicableUpdates.xml" -Force

$AvailableUpdates = $XMLReport.updates.update

$BIOSUpdates        = ($XMLReport.updates.update | Where-Object {$_.type -eq "BIOS"}).name.Count
$ApplicationUpdates = ($XMLReport.updates.update | Where-Object {$_.type -eq "Application"}).name.Count
$DriverUpdates      = ($XMLReport.updates.update | Where-Object {$_.type -eq "Driver"}).name.Count
$FirmwareUpdates    = ($XMLReport.updates.update | Where-Object {$_.type -eq "Firmware"}).name.Count
$OtherUpdates       = ($XMLReport.updates.update | Where-Object {$_.type -eq "Other"}).name.Count
$PatchUpdates       = ($XMLReport.updates.update | Where-Object {$_.type -eq "Patch"}).name.Count
$UtilityUpdates     = ($XMLReport.updates.update | Where-Object {$_.type -eq "Utility"}).name.Count
$UrgentUpdates      = ($XMLReport.updates.update | Where-Object {$_.Urgency -eq "Urgent"}).name.Count

So that’s the detecting updates portion, of course we also have the commandline to install the updates. Lets get started with that.

Remediation

Remediation is fairly straight forward. When using the switch /ApplyUpdates the updates start immediately. Of course we like having a little more control, so all the options are listed here. I’ve also included some examples:

Installing all updates, disable bitlocker, and reboot if required:

$DownloadLocation = "$($Env:ProgramData)\DCU"
start-process "$($DownloadLocation)\dcu-cli.exe" -ArgumentList "/applyUpdates -autoSuspendBitLocker=enable -reboot=enable" -Wait

This installs all available update found during the last scan including BIOS updates, suspends bitlocker, and reboots the computer immediately.

Installing all updates, do not disable Bitlocker, and do not reboot

$DownloadLocation = "$($Env:ProgramData)\DCU"
start-process "$($DownloadLocation)\dcu-cli.exe" -ArgumentList "/applyUpdates -autoSuspendBitLocker=disable -reboot=disable" -Wait

This installs all available update found during the last scan excluding BIOS updates, because we aren’t suspending bitlocker, and lets the user reboot the computer.

Install BIOS updates, suspend bitlocker, reboot

$DownloadLocation = "$($Env:ProgramData)\DCU"
start-process "$($DownloadLocation)\dcu-cli.exe" -ArgumentList "/applyUpdates -autoSuspendBitLocker=enable -reboot=enable -updateType=bios" -Wait

And this one installs only the BIOS updates. I think with these examples and the manual I’ve posted above you can figure out your exact preferred settings.

So that’s it! As always, Happy PowerShelling!

Kelvin Tegelaar
Follow me

6 thoughts on “Monitoring with PowerShell: Monitoring Dell Driver Updates (DCU 3.1)

  1. Wessel

    Hello, I tried multiple times to get this script to work, but whatever I do, when it gets to get-content i get an error saying permission denied, or an error saying file not found.
    I can’t figure it out.

    Reply
    1. Kelvin Tegelaar Post author

      It might be that your temp path is in a protected location. Try this:


      new-item "C:\DCU\" -ItemType Directory -Force -ErrorAction SilentlyContinue
      start-process "$($DownloadLocation)\dcu-cli.exe" -ArgumentList "/scan -report=C:\DCU" -Wait
      [xml]$XMLReport = get-content "C:\DCU\DCUApplicableUpdates.xml"
      #We now remove the item, because we don't need it anymore, and sometimes fails to overwrite
      remove-item "C:\DCU\DCUApplicableUpdates.xml" -Force

      Reply
  2. Travis Phipps

    We’ve been using this with DCU version 2.4 for awhile now but are wanting to move to the newer 3.1.1 version. However, after zipping up the CommandUpdate folder and then unzipping and running on a ‘clean’ Dell system, we’re getting an error message stating “Dell Command | Update requires the DellClientManagementService.”

    We prefer not installing the DCU tool on client systems and just using the ‘portable’ CLI version to avoid user prompts. But it appears 3.1+ of the DCU tool may require some level of Dell Client management software being installed already. Anybody clear on what’s needed and if it’s possible to keep this fully silent?

    Reply
  3. MD2Tech

    I never used DCU before. I just installed it on my machine to check it out and see the dcu-cli.exe in the Program Data folder. My question is… what exactly am I zipping? Is it the whole program folder or just the dcu-cli.exe?

    Posted this question on the wrong blog… I’m looking at multiple of yours lol

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.