Bios update mdt RRS feed

  • Question

  • Hi,

    Is there a way to update bios using mdt ?


    Thursday, August 9, 2018 1:10 PM

All replies

  • Yes, it is possible.  Without manufacturer and model information, we can only assist so much, as it primarily depends on the manufacturers specific tool(s) and ability to silence the BIOS installs.  Moreover, quite a bit depends on if you want to do it in PE or full OS, if you want to change settings associated with the new BIOS, and so on.


    Thursday, August 9, 2018 2:30 PM
  • Hi,

    I have lenovo and hp pc's 


    Friday, August 10, 2018 5:50 AM
  • Upgrading BIOS can be a confusing process since it is highly vendor specific and involves a bit of research. Personally, I am using Mikael Nystrom's script and silent switches usually found in the vendor's documentation. For example, to upgrade an HP machine, you would probably use something along these lines:
    HPBIOSUPDREC64.exe -s -p"C:\temp\password.bin" -b -r'


    Vacuum Breather Blog | Wing Commander Saga | Twitter

    Note: Posts are provided "AS IS" without warranty of any kind. If posts are helpful please don't forget to rate them as "Helpful" or as "Answer".

    Monday, August 13, 2018 12:15 PM
  • I have this in place in my deployment share for all the Dell models we support.

    The first thing to do is determine what models you'll be supporting, acquire the BIOS installers, and figure out the command line switches to suppress reboots and install silently.  For Dell BIOS installers that's /s and /f.  Once you have that, import the installers as applications into MDT.  Create a folder to put them in first, and uncheck Enable this folder in the properties; otherwise they'll show in the Application wizard.

    Next, in customsettings.ini, set a task sequence variable BIOSUpdated=NO

    Then you need to set up Install Application tasks in the task sequence, with conditions to ensure that models get matched with the correct BIOS, and furthermore to ensure that a BIOS update can only occur if the version to be installed is newer than the version already installed on the machine.  Then you need a Set Task Sequence Variable task to set the BIOSInstaller=YES

    Mine looks like so:

    So then, the Dell folder has the following condition, to ensure that only Dell computers proceed to the next folder:

         SELECT * FROM Win32_ComputerSystem WHERE Manufacturer LIKE '%Dell%'

    The Latitude folder has this condition:

         SELECT * FROM Win32_ComputerSystem WHERE Model LIKE '%Latitude%'

    Finally, the model-specific folder has two necessary conditions:

         If all conditions are true

              SELECT * FROM Win32_ComputerSystem WHERE Model LIKE '%E5250%'

              SELECT * from WIN32_BIOS where SMBIOSBIOSVersion < "A19"

    Therefore, if I image a Dell Latitude E5250, the BIOS will only get installed if the already-installed version is earlier than version A19, which is the version of the installer imported into MDT

    Once you've built the whole tree, put in a Restart Computer task, contingent on BIOSUpdated=YES.  That way you won't have to reboot if the BIOS wasn't updated.

    That's a quick and dirty of how mine is set up.  I find it works about 85% of the time.  Be advised though, you have to keep abreast of BIOS releases, and testing them, if you want this to be useful.  Also fair warning (although this only happened once):  I bricked a laptop when testing this a few years ago.  Warranty support fixed it, but just be careful.

    • Proposed as answer by Atreus21 Wednesday, August 15, 2018 5:24 PM
    Monday, August 13, 2018 2:34 PM
  • Hey  Atreus21.

    It's my first time trying to sequence Bios update on MDT and i'm in doubt on what exacly are the "Set Task Sequence V" that each model has bellow the "Update Bios"

    Are those Task Sequence Variable task to set the BIOSInstaller=YES ? that you've mentioned before?

    I'm quite confused.

    Thursday, February 7, 2019 5:53 PM
  • This seems great! My question is, can MDT evaluate A18 being less than A19 then do the update? I would expect it to evaluate 18 being less than 19, but with the alphanumeric, is it possible? What about being less than Thanks
    Saturday, November 16, 2019 6:15 PM
  • Updating the hp bios is ridiculous.  It makes a new partition that you have to delete afterwards.

    start /wait HpFirmwareUpdRec64.exe -s -ppass.bin -h -r

    Then after reboot:

    diskpart /s delete-e.txt

    Where delete-e.txt contains:

    select volume=e
    delete volume
    select volume=c

    • Edited by JS2010 Tuesday, November 19, 2019 3:42 PM
    Tuesday, November 19, 2019 3:42 PM
  • Hello,

    I would like precision on your Set Task Sequence and Update Bios in the model-specific folder

    Can you take a picture of your parameters and post it please ?

    Friday, November 29, 2019 3:44 PM
  • Hi,

    What make and model do you have for example?

    Friday, November 29, 2019 3:51 PM
  • Actually i work on this model "" Latitude 5500"

    I can't paste my screenshots on the topics

    • Edited by NaJo05 Friday, November 29, 2019 4:13 PM
    Friday, November 29, 2019 4:12 PM
  • To get the Make which is the same as manufacturer within MDT please run the below command

    wmic computersystem get manufacturer

    also to get model, run the below command

    wmic computersystem get model

    Make a note of these.

    Within MDT, along with your custom tasks. Create a group called "Update BIOS"

    Within this group create another group call "Dell Inc."

    Select the group called "Dell Inc." and on the right window pane select Options.
    Click Add >> Task Sequence variable

    Variable: MAKE
    Condition: equals
    Value: Dell Inc.

    Highlight the group Dell Inc. and add another group which will be like a Sub-group. Call it the the model of your system\computer.

    Edit the options of this folder like above with the values

    Variable: MODEL
    Condition: equals
    Value: Latitude 5500

    **Note the values for values in the Task sequence variable, must be the exact values you get from

    wmic computersystem get manufacturer
    wmic computersystem get model

    In your model group you will add the install command\ application to update the BIOS. The sub-folders with the Task Sequence variables will filter\direct to the correct BIOS update install.



    Friday, November 29, 2019 4:40 PM
  • Thank you verry much Biziee for your explanation

    I followed your instruction, but i have a question :

    1/ I created 3 folders Update Bios, Dell Inc. and Latitude 5500

    2/ I have an the Task Sequence on Dell Inc. and Latitude 5500

    3/ I have a task in Sub-Folder Latitude 5500

    Type : Install Application

    Install a single application => *.exe path of my bios, downloaded on my MDT in application folder

    Now should i create a task to restart my computer after this ?

    if you say yes, can i have the details on the task (task variable and values...) ?

    Thank you
    Monday, December 2, 2019 8:04 AM
  • Hi,

    Before the Install Application, 

    I would create a TS Run Command Line. This should run a script from the location i.e below

    powershell.exe -file "%ScriptRoot%\CustomScripts\BIOSCheck.ps1"

    The script would check the computer BIOS version against the version you with to update with. Should the MDT version be less than the one on your computer.

    ###Script Starts


    # Get the TS variables. Variables that are used within MDT
    $TSenv = New-Object -COMObject Microsoft.SMS.TSEnvironment
    $DeployRoot = $TSenv.Value("DeployRoot")
    $Make = $TSenv.Value("Make")
    $Model = $TSenv.Value("Model")

    If ($Make -eq 'Dell Inc.') #If the Make is "Dell Inc." it removes the period\full stop, as file paths cannot have them
        $Make = $Make.Replace(".", "")

    $filelocation = "$DeployRoot\Applications\BIOSUpdates\$Make\$Model" #Location of BIOS .exe to check version
    $avl_bios_version = (Get-Item $filelocation\*.exe ).VersionInfo.ProductVersion
    $comp_bios_version = (Get-CimInstance Win32_BIOS).SMBIOSBIOSVersion

    New-Item -Path C:\Windows\Temp -Name "$Model.txt" -ItemType FILE | Out-Null
    New-Item -Path C:\Windows\Temp -Name "$Make.txt" -ItemType FILE | Out-Null

    If ([version]$comp_bios_version -lt [version]$avl_bios_version) #Compares BIOS versions

        New-Item -Path C:\Windows\Temp -Name "Output.txt" -ItemType FILE -Value "Computer version is $comp_bios_version and is less than the available MDT version $avl_bios_version will do update" | Out-Null #Logging\Information
        $TSenv.Value("PreUpdateBIOSCheck") = "PASSED" #Variable is set and is used within a Task Sequence Variable


    ElseIf ([version]$comp_bios_version -eq [version]$avl_bios_version) #Compares BIOS versions

        New-Item -Path C:\Windows\Temp -Name "Output.txt" -ItemType FILE -Value "EXIT - Computer BIOS Version is equal to MDT version - No Updates done." | Out-Null #Logging\Information



        New-Item -Path C:\Windows\Temp -Name "Output.txt" -ItemType FILE -Value "EXIT - Computer BIOS Version is newer than MDT version - No Updates done." | Out-Null #Logging\Information

    ###Scripts end

    If the version number in MDT is higher than your computer version BIOS. The script will pass back a TS Variable which you can use it to progress with the install. If the TS Variable is not passed back, the install wont carry, **in the case the BIOS versions are the same or the Computer BIOS version is higher.

    Variable: PreUpdateBIOSCheck
    Condition: equals
    Value: Latitude PASSED

    You can add a TS Restart (Add >> General >> Restart computer) and under the options, add

    Variable: PreUpdateBIOSCheck
    Condition: equals
    Value: Latitude PASSED

    The restart would only take place if the BIOS was updated.

    In my testing some BIOS need a restart straight away after the update or it will fails. 

    Also in my testing, sometimes the update will fail as MDT has no network after the restart. I've manged to get round this by "Always wait for the network at computer startup and logon" setting applied.

    You can create a Powershell script\ or even an REG Update to set this, but it must be placed before the computer is restarted for the BIOS

    ##Script Starts

    #Local Group Policy Editor >> "Computer Configuration" -> "Administrative Templates" -> "System" -> "Logon" -> "Always wait for the network at computer startup and logon"
    New-Item -Path "HKLM:\Software\Policies\Microsoft\Windows NT\CurrentVersion\" -ErrorAction SilentlyContinue -Force
    New-Item -Path "HKLM:\Software\Policies\Microsoft\Windows NT\CurrentVersion\Winlogon" -ErrorAction SilentlyContinue -Force
    New-ItemProperty -Path 'HKLM:\Software\Policies\Microsoft\Windows NT\CurrentVersion\Winlogon' -Name 'SyncForegroundPolicy' -PropertyType 'DWord' -Value '0x00000001' -Force

    ##Script Ends

     Also on the TS Install Application, Under Success codes (suppress errors). add a 2 so it reads like below

    0 3010 2

    This will suppress an error, for applications that require a restart although a restart has been done
    • Edited by biziee Monday, December 2, 2019 10:19 AM spelling
    • Proposed as answer by biziee Monday, December 2, 2019 12:26 PM
    Monday, December 2, 2019 10:15 AM
  • Thank you so much, you ROCK's !!!

    it's working for me!!!

    i abuse again, but it'is possible to block check Microsoft Update to install a microsoft driver on ma laptop ?Actually, Microsoft force his drivers and replace my file .CAB downloaded on the Website of Manufacturer
    Monday, December 2, 2019 11:00 AM
  • Glad I could help!!! 

    You may need to start a new thread for the driver update. Depending your systems and how they are getting the updates i.e. WSUS this could be done I believe 

    Monday, December 2, 2019 1:04 PM