Bios updates done by SCCM too risky ?
Posted by borse2008@reddit | sysadmin | View on Reddit | 5 comments
So at my place of work I look after our end users but the current build and SCCM control is not operated or controlled by us more from another team in the company. Of course they push normal updates office and security patches. This week people are coming to me at the end of the working day and showing me the black and white screen of the bios update happening. We use Lenovo so anyone familiar with that loading screen will know to a non tech user it's not the most friendly looking screen. I've had no Comms that my users were going to have this.
As we all know you should have your power source plugged in and wait until mtuple restarts happen then shut down.
But users most likely have got scared seen that screen. Either left unplugged ready to put laptop in bag whilst bios update is flashing or held down the power button to force it off whilst it's doing it not knowing what a bios update is.
Normally even when we do any checkups on machines we do drivers and bios from manufacturers if they report issues or we notice IO issues.
So my thoughts are like why would even attempt this without a Comms to the local it team and telling us. Very odd.
HellDuke@reddit
End users should know to contact local IT if unsure of anything and not touch the device if it behaves in a way they are not used to. If it were malware or device failure pulling the plug fast won't cause less damage anyway.
That said this sounds silly. Such updates should not be pushed without the users being informed ahead of time and while I was a local tech I was fully in charge of pushing these updates, central teams could inform us if it needs to be done. That said we did not use SCCM, HP pushes firmware updates with Windows Update so I am pretty sure a critical update can be allowed through WSUS. Otherwise I would push it through with PDQ and use a wrapper script that alerts the user what is about to happen in addition to them being informed that we will be deploying a firmware upgrade.
borse2008@reddit (OP)
It's more the fragility of Bios firmware being unpredictable
HellDuke@reddit
The only potential issue is when the users power off the device during an update or if the laptop is low on power. I am not fully aware of how Lenovo updates look these days, but for HP this is a message clearly plastered over the screen
borse2008@reddit (OP)
Exactly in HP it's more user friendly
slugshead@reddit
It's 2024 not 1998 anymore.
My last org (18-20k devices) pushes out BIOS updates via SCCM and we never really had any real issues with it.