Dell Command: scheduling driver updates
Posted by Important_Ad_3602@reddit | sysadmin | View on Reddit | 21 comments
I'm rolling out Dell Command and thusfar disabled scheduling. We do manual scans if a device has an issue. I now want to change that to automatic. But i can't think of a way this would happen without bothering users.
I don't want my user to have a blinking screen, or lose wifi connection, in the middle of something important.
This is what i have now:
Start-Process -FilePath $exePath -ArgumentList "/configure", "-scheduleDaily=12:30", "-updateType=bios,firmware,driver", "-autoSuspendBitLocker=enable", "-scheduleAction=DownloadInstallAndNotify", "-delayDays=40", "-forceRestart=disable" -Wait
12:30 is lunch time in our company.
How are you guys deploying this? Is -scheduleauto any good? Does it skip updates when a user is active, doing a powerpoint presentation or in a Teams meeting?
Losha2777@reddit
Friday at 15:00.
Good mark for workers that it's time to leave office :)
Kuipyr@reddit
I just run DCU via my RMM
sryan2k1@reddit
If your machines are domain joined Use the ADMX templates. So much easier.
Apprehensive_Bat_980@reddit
Used ADMX with Intune last week.
Important_Ad_3602@reddit (OP)
We are moving to Entra joined. Importing ADMX in Intune is a pita.
bfodder@reddit
It isn't that bad. Don't be a wuss.
InternetStranger4You@reddit
It is WELL worth it. I was in your shoes, and it was a battle to keep up with if Dell changed the command line arguments and if a client had a different version, etc. Now it just works across all recent versions.
Jaki_Shell@reddit
Does HP have anything similar, besides HPIA which is like Command Central?
InternetStranger4You@reddit
Use the ADMX templates (or upload them to Intune and configure natively). With them, you can schedule the update times, what to update, etc.
You can get the ADMX templates by following this guide: https://www.dell.com/support/kbdoc/en-us/000293701/how-do-i-access-amdx-and-adml-files-for-use-with-dell-command-update
Then implement them by following this: https://www.dell.com/support/manuals/en-us/command-update/admx_rg/importing-admx-templates?guid=guid-09ffe2e6-cabb-4d7c-ad17-35fae5704f79&lang=en-us
Important_Ad_3602@reddit (OP)
Ok fair point. But what are guys doing to prevent installing updates like wifi and videocard drivers whilst the user is working?
bfodder@reddit
Deferrals.
BrentNewland@reddit
You can schedule a specific time for that. Ours is set to Thursdays at 9pm, which is when we have our endpoints do Windows updates as well.
Important_Ad_3602@reddit (OP)
But if it’s 9pm and users have laptops. They’re never going to hit that schedule?
BrentNewland@reddit
In my experience, majority of users don't turn their computers off, they just let them go to sleep. Our Windows Update policies are set to wake the computer at 9pm.
myg0t_Defiled@reddit
I'm pretty sure if they miss the deadline, it updates right after they boot up the PC.
CSHawkeye81@reddit
So DCU has some items built in that actually help prevent that.
bberg22@reddit
If you have an RMM tool you can use the functionality built in there to set up driver audits, configure different CLI combos to select the type of driver to install, deployment rings, monitor driver versions, group by device type/model, etc. I find this to be the best way for us but were a small shop.
gptbuilder_marc@reddit
The conflict between a scheduled update window and active user sessions is a common Dell Command pain point. The question is whether your current setup distinguishes between machine state before it triggers or just fires at the time regardless.
wrootlt@reddit
On my last job we ended up creating a custom package in Tanium (which we used for software updates and patching). It would run DCU in the background to check for missing updates and then would present a popup with a postpone option. So, at some point user would run it and then it is kind of expected to have interruptions or be asked to restart. For some time we did run it with a schedule to do a check Monday morning. I did occasionally get flickering screen or network jump. But the main problem was that all were updating on Monday, which was not a problem in most sites. But some had a very week pipe and it would make them hanging for the duration of updates (especially freaking sound driver updates, why they are so huge, dunno). There is no randomization option. And we didn't want to end up with a bunch of configs for every location. And i don't think it would be waiting for a user with any switch.
Important_Ad_3602@reddit (OP)
That could be an option. We use PSADT which is similar.
CSHawkeye81@reddit
Ok so we are in a similar boat. If you want to change from Manual I think others have said change it to Intune Policies. Here is a good article to help you out: https://evil365.com/dell/UpdateDriversBIOS-DellCommandUpdate/