Got a school lab that I’m going to flatten and install 11 from scratch. The reinstall of DCU is presenting problems with delivering the BIOS password securely. dcu-cli works if I do it plain text but that’s visible in the logs … I have yet to find the magic syntax to get the password into DCU with the “secure” options - anyone got a command line that works??
EDIT; The actual BIOS password is set, I just want to get it into DCU to simplify future updates. Deploying with SCCM.
Answer from kevinhughes2 on community.spiceworks.comHello to all,
probably mine is a problem related to different mothertongue,but I'm trying to do the most simple and plain operation, I have to execute the bios update on a bunch of Dell devices that ALREADY have an admin password on the BIOS, from GUI you just type the psw, when using DCU-CLI.EXE how the h*ll I have to pass the password??
righ now I'm using this:
$Password = Invoke-RestMethod -Uri $apiUrl -Method Get
Start-Process -Wait -FilePath dcu-cli.exe -ArgumentList "/configure -scheduleManual -autoSuspendBitLocker=enable -biosPassword=$Password -downloadLocation=$UpdatesFolderPath"
$Updates = Start-Process -FilePath dcu-cli.exe -ArgumentList "/applyUpdates -reboot=disable -outputLog=$UpdatesLog" -PassThru -Wait
I'm collecting the password from an Azure Key Vault thru an Azure Function, the variable $Password will contains the plain text psw.
but seems it doesn't work, the -biosPassword is the right attribute? there is something I miss? I just want to pass the already configured password value without changing it, anyone could clarify the code syntax error?
Passing BIOS password to Dell Command Update
Support Dell admin password protected bios updates
Dell Command Update 4.2 - Update BIOS during TS
Automating Dell Command Update - Securely storing bios password
Got a school lab that I’m going to flatten and install 11 from scratch. The reinstall of DCU is presenting problems with delivering the BIOS password securely. dcu-cli works if I do it plain text but that’s visible in the logs … I have yet to find the magic syntax to get the password into DCU with the “secure” options - anyone got a command line that works??
EDIT; The actual BIOS password is set, I just want to get it into DCU to simplify future updates. Deploying with SCCM.
Use Dell’s Password Utility to encrypt BIOS password, Dell Client Integration Pack. You can get it from Dell’s Client Integration Pack and use this command: “BIOSPassword.exe -set: -output:\BIOSPassword.xml”
This will generate an encrypted BIOSPassword.xml file.
Hi,
Currently, I am struggling with BIOS upgrade during Task Sequence using Windows 10 20H2 Enterprise image. I was trying to set it up with help of this threat but with no luck.
According to logs generated by DCU it looks like BIOS have been successfully updated but in fact it is not.
At the moment BIOS + drivers update is placed on the very end of the Task Sequence and I configured it to run in 3 steps:
PC-SCCM-Dell_Command_Start_driverInstall_Bios_Update.ps1
#Install Drivers
$process = Start-Process -FilePath dcu-cli.exe -ArgumentList '/driverInstall -outputLog=C:\Temp\Dell_Command_-_driver_install.log -reboot=disable -silent' -WorkingDirectory "C:\Program Files\Dell\CommandUpdate\" -Passthru
Wait-Process -InputObject $process
Restart Computer using TS
PC-SCCM-Dell_Command_Start_applyUpdates_Bios_Update.ps1
#Apply Updates
$process = Start-Process -FilePath dcu-cli.exe -ArgumentList '/applyUpdates -outputLog=C:\Temp\Dell_Command_-_updates_install.log -reboot=enable' -WorkingDirectory "C:\Program Files\Dell\CommandUpdate\" -Passthru
Wait-Process -InputObject $process
On the second script I also tried to switch "-reboot=enable" to "disable" and perform a reboot using TS but also with no luck.
Any ideas would be much appreciated.
Hi All,
So I'm automating dell command update via a powershell script that installs it, and then pushes dcu-cli.exe commands to set things up how we want them. I can currently get it to use the bios password, but there doesnt seem to be any way of doing it without providing the bios password in clear text in the script.
DCU has an option to generate an encrypted password via your bios password + an encryption key password that you make up, but in order for it to use the encrypted password on the users end it also needs the encryption key. So my script would have an encrypted bios password. Cool. But it will also have the clear text key to decrypt it making the encryption useless? am i missing something here?
The bios password would be stored in a script, thats in an .intunewin package, on our intune instance, but still.
For security reasons, i enabled Bios passwords on a few pc in the network, without realising I would need to unlock the pc Bios if a bios update was available using dell command update tool. How do you guys push out Bios update on bios password protected pc's
I have a fleet of about 200 Dell systems that I'd like to update using Dell Command|Update, but the BIOS password I've standardized across them has a double-quote character as part of it. Is there a way to have dcu-cli accept it as a valid part of the password? The only reference document I can find is the version 5.x Reference Guide, which is frustratingly terse in its explanations.
Hi all- We’re looking to install the Dell Command Update Classic 5.5.0 across all of our endpoints. We already have a set BIOS password on all of our Dells, but what we’re trying to do is install DCU with our current BIOS password added into its settings (end goal is to stage and push BIOS updates automatically from Intune using DCU)
I can’t find any formal documentation on this or if this is even supported. Does anyone have any idea if this is achievable?