Installing Dell OpenManage Essentials 1.1.1

Dell OpenManage Essentials, or OME, is the ITA and Server Administrator replacement. You install it on a server, then connect to that server with a web browser. It’s pretty sweet.

Here’s what it looks like when finished:

ome-0-edited

 

ome-1

Reference

Overview

  1. Install SQL Server Express R2
  2. Install the Prereqs
  3. Install OME
  4. Update to 1.1.1
  5. Discover Devices

SQL and Prereqs

  1. The SQL Install is straight-forward; nothing special is necessary.
  2. Run the following command in Powershell to install IIS:
    Import-Module ServerManager
    Add-WindowsFeature Web-Server,Web-Windows-Auth,Web-App-Dev,Web-Url-Auth,Web-Filtering,Web-IP-Security,Web-ASP,Web-ASP-Net,Web-Net-Ext,Web-ISAPI-Filter,Web-ISAPI-Ext,Web-ASP,Web-Stat-Compression,Web-Dyn-Compression,Web-Http-Redirect,Web-Default-Doc,Web-Filtering,Web-Security,Web-Common-Http,Web-Http-Errors,Web-Mgmt-Console
  3. Create a service account which the OME application will use to access SQL. I used domain\dell-ome.
  4. Download OME and the OEM 1.1.1 Update.

OME Install

  1. Run the OME Installer, and allow it to install the following prereq’s.
    • IPMI Utility
    • SNMP Service
    • DRAC Tools
  2. Run the OME Installer, and click next a few times. It’s pretty straight-forward.
    • Note — it’s difficult to change the service account, so I recommend creating one before you install.
  3. Run the OME 1.1.1 Patch. Also easy.
  4. For any users you want to give access, add them to the OMAdministrators or OMUsers local groups.
  5. Open Start -> Run -> Services.msc -> SNMP Service – Properties.
  6. On the security tab, add any SNMP community strings that you want the box to accept.
  7. Open Administrative Tools -> Advanced Firewall.
  8. Enable the “SNMP Trap” UDP and TCP rules, so that incoming traps are received.

You can now run the OME! I’ll have a post up soon about discovering ESXi boxes.

Advertisements

SCCM 2012 – Optimizing Dell CCTK OSD Actions into WinPE

We wanted all of our CCTK actions to happen before the disk gets partitioned. To do this, everything needs wrapped into WinPE. This involves some customization of our various scripts, cctk package folder structures, and boot images. On the plus side, the actions all run much quicker since there’s no need to download a full CCTK package on every step.

The Parts

  1. Folder Structure and CCTK Files
  2. Supporting Files
  3. Modifying the Supporting Files
  4. Making the WinPE Changes
  5. Making the TS Changes

Folder Structure and CCTK Files

  1. On your site server, create the following folder structure:
     * C:\Program Files\Microsoft Configuration Manager\OSD\Extras\CCTK32
     * C:\Program Files\Microsoft Configuration Manager\OSD\Extras\CCTK32\HAPI
     * C:\Program Files\Microsoft Configuration Manager\OSD\Extras\CCTK64
     * C:\Program Files\Microsoft Configuration Manager\OSD\Extras\CCTK64\HAPI
     * C:\Program Files\Microsoft Configuration Manager\OSD\Extras\CCTKShared
  2. Place the CCTK executable and HAPI drivers in their respective locations from the previous step.

Supporting Files

  1. Using the instructions in the following blog post, create the following files and place them in .\CCTKShared.
  2. SCCM 2012 – Generic Multi-Platform Dell CCTK BIOS Settings
    1. Dell-CustomSettings.cctk
    2. CCTK-Generic.cmd
    3. Show-CCTKErrors.vbs
  3. Using the instructions in the following blog post, create the following file and place it in .\CCTKShared.
    SCCM 2012 – Testing for Dell TPM Activation in a Task Sequence

    1. Check-TPMActivation.vbs

Modifying the Supporting Files

Some of the script files need modified since we will no longer be using the cctk.cmd wrapper to select the appropriate cctk executable for the running architecture. Instead, we will only include the 32-bit cctk on the 32-bit WinPE, and vice-versa.

CCTK-Generic.cmd

In this file, make the following changes.

  1. Remove lines 16 through 29 since we don’t need to select architecture.
  2. Replace all instances of “%CCTKPath%\”  with “%~dp0”. See this example:
    %CCTKPath%\cctk.exe --tpmactivation=activate !ARG1! !ARG2!
    --should turn into--
    %~dp0cctk.exe --tpmactivation=activate !ARG1! !ARG2!
    
  3. Before every instance of Show-CCTKErrors.vbs, add “%~dp0”. For example:
    cscript.exe //nologo Show-CCTKErrors.vbs %errorlevel%
    --should turn into--
    cscript.exe //nologo %~dp0Show-CCTKErrors.vbs %errorlevel%
    

check-tpmactivation.vbs

In this file, make the following changes:

  1. Replace all instances of ‘cctk.cmd’ with ‘cctk.exe’.
  2. Delete line 23 (strPath) and replace it with the following code:
    strPath = Wscript.ScriptFullName
    Set objFSO = CreateObject("Scripting.FileSystemObject")
    Set objFile = objFSO.GetFile(strPath)
    strPath = objFSO.GetParentFolderName(objFile)

HAPIInstall.cmd

Replace this entire file with the following code:

@echo off
%~dp0hapi\hapint.exe -i -k C-C-T-K -p "hapint.exe"

Making the WinPE Changes

  1. Open the following file from your site server in a decent editor: “C:\Program Files\Microsoft Configuration Manager\bin\x64\osdinjection.xml”.
  2. Find the section for i386\SCCM, and add the following lines of code:
    <File name="hapint.exe">
            <LocaleNeeded>false</LocaleNeeded>
            <Source>extra\CCTK32\HAPI</Source>
            <Destination>windows\system32\HAPI</Destination>
    	  </File>
    	  <File name="dcmdev32.exe">
            <LocaleNeeded>false</LocaleNeeded>
            <Source>extra\CCTK32\HAPI</Source>
            <Destination>windows\system32\HAPI</Destination>
    	  </File>
    	  <File name="dchipm32.dll">
            <LocaleNeeded>false</LocaleNeeded>
            <Source>extra\CCTK32\HAPI</Source>
            <Destination>windows\system32\HAPI</Destination>
    	  </File>
    	  <File name="dchcfg32.exe">
            <LocaleNeeded>false</LocaleNeeded>
            <Source>extra\CCTK32\HAPI</Source>
            <Destination>windows\system32\HAPI</Destination>
    	  </File>
    	  <File name="dchbas32.dll">
            <LocaleNeeded>false</LocaleNeeded>
            <Source>extra\CCTK32\HAPI</Source>
            <Destination>windows\system32\HAPI</Destination>
    	  </File>
    	  <File name="dchapi32.dll">
            <LocaleNeeded>false</LocaleNeeded>
            <Source>extra\CCTK32\HAPI</Source>
            <Destination>windows\system32\HAPI</Destination>
    	  </File>
    	  <File name="dcdbas32.sys">
            <LocaleNeeded>false</LocaleNeeded>
            <Source>extra\CCTK32\HAPI</Source>
            <Destination>windows\system32\HAPI</Destination>
    	  </File>
    	  <File name="dcdbas32.inf">
            <LocaleNeeded>false</LocaleNeeded>
            <Source>extra\CCTK32\HAPI</Source>
            <Destination>windows\system32\HAPI</Destination>
    	  </File>
    	  <File name="dcdbas32.cat">
            <LocaleNeeded>false</LocaleNeeded>
            <Source>extra\CCTK32\HAPI</Source>
            <Destination>windows\system32\HAPI</Destination>
    	  </File>
    	  <File name="pci.ids">
            <LocaleNeeded>false</LocaleNeeded>
            <Source>extra\CCTK32</Source>
            <Destination>windows\system32</Destination>
    	  </File>
    	  <File name="CCTK.exe">
            <LocaleNeeded>false</LocaleNeeded>
            <Source>extra\CCTK32</Source>
            <Destination>windows\system32</Destination>
    	  </File>
    	  <File name="mxml1.dll">
            <LocaleNeeded>false</LocaleNeeded>
            <Source>extra\CCTK32</Source>
            <Destination>windows\system32</Destination>
    	  </File>
    	  <File name="show-cctkerrors.vbs">
            <LocaleNeeded>false</LocaleNeeded>
            <Source>extra\CCTKShared</Source>
            <Destination>windows\system32</Destination>
    	  </File>
    	  <File name="dell-customsettings.cctk">
            <LocaleNeeded>false</LocaleNeeded>
            <Source>extra\CCTKShared</Source>
            <Destination>windows\system32</Destination>
    	  </File>
    	  <File name="HAPIInstall.cmd">
            <LocaleNeeded>false</LocaleNeeded>
            <Source>extra\CCTKShared</Source>
            <Destination>windows\system32</Destination>
    	  </File>
    	  <File name="check-tpmactivation.vbs">
            <LocaleNeeded>false</LocaleNeeded>
            <Source>extra\CCTKShared</Source>
            <Destination>windows\system32</Destination>
    	  </File>
    	  <File name="CCTK-Generic.cmd">
            <LocaleNeeded>false</LocaleNeeded>
            <Source>extra\CCTKShared</Source>
            <Destination>windows\system32</Destination>
    	  </File>
  3. Find the section for x64\SCCM, and add the following lines of code:
    <File name="hapint.exe">
            <LocaleNeeded>false</LocaleNeeded>
            <Source>extra\CCTK64\HAPI</Source>
            <Destination>windows\system32\HAPI</Destination>
    	  </File>
    	  <File name="dcmdev32.exe">
            <LocaleNeeded>false</LocaleNeeded>
            <Source>extra\CCTK64\HAPI</Source>
            <Destination>windows\system32\HAPI</Destination>
    	  </File>
    	  <File name="dchipm32.dll">
            <LocaleNeeded>false</LocaleNeeded>
            <Source>extra\CCTK64\HAPI</Source>
            <Destination>windows\system32\HAPI</Destination>
    	  </File>
    	  <File name="dchcfg32.exe">
            <LocaleNeeded>false</LocaleNeeded>
            <Source>extra\CCTK64\HAPI</Source>
            <Destination>windows\system32\HAPI</Destination>
    	  </File>
    	  <File name="dchbas32.dll">
            <LocaleNeeded>false</LocaleNeeded>
            <Source>extra\CCTK64\HAPI</Source>
            <Destination>windows\system32\HAPI</Destination>
    	  </File>
    	  <File name="dchapi32.dll">
            <LocaleNeeded>false</LocaleNeeded>
            <Source>extra\CCTK64\HAPI</Source>
            <Destination>windows\system32\HAPI</Destination>
    	  </File>
    	  <File name="dcdbas32.sys">
            <LocaleNeeded>false</LocaleNeeded>
            <Source>extra\CCTK64\HAPI</Source>
            <Destination>windows\system32\HAPI</Destination>
    	  </File>
    	  <File name="dcdbas32.inf">
            <LocaleNeeded>false</LocaleNeeded>
            <Source>extra\CCTK64\HAPI</Source>
            <Destination>windows\system32\HAPI</Destination>
    	  </File>
    	  <File name="dcdbas32.cat">
            <LocaleNeeded>false</LocaleNeeded>
            <Source>extra\CCTK64\HAPI</Source>
            <Destination>windows\system32\HAPI</Destination>
    	  </File>
    	  <File name="pci.ids">
            <LocaleNeeded>false</LocaleNeeded>
            <Source>extra\CCTK64</Source>
            <Destination>windows\system32</Destination>
    	  </File>
    	  <File name="CCTK.exe">
            <LocaleNeeded>false</LocaleNeeded>
            <Source>extra\CCTK64</Source>
            <Destination>windows\system32</Destination>
    	  </File>
    	  <File name="mxml1.dll">
            <LocaleNeeded>false</LocaleNeeded>
            <Source>extra\CCTK64</Source>
            <Destination>windows\system32</Destination>
    	  </File>
    	  <File name="show-cctkerrors.vbs">
            <LocaleNeeded>false</LocaleNeeded>
            <Source>extra\CCTKShared</Source>
            <Destination>windows\system32</Destination>
    	  </File>
    	  <File name="dell-customsettings.cctk">
            <LocaleNeeded>false</LocaleNeeded>
            <Source>extra\CCTKShared</Source>
            <Destination>windows\system32</Destination>
    	  </File>
    	  <File name="HAPIInstall.cmd">
            <LocaleNeeded>false</LocaleNeeded>
            <Source>extra\CCTKShared</Source>
            <Destination>windows\system32</Destination>
    	  </File>
    	  <File name="check-tpmactivation.vbs">
            <LocaleNeeded>false</LocaleNeeded>
            <Source>extra\CCTKShared</Source>
            <Destination>windows\system32</Destination>
    	  </File>
    	  <File name="CCTK-Generic.cmd">
            <LocaleNeeded>false</LocaleNeeded>
            <Source>extra\CCTKShared</Source>
            <Destination>windows\system32</Destination>
    	  </File>
  4. Update the distribution points of your boot image. If this fails, double-check that all the files added to osdinjection.xml actually exist.

Making the TS Changes

Now that all the leg-work is done; let’s use it!

  1. Open your task sequence, and create the following actions.
    1. Name: Install Dell HAPI Drivers
      Command: X:\Windows\System32\HAPIInstall.cmd
      Package: None
    2. Name: Check TPM Activation
      Command: X:\Windows\System32\Check-TPMActivation.vbs warnonly
      Package: None
    3. Name: Set Default Dell BIOS Settings
      Command: X:\Windows\System32\CCTK-Generic.cmd
      Package: None
    4. Name: Reboot (HD)
    5. Name: Check TPM Activation (force)
      Command: X:\Windows\System32\Check-TPMActivation.vbs
      Package: None

You should now be in business!

SCCM 2012 – Testing for Dell TPM Activation in a Task Sequence

We want our task sequences to fail as early as possible if there’s going to be a problem. One thing we’ve noticed is that if the TPM fails to activate, the task sequence will eventually fail on the ‘Enable Bitlocker’ step. What ends up happening is that the TS fails, reboots, and the system looks completely normal except that Bitlocker isn’t enabled. Our help desk ended up sending out a few machines like this, which had to be found and encrypted after the fact.

Here’s how to test for TPM actication and fail the task sequence.

  1. Create a CCTK Package using the instructions on my previous post: SCCM 2012 – Architecture Agnostic Dell CCTK WinPE Bios Package.
  2. Using the same instructions, create a TS action to install the Dell HAPI drivers.
  3. Optionally, use the instructions on my previous post to create a generic bios settings template: SCCM 2012 – Generic Multi-Platform Dell CCTK BIOS Settings.
  4. Save the following file as ‘check-tpmactivation.vbs’ in your dell-cctk package.
    'if argument 'warn', set bFailIfDeactivated = True
    'if argument 'fail', set bFailIfDeactivated = True
    Dim bWarnOnly, bArgOK, mainArg, iExitcode
    iExitcode = 0
    bArgOK = vbFalse
    bWarnOnly = vbFalse
    If WScript.Arguments.Count = 1 Then
    	mainArg = Wscript.Arguments(0)
    	If mainArg = "warnonly" Then
    		bArgOK = vbTrue
    		bWarnOnly = vbTrue
    	End If
    ElseIf Wscript.Arguments.Count = 0 Then
    	bArgOK = vbTrue
    	bWarnOnly = vbFalse
    Else
    	bArgOK = vbFalse
    End If
    
    Dim msg, cmd, text, objShell, strPath, action
    If bArgOK = vbTrue Then
    	Set objShell = CreateObject("Wscript.Shell")
    	strPath = objShell.CurrentDirectory
    
    	'ref: http://stackoverflow.com/questions/5690134/running-command-line-silently-with-vbscript-and-getting-output
    	cmd = "cmd /c " & strPath & "\cctk.cmd --tpmactivation > " & strPath & "\tpmout.txt"
    	'wscript.echo cmd
    	action = objShell.Run(cmd, 0, True)
    
    	'parse result
    	Set fso  = CreateObject("Scripting.FileSystemObject")
    	Set file = fso.OpenTextFile((strPath & "\tpmout.txt"), 1)
    	text = file.ReadAll
    	file.Close
    
    	'if 'deactivated' then act
    	If InStr(text,"deactivated") Then
    		If bWarnOnly = True Then
    			msg = "Warning! This system's TPM is deactivated. The task sequence will now attempt to enable the TPM then reboot. If this attempt fails, the task sequence will fail. I recommend entering the BIOS after clicking OK and enabling the TPM manually."
    			msgbox msg
    			iExitcode = 0
    		Else
    			msg = "Warning! This task sequence is failing because the TPM is deactivated and the task sequence was not able to enable it automatically."
    			msgbox msg
    			iExitcode = 1
    		End If
    	End If
    Else
    	msg = "Arguments invalid."
    	iExitcode = 1
    End If
    
    Wscript.Quit iExitcode
  5. Create a ‘run command-line’ action after the Install HAPI Drivers action, linked to the dell-cctk package, with the following command.
    check-tpmactivation.vbs

Now, the task sequence will throw a message box if the TPM is deactivated, and fail the task sequence. I recommend duplicating this task sequence action and placing one of the duplicates before your automated attempt to enable the TPM, with the following modified command:

check-tpmactivation.vbs warnonly

This will throw a different message box suggesting that the user manually check the BIOS setting during the next reboot.

Have fun!

SCCM 2012 – Generic Multi-Platform Dell CCTK BIOS Settings

This is a quick overview of how to create a default BIOS settings template that can be pushed to all Optiplex, Latitude, and Precision rebuilds. Also, it’s possible to try progressively better RAID settings in order to leave systems at the maximum potential that their BIOS offers.

Creating the CCTK Package

Please see the instructions in my previous post SCCM 2012 – Architecture Agnostic Dell CCTK WinPE Bios Package for creating the basic CCTK package. We will use this as the base, and then add a few files to it.

Creating a Template File

Here’s the template file we use. Save this as ‘Dell-CustomSettings.cctk’ in your cctk package directory. Here’s the full command-line reference: Dell CCTK Documentation.

[cctk]
chasintrusion=silentenable
bootorder=legacytype,+embnic,+hdd,+floppy,+usbdev,+cdrom
cpucore=all
cpuxdsupport=enable
embnic1=on
cstatesctrl=enable
energystarlogo=enable
fanctrlovrd=disable
integratedaudio=enable
limitcpuidvalue=off
logicproc=enable
fastboot=minimal
serial1=com1
multicpucore=enable
lptmode=disable
serrdmimsg=on
pcislots=enable
postf12key=enable
smarterrors=enable
standbystate=s3
tpm=on
tpmactivation=activate
trustexecution=on
usbctl=enable
usbportsfront=enable
usbreardual=on
usbrearquad=on
virtualization=enable
vtfordirectio=on
usbemu=enable
turbomode=enable
esataports=enable
multidisplay=enable
speedstep=automatic

Creating a CCTK Response Parse Script

This script will take the DOS errorlevel returned by CCTK, and echo out the respective human-readable error message. This message will show up in your smsts.log and on the site server’s status message logs. It’s very helpful for diagnosing bios task sequence errors.

Save the file as ‘show-cctkerrors.vbs’

'Show-Errors.vbs
'johnpuskar@gmail.com
'windowsmasher.wordpress.com

'This script maps dos %errorlevel% into a human readable error from the dell CCTK utilities, and write it to the screen.

Dim arrMessages(254)
arrMessages(0) = "Success."
arrMessages(1) = "Attempt to read write-only parameter '%s'."
arrMessages(2) = "Password cannot exceed 16 characters."
arrMessages(3) = "A BMC was either not detected or is not supported."
arrMessages(4) = "This username is already in use. Enter a unique username."
arrMessages(5) = "Access mode not supported."
arrMessages(6) = "Cannot return number of requested data bytes."
arrMessages(7) = "User ID 1 cannot be assigned a username."
arrMessages(8) = "Cannot execute duplicated request."
arrMessages(9) = "There was an error clearing the SEL."
arrMessages(10) = "Clear SEL cannot be accompanied with any other option."
arrMessages(11) = "racreset cannot be accompanied with any other option."
arrMessages(12) = "Cannot execute command. Command, or request parameter(s), not supported in present state."
arrMessages(13) = "Command not supported on given channel."
arrMessages(14) = "The community string may only contain printable ASCII characters."
arrMessages(15) = "Destination unavailable. Cannot deliver request to selected destination."
arrMessages(16) = "Cannot execute command. Insufficient privilege level."
arrMessages(17) = "Command illegal for specified sensor or record type."
arrMessages(18) = "Invalid commstring value."
arrMessages(19) = "Hardware subsystem error. Invalid data field in Request."
arrMessages(20) = "Invalid destination IP address."
arrMessages(21) = "The GUID is invalid."
arrMessages(22) = "Invalid gateway."
arrMessages(23) = "Invalid hostname."
arrMessages(24) = "Invalid IP address."
arrMessages(25) = "Invalid DNS IP address."
arrMessages(26) = "Invalid sub net mask."
arrMessages(27) = "Invalid value for PEF. PEF value should be between 1 and 16."
arrMessages(28) = "Reservation Canceled or Invalid Reservation ID."
arrMessages(29) = "Invalid Time to live value."
arrMessages(30) = "Invalid VLANID value."
arrMessages(31) = "Invalid Command. Used to indicate an unrecognized or unsupported command."
arrMessages(32) = "Command invalid for given LUN."
arrMessages(33) = "Load defaults cannot be accompanied with any other option."
arrMessages(34) = "There was an error loading the defaults."
arrMessages(35) = "Node Busy. Command could not be processed because command processing resources are temporarily unavailable."
arrMessages(36) = "Out of space. Command could not be completed because of a lack of storage space required to execute the given command operation."
arrMessages(37) = "This parameter is not supported."
arrMessages(38) = "Parameter out of range. One or more parameters in the data field of the Request are out of range."
arrMessages(39) = "The password may only contain printable ASCII characters."
arrMessages(40) = "Password test failed."
arrMessages(41) = "Requested data length invalid."
arrMessages(42) = "Requested data field length limit exceeded."
arrMessages(43) = "Requested Sensor, data, or record not present."
arrMessages(44) = "Request data truncated."
arrMessages(45) = "Command response could not be provided."
arrMessages(46) = "Command response could not be provided. BMC initialization or initialization agent in progress."
arrMessages(47) = "Command response could not be provided. Device in firmware update mode."
arrMessages(48) = "Command response could not be provided. SDR Repository in update mode."
arrMessages(49) = "Cannot execute command, SEL erase in progress."
arrMessages(50) = "Attempt to set the 'set in progress' value when not in the 'set in complete' state."
arrMessages(51) = "The SOL character 'accumulate interval' is invalid."
arrMessages(52) = "The SOL character 'send threshold' is invalid."
arrMessages(53) = "The SOL 'retry interval' is invalid."
arrMessages(54) = "Command completed successfully."
arrMessages(55) = "Timeout while processing command. Response unavailable."
arrMessages(56) = "Unspecified error."
arrMessages(57) = "The password may only contain printable ASCII characters."
arrMessages(58) = "Username cannot exceed 16 characters."
arrMessages(59) = "Invalid VLANID value. Enter in 'dddd' format."
arrMessages(60) = "Attempt to write read-only parameter '%s'."
arrMessages(61) = "BMC is busy."
arrMessages(62) = "Response data did not return successfully."
arrMessages(63) = "BMC time out error."
arrMessages(64) = "Invalid Configuration Option."
arrMessages(65) = "Cannot execute command.Parameter is illegal because command sub-function has been disabled or is unavailable."
arrMessages(66) = "Option '%s' requires an argument."
arrMessages(67) = "The asset tag for this system is not available."
arrMessages(68) = "The asset tag cannot be more than 10 characters long."
arrMessages(69) = "The required BIOS interfaces cannot be found on this system."
arrMessages(70) = "The BIOS version information is not available."
arrMessages(71) = "There is not enough free system memory to complete the BIOS update."
arrMessages(72) = "The BIOS update file version is a different version class (A00, X00) than the current system BIOS. Use the --force option to use this BIOS image."
arrMessages(73) = "The BIOS update file version is older than the current system bios.  Use the --force option to use this BIOS image."
arrMessages(74) = "The BIOS update file version is identical to the current system bios.  Use the --force option to use this BIOS image."
arrMessages(75) = "The sequence list must be a comma-separated numerical list of valid unique boot device numbers (ex: 2, 1, 3)."
arrMessages(76) = "The sequence list must be a comma-separated list of valid unique device names (ex: nic.emb.1, hdd.emb.1) or a comma-separated numerical list of valid unique boot device numbers (ex: 2, 1, 3)."
arrMessages(77) = "There was an error setting the sequence."
arrMessages(78) = "The list is not formatted correctly. See the help for more details."
arrMessages(79) = "The size of returned buffer is larger than the size of allocated buffer."
arrMessages(80) = "There was a problem getting the state byte."
arrMessages(81) = "The state byte is not available on this system."
arrMessages(82) = "There was a problem setting the state byte."
arrMessages(83) = "The state byte must be a value between 0 and 255 decimal."
arrMessages(84) = "The CPU information is not available."
arrMessages(85) = "The dependent option '%s' required for this subcommand is missing in the command line."
arrMessages(86) = "Duplicate sub command '%s' has been entered."
arrMessages(87) = "The script file does contain not a valid DTK environment script signature.  (%s)"
arrMessages(88) = "The format of the environment variable is incorrect."
arrMessages(89) = "The --envar/-s option can only be used for a single option."
arrMessages(90) = "The --envar/-s option can only be used for report operations."
arrMessages(91) = "The individual sub commands should be specified for the -s option."
arrMessages(92) = "Getting external serial connector settings failed."
arrMessages(93) = "Setting external serial connector settings failed."
arrMessages(94) = "There was an error opening the file %s."
arrMessages(95) = "File '%s' does not have write permission."
arrMessages(96) = "The file contains invalid option '%s'."
arrMessages(97) = "The replication information does not match for this system."
arrMessages(98) = "There can only be one section in the input file."
arrMessages(99) = "Bad ini file, the section (%s) cannot be found."
arrMessages(100) = "The format of the bios image file is incorrect."
arrMessages(101) = "Report operations and set operations must be separate."
arrMessages(102) = "Help is not available for the option '%s'."
arrMessages(103) = "The -x (--hex) option can only be used with -b or -r."
arrMessages(104) = "Input file '%s' not found."
arrMessages(105) = "Input file '%s' cannot be read."
arrMessages(106) = "Invalid argument for option '%s'."
arrMessages(107) = "Function table lookup error."
arrMessages(108) = "The machine ID was not found in the file '%s'."
arrMessages(109) = "The system memory information is not available."
arrMessages(110) = "Mode can only be used with the --pci option."
arrMessages(111) = "The device name or index must be present in the boot order."
arrMessages(112) = "The output file '%s' could not be opened. Please make sure the path exists and the media is not write protected."
arrMessages(113) = "Could not write to output file, disk may be full."
arrMessages(114) = "The current password must be supplied with a new password using --valsyspwd."
arrMessages(115) = "The current password must be supplied with a new password using  --valsetuppwd."
arrMessages(116) = "The current password can only be supplied when setting a new password."
arrMessages(117) = "Actions are not allowed for this filter. Only alerts are allowed."
arrMessages(118) = "There was an error getting the option '%s'."
arrMessages(119) = "The option '%s' is not available or cannot be configured through software."
arrMessages(120) = "There was an error setting the option '%s'."
arrMessages(121) = "The -n (--namefile) option can only be used with --pci."
arrMessages(122) = "The password may only contain alphanumeric characters."
arrMessages(123) = "The BIOS passwords have been disabled via jumper."
arrMessages(124) = "The password length must be between 1 and 32."
arrMessages(125) = "This password is locked and can only be unlocked by the admin user."
arrMessages(126) = "There was an error setting the password."
arrMessages(127) = "The LCD string length must be between 1 and %s."
arrMessages(128) = "The LCD string may only contain alphanumeric characters."
arrMessages(129) = "There was an error setting the LCD string."
arrMessages(130) = "The second channel can only be set if the RAID controller is set to RAID."
arrMessages(131) = "The set operation, '%s', requires sub commands."
arrMessages(132) = "The service tag for this system is not available."
arrMessages(133) = "The system ID value is not available."
arrMessages(134) = "The system information string is not available."
arrMessages(135) = "A system error has occured."
arrMessages(136) = "Usage error."
arrMessages(137) = "The uuid information is not present on this system."
arrMessages(138) = "The manufacturing/first-power-on date information is not present on this system."
arrMessages(139) = "Version cannot be accompanied with any other option."
arrMessages(140) = "The self-identify blinker timer should be set to 0..255 second(s)."
arrMessages(141) = "Encrypt key is too long. 142. Encrypt key is invalid, accepted characters are 0 to 9 or A to F."
arrMessages(142) = "Undefined"
arrMessages(143) = "Parameter has been temporarily disabled due to a dependancy on other settings."
arrMessages(144) = "The old password supplied is incorrect. The new password will not be set. Please try again."
arrMessages(145) = "Cannot stat /etc/omreg.cfg file. Please ensure /etc/omreg.cfg file is present and is valid for your environment. You can copy this file from the DTK iso."
arrMessages(146) = "Getting nicselection settings failed."
arrMessages(147) = "HAPI Driver Load Error."
arrMessages(148) = "Filter action power reduction is only supported for the system power warn/fail filters."
arrMessages(149) = "TPM Clear settings requires setup password."
arrMessages(150) = "There is currently no TPM Clear request pending."
arrMessages(151) = "Password is not required for retrieving the TPM options."
arrMessages(152) = "Setup password is required for setting the TPM options."
arrMessages(153) = "Invalid Password override."
arrMessages(154) = "Invalid TPM set option."
arrMessages(155) = "There was an error setting the TPM option."
arrMessages(156) = "There is no setup password installed on this system."
arrMessages(157) = "The setup password supplied is incorrect. Please try again."
arrMessages(158) = "Profile should be custom for setting cpupowermode, memorypowermode and fanmode."
arrMessages(159) = "There was an error setting the Power Option."
arrMessages(160) = "The power cap value entered is out of range. Please try again."
arrMessages(161) = "The power cap value entered must be between 0 to 100 if unit is percent."
arrMessages(162) = "Invalid IPv6 address. The IPv6 address cannot be link-local or multicast."
arrMessages(163) = "Invalid IPv6 address. The IPv6 address specified has incorrect address format."
arrMessages(164) = "Invalid IPv6 address. The gateway address specified has incorrect address format."
arrMessages(165) = "Invalid IPv6 address. The Primary DNS server address specified has incorrect address format."
arrMessages(166) = "Invalid IPv6 address. The Secondary DNS server address specified has incorrect address format."
arrMessages(167) = "Invalid IPv6 address. The gateway address specified is invalid."
arrMessages(168) = "Invalid configuration. Attempting to apply IPv6 configuration on a non supported platform."
arrMessages(169) = "Invalid IPv6 configuration. Attempt to set DNS server address manually while DNS address source is set to auto."
arrMessages(170) = "Invalid IPv6 configuration. Attempt to set IPv6 address manually while IPv6 address source is set to auto."
arrMessages(171) = "Invalid IPv6 configuration. Attempting to apply IPv6 configuration without loading IPv6 stack."
arrMessages(172) = "Invalid IPv4 configuration. Attempting to apply IPv4 configuration with IPv4 disabled."
arrMessages(173) = "Invalid IPv6 configuration. Ipv6 address cannot be specified without specifying prefix-length."
arrMessages(174) = "Invalid IPv6 configuration. dnssrcv6 cannot be set to auto when ipsrcv6 is set to manual."
arrMessages(175) = "Error while executing IPMI Set command."
arrMessages(176) = "Error while executing IPMI Get command."
arrMessages(177) = "Error during Trap Alert."
arrMessages(178) = "Unspecified error."
arrMessages(179) = "Unsupported device. Re-try with supported device"
arrMessages(180) = "Setup password is required. Re-try providing setup/admin password"
arrMessages(181) = "System password is required. Re-try providing system password"
arrMessages(182) = "The password supplied is incorrect. Please try again."
arrMessages(183) = "Password verification failed."
arrMessages(184) = "User input password does not fit system requirement."
arrMessages(185) = "Password not installed in the system."
arrMessages(186) = "password status is disabled."
arrMessages(187) = "Error in Validation."
arrMessages(188) = "Error in Setting the Value."
arrMessages(189) = "SMI call (10-0) only supports password no more than %d characters."
arrMessages(190) = "This is not a Dell machine. CCTK supports only Dell machines."
arrMessages(191) = "Setup Password is required to change the setting. Use --valsetuppwd to provide password."
arrMessages(192) = "System Password is required to change the setting. Use --valsyspwd to provide password."
arrMessages(193) = "Password is not Installed. so use only --setuppwd"
arrMessages(194) = "Password is not Installed. so use only --syspwd"
arrMessages(195) = "The system password supplied is incorrect. Please try again."
arrMessages(196) = "The Sequence list must be a comma-separated list of valid unique device names (ex: hdd,cdrom)."
arrMessages(197) = "The system revision information is not available for this system."
arrMessages(198) = "The completion code information is not available for this system."
arrMessages(199) = "The BIOS characteristics information is not available for this system."
arrMessages(200) = "The password should not contain special characters."
arrMessages(201) = "Please use 64-bit version of this application."
arrMessages(202) = "%s cannot be modified when TPM is OFF."
arrMessages(203) = "System password cannot be set when pwdlock option is in locked state (pwdlock=lock)."
arrMessages(204) = "adddevice option not supported by this machine's BIOS"
arrMessages(205) = "usb device already present in this machine."
arrMessages(206) = "Unable to get information from BIOS."
arrMessages(207) = "%s - Error : Unable to store BIOS information."
arrMessages(208) = "Duplicate entry found in the input list : %s , Operation Aborted."
arrMessages(209) = "Typo found in the input list : %s , Operation Aborted."
arrMessages(210) = "Asset tag can have only printable ASCII characters."
arrMessages(211) = "Multiple inputs will not be accepted."
arrMessages(212) = "Invalid Hex format."
arrMessages(213) = "Hex value range should be 0x0 to 0xffff."
arrMessages(214) = "%s - Only positive numeric values are acceptable."
arrMessages(215) = "%s - Length cannot exceed two characters."
arrMessages(216) = "Range for autoon hour value should be 0 to 23(24 hour format)."
arrMessages(217) = "Range for autoon minute value should be 0 to 59."
arrMessages(218) = "This Option Not supported on UEFI Bios."
arrMessages(219) = "Unable to Set Bootorder."
arrMessages(220) = "Invalid Arguments. Unable to Set Bootorder."
arrMessages(221) = "%s should not combine with other suboptions."
arrMessages(222) = "The property ownership tag for this system is not available."
arrMessages(223) = "The property ownership tag cannot be more than 80 characters for non portable machines."
arrMessages(224) = "The property ownership tag is limited to 48 characters for portable systems."
arrMessages(225) = "Property ownership tag can have only printable ASCII characters."
arrMessages(226) = "Error in Setting the Value. Note: In some machines, If System password is set, you can't set Setup password."
arrMessages(227) = "'admin/root' privileges required to execute this application."
arrMessages(228) = "The option related BIOS information is not available in this machine."
arrMessages(229) = "Improper Output from Bios. Please try again."
arrMessages(230) = "Error in Bootorder."
arrMessages(231) = "The manufacturing/first-power-on date information is not present on this system."
arrMessages(232) = "Not Applicable."
arrMessages(233) = "Uefi bootlisttype is not supported in this Machine."
arrMessages(234) = "Improper Output from Bios. Please try again."
arrMessages(235) = "Error in Bootorder."
arrMessages(236) = "Unable to get information specific to machine."
arrMessages(237) = "The input file is invalid."
arrMessages(238) = "No Status Present."
arrMessages(239) = "File Do not have configurable Options."
arrMessages(240) = "Please provide the days to enable."
arrMessages(241) = "Password is not Installed. Please try again without providing --val%s"
arrMessages(242) = "Please provide the old password to set the new password using --valownerpwd."
arrMessages(243) = "The owner password is incorrect. Please try again."
arrMessages(244) = "Error in setting the value. Note : Setup or system password might be set on the system. Clear the password(s) and try again."
arrMessages(245) = "Owner password is not supported in file operations."
arrMessages(246) = "Password operation is not supported on the system."
arrMessages(247) = "The owner of the system has enabled the Owner Access feature. To set the Bios configuration, create setup or system password."
arrMessages(248) = "Either the system hardware or the BIOS version does not support the option. To resolve the BIOS version issue, upgrade the BIOS to the latest version."
arrMessages(249) = "Unable to get password information."

Dim cctkError, msg, bArgOK
bArgOK = vbFalse

On Error Resume Next
cctkError = CInt(Wscript.Arguments(0))

If WScript.Arguments.Count = 1 Then
	If cctkError <> "" Then
		bArgOK = vbTrue
	End If
End If

If bArgOK = True Then
	msg = "CCTK Returned message: """ & arrMessages(cctkError) & """"
	Wscript.Echo msg
	Wscript.Quit(cctkError)
Else
	Wscript.Echo "The script input was invalid."
	Wscript.Quit(1)
End If

Creating a CCTK Script

This script will enable and activate the TPM if possible, set the SATA level to it’s highest supported setting, then import the template file. Save it as CCTK-Default.cmd.

@ECHO OFF
REM Parse Arguments
SETLOCAL ENABLEEXTENSIONS ENABLEDELAYEDEXPANSION

SET ARGV=.%*
CALL :PARSE_ARGV
IF ERRORLEVEL 1 (
  ECHO Cannot parse arguments
  ENDLOCAL
  EXIT /B 1
)

REM ---START MAIN LOOP---
ECHO == Seting BIOS Settings ==

REM Determine Arch
IF "%PROCESSOR_ARCHITECTURE%" == "AMD64" GOTO :X64
GOTO X86

:X64
COPY /Y Dell-CustomSettings.cctk .\x64 >NUL
SET CCTKPath="x64"
GOTO RunCCTK

:X86
COPY /Y Dell-CustomSettings.cctk .\x86 >NUL
SET CCTKPath="x86"
GOTO RunCCTK

:RunCCTK
ECHO --Enabling TPM
%CCTKPath%\cctk.exe --tpm=on !ARG1! !ARG2!
cscript.exe //nologo Show-CCTKErrors.vbs %errorlevel%
IF errorlevel 157 GOTO END

ECHO --Activating TPM
%CCTKPath%\cctk.exe --tpmactivation=activate !ARG1! !ARG2!
cscript.exe //nologo Show-CCTKErrors.vbs %errorlevel%

ECHO --Attempting to set ATA sata mode
%CCTKPath%\cctk.exe --embsataraid=ata !ARG1! !ARG2!
cscript.exe //nologo Show-CCTKErrors.vbs %errorlevel%

ECHO --Attempting to set AHCI sata mode
%CCTKPath%\cctk.exe --embsataraid=ahci !ARG1! !ARG2!
cscript.exe //nologo Show-CCTKErrors.vbs %errorlevel%

ECHO --Attempting to set RAID ON sata mode
%CCTKPath%\cctk.exe --embsataraid=raid !ARG1! !ARG2!
cscript.exe //nologo Show-CCTKErrors.vbs %errorlevel%

ECHO --Enabling other features
%CCTKPath%\cctk.exe -i Dell-CustomSettings.cctk !ARG1! !ARG2!
cscript.exe //nologo Show-CCTKErrors.vbs %errorlevel%
GOTO END

REM ---END MAIN LOOP---

:PARSE_ARGV
REM ref: http://skypher.com/index.php/2010/08/17/batch-command-line-arguments/
  SET PARSE_ARGV_ARG=[]
  SET PARSE_ARGV_END=FALSE
  SET PARSE_ARGV_INSIDE_QUOTES=FALSE
  SET /A ARGC = 0
  SET /A PARSE_ARGV_INDEX=1
  :PARSE_ARGV_LOOP
  CALL :PARSE_ARGV_CHAR !PARSE_ARGV_INDEX! "%%ARGV:~!PARSE_ARGV_INDEX!,1%%"
  IF ERRORLEVEL 1 (
    EXIT /B 1
  )
  IF !PARSE_ARGV_END! == TRUE (
    EXIT /B 0
  )
  SET /A PARSE_ARGV_INDEX=!PARSE_ARGV_INDEX! + 1
  GOTO :PARSE_ARGV_LOOP

  :PARSE_ARGV_CHAR
    IF ^%~2 == ^" (
      SET PARSE_ARGV_END=FALSE
      SET PARSE_ARGV_ARG=.%PARSE_ARGV_ARG:~1,-1%%~2.
      IF !PARSE_ARGV_INSIDE_QUOTES! == TRUE (
        SET PARSE_ARGV_INSIDE_QUOTES=FALSE
      ) ELSE (
        SET PARSE_ARGV_INSIDE_QUOTES=TRUE
      )
      EXIT /B 0
    )
    IF %2 == "" (
      IF !PARSE_ARGV_INSIDE_QUOTES! == TRUE (
        EXIT /B 1
      )
      SET PARSE_ARGV_END=TRUE
    ) ELSE IF NOT "%~2!PARSE_ARGV_INSIDE_QUOTES!" == " FALSE" (
      SET PARSE_ARGV_ARG=[%PARSE_ARGV_ARG:~1,-1%%~2]
      EXIT /B 0
    )
    IF NOT !PARSE_ARGV_INDEX! == 1 (
      SET /A ARGC = !ARGC! + 1
      SET ARG!ARGC!=%PARSE_ARGV_ARG:~1,-1%
      IF ^%PARSE_ARGV_ARG:~1,1% == ^" (
        SET ARG!ARGC!_=%PARSE_ARGV_ARG:~2,-2%
        SET ARG!ARGC!Q=%PARSE_ARGV_ARG:~1,-1%
      ) ELSE (
        SET ARG!ARGC!_=%PARSE_ARGV_ARG:~1,-1%
        SET ARG!ARGC!Q="%PARSE_ARGV_ARG:~1,-1%"
      )
      SET PARSE_ARGV_ARG=[]
      SET PARSE_ARGV_INSIDE_QUOTES=FALSE
    )
    EXIT /B 0

:END
ENDLOCAL

EXIT /B %errorlevel%

Save these files in your dell-cctk package, then create a ‘run command-line’ task sequence action linked to the package. The command should be ‘CCTK-Generic.cmd’. Good luck!

SCCM 2012 – Architecture Agnostic Dell CCTK WinPE Bios Package

I’m tired of choosing between our 32-bit and 64-bit Dell CCTK packages. We needed separate packages since the 32-bit cctk doesn’t run in Windows 7 x64, and the 64-bit cctk doesn’t run in x86 WinPE. This post will show you how to create a cmd wrapper to pass arguments to the appropriate executable for the running architecture.

  1. Download CCTK and install.
  2. Use the files that the cctk installer places in it’s installation directory to create the following folder structure in your package source directory. The files are usually kept in C:\Program Files (x86)\Dell\CCTK\X86 and ..\X86_64.
     \dell-cctk
     \dell-cctk\x86
     \dell-cctk\x86\
     \dell-cctk\x86\cctk.exe and supporting files
     \dell-cctk\x86\HAPI
     \dell-cctk\x64
     \dell-cctk\x64\cctk.exe and supporting files
     \dell-cctk\x64\HAPI
    
  3. Create a file named cctk.cmd in the \dell-cctk directory, and paste in the following code. The large majority of this code was re-purposed from the awesome blog post here: Batch Command-Line Arguments. This script will accept up to three arguments, and pass them to the correct cctk executable.
    @ECHO OFF
    REM Parse Arguments
    SETLOCAL ENABLEEXTENSIONS ENABLEDELAYEDEXPANSION
    
    SET ARGV=.%*
    CALL :PARSE_ARGV
    IF ERRORLEVEL 1 (
      ECHO Cannot parse arguments
      ENDLOCAL
      EXIT /B 1
    )
    
    REM ---START MAIN LOOP---
    ECHO == Seting BIOS Settings ==
    
    REM Determine Arch
    IF "%PROCESSOR_ARCHITECTURE%" == "AMD64" GOTO :X64
    GOTO X86
    
    :X64
    SET CCTKPath="x64"
    GOTO RunCCTK
    
    :X86
    SET CCTKPath="x86"
    GOTO RunCCTK
    
    :RunCCTK
    ECHO --Running command
    %CCTKPath%\cctk.exe !ARG1! !ARG2! !ARG3!
    cscript.exe //nologo Show-CCTKErrors.vbs %errorlevel%
    GOTO END
    
    REM ---END MAIN LOOP---
    
    :PARSE_ARGV
    REM ref: http://skypher.com/index.php/2010/08/17/batch-command-line-arguments/
      SET PARSE_ARGV_ARG=[]
      SET PARSE_ARGV_END=FALSE
      SET PARSE_ARGV_INSIDE_QUOTES=FALSE
      SET /A ARGC = 0
      SET /A PARSE_ARGV_INDEX=1
      :PARSE_ARGV_LOOP
      CALL :PARSE_ARGV_CHAR !PARSE_ARGV_INDEX! "%%ARGV:~!PARSE_ARGV_INDEX!,1%%"
      IF ERRORLEVEL 1 (
        EXIT /B 1
      )
      IF !PARSE_ARGV_END! == TRUE (
        EXIT /B 0
      )
      SET /A PARSE_ARGV_INDEX=!PARSE_ARGV_INDEX! + 1
      GOTO :PARSE_ARGV_LOOP
    
      :PARSE_ARGV_CHAR
        IF ^%~2 == ^" (
          SET PARSE_ARGV_END=FALSE
          SET PARSE_ARGV_ARG=.%PARSE_ARGV_ARG:~1,-1%%~2.
          IF !PARSE_ARGV_INSIDE_QUOTES! == TRUE (
            SET PARSE_ARGV_INSIDE_QUOTES=FALSE
          ) ELSE (
            SET PARSE_ARGV_INSIDE_QUOTES=TRUE
          )
          EXIT /B 0
        )
        IF %2 == "" (
          IF !PARSE_ARGV_INSIDE_QUOTES! == TRUE (
            EXIT /B 1
          )
          SET PARSE_ARGV_END=TRUE
        ) ELSE IF NOT "%~2!PARSE_ARGV_INSIDE_QUOTES!" == " FALSE" (
          SET PARSE_ARGV_ARG=[%PARSE_ARGV_ARG:~1,-1%%~2]
          EXIT /B 0
        )
        IF NOT !PARSE_ARGV_INDEX! == 1 (
          SET /A ARGC = !ARGC! + 1
          SET ARG!ARGC!=%PARSE_ARGV_ARG:~1,-1%
          IF ^%PARSE_ARGV_ARG:~1,1% == ^" (
            SET ARG!ARGC!_=%PARSE_ARGV_ARG:~2,-2%
            SET ARG!ARGC!Q=%PARSE_ARGV_ARG:~1,-1%
          ) ELSE (
            SET ARG!ARGC!_=%PARSE_ARGV_ARG:~1,-1%
            SET ARG!ARGC!Q="%PARSE_ARGV_ARG:~1,-1%"
          )
          SET PARSE_ARGV_ARG=[]
          SET PARSE_ARGV_INSIDE_QUOTES=FALSE
        )
        EXIT /B 0
    
    :END
    ENDLOCAL
    
    EXIT /B %errorlevel%
  4. Create a package for your dell-cctk directory and files named ‘Dell CCTK Multi-Arch’, but don’t add a program.
  5. Create a file in \dell-cctk named HAPIInstall.cmd and add the following code.
    @echo off
    REM Determine Arch
    IF "%PROCESSOR_ARCHITECTURE%" == "AMD64" GOTO :X64
    GOTO X86
    
    :AMD64
    x64\hapi\hapint.exe -i -k C-C-T-K -p "hapint.exe"
    GOTO END
    
    :X86
    x86\hapi\hapint.exe -i -k C-C-T-K -p "hapint.exe"
    GOTO END
    
    :END
  6. Add a task sequence step in WinPE with the following characteristics. This enables use of CCTK in WinPE. If desired, this action and the next action can be placed in a group (folder) so that the conditional WMI queries only need to be specified once.
    Type: Run Command-Line
    Name: Install Dell HAPI Drivers
    Package: Dell CCTK Multi-Arch
    Command: HAPIInstall.cmd
    Conditions: If any of the following:
      * select * from win32_computersystem where Model like 'Latitude%'
      * select * from win32_computersystem where Model like 'Precision%'
      * select * from win32_computersystem where Model like 'Optiplex%'
    
  7. Add a task sequence step after the one created in Step 5 with the following characteristics. Substitute the command line arguments with whatever you’d like the action to do in the Dell BIOS.
    Type: Run Command-Line
    Name: Dell Bios - Enable TPM
    Package: Dell CCTK Multi-Arch
    Command: cctk.cmd --TPM=on --valsetuppwd=YourBiosPassword
    Conditions: If any of the following:
      * select * from win32_computersystem where Model like 'Latitude%'
      * select * from win32_computersystem where Model like 'Precision%'
      * select * from win32_computersystem where Model like 'Optiplex%'
    

Congrats! That should do ya. No more worrying about whether or not you selected the appropriate CCTK package for your architecture.

Dell Bios Updates in SCCM Task Sequences with Powershell (revisited)

[Update] I updated the script on 01/16/13 because it had some bugs. Sorry! Make sure to re-download the latest version from my Github repo below.


We started seeing a lot of task sequence actions dedicated to Dell Bios updates in our task sequences, so I wrote a powershell script to make things a bit more manageable.

Download the script here: John Puskar’s Github Repo.

The script looks up the system model, and looks for a subfolder in the script’s working directory that matches the model name. Then, it reads the last few digits of any exe files in the subfolder and considers them to be bios version updates available. Then, it compares those available versions against the current system bios.

If the script decides that an update is available in it’s repository, it will pick the next highest update in line above the currently running Bios version, and install it. For example, say there are 3 updates files in a directory: A03, A05, and A07. Your system is running A04. The script will update the system to A05.

If you need to run multiple updates, you must run the script multiple times with a reboot between runs.

Task Sequence Integration

To integrate the script into your task sequence, do the following

  1. Download the script and place it in a folder.
  2. Create a package for the script with no program.
  3. Create folders for your models with the exact model name of your system (ex: “Optiplex 990” or “Optiplex 9010”). You can get model numbers by running the following PowerShell command:
    (gwmi win32_computersystem).model
  4. Download BIOS updates from support.dell.com for the target models. Save the .exe BIOS updates in their respective folders.
  5. Create a ‘Run Command Line’ TS action with the following command. Make sure to link the package. You can replace <BiosPassword> with your BIOS password.
    powershell.exe -ExecutionPolicy Bypass -File .\Dell-BiosUpdates.ps1 <BiosPassword>

If necessary for your environment, copy and paste this task sequence action so that it runs multiple times, but add a reboot action in between. Future versions of the script should detect WinPE and set a TS action to skip successive runs. I’ll do that eventually.

Thanks and good luck!

SCCM Task Sequence – Pushing Dell BIOS Settings

In a previous post, I wrote a guide on how to update your Dell to the latest BIOS version through a task sequence. This post covers how to make BIOS setting changes through a task sequence.

Downloads

Capturing the Settings

First, we need to capture the settings that you’d like to push.

  1. Download and install the Dell CCTK on a system that matches the Make\Model you’d like to push settings to.
  2. Create a new SCCM package to house the CCTK and BIOS Settings files.
  3. Copy the contents of the following folder to the package source directory.
    C:\Program Files (x86)\Dell\CCTK\X86_64
  4. Run the CCTK Gui and select “Create Package”.
  5. Next, select “This System’s File” then click “Next”.
  6. Click “Edit”, then scroll down to the “Storage” section and uncheck the check box for any settings which match “sata#”. I’ve learned that otherwise, on most systems it will apply “Enabled” instead of “Auto” (despite choosing Auto on this screen) which causes an error on boot.
  7. Next, click “Export Configuration” and save your settings file to the source folder of your CCTK package.

Pushing the Settings

OK, now we’re ready for some Task Sequence work. Woot.

  1. Create a new task sequence, or open a task sequence that you’d like to add the BIOS settings changes to.
  2. Create a group named “Push BIOS Settings” with the following parameters.
    WMI: If -Any- are true
    select * from win32_computersystem where Model like 'Latitude%'
    select * from win32_computersystem where Model like 'Precision%'
    select * from win32_computersystem where Model like 'Optiplex%'
  3. Create a new group named “Prep”.
  4. In the “Prep” group, create a “Run Command Line” action with the following parameters. This will enable WinPE support for CCTK.
    Name: Install WinPE HAPI Driver
    Command: HAPI\hapint.exe -i -k C-C-T-K -p "hapint.exe"
    Package: Dell CCTK 2.01 Portable x64
    
  5. Next, create TS Actions in the Prep group which set a BIOS password. See my previous post “SCCM Task Sequence – Updating Dell BIOS versions” for instructions on how to do this.
  6. Create a new group in the “Push BIOS Settings” group named “Settings by Model”.
  7. For each model, create a TS Action with the following paramters.
    Name: Set Default BIOS Settings (Model)
    Command: cctk.exe -i <CCTKSavedSettingsFile>.cctk --valsetuppwd=<BiosPassword>
    Package: Dell CCTK 2.01 Portable x64
    WMI: select * from Win32_computersystem where Model like "<MyMakeandModel>%"
    

Example TS Action for the Dell 990:

Name: Set Default BIOS Settings (Opti990)
Command: cctk.exe -i OSUChem_OptiPlex990.cctk --valsetuppwd=MyPassword
Package: Dell CCTK 2.01 Portable x64
WMI: select * from Win32_computersystem where Model like "Optiplex 990%"

Enabling the TPM

I’ve noticed that on some systems, the TPM cannot be enabled by a CCTK settings file. Also, on some systems, I can’t seem to activate the TPM during WinPE regardless of the commands used. If you want to enable and activate the TPM, perform the following steps.

  1. Create a TS action in the Push Bios Settings group, -after- the Settings by Model group, with the following parameters.
    Name: Enable TPM
    Command: cctk --tpm=on --valsetuppwd=<MyPassword>
    Package: Dell CCTK 2.01 Portable x64
    
  2. Next, copy the entire “Push Dell BIOS Settings” group, and paste a new copy into a place in the task sequence -after- the “Setup Windows and ConfigMgr” step.
  3. On this new copy of the group, change the name from “Push Dell BIOS Settings” to “Push Dell BIOS Settings (Inside OS)”.
  4. Remove the “Install WinPE HAPI Driver” TS Action from this new group.
  5. Add a new “Restart Computer” TS Action after “Enable TPM” targeted at the “Currently installed Operating System”.
  6. Add a new “Run Command Line” TS Action after “Restart Computer” with the following parameters.
    Name: Activate TPM
    Command: cctk.exe --tpmactivation=activate --valsetuppwd=<MyPassword>
    Package: Dell CCTK 2.01 Portable x64
  7. Rearrange the TS Actions to match the following list:
    <Settings By Model Group>
    Enable TPM
    Restart Computer
    Activate TPM
    Set Default BIOS Settings (Model1)
    Set Default BIOS Settings (Model2)
    Set Default BIOS Settings (Model3)
    etc…

Wrapping Up

CCTK is capable of changing the SATA storage controller operation mode. This is why if you’re imaging computers, it’s important to set the BIOS settings twice, in WinPE and inside the OS. Pushing settings in WinPE lets Windows setup select the proper SATA or RAID controller driver before the OS starts. Settings need pushed again after WinPE mode is finished because some settings (such as TPM=enable or TPM activation) only work inside the OS for some systems. Lousy workaround, I know, but it’s solid.

Here are screen shots of my current TS. The first image contains my WinPE actions. The second image contains my (Inside OS) actions.

Enjoy your BIOS setting adventures. This stuff is magic!