Monitoring with PowerShell: Monitoring Dell Driver Updates (DCU 3.1)

Previously I’ve written a blog about Dell Command Update and its ability to monitoring and download updates. This blog was based on Dell Command Update 2. As it is with all applications this started working less on newer machines. To resolve this Dell released a new major update for Dell Command Update which according to Dell, works on 99% of the Dell devices.

I really like monitoring if the device drivers are up to date, and all versions are as current as can be. Dell Command Update also allows you to install the updates on the device for remediation\

Updates Detection Script

The monitoring script downloads the installation file with the Dell Command Update utility. You can host the file yourself if you do not trust Dell as a source. The script installs DCU, sets the DCU service to manual, and runs the DCU-cli with the Report Parameter, I would advise to only run this set on an hourly or even daily schedule, using your RMM system of course.

You can choose what variables to alert on yourself – I like reporting on the count of updates, but I know others rather would alert on the title. At the bottom of the scripts I’ve added specific alerting options – You can choose which of these you find important.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34


$DownloadURL = "https://dl.dell.com/FOLDER05944445M/1/Dell-Command-Update_V104D_WIN_3.1.0_A00.EXE"
$DownloadLocation = "C:\Temp"

try {
$TestDownloadLocation = Test-Path $DownloadLocation
    if (!$TestDownloadLocation) { new-item $DownloadLocation -ItemType Directory -force }
    $TestDownloadLocationZip = Test-Path "$DownloadLocation\DellCommandUpdate.exe"
if (!$TestDownloadLocationZip) {
        Invoke-WebRequest -UseBasicParsing -Uri $DownloadURL -OutFile "$($DownloadLocation)\DellCommandUpdate.exe"
        Start-Process -FilePath "$($DownloadLocation)\DellCommandUpdate.exe" -ArgumentList '/s' -Verbose -Wait
set-service -name 'DellClientManagementService' -StartupType Manual
}

}
catch {
write-host "The download and installation of DCUCli failed. Error: $($\_.Exception.Message)"
exit 1
}

start-process "C:\Program Files\Dell\CommandUpdate\dcu-cli.exe" -ArgumentList "/scan -report=$DownloadLocation" -Wait
[ xml]$XMLReport = get-content "$DownloadLocation\DCUApplicableUpdates.xml"
#We now remove the item, because we don't need it anymore, and sometimes fails to overwrite
remove-item "$DownloadLocation\DCUApplicableUpdates.xml" -Force

$AvailableUpdates = $XMLReport.updates.update

$BIOSUpdates = ($XMLReport.updates.update | Where-Object { $_.type -eq "BIOS" }).name.Count
$ApplicationUpdates = ($XMLReport.updates.update | Where-Object { $_.type -eq "Application" }).name.Count
$DriverUpdates = ($XMLReport.updates.update | Where-Object { $_.type -eq "Driver" }).name.Count
$FirmwareUpdates = ($XMLReport.updates.update | Where-Object { $_.type -eq "Firmware" }).name.Count
$OtherUpdates = ($XMLReport.updates.update | Where-Object { $_.type -eq "Other" }).name.Count
$PatchUpdates = ($XMLReport.updates.update | Where-Object { $_.type -eq "Patch" }).name.Count
$UtilityUpdates = ($XMLReport.updates.update | Where-Object { $_.type -eq "Utility" }).name.Count
$UrgentUpdates = ($XMLReport.updates.update | Where-Object { $\_.Urgency -eq "Urgent" }).name.Count

So that’s the detecting updates portion, of course we also have the commandline to install the updates. Lets get started with that.

Remediation

Remediation is fairly straight forward. When using the switch /ApplyUpdates the updates start immediately. Of course we like having a little more control, so all the options are listed here. I’ve also included some examples:

Installing all updates, disable bitlocker, and reboot if required:

1
2


$DownloadLocation = "C:\Program Files\Dell\CommandUpdate"
start-process "$($DownloadLocation)\dcu-cli.exe" -ArgumentList "/applyUpdates -autoSuspendBitLocker=enable -reboot=enable" -Wait

This installs all available update found during the last scan including BIOS updates, suspends bitlocker, and reboots the computer immediately.

Installing all updates, do not disable Bitlocker, and do not reboot

1
2


$DownloadLocation = "C:\Program Files\Dell\CommandUpdate"
start-process "$($DownloadLocation)\dcu-cli.exe" -ArgumentList "/applyUpdates -autoSuspendBitLocker=disable -reboot=disable" -Wait

This installs all available update found during the last scan excluding BIOS updates, because we aren’t suspending bitlocker, and lets the user reboot the computer.

Install BIOS updates, suspend bitlocker, reboot

1
2


$DownloadLocation = "C:\Program Files\Dell\CommandUpdate"
start-process "$($DownloadLocation)\dcu-cli.exe" -ArgumentList "/applyUpdates -autoSuspendBitLocker=enable -reboot=enable -updateType=bios" -Wait

And this one installs only the BIOS updates. I think with these examples and the manual I’ve posted above you can figure out your exact preferred settings.

So that’s it! As always, Happy PowerShelling!