PowerShell filter to exclude BIOS/UEFI Updates #107
Unanswered
wevansghub
asked this question in
Q&A
Replies: 5 comments 2 replies
-
|
Hey, have you read: https://jantari.github.io/LSUClient-docs/docs/topics/bios-and-firmware/#excluding-bios-andor-firmware-updates ? Should be exactly what you want. Also on the same page is information that you shouldn't use To only exclude firmware updates that force a power off, filter them by the updates' RebootType. RebootType 4 is the one that means it powers off the machine, see page 45 here: https://download.lenovo.com/pccbbs/mobiles_pdf/tvsu5_mst_en.pdf Hope that helps |
Beta Was this translation helpful? Give feedback.
0 replies
-
|
Hi Jantari,
Thanks for the quick response, I must have missed that article, thank you it explains everything that I need.
I think that for the moment excluding the power off updates would be beneficial. Do you know roughly how common reboot type 4 is for Lenovo machines?
We have a variety of models and I expect that it will vary massively from model to model.
Excluding the shutdowns but leaving the firmware updates could be one method?
Then realistically if you are going to update firmware then you want all the firmware, this also being model dependant. Newer models having more frequent updates and likely resuming them faster and more effectively without shutdown.
Can I ask you what your opinion would be for Enterprises with larger model variance?
Kind regards,
William
William Evans
End User Computing Engineer
Technology & Information Services | University of Plymouth | Drake Circus | Plymouth | PL4 8AA
| Email: ***@***.*** | Web: plymouth.ac.uk/ITservices
From: jantari ***@***.***>
Sent: Saturday, September 21, 2024 7:46 PM
To: jantari/LSUClient ***@***.***>
Cc: William Evans ***@***.***>; Author ***@***.***>
Subject: Re: [jantari/LSUClient] PowerShell filter to exclude BIOS/UEFI Updates (Discussion #107)
Hey, have you read: https://jantari.github.io/LSUClient-docs/docs/topics/bios-and-firmware/#excluding-bios-andor-firmware-updates ?
Should be exactly what you want. Also on the same page is information that you shouldn't use SaveBIOSUpdateInfoToRegistry anymore.
To only exclude firmware updates that force a power off, filter them by the updates' RebootType. RebootType 4 is the one that means it powers off the machine, see page 45 here: https://download.lenovo.com/pccbbs/mobiles_pdf/tvsu5_mst_en.pdf
Hope that helps
-
Reply to this email directly, view it on GitHub<#107 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/BDCDZZKMAZRAE6ZW6WNYY43ZXW5HVAVCNFSM6AAAAABOSHUKX2VHI2DSMVQWIX3LMV43URDJONRXK43TNFXW4Q3PNVWWK3TUHMYTANZRGQ2DONI>.
You are receiving this because you authored the thread.Message ID: ***@***.***>
…________________________________
[https://www.plymouth.ac.uk/images/email_footer.gif]<http://www.plymouth.ac.uk/worldclass>
This email and any files with it are confidential and intended solely for the use of the recipient to whom it is addressed. If you are not the intended recipient then copying, distribution or other use of the information contained is strictly prohibited and you should not rely on it. If you have received this email in error please let the sender know immediately and delete it from your system(s). Internet emails are not necessarily secure. While we take every care, University of Plymouth accepts no responsibility for viruses and it is your responsibility to scan emails and their attachments. University of Plymouth does not accept responsibility for any changes made after it was sent. Nothing in this email or its attachments constitutes an order for goods or services unless accompanied by an official order form.
|
![https://www.plymouth.ac.uk/images/email_footer.gif]<http://www.plymouth.ac.uk/worldclass](https://www.plymouth.ac.uk/images/email_footer.gif]<http://www.plymouth.ac.uk/worldclass){kind=link}
Beta Was this translation helpful? Give feedback.
1 reply
-
I've only seen it very rarely, but you have PowerShell - you can just check: '20KH', '20Q1', '<other models>' | Foreach-Object {
if ($type4 = Get-LSUpdate -Model $_ -All -NoTestApplicable -NoTestInstalled -NoTestSeverityOverride | Where RebootType -eq 4) {
Write-Host "$_ type4 updates:"
$type4 | Out-Host
}
} |
Beta Was this translation helpful? Give feedback.
-
|
I've noticed that installer type BIOS also.
I am trying to put together within a SCCM task sequence a dynamic driver step, excluding firmware.
I assume I should also exclude BIOS as well?
Silent drivers that wont shut down the system is the filter that I am looking for.
***@***.***
Kind regards,
Will
From: jantari ***@***.***>
Sent: Sunday, September 29, 2024 1:30 AM
To: jantari/LSUClient ***@***.***>
Cc: William Evans ***@***.***>; Author ***@***.***>
Subject: Re: [jantari/LSUClient] PowerShell filter to exclude BIOS/UEFI Updates (Discussion #107)
Do you know roughly how common reboot type 4 is for Lenovo machines?
I've only seen it very rarely, but you have PowerShell - you can just check:
'20KH', '20Q1', '<other models>' | Foreach-Object {
if ($type4 = Get-LSUpdate -Model $_ -All -NoTestApplicable -NoTestInstalled -NoTestSeverityOverride | Where RebootType -eq 4) {
Write-Host "$_ type4 updates:"
$type4 | Out-Host
}
}
-
Reply to this email directly, view it on GitHub<#107 (reply in thread)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/BDCDZZP2PF3KVWHDFWJMBTTZY5CZDAVCNFSM6AAAAABOSHUKX2VHI2DSMVQWIX3LMV43URDJONRXK43TNFXW4Q3PNVWWK3TUHMYTANZYGY2DINI>.
You are receiving this because you authored the thread.Message ID: ***@***.***>
…________________________________
[https://www.plymouth.ac.uk/images/email_footer.gif]<http://www.plymouth.ac.uk/worldclass>
This email and any files with it are confidential and intended solely for the use of the recipient to whom it is addressed. If you are not the intended recipient then copying, distribution or other use of the information contained is strictly prohibited and you should not rely on it. If you have received this email in error please let the sender know immediately and delete it from your system(s). Internet emails are not necessarily secure. While we take every care, University of Plymouth accepts no responsibility for viruses and it is your responsibility to scan emails and their attachments. University of Plymouth does not accept responsibility for any changes made after it was sent. Nothing in this email or its attachments constitutes an order for goods or services unless accompanied by an official order form.
|
Beta Was this translation helpful? Give feedback.
1 reply
-
|
Whether you want to install BIOS updates or not is totally up to you.
That's a common usecase that's enabled by the If you think anything in the documentation is unclear or hard to find, please improve it: https://github.com/jantari/LSUClient-docs |
Beta Was this translation helpful? Give feedback.
-
|
Could I ask a question about dependencies which I don't think is covered on the documentation.
I know that you advise to loop driver installs, though I found this impractical in an SCCM task sequence. I found it very practical in a script scenario or in an application where I can see any reboot etc.
I opted for non-looped steps in a TS with a condition to reboot after via the TS engine if updates are found, this minimises any errors the TS engine may have.
One question I have with the aim of reducing driver install errors is around dependencies.
I've noticed that in one of our TS that "Lenovo Hotkeys" is installed as an SCCM app. However, if you read through the documentation for Hotkeys, it states that to activate the features that another driver is required.
There are too many drivers to keep on top of so I would like us to move to a more dynamic approach with LSUClient or ThinInstaller. How does LSUClient handle dependencies, if one driver depends on another?
Kind regards,
Will
From: jantari ***@***.***>
Sent: Thursday, October 17, 2024 8:07 PM
To: jantari/LSUClient ***@***.***>
Cc: William Evans ***@***.***>; Author ***@***.***>
Subject: Re: [jantari/LSUClient] PowerShell filter to exclude BIOS/UEFI Updates (Discussion #107)
Whether you want to install BIOS updates or not is totally up to you.
Silent drivers that wont shut down the system is the filter that I am looking for.
That's a common usecase that's enabled by the .Installer.Unattended property of updates. So common in fact that it's the second example in the docs<https://jantari.github.io/LSUClient-docs/docs/topics/examples/#install-only-packages-that-can-be-installed-silently-and-non-interactively> and README<https://github.com/jantari/LSUClient?tab=readme-ov-file#examples-and-tips>.
If you think anything in the documentation is unclear or hard to find, please improve it: https://github.com/jantari/LSUClient-docs
-
Reply to this email directly, view it on GitHub<#107 (reply in thread)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/BDCDZZKXFG4KWN6YCHH3ZITZ4ADHBAVCNFSM6AAAAABOSHUKX2VHI2DSMVQWIX3LMV43URDJONRXK43TNFXW4Q3PNVWWK3TUHMYTAOJXGU2DEMQ>.
You are receiving this because you authored the thread.Message ID: ***@***.***>
…________________________________
[https://www.plymouth.ac.uk/images/email_footer.gif]<http://www.plymouth.ac.uk/worldclass>
This email and any files with it are confidential and intended solely for the use of the recipient to whom it is addressed. If you are not the intended recipient then copying, distribution or other use of the information contained is strictly prohibited and you should not rely on it. If you have received this email in error please let the sender know immediately and delete it from your system(s). Internet emails are not necessarily secure. While we take every care, University of Plymouth accepts no responsibility for viruses and it is your responsibility to scan emails and their attachments. University of Plymouth does not accept responsibility for any changes made after it was sent. Nothing in this email or its attachments constitutes an order for goods or services unless accompanied by an official order form.
|
Beta Was this translation helpful? Give feedback.
0 replies
-
|
Do these filters look to be optimal to avoid shutdown
#BIOS | UEFI
$updates = Get-LSUpdate | Where-Object {
$_.Type -eq 'BIOS' -and
$_.Category -match "BIOS|UEFI" -and
$_.Title -match "BIOS|UEFI"
}
#Drivers filtering out forced reboot
$updates = Get-LSUpdate | Where-Object {
$_.Installer.Unattended -and
$_.RebootType -in @(0, 3, 5) -and
$_.Type -ne 'Firmware' -and
$_.Category -notlike "*Firmware*"
}
#Firmware
$updates = Get-LSUpdate | Where-Object {
$_.Type -eq 'Firmware' -and
$_.RebootType -eq 5 -and
$_.Category -like "*Firmware*"
$_.Title -like "*Firmware*"
}
foreach ($update in $updates) {
$result = Install-LSUpdate -Path "C:\Windows\LSUClient" -Package $update -Verbose
switch ($result.PendingAction) {
'SHUTDOWN' {
[void]$switch.MoveNext(); write-output "Moving Next on installer $_"
}
}
}
From: William Evans
Sent: Friday, October 18, 2024 10:16 AM
To: jantari/LSUClient ***@***.***>; jantari/LSUClient ***@***.***>
Cc: Author ***@***.***>
Subject: RE: [jantari/LSUClient] PowerShell filter to exclude BIOS/UEFI Updates (Discussion #107)
Could I ask a question about dependencies which I don't think is covered on the documentation.
I know that you advise to loop driver installs, though I found this impractical in an SCCM task sequence. I found it very practical in a script scenario or in an application where I can see any reboot etc.
I opted for non-looped steps in a TS with a condition to reboot after via the TS engine if updates are found, this minimises any errors the TS engine may have.
One question I have with the aim of reducing driver install errors is around dependencies.
I've noticed that in one of our TS that "Lenovo Hotkeys" is installed as an SCCM app. However, if you read through the documentation for Hotkeys, it states that to activate the features that another driver is required.
There are too many drivers to keep on top of so I would like us to move to a more dynamic approach with LSUClient or ThinInstaller. How does LSUClient handle dependencies, if one driver depends on another?
Kind regards,
Will
From: jantari ***@***.******@***.***>>
Sent: Thursday, October 17, 2024 8:07 PM
To: jantari/LSUClient ***@***.******@***.***>>
Cc: William Evans ***@***.******@***.***>>; Author ***@***.******@***.***>>
Subject: Re: [jantari/LSUClient] PowerShell filter to exclude BIOS/UEFI Updates (Discussion #107)
Whether you want to install BIOS updates or not is totally up to you.
Silent drivers that wont shut down the system is the filter that I am looking for.
That's a common usecase that's enabled by the .Installer.Unattended property of updates. So common in fact that it's the second example in the docs<https://jantari.github.io/LSUClient-docs/docs/topics/examples/#install-only-packages-that-can-be-installed-silently-and-non-interactively> and README<https://github.com/jantari/LSUClient?tab=readme-ov-file#examples-and-tips>.
If you think anything in the documentation is unclear or hard to find, please improve it: https://github.com/jantari/LSUClient-docs
-
Reply to this email directly, view it on GitHub<#107 (reply in thread)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/BDCDZZKXFG4KWN6YCHH3ZITZ4ADHBAVCNFSM6AAAAABOSHUKX2VHI2DSMVQWIX3LMV43URDJONRXK43TNFXW4Q3PNVWWK3TUHMYTAOJXGU2DEMQ>.
You are receiving this because you authored the thread.Message ID: ***@***.******@***.***>>
…________________________________
[https://www.plymouth.ac.uk/images/email_footer.gif]<http://www.plymouth.ac.uk/worldclass>
This email and any files with it are confidential and intended solely for the use of the recipient to whom it is addressed. If you are not the intended recipient then copying, distribution or other use of the information contained is strictly prohibited and you should not rely on it. If you have received this email in error please let the sender know immediately and delete it from your system(s). Internet emails are not necessarily secure. While we take every care, University of Plymouth accepts no responsibility for viruses and it is your responsibility to scan emails and their attachments. University of Plymouth does not accept responsibility for any changes made after it was sent. Nothing in this email or its attachments constitutes an order for goods or services unless accompanied by an official order form.
|
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
What is everyone using for their filters to filter out firmware upgrades?
I recently had an issue where a firmware upgrade required the device to fully power down.
I would like to filter out firmware upgrades that power down the system at the least and if that can't be filtered on then omit the firmware updates all together.
I have read through all the detailed instructions and will make use of the -SaveBIOSUpdateInfoToRegistry switch if I can keep firmware updates going but if they are at a risk of shutting down the machines without me being able to have prior understanding that is going to occur then I will have to move them to another task sequence/application.
Beta Was this translation helpful? Give feedback.
All reactions