1. PDQ Deploy & Inventory Help Center
  2. Community
  3. PDQ Deploy
 

Important Notice: On February 29th, this community was put into read-only mode. All existing posts will remain but customers are unable to add new posts or comment on existing. Please feel to join our Community Discord for any questions and discussions.

PDQ Deploy - Firmware Updates

Avatar
Ericc Diaz

Good Day....

With the recent Spectre and Meltdown issues we are looking into updating the firmware of all of our devices.

We would like to create a package that will be able to detect the make and model of the computer and install the specific firmware. Can this be done in one package or do i have to create individual packages for each model. We would like the steps to be as follows:

Suspend Bitlocker
Detect Model of computer
install specific firmware silently
Reboot
Run Microsoft Powershell script for Spectre\Meltdown
Resume Bitlocker

 

We would like to capture the results of the microsoft script into a report if it is possible. 

 

 

0

Comments

4 comments
Date Votes
  • Avatar
    Monica KVH
    (Edited )

    To capture the results of Microsoft's script, you can pass the Get-SpeculationControlSettings results to a text file using the pipeline.

    Something like this should do:

    $comp = $env:ComputerName

    Get-SpeculationControlSettings | Out-File C:\spec-$comp.txt

    I want to say that you could make collections in Inventory based off of computer model, and use the "PDQ Inventory Collection > Is A Member" condition in install steps. I have never installed firmware with PDQ so that is something you might want to test carefully. (I'm sure if someone has installed firmware with PDQ they'll chime in.)

    0
  • Avatar
    Monica KVH
    (Edited )

    Here's a fuller version of what I posted above that uses more of Microsoft's script:

    $comp = $env:ComputerName

    $ExecPol = Get-ExecutionPolicy

    Set-ExecutionPolicy RemoteSigned -Force

    Install-Module SpeculationControl -Force
    Import-Module SpeculationControl
    Get-SpeculationControlSettings | Out-File C:\spec-$comp.txt

    <# 
    Uncomment "Copy-Item" line and add destination path
    if intending to copy "spec-$comp.txt" to a shared network location. 
    #>

    #Copy-Item -Path C:\spec-$comp.txt -Destination ?:\

    Set-ExecutionPolicy $ExecPol -Force

    It will NOT run successfully as-is in PDQ Deploy with their command line settings on PowerShell steps. Their default is below. One of the PowerShell experts at PDQ can probably tell you what you would need to change in order to run such a script from Deploy. (You should be able to keep the -ExecutionPolicy Bypass bit of their settings in there, and just remove every line with execution policy stuff in the script I pasted.)

     

    0
  • Avatar
    Ericc Diaz

    Thank You Monica! I will test this script!

    0
  • Avatar
    Derek Peer

    I know this is old but may help others.  Monica, Thanks for the great script!  Ericc, I checked with PDQ support and Josh M gave us the missing piece to run as a deployment with a couple changes.

    ....
    Install-PackageProvider -Name "NuGet" -Force    <--you need this to get NuGet to load the module
    Install-Module SpeculationControl -Force
    ....

    #Set-ExecutionPolicy $ExecPol -Force    <--either comment this or remove

    I commented it out just in case I want to use the script elsewhere.  I tested it and it works great.

    0