Skip to content
Dell driver Intune
Home » Dell Drivers with Intune and Proactive Remediations

Dell Drivers with Intune and Proactive Remediations

If a device is delivered new by Dell, the drivers are usually up-to-date. After a year, or if the device is reinstalled, drivers are quickly missing or no longer up to date. This can open security gaps or cause problems for the end user. In order to avoid this situation, I use Intune to distribute the "Dell Command Update" program, which I then use to regularly check and update / install the Dell drivers via Proactive Remediations.

Table of Contents

Create filters for Dell devices

Before we start the distribution, let's create a filter for Dell devices.
You do this under: Tenant Administration > Filters

We give the filter a meaningful name and select "Windows 10 and later" as the platform.

Filter name: WIN Manufacturer Dell

As a filter rule, we only use the manufacturer "Dell".
To check the filter, you can click on the preview of the filter.
(device.manufacturer -eq "Dell Inc.")

Dell Filters, Settings and Preview

After clicking on "next" and "create" the creation of the filter is already complete. We will need this again later to install the "Dell Command Update" only on Dell devices.

Dell Command Update

In order to start the check via Proactive Remediations, the "Dell Command Update" program must first be installed. I have provided you with the finished Win32 package on GitHub.
The package includes the EXE with version 4.6.0.

Install Dell Command Update via Intune

For distribution with Intune you navigated to «Apps > Windows», choose «+Add» and «Windows app (Win32)».
Then upload the "install.intunewin" file.

Add Intune, win32 app

In the "App information" you fill in the name, the description and the publisher.
I have also made a logo available to you on GitHub.

Intune App Information, Dell Command Update

In the next steps you will add the installation parameters as listed below and set the requirements.

Install command%SystemRoot%\sysnative\WindowsPowerShell\v1.0\powershell.exe -executionpolicy bypass -command .\install.ps1
Uninstall command%SystemRoot%\sysnative\WindowsPowerShell\v1.0\powershell.exe -executionpolicy bypass -command .\uninstall.ps1
Install command
Request win32

For the detection rule, you add a manual one with the following parameters:

File, Sting (version):

  • C:\Program Files (x86)\Dell\CommandUpdate\
  • dcu-cli.exe
  • 4.6.0.3
Dell Command Update detection rule

You can skip the "Dependencies" and "Supersedence" step.

In the assignment you now assign a target group. This can also include all devices. However, so that only Dell devices receive the program, we also apply the filter created in the first part of this blog.

Apply assignment and Dell filter

Create Proactive Remediations package

With the installation of the "Dell Command Update" we have fulfilled the requirements and can create the Proactive Remediations package.

As usual, I saved the scripts on GitHub for you:

If you do not have a Windows Enterprise or Education license, you cannot use this function.
I'll show you an alternative here: "Proactive Remediation for Business" | scloud

First you need to create a new PR package:
Reports > Endpoint analytics > Proactive remediations + Create script package

You give this a name.

Proactive Remediations Script, Dell Driver Intune

Then you upload the detection and remediation script.
Drivers and firmware updates are installed in my template, if you only want drivers, you can simply enter the "Drivers" in the 4th line of the two scripts.

Proactive Remediations Script, Dell Drivers

In the assignment, you select a group and also define the interval for checking this.
I chose to do this every 14 days. If the device is not running at this time, the script will be executed at the next start.
In addition, we apply the filter for the Dell devices here as well.

Proactive Remediations, Interval
Filters, Dell devices

That's it, now the drivers of your Dell devices are regularly updated via Endpoint Manager / Intune.

Proactive Remediation Report

When executing detection and remediation, the outputs are sent to the Microsoft Endpoint Manager and can be viewed there.

To do this, the additional columns must be displayed in the view. You can do this in the corresponding PR package via the "Columns" button.

Proactive Remediation view

If you then click on the corresponding "Review" links, the required drivers will be displayed, for example:

Proactive Remediations, Review
Proactive Remediations, Review Message

39 thoughts on “Dell Treiber mit Intune und Proactive Remediations”

  1. Hi,
    thanks for this great tutorial.
    I have various doubts... Do we have to install Dell-Command-Update-Application_T97XP_WIN_4.6.0_A00.EXE and both scripts (install.ps1 and uninstall.ps1)?

    Thanks!

    1. You're welcome!
      No, you only have to upload the "install.intunewin" which contains all files.
      The "install.ps1" then calls the exe for the silent installation process. The "uninstall.ps1" is only executed if you decide to uninstall the app via Intune.

    2. You have to add it to your netlogon folder where everyone has Read access and then use the below for the install and uninstall scripts:

      %SystemRoot%\sysnative\WindowsPowerShell\v1.0\powershell.exe -executionpolicy bypass -File "\\YourNetworklocation\NETLOGON\Dell-Command-Update\DCU-Intune\install.ps1"

      %SystemRoot%\sysnative\WindowsPowerShell\v1.0\powershell.exe -executionpolicy bypass -File "\\YourNetworklocation\NETLOGON\Dell-Command-Update\DCU-Intune\uninstall.ps1"

      Otherwise Intune won't know where to look for the install and un-install files.

      Cheers

      1. If you use a win32 app, the intunewin will be "unzipped" on the target machine and all the sources will be available on the local machine. So you don't have to add a network share and can deploy it regardless of the network location.
        A UNC Path is only necessary if you use another solution than Intune to deploy the software.

  2. So what's the process/work-around for the proactive remediation if we don't have the appropriate licensing for that? We only have 365 business premium and do not have any of the E3/E5/A3/A5 that it requires to run proactive remediation.

  3. Thank you for this guide. I ran through it and was able to get things working properly in the end. The one thing that didn't work for me from your code was the update.count if/else in the detection script. Running $DCU_analyze.updates.update.count always produced 0 for the count, even if I have output in the xml and when I output the value on $DCU_analyze.updates.update. I still need to test this fully, but my initial changes made it work for me and reports back to remediation with the pending updates. I added "$var = $DCU_analyze.updates.update | Measure-Object" below the $DCU_analyze test-path and then changed the count in the if statement to "$var.Count -lt 1". No other changes in the scripts besides adding the bios flag to the check and it's now running in my qa environment.

    1. Hi Rick, I'm not sure where you referring to. Do you mean the PR scripts?
      Those are executed by the IMExtention and don't need special execution policies.

    2. Hi Florian

      Excellent article. Dell have released version 4.7 of Dell Command, what are the steps to create an updared install.intunewin file?

      Also we are a all Dell house so in theory I could skip the use of Filtering of the devices?

      1. You can do so by downloading the "Dell Command Update.zip" from GitHub, unzip and replacing the EXE.
        In addition, you must change the EXE-Filename in line 12 of the install.ps1. after that you can create the intunewin (https://scloud.work/win32-app-intunewin/) and upload the newest version.
        Don't forget to also increase the version in the detection rule.

        Regarding the filtering, not necessarily, but I would do so... cause you never know if there will be another device.

        1. With the newest version of the Dell Command Update (4.7.1), Dell has removed the previous style and only uses the UWP version. However, UWP now works with CLI but the installation is in Program Files and not Program Files (x86).

  4. Excellent work. Just tested it in my test environment and working as expected.

    However, can we include a line in it to suspend bitlocker, for the firmware upgrade, or else it will ask for the Bitlocker key when booting up the computer.

      1. Buenas tardes,

        Me parece genial lo que has hecho con esto, lo estoy probando en el ambiente del cliente.
        pregunto?

        En la remediación se podría colocar este parametro:
        Start-Process $DCU_exe -ArgumentList "/configure -silent -autoSuspendBitLocker=enable -userConsent=disable" -Wait

    1. Hi Florian,

      Excellent scripts and they appear to work great.

      How is the functionality with BIOS firmware updates if Bitlocker is enabled? Checked a few of my devices today and they have installed various firmwares and drivers, but all have the BIOS update sitting.

    2. Hi,

      The install.intunewin file autofills install.ps1 as the App name, not Dell Command update like in the screen shot. Does that matter? I know i can edit the name of the app but wanted to be sure it's going to create correctly as an application.

      Thanks

      1. At the upload Intune uses just the filename, you can set the name to "Dell Command update" or whatever you like. The Name doesn't matter about the installation.

    3. Hello,

      I have a problem. The detection script find drivers, prepare .xml log, but ?the remediate script not run?, because the remediation status: Recurred. - I used just driver update, don't firmware in the script.
      What can be the solution?

      I used newest and oldest script, same problem.

      Dell Command update verion: 4.6.0

    4. Hi Florian

      Thanks for your work on automation for dell with dell command update.
      I'm going to put it in production soon on a 2000 computer park

      I tested on a group of 10 computers and all return a value of compliant (0 drivers).
      While I have drivers available on the computers.
      Looking at your code on the detection part line 11 - 19 I still have the number of node at zero

      I modified this part in the following way which shows me the number of nodes in the XML file

      if(Test-Path "$DCU_report\DCUApplicableUpdates.xml")
      {
      [System.Xml.XmlDocument] $data = new-object System.Xml.XmlDocument
      $data.load("$DCU_report\DCUApplicableUpdates.xml")
      $rows=$data.selectnodes("//updates/update")
      }
      if($rows.Count -lt 1){
      Write-Output "Compliant, no drivers needed"
      Exit 0
      }else{
      Write-Warning "Found drivers to download/install: $($rows.name)"
      Exit 1
      }

    5. Hi,

      Thanks for all the workaround but in my tenant it seem that the drivers doesn't want to be updated they all fall into the recurred but the issue doesn't seems to be resolved.

        1. So I've done this,

          Running the script within the system activates the dellcli executable and identifies the dell drivers to install ( which it had been for me without using the CLI prior ) , and all it does is resolve 17 where it writes the red WARNING: and lists the drivers that need to be installs.

          It then shuts down the script, performing the EXIT function and nothing happens.

    6. Thank for your great work.

      I'm having issues with the drivers actually installing.
      The script provided is returning with reoccurring errors.
      Firmware and Dell Apps are successfully installing; however, drivers have not been.

      I have the device set to run the script hourly and it's powered-plugged in.

      1. Hello Andrew T

        I've got the same issue, the scan is made perfectly but the drivers doesn't apply.
        On intune it says that the devices loop on reoccurring error.

        it's set to hourly also and power-plugged

        1. The issue seems to be from this line...

          Start-Process $DCU_exe -ArgumentList "/applyUpdates -silent -reboot=disable -updateType=$DCU_category -outputlog=$DCU_report /configure -silent -autoSuspendBitLocker=enable -userConsent=disable" -Wait

          If you remove "/configure -silent -autoSuspendBitLocker=enable -userConsent=disable" it works just fine. Deos the CLI arguments support applying updates and doing configuration changes at the same time?

          A better option would likely be having 2 seperate commands:
          Start-Process $DCU_exe -ArgumentList "/configure -silent -autoSuspendBitLocker=enable -userConsent=disable" -Wait
          Start-Process $DCU_exe -ArgumentList "/applyUpdates -silent -reboot=disable -updateType=$DCU_category -outputlog=$DCU_report" -Wait

          Another thing to consider is that if you update the Dell Command Update from 4.6.0 to 4.7.1, it can move the CLI command from "Program Files (x86)" to the 64bit "Program Files"

          1. Hi Patrick,
            Your workaround is the fix, i came to the same conclusion as DCU came with this error message when i ran it from the prompt
            -------------------------------------------------------
            Duplicate commands provided.
            The program exited with return code: 103
            -------------------------------------------------------
            Hence i don't believe that DCU is so happy about dual commands in one line.

    Leave a Reply

    Your email address will not be published. Required fields are marked *

    de_CH DE
    de_CH DE
    en_US EN
    Exit mobile version