/build/static/layout/Breadcrumb_cap_w.png

Leveraging SQL info to script BIOS deployment

Hi All, 

the K1000 is capable of reporting on devices which need Dell updates ... has anyone figured out whether there's a way to leverage this information to script a "manage-bde -protectors -disable C:" ???

Asked 5 years ago 570 views
1 Comment   [ + ] Show comment
  • Is your end goal to turn off BitLocker before upgrading the BIOS? - chucksteel 5 years ago
    • technically my end goal would be to suspend bitlocker rather than turning it off, but yes. - cdmead 5 years ago

Answers (1)

Posted by: chucksteel 5 years ago
Red Belt
0

Here is a query that will return those computers that require a BIOS upgrade:

SELECT MACHINE_ID, MACHINE.NAME, APPLICABLE_UPDATE,
 DELL_PKG.NAME, DELL_PKG.DESCRIPTION
FROM ORG1.DELL_MACHINE_STATUS
JOIN KBSYS.DELL_PKG on DELL_PKG.PACKAGE_DID = DELL_MACHINE_STATUS.PACKAGE_DID
JOIN MACHINE on MACHINE.ID = DELL_MACHINE_STATUS.MACHINE_ID
WHERE DELL_PKG.COMPONENT_TYPE = "BIOS"
AND APPLICABLE_UPDATE = "UPGRADE"

This query will work for a smart label:

SELECT MACHINE.NAME AS SYSTEM_NAME, SYSTEM_DESCRIPTION, MACHINE.IP, MACHINE.MAC, MACHINE.ID as TOPIC_ID 
FROM MACHINE
JOIN DELL_MACHINE_STATUS on DELL_MACHINE_STATUS.MACHINE_ID = MACHINE.ID
JOIN KBSYS.DELL_PKG on DELL_PKG.PACKAGE_DID = DELL_MACHINE_STATUS.PACKAGE_DID
WHERE DELL_PKG.COMPONENT_TYPE = "BIOS"
AND APPLICABLE_UPDATE = "UPGRADE"

Once the smart label is in place, you should be able to configure a task chain that will turn off BitLocker and then apply the update. In our environment, BitLocker is enabled with Group Policy, so it automatically turns back on the next time the device updates policy. The MBAM client checks in every 90 minutes, I think, so that's normally enough time to perform an operation before it turns back on.

Comments:
  • thank you, Chuck. This is supremely helpful. - cdmead 5 years ago
  • Chuck - last question. What would be the syntax for returning only laptops? a better subsequent question is how are you finding out what the sql structure is? - cdmead 5 years ago
    • To restrict to laptops, add this line to the bottom of the query:
      AND MACHINE.CHASSIS_TYPE = "laptop"

      I use MySQL WorkBench to connect to the SMA database to view the tables directly. - chucksteel 5 years ago
      • THANK you. - cdmead 5 years ago
 
This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ