Overview
Admit it, Windows Updates are usually straightforward and relatively painless. However, what about driver updates? These updates, frequently sidelined, are equally vital, particularly for deployed systems that have been in production for some time. The challenge arises: how can one efficiently implement and supervise driver updates across a diverse array of systems in operational environments? For that, we utilize Dell Command | Update and Tanium's Enforce module. By leveraging both of these tools, we have been effective in delivering automatic driver update deployments with built in user deferrals. So, let's jump into.
The Details
First, you will need to download Dell Command | Update and deploy it to your systems.
Once the application is installed, you will see there a ton of options to configure. With so many options, rather than list them out, please reference Dell's documentation.
After gathering the configurations, you wish to apply, one method is to export and import these settings onto another machine. While this approach is effective, it lacks the capability to uphold these settings if a user decides to modify them. As illustrated below, the configured settings are monitored and recorded within the registry. For the next step, we will leverage the registry items to enforce/deploy them via Tanium.
Note: I recommend excluding BIOS updates in your first pass.
- From the Enforce menu, click Device Actions and then click Create.
- In the Summary section, provide the identifying details for the policy.
- In the Remediation section, select the task that you want to run on your endpoint(s) from the Add Task dropdown list. For us, we will be leveraging Edit Registry Data
- Editing the registry modifies an existing registry value if it exists; optionally, the value can be created if it does not exist.
0 Comments