/build/static/layout/Breadcrumb_cap_w.png
03/14/2019 246 views

Hi All, 

the K1000 is capable of reporting on devices which need Dell updates ... has anyone figured out whether there's a way to leverage this information to script a "manage-bde -protectors -disable C:" ???

1 Comment   [ + ] Show comment

Comments

  • Is your end goal to turn off BitLocker before upgrading the BIOS?
    • technically my end goal would be to suspend bitlocker rather than turning it off, but yes.

All Answers

0

Here is a query that will return those computers that require a BIOS upgrade:

SELECT MACHINE_ID, MACHINE.NAME, APPLICABLE_UPDATE,
 DELL_PKG.NAME, DELL_PKG.DESCRIPTION
FROM ORG1.DELL_MACHINE_STATUS
JOIN KBSYS.DELL_PKG on DELL_PKG.PACKAGE_DID = DELL_MACHINE_STATUS.PACKAGE_DID
JOIN MACHINE on MACHINE.ID = DELL_MACHINE_STATUS.MACHINE_ID
WHERE DELL_PKG.COMPONENT_TYPE = "BIOS"
AND APPLICABLE_UPDATE = "UPGRADE"

This query will work for a smart label:

SELECT MACHINE.NAME AS SYSTEM_NAME, SYSTEM_DESCRIPTION, MACHINE.IP, MACHINE.MAC, MACHINE.ID as TOPIC_ID 
FROM MACHINE
JOIN DELL_MACHINE_STATUS on DELL_MACHINE_STATUS.MACHINE_ID = MACHINE.ID
JOIN KBSYS.DELL_PKG on DELL_PKG.PACKAGE_DID = DELL_MACHINE_STATUS.PACKAGE_DID
WHERE DELL_PKG.COMPONENT_TYPE = "BIOS"
AND APPLICABLE_UPDATE = "UPGRADE"

Once the smart label is in place, you should be able to configure a task chain that will turn off BitLocker and then apply the update. In our environment, BitLocker is enabled with Group Policy, so it automatically turns back on the next time the device updates policy. The MBAM client checks in every 90 minutes, I think, so that's normally enough time to perform an operation before it turns back on.

Answered 03/20/2019 by: chucksteel
Red Belt

  • thank you, Chuck. This is supremely helpful.
  • Chuck - last question. What would be the syntax for returning only laptops? a better subsequent question is how are you finding out what the sql structure is?
    • To restrict to laptops, add this line to the bottom of the query:
      AND MACHINE.CHASSIS_TYPE = "laptop"

      I use MySQL WorkBench to connect to the SMA database to view the tables directly.