SCCM Update BIOS HP Elitebook 2530p with Bitlocker

This is a short notice on how I did the BIOS upgrade on HP Elitebook 2530p (tested on 2530,2540,2570,Probook, 6s60 and 6570)

First of all, this got very important after little over a year of running Windows7, Bitlocker and HP Elitebook, some computers reencrypted their disks (SSD disk so it ONLY takes around 30-60minutes) spontaneous and according to Google and a answer from MS Tech is that the BIOS is to old, well then a update on Windows7 triggered this bug, cant really tell which…

So I resolved to SCCM 2007 to do this, could I publish a new package? Boot into WinPE? Publish a task sequence?

A program package got, difficult to say the least, after some digging and testing this is how the procedure seems to must be done

• Pause bitlocker
• Upgrade bios
• Reboot
• Resume bitlocker

Then how to do this in a controlled manner? and then we got the BIOS Password to take care of also.
To do this in WinPE demanded AD connection and authentications, seemed to difficult at this time so I abandoned the ide totally.

Created a new testcollection, to have control of which computers I should be messing with
Created a new task sequence, HP BIOS Upgrade.

• Remove BIOS password
  
• Disable Bitlocker
• Upgrade BIOS
• Reboot
• Enable Bitlocker
• Set BIOS password
• Remove myself from the collection

and to create biospackages for each computermodel that demanded a new bios, WMI queries for  model and biosdate and ending with removing itself from the collection.
One example on WMI query and if statement around it that all these queries must be true.

Select * From Win32_ComputerSystem WHERE Model LIKE "%ProBook 6570%"
SELECT * FROM Win32_BIOS WHERE ReleaseDate < "20130328000000.000000+000"
SELECT * FROM Win32_BIOS WHERE SMBIOSVERSION LIKE "%68ICF%"

Im in the stage of testing the TaskSequence now, it seems to work… I’ll get back to you about this in a bit.

Then there is to publish this to all users and having good information on what and how they are supposed todo.
This can only be done with the powercord attached and takes around 5 minutes to complete but the amount of time invested for the IT department is quite big, but would be alot more hourse if we had to do this manually (if even ever to be done…)

With SCCM we have control and can see who has done it or not.