Call4Cloud | MMP-C | Autopilot | Device Preparation

The Windows Drivers Games

by rudyooms Posted on
Patch My Pc | install & update thousands of apps

This blog will be about what options you have when you need to deploy drivers while using Intune.

I received a private message from the Technet community asking me to help with driver installation problems. 100 devices needed a WLAN driver update.  

The devices had the built-in Microsoft Driver installed, but they needed the Intel driver installed in 2020 for some reason. I guess I forgot to ask why.

So, what options do we have to deploy the proper drivers to the device when using Intune?

1. HP Image Assistant

I have been using this solution for a while now. It’s great when you need to ensure that all the HP drivers are updated during autopilot.

Automatically install the latest HP drivers during Autopilot provisioning

My experience with this solution is mixed. Sometimes, the driver updates go great…, but other times, it takes a really long time before the drivers are updated.

2. PnPUtil

Using pnputil to add driver package to the driver store

This could be a really good solution when you need to install a single driver. Let’s see what you will need to do. First, we need to download the sp111695.exe from the HPE website.

After downloading it, you need to start installing it. It will extract the needed files to the c:\swsetup folder

Ensure the driver folder has the *.inf files in it, as shown below!

I browsed to the src folder and removed the install.drv.cmd and created a new and very simple PowerShell Script

creating the powershell script that copies the intelwlandriver.dll to the drivers folder and would add the driver by using pnputil /add-driver to the driver store
New-Item -Path "c:\" -Name "temp" -ItemType "directory" -force
cmd.exe /C copy /Y .\IntelWLANdriver.dll "C:\Windows\System32\drivers" > c:\temp\hpwlandrivercopy.txt
c:\windows\sysnative\Pnputil.exe /add-driver ".\driver\*.inf" /install > c:\temp\hpwlandriverpnputil.txt

It’s a very simple script that uses PUNPutil to install the driver. You could add some error handling to ensure it only installs when it’s not yet installed, but it will do for the demonstration.

Did you notice the Sysnative folder? I created a blog about this, some weeks ago. You will need to specify the full path to the c:\windows\sysnative\pnputil.exe file otherwise, the installation would fail.

Read the blog here:

https://call4cloud.nl/2021/05/sysnative-64-bit-ime-intune/

Now that we have everything we need, create an Intunewinapp package and upload it to Intune. If needed, create a dynamic group to target only the required HP device models.

Another option would be to mark the app as available so end-users can install the driver on their own when the time is right. Disturbing your end-users with a driver update could give you negative feedback.

Let’s see it in action

3. PnPUnattend

This wonderful tool named, PnPUnattend could also be used to perform unattended driver installations. But besides installing drivers (Parameter /L), you could also use it to audit the system (Parameters /s /L) if those drivers match

Before installing drivers with this tool, we need to configure the DriverPaths. If we don’t, the PnPUnattend.exe does not know where to fetch the drivers from.

Just like we did with PnPUntil, we could download all the drivers we need to extract them to a folder and combine them with a PowerShell script like the one below.

$Drivers = "C:\install\Drivers"
New-Item -ItemType Directory -Force -Path C:\install\Drivers

Copy-Item -Path ".\drivers\*" -Destination "c:\install\drivers -Recurse

New-Item -Path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\UnattendSettings\PnPUnattend\DriverPaths" -Name 1 -Force
New-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\UnattendSettings\PnPUnattend\DriverPaths\1" -Name Path -Value $Drivers -Force

c:\windows\sysnative\pnpunattend.exe auditsystem /l

When you combine this PowerShell script with all those drivers in a nice Win32App Package, the PnPUnattend will loop through all the driver folders to search for all the INF files to install

4.Intune Windows update for business

At the moment of writing this blog, the only option you have now is using the Windows update ring. You could allow or block Windows drivers.

When using this option, you can only allow or block all driver installations from Windows update. You have no control over the timing of these driver installations.

For now, I am not recommending this solution when you want to make sure your drivers are being kept up to date

Shortly thereafter, a new service for driver and firmware deployment became available.  It will give you the ability to control/approve and schedule the driver updates

https://techcommunity.microsoft.com/t5/windows-it-pro-blog/introducing-a-new-deployment-service-for-driver-and-firmware/ba-p/2176942

Conclusion:

I hope the new Driver and firmware update service is GA soon so we can all use it. When you only need to deploy 1 driver, maybe option 2 is the best one. Please make sure you are deploying the approved drivers. You don’t want a BSOD

Leave a Reply

Your email address will not be published. Required fields are marked *

6  +  1  =  

Proudly powered by WordPress | Theme: Wanderz Blog by Crimson Themes.