Automatically install the latest HP drivers during Autopilot provisioning

Managing drivers when provisioning Windows 10 device using Autopilot, there’s currently not any native built-in functionality in Microsoft Intune to ensure the device is provided to the end-user with the latest and greatest drivers available from the manufacturer, in this case HP. We’re currently in the hands of HP to provide the drivers injected into the image that’s shipped on the device. But what if we could actually control this, using the tools available from HP? That’s what this blog post is going to cover.

Before we dig into how we can accomplish that, I want to shout out to Bruce Sa (@BruceSaaaa) who originally came up with the idea behind the method that I’ll be sharing in this post. I’ve taken Bruce’s approach and expanded it into a fully fledged script version with extended logging and a single script file instead of multiple.

The idea here, using Bruce’s original idea, is to use the HPCMSL PowerShell module to download and run HP Image Assistant to download and apply the required drivers and driver software applicable for the current device that’s being provisioned. This method can easily be a part of a regular User Driven provisioning but also fits perfect with White Glove provisioning flows with Autopilot.

Download the script

Download the following script from our GitHub repository:

https://github.com/MSEndpointMgr/Intune/blob/master/Drivers/Invoke-HPDriverUpdate.ps1

Save it as Invoke-HPDriverUpdate.ps1 in e.g. C:\IntuneWinAppUtil\Source\Drivers, as we’ll use it later when packaging this script as a Win32 app.

Operational modes of the script

Since version 1.0.2, a new operational mode parameter named ‘HPIAAction’ was added to the script, that allows you to decide which of the actions below the script should perform:

• Download
  • In this mode HPIA will be used to only download the driver and driver software suitable for the model its currently running on.
• Install
  • In this mode HPIA will attempt to install already downloaded and extracted driver and driver software. For this mode, it’s required that the script has already been executed in Download mode prior to execution.

With this change of the script and how it operates, it’s required for performing both Download and Install actions, specifically in that order, to create two Win32 apps and make use of dependencies. In the below screenshot, you can see that the script has been created as two separate Win32 apps, one for Download and one for Install:

More on how this works can be read further down in this blog post, when packaging and creating the Win32 apps.

The script was amended this way due to the fact that Win32 apps in Intune are only allowed to execute for 60 min. If Intune Management Extension detects that the process it has initiated runs longer than this hard-coded value, it will stop monitoring it and deem that it failed. I’ve on several occasions raised this inappropriate behavior with Microsoft, however nothing has been committed from their end to improve on this.

Prepare additional script files

For the Win32 apps that we’re going to create, an additional script file is required as a Requirement Rule. Save the following PowerShell code as a file called Invoke-HPDriverUpdateRequirementRule.ps1:

$Manufacturer = (Get-WmiObject -Class "Win32_ComputerSystem" | Select-Object -ExpandProperty Manufacturer).Trim()
switch -Wildcard ($Manufacturer) {
    "*HP*" {
        Write-Output -InputObject "HP"
    }
    "*Hewlett-Packard*" {
        Write-Output -InputObject "HP"
    }
    default {
        Write-Output -InputObject $Manufacturer
    }
}

This script file will ensure that the Win32 app is only executed on HP devices.

Package the script as Win32 apps

The process for packaging scripts as a Win32 app is just the same as for any other application. Packaging the script as a Win32 app allows us to track the driver installation process initiated by HP Image Assistant and wait for it to complete before the end-user arrives at the desktop, but it’s especially important to track this process to support pre-provisioning (previously known as White Glove). So, let’s start by packaging the script saved from GitHub above.

For this we have a few options. I’ve previously blogged about a PowerShell module called IntuneWin32App that I’ve written. I frequently use this to package and create Win32 apps. In the instructions below, I’ll reference this module, but you can also download the IntuneWinAppUtil.exe packaging utility yourself from here.

Ensure you’ve prepared two separate files of the Invoke-HPDriverUpdate.ps1 script, where the $HPIAAction variable is defined differently in the scripts.

Start by installing the module if you don’t already have it:

Install-Module -Name IntuneWin32App

Once the module is installed, we’ll use the New-IntuneWin32AppPackage function to create the .intunewin file that contains the Invoke-HPDriverUpdate.ps1 script file. Call the function using the following command, where the input parameters should references the path structure in your environment (below is just an example):

New-IntuneWin32AppPackage -SourceFolder C:\IntuneWinAppUtil\Source\Drivers -SetupFile "Invoke-HPDriverUpdate.ps1" -OutputFolder C:\IntuneWinAppUtil\Output

As per the above screenshot, the packaged .intunewin file has successfully been created in C:\IntuneWinAppUtil\Output and is called Invoke-HPDriverUpdate.intunewin. This is the file that we now need to reference when creating the Win32 app in the next step.

Follow the same steps for all script files, which should result in two .intunewin packages.

Create the Win32 apps

Ensure you follow the steps below for to create two Win32 apps for both operational mode actions. Start of by creating the Download operational mode Win32 app, as it will later be references as a dependency for the Install operational mode Win32 app.

From within the Microsoft Endpoint Manager portal (endpoint.microsoft.com), go to Apps – Windows and create a new by clicking the Add button.

In the Select app type blade that appears on the right side, select Windows app (Win32) and click Select.

Click Select app package file:

In the window that appears on the right, browse and select the Invoke-HPDriverUdpdate.intunewin file and click OK:

Configure the app information accordingly to your requirements, for example like shown in the below screenshot and click Next when ready:

In the Program configuration blade, configure the following as the Install command:

powershell.exe -ExecutionPolicy Bypass -Command "& '.\Invoke-HPDriverUpdate.ps1' -RunMode Stage"

And use the following Uninstall command:

cmd.exe /c

In addition, configure the Device restart behavior as No action. Leave the default return codes and click Next.

In the Requirements blade, configure the desired Operating system architecture and Minimum operating system version. Click on Add under Configure additional requirement rules.

Select the Requirement rule to a Script.

Since this Win32 app is going to install the latest drivers for HP devices, we’d want to add a custom PowerShell script requirement rule that ensures that it’s only executed on eligible devices, HP devices that is, using the Invoke-HPDriverUpdateRequirementRule.ps1 script file that we created earlier.

Click the browse button next to Script file and select the Invoke-HPDriverUpdateRequirementRule.ps1 file:

Configure the Select output data type as String, with the operator Equals and the value HP:

Click OK and Next when ready with the Requirement rule configuration.

As for Detection Rules, select Manually configure detection rules as Rule format and click Add:

As the Rule type, select Registry and configure the following:

• Key path:
  • HKEY_LOCAL_MACHINE\SOFTWARE\HP\ImageAssistant
• Value name:
  • ExecutionResult
• Detection method:
  • String comparison
• Operator:
  • Equals
• Value:
  • Success

The Invoke-HPDriverUpdate.ps1 script creates the above registry value with a string of Success if it completes the driver installation process successfully. Click OK and click Next when ready.

As for the Dependencies blade ensure the Win32 app you’re creating for the Install operational mode, references the Win32 app for Download mode.

If you’re using Scope tags, configure them appropriately and continue.

For assignment, make sure to only assign the Install operational mode Win32 app. Also, I’d suggest that you target a group of devices and not users. If the Win32 app is going to be used for pre-provisioning (White Glove), device targeting is preferred. As for regular User Driven provisioning, either User or Device targeting works, however I usually target apps towards devices when they’re meant to be installed on all devices during provisioning.

On the final configuration blade Review + Create, validate your configuration and click Create.

Once both apps have been created, you should have two Win32 apps similar to what’s shown below:

Track the app in Enrollment Status Page

In order to be able to track the Win32 app during Autopilot provisioning, it’s required to add the newly created apps to your Enrollment Status Page configuration, as shown below, unless you have it configured to track all assigned apps instead of only the selected.

Results

With the Win32 app created and assigned to devices, the progress can be tracked in a log file created locally on the device called HPDriverUpdate.log located under C:\Windows\Temp.

Additionally, the script also stores the log files created by HP Image Assistant in the following location, so that the results of what drivers where applied is available for examination if required:

• C:\Windows\Temp\HPIALogs

With that, installing the latest drivers for HP devices can now be accomplished when provisioning devices using Autopilot.