Remote deploy Intel AMT firmware using SCCM

if your update is packaged in an MSI like the one from Intel download site just create add as a new app in SCCM then create a deployment for it.
is there a specific point in the process you are stuck?

Hi,

You need to give more details:

what vendor are you using?
what models are you using?
are you trying to deploy BIOS updates? (as opposed an Intel patch)

For example, Dell have released new versions of all the affected firmware as updates. There are several blogs with several methods out there but the basic method is to target models using WMI filters and deploy the EXE as a standard CM package.

I would give more detail but if you are not using Dell's it's not relevant. Using CM is definitely the better solution here.

Mike

Hi Mike, thanks for the update. we do have some dell units. However majority of our fleet are Lenovo x250-x260, and T550-T560. What I'm really trying to do is close off the vulnerability of the Intel amt . It seems the only option involves updating the bios. So my question is can I get a way to automate this process on all Lenovo laptops and not have ton's of machines rebooting after the firmware get updated.

I don't believe there is any way to update the bios of a machine with out a reboot (as even most online flash utilities just copy the rom paq to the machine and load on next reboot). That said you can suppress the reboot when deploying in SCCM but chances are the vulnerability will not be closed until it reboots and finishes the update. (that said if the vendor says it doesn't require a reboot then that specific one would not)

Dell and Lenovo probably have a package either exe or MSI that can be deployed with sccm using application deployment. (msi are a lot easier)

Thanks Guys for your support. I suspected I would have to take that route.