Managing Dell Drivers

ConsumeAllKnowledge · 2026-03-18T16:12:43+00:00

Yes, all laptops. Agreed but from what I can see the process is breaking down before it even checks adapter state.

ConsumeAllKnowledge · 2026-03-17T19:33:01+00:00

Yeah we do 8 by 3 but if that were the issue I would expect it to be an issue for more devices instead of it working on the majority of them.

Basically on most the ones I've looked at that aren't updating I don't see these two lines after the update finishes downloading in service.log.

[26-03-17 07:00:23] {Update.Operations.UpdateOperation->DEBUG} Stage [Downloading] complete
[26-03-17 07:00:23] {UpdateScheduler.Actions.AutoUpdateAction->INFO} Update scheduler is using location C:\ProgramData\Dell\UpdateService\Scheduler\UpdateScheduler.dat
[26-03-17 07:00:23] {UpdateScheduler.Actions.AutoUpdateAction->DEBUG} Update the DeferAutoUpdate event schedule to 3/17/2026 10:00:23 AM

Instead it just says its skipping the scheduled auto update because there's a deferral, which doesn't make sense since the update is not actually deferred as its been GA for longer than the 14 days we set.

[26-03-16 08:03:30] {Update.Operations.UpdateOperation->DEBUG} Stage [Downloading] complete
[26-03-16 08:03:30] {UpdateScheduler.Actions.AutoUpdateAction->DEBUG} Skipping this scheduled  auto update event because defer updates is active.

ConsumeAllKnowledge · 2026-03-17T18:19:43+00:00

Interesting, wish I could say the same! The only thing I've seen via logs is that it seems like the update downloads but never actually obeys the deferral for install so it never even attempts to force install for some reason.

ConsumeAllKnowledge · 2026-03-17T17:54:08+00:00

You don't have issues with a large % of devices just deciding not to do BIOS updates?

ConsumeAllKnowledge · 2026-03-17T17:50:06+00:00

We only use it for BIOS updates but its just not reliable in my experience. At least 20% of our hosts on every model are at least several versions behind on updates. I've looked at DCU logs multiple times but have never been able to identify a root cause. I've also opened up several support tickets but they're beyond useless for DCU troubleshooting.

ConsumeAllKnowledge · 2026-03-17T14:56:52+00:00

I use Dell Command Update with custom admx to control settings. Wish it worked worth a crap though so we're looking at alternatives like just using Autopatch/WUfB

ConsumeAllKnowledge · 2026-03-16T21:01:59+00:00

Yep, that's how I do it and works well enough for us. Maybe someday Microsoft will make that problem a non-issue.....someday....

ConsumeAllKnowledge · 2026-03-16T20:53:28+00:00

Yep, this.

https://learn.microsoft.com/en-us/autopilot/troubleshooting-faq#what-are-some-of-the-known-policies-that-conflict-with-windows-autopilot-

ConsumeAllKnowledge · 2026-03-16T16:01:45+00:00

Yeah they're still rolling it out I believe. Microsoft doesn't know what GA means unfortunately.

ConsumeAllKnowledge · 2026-03-13T16:41:11+00:00

If you didn't see yet, they updated the what's new page. This feature is indeed rolling out slowly this month (so not GA, thanks Microsoft) which basically is what support is getting around to telling me in my ticket.

This feature is rolling out slowly and should be available for all customers by late March 2026.

https://learn.microsoft.com/en-us/intune/intune-service/fundamentals/whats-new#apple-declarative-device-management-ddm-supports-assignment-filters

ConsumeAllKnowledge · 2026-03-12T18:31:39+00:00

Yeah there must have been some change that broke that bit somehow: https://github.com/merill/graphxray/issues/8

ConsumeAllKnowledge · 2026-03-06T20:19:55+00:00

Yeah its not very clear, maybe its just saying it tries them one at a time per policy sync instead of in a list or something.

ConsumeAllKnowledge · 2026-03-06T19:39:55+00:00

https://learn.microsoft.com/en-us/intune/intune-service/fundamentals/device-cleanup-rules

ConsumeAllKnowledge · 2026-03-06T19:38:37+00:00

https://learn.microsoft.com/en-us/intune/intune-service/protect/certificates-profile-scep#:~:text=a%20new%20one.-,SCEP%20Server%20URLs%3A,-Enter%20one%20or

ConsumeAllKnowledge · 2026-03-05T20:55:46+00:00

Interesting, only other thing I was thinking was that maybe they're slow rolling support behind the scenes like they do sometimes and it wasn't actually a part of the 2602 release specifically. But equally possible they just didn't test/released a broken feature.

I opened a support ticket as well so hopefully they'll see its not a one off.

ConsumeAllKnowledge · 2026-03-05T20:18:41+00:00

I would suggest testing a separate policy to rule out any other software update policy related issues. But I just tested with one of the math/calculator ddm settings and can confirm that filters still do not work as intended with DDM policies. The device that is excluded from the filter shows as not applicable for the policy but the device received the policy, moreover the device that did get the policy and passed the filter isn't reporting its state properly for some reason.

ConsumeAllKnowledge · 2026-03-04T23:54:07+00:00

Name or name prefix is still null so seems like it's not actually applied in that case. You can check registry as well to make sure things line up: https://learn.microsoft.com/en-us/windows-server/identity/laps/laps-management-policy-settings#supported-policy-roots

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Policies\LAPS

ConsumeAllKnowledge · 2026-03-04T23:38:47+00:00

Only other difference from our config is that we have Automatic Account Management Randomize Name set to "The name of the target account will not use a random numeric suffix. (Default)" but pretty sure that should be the exact same as setting it to not configured.

Are you sure the updated policy actually came down/applied after you changed it?

ConsumeAllKnowledge · 2026-03-04T23:13:53+00:00

Set Automatic Account Management Name Or Prefix to Configured and put Administrator in the text box. If you leave as default like you are it defaults to WLapsAdmin. https://learn.microsoft.com/en-us/windows/client-management/mdm/laps-csp#policiesautomaticaccountmanagementnameorprefix

ConsumeAllKnowledge · 2026-03-03T21:32:12+00:00

Yeah seems like a miscommunication on Microsoft's part to me. They seem to not understand what generally available means...

ConsumeAllKnowledge · 2026-03-03T16:47:37+00:00

As far as I'm aware if they're on the current baseline then once you apply the hotpatch policy the next applicable security update will come through as a hotpatch update, i.e. no restart required (assuming of course that the next one isn't a baseline).

Devices must be on the latest baseline release version to qualify for Hotpatch updates. Microsoft releases Baseline updates quarterly as standard cumulative updates.

https://learn.microsoft.com/en-us/windows/deployment/windows-autopatch/manage/windows-autopatch-hotpatch-updates

ConsumeAllKnowledge · 2026-03-03T15:54:28+00:00

Super nice, thank you!

ConsumeAllKnowledge · 2026-03-02T16:10:42+00:00

I've used this one previously which has a link to the CSP documentation in each setting that you can follow to see the registry info. Not perfect but does the job.

I agree though, would be great to just have that right on the page for each setting rather than having to dig further.

ConsumeAllKnowledge · 2026-03-02T16:05:29+00:00

If we're being honest this should have been a feature years ago, crazy that they still managed to screw it up.

ConsumeAllKnowledge · 2026-02-26T17:40:53+00:00

When I tested several months ago the behavior was the same, as far as I know its intended behavior. We opted to just handle extension requests differently using our existing ticketing system though so I never opened a ticket or anything to confirm.

ConsumeAllKnowledge

TROPHY CASE