[SOLVED] Update Intel BIOS remotely?

[cinnamoncrown]

I've got an older Intel NUC (2820FYK) that I need to perform a BIOS update on, but pandemic times have made physical access problematic. Normally I would just do the update using F7 at boot, or from within the BIOS config GUI.

It looks like the IFLASH2.EXE utility on the Intel site could be helpful, but I see it doesn't run in Windows. I believe it is intended to update the BIOS from a bootable USB stick. I have MDT at my disposal if WinPE might help, and SCCM may also potentially be an option but that may take more digging.

Any scripts, guides, or tips on deploying these BIOS updates remotely using the IFLASH2 or another method?

I should mention that there is an Admin BIOS password set, but I do have it. I also have a couple more of this model NUC I can experiment on before crossing my fingers and shooting the update to the remote system.

Edit: I have full access to Windows via RDP with local admin account.

 

[kanewolf]

I've got an older Intel NUC (2820FYK) that I need to perform a BIOS update on, but pandemic times have made physical access problematic. Normally I would just do the update using F7 at boot, or from within the BIOS config GUI.

It looks like the IFLASH2.EXE utility on the Intel site could be helpful, but I see it doesn't run in Windows. I believe it is intended to update the BIOS from a bootable USB stick. I have MDT at my disposal if WinPE might help, and SCCM may also potentially be an option but that may take more digging.

Any scripts, guides, or tips on deploying these BIOS updates remotely using the IFLASH2 or another method?

I should mention that there is an Admin BIOS password set, but I do have it. I also have a couple more of this model NUC I can experiment on before crossing my fingers and shooting the update to the remote system.

Edit: I have full access to Windows via RDP with local admin account.

Have the NUC put in a box and shipped to you. Update it and ship it back. There can't be anything that critical about a BIOS update for a system that is "in the field".

 

[cinnamoncrown]

Have the NUC put in a box and shipped to you. Update it and ship it back. There can't be anything that critical about a BIOS update for a system that is "in the field".

Thanks for the response. Physical access to the device is not currently a reasonable option, for me or anyone else due to strict (albeit temporary) pandemic measures -- the device is in an airport.

It is holding up a project that involves a reimage and OS upgrade at multiple locations, and I am trying to take advantage of 'down time' while closures are being enforced. Imaging has been reliable but the new OS is having issues coming up on systems that still have a BIOS version from 2014.

One further detail -- although accessing that particular device is especially problematic, finding a way to update this BIOS remotely will be a huge time saver for other locations as well.

 

[kanewolf]

Thanks for the response. Physical access to the device is not currently a reasonable option, for me or anyone else due to strict (albeit temporary) pandemic measures -- the device is in an airport.

It is holding up a project that involves a reimage and OS upgrade at multiple locations, and I am trying to take advantage of 'down time' while closures are being enforced. Imaging has been reliable but the new OS is having issues coming up on systems that still have a BIOS version from 2014.

One further detail -- although accessing that particular device is especially problematic, finding a way to update this BIOS remotely will be a huge time saver for other locations as well.

If this is a mission critical system, then have a spare swapped in. This BIOS problem should be treated like any other hardware failure. Swap in a spare and have the failed unit sent back to you.
If the box died completely, what would happen? Treat this the same.

 

[cinnamoncrown]

If this is a mission critical system, then have a spare swapped in. This BIOS problem should be treated like any other hardware failure. Swap in a spare and have the failed unit sent back to you.
If the box died completely, what would happen? Treat this the same.

Again, I can't have a spare swapped in. While not literally impossible, I can't justify the red tape around airport entry at this time.

If the box died completely it would not be the end of the world, but would put this project on hold for the foreseeable future. I'd much rather move it along at a steady pace while time is abundant than have to wait until reopening and then pull resources to get it done in a scramble, just to give it 30 seconds of touch.

My question is about kicking off a BIOS update remotely from within Windows, or potentially using other deployment tools.

 

[QwerkyPengwen]

If you can't get access to the physical site, then try your best to get ahold of somebody who works at the airport that can get access, and just guide them through the update over the phone.

Updating a BIOS isn't technical in any way so it shouldn't be an issue to remote manage a person to do it for you.

I cannot recommend anything other than that or what was mentioned above.

If you have remote access to controlling the desktop of said machine, and said machine has an available BIOS installer that can be run from within Windows, and you also have said machine set up in a way where you can gain access again remotely after it reboots, without first needing it to be logged into on site, then theoretically....

and I say THEORETICALLY you can just update the BIOS that way remotely like you would do on a personal machine.

But I am NOT recommending that as an option because I have NEVER done it and I would NOT recommend you experiment with that using said machines.

It would be different if you experimented such a method on personal machines in a simulated environment.

And lastly, I would not recommend it because of the update method.
Updating a BIOS using an executable inside of Windows is not 100% guaranteed to work right.
Heck, even updating via a flash drive, or using LAN download and install function built into some more modern BIOS is not 100% guaranteed, but the executable within Windows option is faulty and can easily have issues that hurt things so I personally would never use an executable to update BIOS, especially remotely.

The only reason I bring it up in the first place is to warn you of doing such a thing, and because it seems like you were hinting at the idea in an above post.

Try doing such a thing at your own risk.......... and when I say risk, I mean a BIG one.

 

[cinnamoncrown]

Try doing such a thing at your own risk.......... and when I say risk, I mean a BIG one.

Thanks, I have tried to keep the details relevant to the question so as to avoid walls of text, but in terms of risk, there is mostly just potential for reward. I have more spares at my disposal than we will ever need (this was once our primary desktop but many have been replaced with higher power machines in the last couple of years, so backstock is ample, much of which is likely bound for recycling/donation within a year or so)

The risk is that if it doesn't work then I have to wait until the pandemic grip is loosened who-knows-when to bring in a new one, which is where I am anyway, unless I can manage to update the BIOS and happily continue on. In other words I can afford to be somewhat cavalier with these machines, not that I would want to proceed with something unless it at least "should" work.

If there were a simple Windows updater, I would certainly give it a go. Unfortunately the only BIOS flash exe from Intel I've found is a 16 bit DOS program and I'm not aware of a way to run it within Windows.

I've theorized that maybe WinPE could launch an environment in which to execute the command via script. I hope to hear from someone who might have done something similar, that could perhaps offer some wisdom that would help me build a task sequence in MDT. I am still open to alternative suggestions though, even if they don't turn out to be applicable to my situation.

 

[cinnamoncrown]

If you can't get access to the physical site, then try your best to get ahold of somebody who works at the airport that can get access, and just guide them through the update over the phone.

Updating a BIOS isn't technical in any way so it shouldn't be an issue to remote manage a person to do it for you.

This was actually my first idea, but the problem there is the BIOS admin password. I'd have to give it to them which I am, naturally, not permitted to do.

I would also be very interested in a way to clear this password remotely as an alternative. Not as good as being able to actually perform the update myself, but would probably get me around this roadblock.

 

[QwerkyPengwen]

There are only two ways to clear a BIOS password lock.
First way is to log into the BIOS and then disable it from the settings.

Other way is simple, it's something anybody can do and is done for other reasons, however, since the answer would pertain to "how to remove BIOS level passwords/bypass BIOS password" in this specific case, I am not allowed to actually say the words due to the rules of this forum.

It's illogical I know, but if you are an IT, you'll know what it is.