The property 'Arguments' cannot be found on this object. Verify that the property exists and can be set.

[jgallas]

PS C:\WINDOWS\system32> $updates = Get-LSUpdate
The property 'Arguments' cannot be found on this object. Verify that the property exists and can be set.
At C:\Program Files\WindowsPowerShell\Modules\LSUClient\1.1.1\private\Invoke-PackageCommand.ps1:16 char:5

• $ExeAndArgs.Arguments = Assert-CmdAmpersandEscaped -String $ExeAn ...

• 
  + CategoryInfo          : InvalidOperation: (:) [], RuntimeException
  + FullyQualifiedErrorId : PropertyNotFound

I get this message on a T495s when running just to check what updates are available.

[jantari]

This must've been because an expected executable file wasn't found, which is now handled more gracefully, but I'm not sure what caused it in the first place. If the download failed you would've gotten an error about that first.

If you run the develop branch (work in progress v1.1.2) of the module on your T495s, does it also give any more errors or warnings?

[jgallas]

This must've been because an expected executable file wasn't found, which is now handled more gracefully, but I'm not sure what caused it in the first place. If the download failed you would've gotten an error about that first.

If you run the develop branch (work in progress v1.1.2) of the module on your T495s, does it also give any more errors or warnings?

Thank you. I had this issue on my own PC but ran the script on a T480s as part of an MDT task sequence and it worked beautifully and installed every available driver (I checked System Update and no drivers were available) which was fantastic! However the BIOS did not update. I'm not sure if there is a workaround for this but I am very excited about this solution and thank you for creating it!

This is the command I used on the T480s:

$updates = Get-LSUpdate | Where-Object { $_.Installer.Unattended } $updates | Save-LSUpdate -ShowProgress $updates | Install-LSUpdate -Verbose -SaveBIOSUpdateInfoToRegistry

[jantari]

The BIOS will only update if you reboot after the update installed.

I've noticed if you shutdown even once in between installing the update and doing a reboot it will never happen. Then again if System Update didn't show any updates remaining, maybe it did actually install?

If you have the chance to run the develop branch version of the module on a T495s again to see if any warnings or errors are still happening during Get-LSUpdate I'd very much appreciate it as I don't have access to a T495s yet myself to really test if your issue was actually fixed for good.

[jgallas]

The BIOS will only update if you reboot after the update installed.

I've noticed if you shutdown even once in between installing the update and doing a reboot it will never happen. Then again if System Update didn't show any updates remaining, maybe it did actually install?

If you have the chance to run the develop branch version of the module on a T495s again to see if any warnings or errors are still happening during Get-LSUpdate I'd very much appreciate it as I don't have access to a T495s yet myself to really test if your issue was actually fixed for good.

During the MDT deployment it updated everything except for the BIOS update according to System Update. I was trying to avoid a reboot during the task sequence as I was afraid of breaking MDT although I suppose I could include the update at the very end of the task sequence. If I didn't include the Where-Object { $_.Installer.Unattended } would it have installed the BIOS update and rebooted? I'm just trying to determine if including that prevented it from installing the BIOS update.

On Monday I will attempt the update again using the develop branch and see what happens. The only laptop in the company that is a T495 is mine that we got from Lenovo for free to evaluate as a possible replacement for Intel based ThinkPads so that really isn't a huge concern for me but in the interest of science I will investigate. Any handy instructions on how to install the developer branch?

[jantari]

I don't know your exact MDT task sequence, this is how I've set up ours at work:

1. Windows Install, BitLocker, a few custom scripts for different things etc.
2. Then, towards the end of the task sequence, it calls out to PDQ Deploy, the software deployment solution we use, and self-delpoys a package onto itself from there. This package includes lots of software and also runs LSUClient, but does not perform any reboots
3. After the PDQ Deploy package finished, MDT continues, does the final step (which is just to send a Slack message to the team that the deployment finished)
4. Then at the very end in the CustomSettings.ini file of the task sequence I've put FinishAction=REBOOT

You can put reboot-steps into the task sequence at any point, but the reason I don't until the very end is because we obviously use LAPS to secure the local administrator account and after a reboot LAPS will kick in and change the admin password which breaks/halts the MDT deployment. If you exclude your "new-computers" OU from LAPS or don't install LAPS until after the reboot etc. you can solve this differently, but this is how I've done it for now.

If you don't include Where-Object { $_.Installer.Unattended } the BIOS update would've installed like normal but some other updates (like Intel Management Engine, if available) would pop up a window asking for you to press Next, Next, Ok, Install. Non-unattended updates require someone to sit at the computer and click through the installer, that's why they're a bad idea for MDT.

For running the develop-branch, you can download it as a ZIP from GitHub here and after extracting it, go into the directory, open powershell as admin and run Import-Module .\LSUClient.psd1. Then just run Get-LSUpdate the same way you did last time.

[jgallas]

I don't know your exact MDT task sequence, this is how I've set up ours at work:

1. Windows Install, BitLocker, a few custom scripts for different things etc.
2. Then, towards the end of the task sequence, it calls out to PDQ Deploy, the software deployment solution we use, and self-delpoys a package onto itself from there. This package includes lots of software and also runs LSUClient, but does not perform any reboots
3. After the PDQ Deploy package finished, MDT continues, does the final step (which is just to send a Slack message to the team that the deployment finished)
4. Then at the very end in the CustomSettings.ini file of the task sequence I've put FinishAction=REBOOT

You can put reboot-steps into the task sequence at any point, but the reason I don't until the very end is because we obviously use LAPS to secure the local administrator account and after a reboot LAPS will kick in and change the admin password which breaks/halts the MDT deployment. If you exclude your "new-computers" OU from LAPS or don't install LAPS until after the reboot etc. you can solve this differently, but this is how I've done it for now.

If you don't include Where-Object { $_.Installer.Unattended } the BIOS update would've installed like normal but some other updates (like Intel Management Engine, if available) would pop up a window asking for you to press Next, Next, Ok, Install. Non-unattended updates require someone to sit at the computer and click through the installer, that's why they're a bad idea for MDT.

For running the develop-branch, you can download it as a ZIP from GitHub here and after extracting it, go into the directory, open powershell as admin and run Import-Module .\LSUClient.psd1. Then just run Get-LSUpdate the same way you did last time.

I need to hear more about sending a slack message to the team when an imaging job is completed!

I think for our purposes using the unattend for an imaging job works better as we don't have to have anyone sitting and waiting. Then maybe a follow up BigFix (our deployment solution) action to get the rest like BIOS and other firmware updates if necessary/desired.

By the way thank you for your engagement and answering all my questions. This is just the kind of solution I was looking for. I saw your original article in Reddit and in there you mentioned that your solution applied updates even if they weren't necessary. Obviously things have changed since then and now it actually looks for what it needs which is great. Because I read your Reddit article I went down the path of using TVUR and System Update but ran into issues with it not applying some updates. I'm so glad I checked your Github and read the release notes instead of relying on the old info in Reddit. I'm wondering if you can update that post so that others know that it's a much more improved tool now.

[jgallas]

I think that the BIOS update issue was just that the script simply didn't see that the system was relevant for a BIOS update. I saw this on the T480s as well however the T470s detected and installed the BIOS update with the unattend setting enabled.

As far as the error message goes I think that it was due to me running it without "run as administrator" the first time. After that it ran fine so I don't think that is a real issue. Does the script create a log file anywhere I can check to see what happened (or didn't happen) with the BIOS updates?

[jantari]

Some BIOS Updates not being found by version 1.1.1 is tracked in issues #12 and #14.

This should however also be fixed in develop already.

You can add -DebugLogFile "c:\path\to\file.txt" -Verbose to Get-LSUpdate to get more details about the package finding process

[jantari]

Whatever caused this, this scenario is now handled much better in version 1.1.2 which is available now 🎉