The firmware update from HP was packaged by HP and if they have built in a deployment method for the firmware, you would have to go with what HP has suggested.
This being said, I'd like to know if you utilize a central management tool/utility, like SCCM, Alteris, Bigfix, Landesk for software deployment for your environment. As an example, if you were using SCCM, you could identify all of your AMT systems and deploy the firmware fix. Whether this can be performed without user intervention is dependent upon the way that HP has packaged their release of the firmware update. They would know if there is a silent option and be able to provide those details to you. When the update is applied, the system will restart, however.
Thanks, Michael for the response to my post. I've not been able to get a clear answer from HP on whether a reboot is necessary or not deploying the firmware. I thought there was an outside chance that since HP is utilizing what I thought was an Intel utility (FWUpdLcl.exe) they might shed some light on best practices for deploying AMT Firmware.
I am using SCCM and have identified all our vulnerable HP models and my next step is to deploy the firmware.
I can at least confirm that the firmware update will require a restart of the system, most of the ones I've dealt with from the OEM's pretty much do this automatically without the need for user intervention but does caution that system will restart once firmware has been applied.
We do supply the OEM's, ie., HP, Lenovo, Dell, etc...with the bits for them to package the firmware for their products, so ultimately the OEM is the only one that can inform you of "options" that they may have baked into their firmware updates.
Sounds like you have the right approach of deployment method and only hiccup is a "silent/no intervention" install of the firmware, which is what would have to be supplied by HP.
Most of our large customers using SCCM are creating a task sequence that pushes the firmware out and restarts the system. Possibly a way around interrupting the end user would be to schedule the task after hours with SCCM to apply the firmware update.
Hope this helps,
Thanks for the information. I have been putting together a Task Sequence that will install the software and then reboot the system afterwards. As you mentioned, that does sound like the best strategy.
Appreciate the help!