This message was posted on behalf of Intel Corporation
Thank you for bringing this matter to the Community.
I would like to have a better look at this matter, so could you please provide a detailed description of what you are trying to achieve? Please, also let us know your computer model, processor model and operating system.
OK a detailed description:
ok I have been assigned the role to ID and then resolve the INTEL_SA-0075 issue across the corp domain which has about 4000 workstations and laptops.
this mainly comprise of HP branded hardware. have we have mix range of workstations from Z400, 6300, 600 ranges of workstations
we have done the first stage and we have discovered that most if not all of the workstations and laptops are vulnerable to the Intel SA 00075. so now we are working on a way to deploy the Softpak
the solution we are looking at is to deploy the softpak via a Bat file via SCCM to all of the devices, so we are looking at the If Statement that
if the workstation meets the right conditions for the If statement then it will update the softpak
I am also looking at deploying a firmware update for the model of hardware
then do some BIOS settings ( change the BIOS password, etc)
then write a reference to a file to confirm the update.
so at the moment I am not able to workout the ME Reference for Intel
I'm hoping this is the same Chris that opened up a ticket where we assisted you with using console.exe to be able to collect the information on your vulnerable systems. This is a very high level summary of the case, it was much more complex but just making sure this is you.
Regarding this thread, the filter you have created should already identify the vulnerable systems. Next step is to create a task sequence with a WMI query to filter each individual model, like this:
You can get all the different models here:
Let me know if you need more information but I believe this should help.
thanks for the post,
the fun thing is that when you posted this I also worked out how to do this, but I did it via a collection and within this collection I added the WMI query, and then deployed a single Task Sequence for that model, but I like your way, as I was not looking for having a lot of task sequences.
I do have one question, I have deployed the SoftPak to a workstation with the TS, and I have check that the SoftPak has been deployed via the smssts.log
then when I check SCCM, I see that it hasn't sync INTEL information, I also have tried re-deploying the Intel-Console.exe discover Task Sequence and also doing a manual sync via the Config manager client but
I am just not able to get it to update the SCCM database.
what am I doing wrong