Skip to main content
Sign Out

Welcome to Dell

My Account
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Enjoy members-only rewards and discounts
  • Create and access a list of your products
  • Manage your Dell EMC sites, products, and product-level contacts using Company Administration.
Sign In Create an Account Dell Financial Services Premier Sign In Partner Program Sign In
Contact Us

Your Dell.com Carts

Dell Trusted Device Installation and Administrator Guide v5.5

PDF

Run the BIOS Verification agent

Use one of the following methods to run the agent:

  • Interactively
  • Command Line
    NOTE: If you attempt to run the BIOS Verification agent on an unsupported platform, Platform Not Supported displays.
    NOTE: Trusted Device determines Dell platform support at runtime.
    NOTE: If Trusted Device is installed with shortcuts, go to Start > Dell and click Dell Trusted Device Agent to run the agent.
    NOTE: If Trusted Device is installed without shortcuts, go to C:\Program Files\Dell\BiosVerification and double-click Dell.TrustedDevice.Service.Console.exe to run the agent.

Run the BIOS Verification agent using scheduling

To schedule BIOS Verification agent to run at set intervals or to trigger execution by events, see Microsoft Task Scheduler documentation here.

Run the BIOS Verification Agent Interactively

  1. Double-click Dell Trusted Device Agent.
  2. If User Account Control is enabled, click Yes to proceed. User account control
  3. A browser launches automatically and displays BIOS results. BIOS Verification results
    NOTE: If the utility is unable to determine BIOS state, browser-based results do not display. See Results, Troubleshooting, and Remediation for error codes.

Run the BIOS Verification Agent with Command Line

The following table details optional command-line arguments.

Table 1. Parameters
Parameters Meaning
-imagecapture Copies the captured BIOS image to the default or specified location
-export <FolderLocation> Exports the most recent image to a specified location
-exportall -export <FolderLocation> Exports all images to a specified location.
-headless Suppresses browser result and display results in the Command-Line window
-noncefile <filename> Load the file as a binary file and the contents become the nonce. If the file is larger than 1024 bytes, an ArgumentException error is thrown.
-noncestring <nonce> The <nonce> parameter is a base64 encoded nonce. The string is base64 decoded, and the result becomes the nonce. If the decoded nonce is larger than 1024 bytes, an ArgumentException error is thrown.
  1. Open Command Prompt with administrative privileges.
  2. Go to the directory containing the utility.
  3. Enter Dell.TrustedDevice.Service.Console.exe then press Enter.
  4. A browser launches automatically and displays BIOS results.
    NOTE: To suppress the browser result and display results in the Command-Line window, use the -headless flag. For example, Dell.TrustedDevice.Service.Console.exe -headless
    If the utility is unable to determine BIOS state, an error code displays. Error code definitions are listed in Results, Troubleshooting, and Remediation.
    NOTE: BIOS results are written to the following registry location each time the utility is run: [HKLM\Software\Dell\BIOS Verification] .
    NOTE: The %ERRORLEVEL% environment variable is updated and can be queried for results to automate silently gathering BIOS status centrally.

Commonly Used Scenarios

Running the BIOS Verification agent in repeated intervals ensures that devices remain in a protected state. Third-party utilities are commonly used to run and report back on a schedule. It is recommended targeting specific collections of devices to avoid a high volume of noise from unsupported platforms.

It is recommended that you run the BIOS Verification feature with its headless property as SYSTEM on devices to avoid interrupting users while ensuring the proper return codes.

  • The following example runs the TrustedDevice agent in headless mode with logs and results that are written to the default location of C:\ProgramData\Dell\TrustedDevice\: 
    C:\Program Files\Dell\TrustedDevice\Dell.TrustedDevice.Service.Console.exe -headless

After running the utility, query %ERRORLEVEL% to return the status of the device in question. The %ERRORLEVEL% return value can be compared against the list of error code definitions in Results, Troubleshooting, and Remediation.

Scheduling is used to automate the collection of BIOS results. Microsoft's Endpoint Configuration Manager custom task sequence can collect status reports for scheduled tasks. For more information about managing the schedule of the task sequence, see https://docs.microsoft.com/en-us/previous-versions/system-center/packs/hh967525(v=technet.10)#BKMK_Mandatory_Assignment.

To limit return results to computers supported by Trusted Device, it is recommended to use a collection that is created with Microsoft Intune. For information about the options to target specific devices, see https://docs.microsoft.com/en-us/mem/configmgr/core/clients/manage/collections/create-collections.

Third-party utilities use similar retrieval mechanisms. For information about PDQ Deploy's options for creating collections, see https://support.pdq.com/knowledge-base/1752-viewing-and-creating-collections-in-pdq-inventory.

Rate this content

Accurate
Useful
Easy to understand
Was this article helpful?
0/3000 characters
  Please provide ratings (1-5 stars).
  Please provide ratings (1-5 stars).
  Please provide ratings (1-5 stars).
  Please select whether the article was helpful or not.
  Comments cannot contain these special characters: <>()\