White Papers
Table Of Contents
- Dell Trusted Device Installation and Administrator Guide v3.2
- Contents
- Introduction
- Requirements
- Download the Software
- Verify the Installation Package
- Installation
- Uninstall Trusted Device
- BIOS Verification
- Image Capture
- BIOS Events & Indicators of Attack
- Security Risk Protection Score
- Integration
- Run the BIOS Verification Agent
- Results, Troubleshooting, and Remediation
Parameters Meaning
-noncestring <nonce> The <nonce> parameter is a base64 encoded nonce. The string is base64
decoded, and the result becomes the nonce. If the decoded nonce is larger than
1024 bytes, an ArgumentException error is thrown.
1. Open Command Prompt with administrative privileges.
2. Go to the directory containing the utility.
3. Type Dell.TrustedDevice.Service.Console.exe then press Enter.
4. A browser launches automatically and displays BIOS results.
NOTE: To suppress the browser result and display results in the Command-Line window, use the -headless flag. For
example, Dell.TrustedDevice.Service.Console.exe -headless
If the utility is unable to determine BIOS state, an error code displays. Error code definitions are listed in
Results,
Troubleshooting, and Remediation.
NOTE: BIOS results are written to the following registry location each time the utility is run:
[HKLM\Software\Dell\BIOS Verification] .
NOTE: The %ERRORLEVEL% environment variable is updated and can be queried for results to automate silently
gathering BIOS status centrally.
Commonly Used Scenarios
Running the BIOS Verification agent in repeated intervals ensures that devices remain in a protected state. Third-party utilities
are commonly used to run and report back on a schedule. It is recommended targeting specific collections of devices to avoid a
high volume of noise from unsupported platforms.
It is recommended that you run the BIOS Verification feature with its headless property as SYSTEM on devices to avoid
interrupting users while ensuring the proper return codes.
● The following example runs the TrustedDevice agent in headless mode with logs and results that are written to the default
location of C:\ProgramData\Dell\TrustedDevice\:
C:\Program Files\Dell\TrustedDevice\Dell.TrustedDevice.Service.Console.exe -headless
After running the utility, query %ERRORLEVEL% to return the status of the device in question. The %ERRORLEVEL% return
value can be compared against the list of error code definitions in Results, Troubleshooting, and Remediation.
Scheduling is used to automate the collection of BIOS results. Microsoft's Endpoint Configuration Manager
custom task sequence can collect status reports for scheduled tasks. For more information about managing
the schedule of the task sequence, see https://docs.microsoft.com/en-us/previous-versions/system-center/packs/
hh967525(v=technet.10)#BKMK_Mandatory_Assignment.
To limit return results to computers supported by Trusted Device, it is recommended using a collection that is created
with Microsoft's Endpoint Configuration Manager. For information about the options to target specific devices, see https://
docs.microsoft.com/en-us/mem/configmgr/core/clients/manage/collections/create-collections.
Third-party utilities use similar retrieval mechanisms. For information about PDQ Deploy's options for creating collections, see
https://support.pdq.com/knowledge-base/1752-viewing-and-creating-collections-in-pdq-inventory.
28
Run the BIOS Verification Agent