Key Points
- Dell firmware updates are fundamentally different from standard OS patches, and cannot be detected or managed by Windows Update or most third-party patch management tools.
- You can deploy scripts through NinjaOne tools to automate firmware auditing and remediation across entire device fleets.
- Using NinjaOne’s custom fields, scheduled automations, and device groups, IT teams can achieve fleet-wide Dell firmware visibility.
- Firmware vulnerabilities represent a critical attack surface. A compromised BIOS can survive a full OS reinstall, and outdated NIC firmware exposes network-level risks.
- Dell firmware management with NinjaOne supports granular update control. Administrators can choose to install all available updates, critical updates only, or a specific named update.
- Firmware update management is time-sensitive in 2026. The upcoming Secure Boot certificate expiration in June 2026 makes fleet-wide firmware visibility a strategic priority, not just a routine maintenance task.
Keeping endpoints up to date is one of the most fundamental responsibilities of any IT team. ‘Most admins are comfortable managing Windows Updates or third-party software patches — but Dell devices add a layer of complexity that standard patch management tools simply weren’t built to handle: firmware.
This post walks through how to use NinjaOne alongside (DCU) to get full visibility into status across your Dell workstations — and automate remediation.
Note: Dell Command Update is designed for client/endpoint systems — desktops, laptops, and workstations running Windows. It updates drivers, BIOS, firmware, and Dell applications on those machines. For Dell servers, the main options are Dell EMC Repository Manager, Dell System Update, updating via iDRAC, and OpenManage Enterprise. The closest equivalent is Dell System Update, which, like Dell Command Update, is managed via PowerShell.
Why Dell Firmware updates are different from regular patches
Operating system and software updates follow a well-worn path: a patch is distributed, a management tool detects it, and it gets installed. Firmware is a different beast entirely.
Firmware lives below the OS.
Firmware controls the low-level behavior of hardware components — BIOS/UEFI, network adapters, storage controllers, docks, and more. Unlike a Windows patch, a firmware update modifies the instructions baked into the hardware itself. This means:
- Standard Windows Update and most third-party patch management tools cannot see or manage firmware updates.
- Firmware updates often require a reboot to apply — and sometimes a full power cycle, not just a restart.
- Failed or interrupted firmware updates can leave a device in an unbootable state.
- Updates are vendor-specific — a Dell BIOS update can only come from Dell’s own tooling, not a generic patch feed.
Dell’s answer: Dell Command Update.
DCU is Dell’s tool for discovering, downloading, and applying firmware and driver updates on Dell commercial hardware. By scripting DCU’s actions through , you can surface firmware update status across all your Dell devices, track it in custom fields, and automate installation on a regular, recurring schedule.
Before you begin configuring Dell firmware update settings with NinjaOne tools
This guide assumes you have:
- NinjaOne with access to the Template Library, custom fields, device groups, and scheduled tasks
- Dell commercial workstations (Latitude, OptiPlex, Precision, etc.) as managed devices with the
Dell Command Update does not need to be pre-installed — the script from the Template Library can handle installation automatically if it’s missing.
Step-by-step: Setting up managed Dell firmware updates
Step 1: Create the Custom Fields
Navigate to Administration → Devices → Custom Fields and create the following two fields:
- dellUpdates — A WYSIWYG field. Set it to Read/Write from automations and Read Only for technicians. Under Advanced, check “Always expand.” This field will display a formatted summary of available updates.
- dellUpdatesList — A multiline text field with the same automation permissions. This field stores raw update data that device groups and conditions can query against.
Step 2: Add the Fields to the Device Role Tab
Go to Roles, hover over Windows Systems, and click the ellipsis → Edit. In the top-right, click Manage Tabs and add a new tab named “Dell Updates.” Close the modal, switch to your new tab, and add both custom fields to it. This gives technicians a dedicated view of firmware status on any Dell device.
Step 3: Import the script from the Template Library
Navigate to Administration → Library → Automation and open the Template Library tab. Search for “Dell Command Update” and import the “Manage Dell Command Update” template.
Once imported, edit the script’s default variables to match the custom field names you created: set the output fields to dellUpdates and dellUpdatesList.
Step 4: Run an initial audit
Execute the script on a live Dell device with the option to install Dell Command Update if it’s missing enabled. For the first run, use audit mode by not selecting an option to install updates — this reports what updates are available without installing anything. The results will populate the dellUpdates and dellUpdatesList custom fields, giving you immediate visibility into the device’s firmware and driver state.
Once you can see what’s pending, you have several options for installation:
- Install all available updates
- Install only critical updates
- Install a specific named update
Step 5: Schedule weekly audits
Add the script as a scheduled automation in your workstation policy, set to run weekly. This keeps the custom fields current, so your firmware visibility doesn’t go stale between manual runs.
Step 6: Automate installation with Device Groups and Tasks
Now that you have live, queryable data in your custom fields, you can automate remediation. Navigate to Devices and create a new device group with the following condition:
- Device is a Windows workstation
- dellUpdatesList contains “not installed”
Save this group as “Dell Workstations with Firmware Update.” Then go to Administration → Tasks and create a new task targeting this group. Name the task, assign the script, and schedule it for a time that won’t disrupt end users.
Why this matters: Firmware risk is real
Firmware vulnerabilities are increasingly targeted by attackers precisely because they sit below the operating system — below antivirus, below EDR, below your standard monitoring stack. A compromised BIOS can survive an OS reinstall. Outdated NIC firmware can expose network-level attack surfaces. Driver issues cause stability problems that are notoriously hard to diagnose. Firmware updates are a component of addressing the upcoming Secure Boot certificate expiration in June 2026, and having this visibility into the entire fleet allows for strategic decisions to be made.
At the same time, firmware updates have historically been difficult to manage at scale because they require vendor-specific tooling and can’t be lumped in with OS patches. The approach described here closes that gap: by surfacing Dell firmware status in NinjaOne’s custom fields, you gain the same fleet-wide visibility and automation capabilities for firmware that you already have for software.
