Resolving BIOS/Driver Policy Compliance Errors After Device Reassignment

Ny
  • Uppdaterad på Mar 30, 2026
  • Publicerad Mar 30, 2026
  • 3 minut(er) lästa
  • s
 Prev Next
This content is currently unavailable in Swedish. You are viewing the default (English) version.

Introduction

When devices are reassigned in the HP Workforce Experience Platform (WXP), such as moving between tenants, device groups, or management platforms (for example, from HP Connect to WXP), they may show an “Error” status on the BIOS or Driver policy execution page.

These errors indicates compliance issues — the devices may not have applied the required policies correctly and may not be receiving important BIOS or driver updates. These errors can lead to operational, security, and audit risks.

How Authentication Policies Work (High-Level)

WXP uses authentication mechanisms to securely apply and manage BIOS and driver updates on managed devices. When a policy with an authentication requirement is assigned, the device is configured with policy-specific credentials and tokens, establishing a trusted connection for policy execution. This authentication is inherently tied to the device’s current context—such as its tenant, device group, or management platform.

Whenever a device is moved to a new context (for example, to a different tenant, reassigned to a group with different policies, or migrated from HP Connect to WXP), any previous authentication settings become obsolete or may conflict with new assignments. If remnants of the prior authentication configuration remain, the device may not be able to validate, receive, or execute the intended BIOS/Driver policies in its new environment. This leads to genuine compliance failures, not just display anomalies.

Affected Scenarios

Compliance errors from legacy authentication policy remnants can occur in the following scenarios:

  • Moving devices between tenants in HP WXP

  • Reassigning devices between device groups with different authentication policies

  • Migrating devices from HP Connect to WXP

  • Other cases where a device’s management or policy context changes, and a new authentication configuration is expected

Steps to Resolve

To ensure devices are properly compliant after any reassignment, IT administrators must follow this process:

  1. Unassign All BIOS/Driver Policies:  Before moving or reassigning a device (to a new tenant, device group, or management platform), unassign all relevant BIOS and Driver update policies from the device in its current context using the WXP admin interface.

  2. System Generates a Cleanup Script: Upon unassignment, WXP automatically generates and schedules a cleanup script for the device. This script removes all previous authentication configurations, including tokens and policy settings, associated with the previous assignment.

  3. Wait for Cleanup Script Completion: It is critical to wait for the cleanup script to run and complete successfully on the device. This process must finish at least once before proceeding to reassign or re-enroll the device elsewhere. Skipping or rushing this step can leave remnants that block new policies.

  4. Note: The current UI does not clearly indicate whether the cleanup script is still running. The UI may show that no active policies are assigned, but this does not mean cleanup is complete — the cleanup script can continue to run in the background. Admins should not assume that the absence of active policies means the cleanup has finished; always verify script completion through the device logs or other confirmed indicators before proceeding.

  5. Verify Cleanup: Confirm in the WXP UI or via device logs that the cleanup process has completed without errors. Only proceed if cleanup is fully verified.

  6. Reassign and Apply New Policies:  Once cleanup is confirmed, reassign the device to its new context (tenant, group, or platform) and apply the required BIOS/Driver update policies.

    Warning: Do Not Skip Cleanup

    Failure to properly unassign and clean up policies prior to reassignment will cause persistent compliance errors and could result in devices failing to receive necessary BIOS or driver updates—posing security and operational risks.

    Important:

    Because the UI may show no active policies assigned while the cleanup script is still running, administrators might be tempted to delete the device group(s). Do not delete device groups while cleanup is in progress. Removing groups can interrupt the cleanup process and lead to unintended behavior. Wait for and confirm cleanup completion before making changes to device groups or other management objects.

Additional Notes

  • WXP is actively working on a UI improvement to make the cleanup script status more visible in the interface. This will help administrators clearly understand when it is safe to proceed. Until this improvement is available, rely on device logs and verification steps instead of the absence of assigned policies in the UI.

  • Applies to BIOS and Driver Policies: This issue and the resolution steps apply to both BIOS update policies and driver update policies.

  • Best Practice Reminder: Always ensure that the cleanup step is completed before enrolling the device in another system and reapplying policies. This is important to maintain compliance accuracy and reduce security risk.

Contact Us

For any assistance, create a support case or email support@wxp.hp.com.