Skip to content

Welcome to the ThinkDeploy Blog rss

Introducing: SU Helper Utility

SUHelper

The SU Helper Utility provides a command-line interface for triggering the System Update process of Commercial Vantage. This seperate utility is not included with Commercial Vantage and must also be deployed to clients where it is needed. Let's see some of the things we can do with this utility.

Changing the BIOS Supervisor Password with Intune and the Think BIOS Config Tool

For security purposes, there may be a requirement to change the supervisor password for BIOS access. There are a few ways to accomplish this, either programmatically using a couple lines of code or with the Think BIOS Config Tool. The former would be easiest but does pose quite the risk by exposing your supervisor password in plain text, which is a big no-no. So instead, we're going to use the Think BIOS Config Tool and an encrypted password file to tackle this scenario, which has become quite common these days it seems.

Introducing: Lenovo Device Management Module

LDMM Toolbox

The Lenovo Device Management Module is a PowerShell module that provides several useful cmdlets for making it easier to manage Lenovo commercial PCs. The module supports Lenovo's commercial portfolio of ThinkPad, ThinkCentre and ThinkStation products.

Windows 365 and ThinkPhone

Windows 365 Motorola

This article will serve as a basic walkthrough for bringing the full Windows 365 experience to your Lenovo ThinkPhone.

"... The power and security of the Microsoft cloud with the versatility and simplicity of the PC" is now in your pocket!

Autopilot + Thin Installer = Current Drivers/BIOS/Firmware

Revisiting a solution from 2020 that leverages Lenovo System Update to update drivers during Autopilot which provided a way to ensure devices were up-to-date before handing off to end users.

Fast forward to this 2023 Configuration Manager OSD solution that will update drivers, BIOS, and firmware got me thinking: How awesome would it be to migrate this to Autopilot world and really provide users with completely up-to-date devices right out of the gate?

Enabling Logging for Commercial Vantage

As noted in our docs, logging is not enabled by default any longer for Commercial Vantage. This is in regards to the System Update add-in. Historically, a log file is generated when a device checks for or installs updates.

Lenovo’s Product Security team wanted to ensure that enabling logs was a customer choice, and not something that was enabled by default without customer knowledge. This blog will provide example solutions for enabling logging for devices managed by Intune and ConfigMgr.

Certificate-based BIOS Authentication

Beginning with 2022 ThinkPad models, it is now possible to configure systems to use a digital signing certificate instead of a supervisor password. Although this feature does not eliminate the challenge of initially securing the device, it does eliminate the need to exchange passwords in plain text when scripting BIOS settings changes.