#Managing a local Lenovo update repository has traditionally meant Update Retriever — a tool that gets the job done but leaves little room for automation or operational visibility. ThinkVantage Repository Manager (TVRM) is its modern replacement: a WPF GUI backed by a full PowerShell module that supports multiple repositories, per-model targeting, and a per-repository audit log that tracks every operation by user and timestamp.
Commercial Vantage ships ADMX/ADML templates for configuring its policies, and the documented path for Intune is to either ingest those templates and configure each setting or create a custom template profile and add each individual policy as an OMA-URI setting. That works, but can be tedious. Commercial Vantage Policy Manager is a WPF-based PowerShell GUI that takes the same policies and deploys them as a single Custom OMA-URI profile through the Microsoft Graph API — no template ingestion required.
PowerBios is a free, community-developed Windows utility by Claude Boucher (SomeTools) that lets you read, modify, and export BIOS settings on Lenovo ThinkPad, ThinkCentre, and ThinkStation devices using the WMI interface — locally or remotely. It's not an official Lenovo product, but it's a genuinely useful tool for anyone who regularly works with Lenovo BIOS configuration.
Using the Think BIOS Config Tool V2 and the Lenovo.BIOS.Config PowerShell module to securely change the BIOS supervisor password via an Intune Win32 app.
Installing current drivers, BIOS, and firmware during a bare metal OSD with the Lenovo Client Update PowerShell Module (LCU)
Hardware Support Apps (HSAs) are a core part of the modern Windows driver model — UWP/MSIX apps published by OEMs or IHVs that extend a base driver, typically delivered via the Microsoft Store. Common examples include Intel Graphics Command Center, AMD Software, Realtek Audio Console, and Lenovo hardware control apps. They are a fundamental piece of the Declarative, Componentized, Hardware Support Apps (DCH) driver architecture introduced in Windows 10 1809.
Understanding how HSAs are designed to work — and where enterprise management intersects with that design — is critical to deploying and maintaining a clean, supportable Windows environment.
A deep dive on converting to certificate-based authentication in an Autopilot pre-provisioned deployment using Think BIOS Config and Certificates V2 tools
We're excited to announce the release of two powerful new PowerShell-based tools for managing BIOS settings on Lenovo commercial PCs: Think BIOS Config Tool V2 and Lenovo BIOS Certificate Tool V2. These tools represent a complete rewrite of their predecessors, bringing modern PowerShell capabilities, enhanced user interfaces, and seamless integration with Microsoft Intune.
updated October 31, 2025
Beginning with 2022 ThinkPad models, it is now possible to configure systems to use a digital signing certificate instead of a supervisor password. Although this feature does not eliminate the challenge of initially securing the device, it does eliminate the need to exchange passwords in plain text when scripting BIOS settings changes.
As more corporate customers are moving to Intune and other cloud based tools for device management, there has been and probably will continue to be a decrease in the use of imaging technologies to deploy operating systems to devices. Most of the time, customers are using the OEM provided preload on the device as the initial operating system installation. Customers then leverage tools to continue with device configuration until the desired state is met.