Welcome to the ThinkDeploy Blog

July 16, 2024
5 min read

Changing the BIOS Supervisor Password with Intune and the Think BIOS Config Tool

For security purposes, there may be a requirement to change the supervisor password for BIOS access. There are a few ways to accomplish this, either programmatically using a couple lines of code or with the Think BIOS Config Tool. The former would be easiest but does pose quite the risk by exposing your supervisor password in plain text, which is a big no-no. So instead, we're going to use the Think BIOS Config Tool and an encrypted password file to tackle this scenario, which has become quite common these days it seems.

April 24, 2024
5 min read

Arm-based Operating System Deployment

Windows on ARM

Operating System Deployment support for Windows 11 ARM 64 devices is now supported in the 2403 release of Configuration Manager. This guide will demonstrate how to deploy Windows 11 to the Qualcomm equipped ThinkPad X13s.

January 17, 2024
2 min read

Configuration Manager - Driver Import Error: Some packages cannot be updated

Recently we have experienced an increase of reported issues when importing drivers into Configuration Manager. After a successful import, the import wizard goes to copy the drivers to the package and distribute the package to the distribution point(s), yet an error is received.

January 15, 2024
5 min read

Introducing: Lenovo Device Management Module

LDMM Toolbox

The Lenovo Device Management Module is a PowerShell module that provides several useful cmdlets for making it easier to manage Lenovo commercial PCs. The module supports Lenovo's commercial portfolio of ThinkPad, ThinkCentre and ThinkStation products.

October 25, 2023
4 min read

Windows 365 and ThinkPhone

Windows 365 Motorola

This article will serve as a basic walkthrough for bringing the full Windows 365 experience to your Lenovo ThinkPhone.

"... The power and security of the Microsoft cloud with the versatility and simplicity of the PC" is now in your pocket!

October 10, 2023
5 min read

Autopilot + Thin Installer = Current Drivers/BIOS/Firmware

Revisiting a solution from 2020 that leverages Lenovo System Update to update drivers during Autopilot which provided a way to ensure devices were up-to-date before handing off to end users.

Fast forward to this 2023 Configuration Manager OSD solution that will update drivers, BIOS, and firmware got me thinking: How awesome would it be to migrate this to Autopilot world and really provide users with completely up-to-date devices right out of the gate?

August 10, 2023
3 min read

Enabling Logging for Commercial Vantage

As noted in our docs, logging is not enabled by default any longer for Commercial Vantage. This is in regards to the System Update add-in. Historically, a log file is generated when a device checks for or installs updates.

Lenovo’s Product Security team wanted to ensure that enabling logs was a customer choice, and not something that was enabled by default without customer knowledge. This blog will provide example solutions for enabling logging for devices managed by Intune and ConfigMgr.

July 26, 2023
3 min read

Deploying Intel ME Firmware
Updates with Intune

Intel ME firmware have always been a struggle to keep up-to-date. This guide will walk through deploying these updates as a Win32 app.

July 24, 2023
7 min read

Certificate-based BIOS Authentication

Beginning with 2022 ThinkPad models, it is now possible to configure systems to use a digital signing certificate instead of a supervisor password. Although this feature does not eliminate the challenge of initially securing the device, it does eliminate the need to exchange passwords in plain text when scripting BIOS settings changes.

April 12, 2023
4 min read

Updating Lenovo Thin Installer with Proactive Remediations

If your endpoints rely on Thin Installer to update drivers/BIOS/firmware, it should always be on the latest release. As part of the certificate verification process for installing updates with Thin Installer, older versions of Thin Installer cannot validate packages signed with newer certificates. The only solution is to upgrade Thin Installer, hence the reason for this article.