Skip to content

Welcome to the ThinkDeploy Blog rss#

  • 8 min read

Current Drivers, Firmware, and BIOS During Autopilot Pre-Provisioning With Intune and LCU

This post replaces the earlier Autopilot + Thin Installer method. Thin Installer still works, but the Lenovo.Client.Update (LCU) PowerShell module is the current, supported way to drive updates from a script: it queries, downloads, and silently installs applicable driver, firmware, and BIOS updates for a Lenovo device, without the dependency of Thin Installer. Wrapping it in a script and packaging that as an Intune Win32 app lets you run the same update pass unattended — including during an Autopilot for pre-provisioned deployment. This post walks through a wrapper script built for exactly that, and the packaging and detection rules that make it behave inside Intune.

  • 5 min read

Introducing ThinkVantage Repository Manager

Managing a local Lenovo update repository has traditionally meant Update Retriever — a tool that gets the job done but leaves little room for automation or operational visibility. ThinkVantage Repository Manager (TVRM) is its modern replacement: a WPF GUI backed by a full PowerShell module that supports multiple repositories, per-model targeting, and a per-repository audit log that tracks every operation by user and timestamp.

  • 6 min read

Introducing: Commercial Vantage Policy Manager for Intune

Commercial Vantage ships ADMX/ADML templates for configuring its policies, and the documented path for Intune is to either ingest those templates and configure each setting or create a custom template profile and add each individual policy as an OMA-URI setting. That works, but can be tedious. Commercial Vantage Policy Manager is a WPF-based PowerShell GUI that takes the same policies and deploys them as a single Custom OMA-URI profile through the Microsoft Graph API — no template ingestion required.

  • 3 min read

Community Tool Spotlight: PowerBios – WMI BIOS Utility for Lenovo

PowerBios is a free, community-developed Windows utility by Claude Boucher (SomeTools) that lets you read, modify, and export BIOS settings on Lenovo ThinkPad, ThinkCentre, and ThinkStation devices using the WMI interface — locally or remotely. It's not an official Lenovo product, but it's a genuinely useful tool for anyone who regularly works with Lenovo BIOS configuration.

  • 4 min read

HSA Best Practices Guide

Manage PC

Hardware Support Apps (HSAs) are a core part of the modern Windows driver model — UWP/MSIX apps published by OEMs or IHVs that extend a base driver, typically delivered via the Microsoft Store. Common examples include Intel Graphics Command Center, AMD Software, Realtek Audio Console, and Lenovo hardware control apps. They are a fundamental piece of the Declarative, Componentized, Hardware Support Apps (DCH) driver architecture introduced in Windows 10 1809.

Understanding how HSAs are designed to work — and where enterprise management intersects with that design — is critical to deploying and maintaining a clean, supportable Windows environment.

  • 7 min read

Introducing Think BIOS Config Tool V2 and Lenovo BIOS Certificate Tool V2

Tools Banner

We're excited to announce the release of two powerful new PowerShell-based tools for managing BIOS settings on Lenovo commercial PCs: Think BIOS Config Tool V2 and Lenovo BIOS Certificate Tool V2. These tools represent a complete rewrite of their predecessors, bringing modern PowerShell capabilities, enhanced user interfaces, and seamless integration with Microsoft Intune.

  • 10 min read

Certificate-based BIOS Authentication

updated October 31, 2025

Beginning with 2022 ThinkPad models, it is now possible to configure systems to use a digital signing certificate instead of a supervisor password. Although this feature does not eliminate the challenge of initially securing the device, it does eliminate the need to exchange passwords in plain text when scripting BIOS settings changes.