We're excited to announce the release of two powerful new PowerShell-based tools for managing BIOS settings on Lenovo commercial PCs: Think BIOS Config Tool V2 and Lenovo BIOS Certificate Tool V2. These tools represent a complete rewrite of their predecessors, bringing modern PowerShell capabilities, enhanced user interfaces, and seamless integration with Microsoft Intune.
updated October 31, 2025
Beginning with 2022 ThinkPad models, it is now possible to configure systems to use a digital signing certificate instead of a supervisor password. Although this feature does not eliminate the challenge of initially securing the device, it does eliminate the need to exchange passwords in plain text when scripting BIOS settings changes.
As more corporate customers are moving to Intune and other cloud based tools for device management, there has been and probably will continue to be a decrease in the use of imaging technologies to deploy operating systems to devices. Most of the time, customers are using the OEM provided preload on the device as the initial operating system installation. Customers then leverage tools to continue with device configuration until the desired state is met.
This guide will demonstrate how to convert the BIOS security of a Lenovo Think product, protected by a Supervisor Password, to a digital certificate-based authentication mechanism using a Configuration Manager task sequence.
You may start seeing a new update offered titled System Firmware Update Utility. What exactly is this and what does it fix?
The SU Helper utility was introduced to programmatically trigger the System Update AddIn of Commercial Vantage. Let's see how we can leverage SU Helper in different scenarios across Microsoft's Endpoint Management solutions.
After a successful Operating System Deployment (OSD), customers have noted the Fibocom FWSwitchService running on devices without a Fibocom WWAN Card. In this blog post, we provide the cause and remediation for this issue.