Welcome to the ThinkDeploy Blog rss

August 10, 2023
3 min read

Enabling Logging for Commercial Vantage

As noted in our docs, logging is not enabled by default any longer for Commercial Vantage. This is in regards to the System Update add-in. Historically, a log file is generated when a device checks for or installs updates.

Lenovo’s Product Security team wanted to ensure that enabling logs was a customer choice, and not something that was enabled by default without customer knowledge. This blog will provide example solutions for enabling logging for devices managed by Intune and ConfigMgr.

July 26, 2023
3 min read

Deploying Intel ME Firmware
Updates with Intune

Intel ME firmware have always been a struggle to keep up-to-date. This guide will walk through deploying these updates as a Win32 app.

July 24, 2023
7 min read

Certificate-based BIOS Authentication

Beginning with 2022 ThinkPad models, it is now possible to configure systems to use a digital signing certificate instead of a supervisor password. Although this feature does not eliminate the challenge of initially securing the device, it does eliminate the need to exchange passwords in plain text when scripting BIOS settings changes.

April 12, 2023
4 min read

Updating Lenovo Thin Installer with Proactive Remediations

If your endpoints rely on Thin Installer to update drivers/BIOS/firmware, it should always be on the latest release. As part of the certificate verification process for installing updates with Thin Installer, older versions of Thin Installer cannot validate packages signed with newer certificates. The only solution is to upgrade Thin Installer, hence the reason for this article.

March 13, 2023
7 min read

Creating Local Repository Using PowerShell

There are various scenarios where one might want to quickly generate a local repository of Lenovo updates that can be consumed by Thin Installer or System Update in a scripted manner. This article will describe a PowerShell script that can be leveraged to create a repository for a specified machine type and OS. A scenario where this script might be used will also be described.

February 7, 2023
2 min read

Adding Model Friendly Name to Intune Device Notes

As of today, there's still a limitation within the Intune portal to easily find the friendly name of a Lenovo system, i.e. ThinkPad T14 Gen 3. Instead, you're left with the Machine Type Model (21AH).

I'm sure there's a small group of people, if any, that have memorized what every MTM translates to for its respective friendly name.

To make this a bit easier, and with the help of Damien Van Robaeys' blog post, we can use the Graph API to populate the device notes property of an Intune device by matching the Model (aka MTM) to its friendly name.

September 27, 2022
4 min read

Reporting on Update Status, BIOS Level, CVEs, and More

Azure Workbooks Icon

This post will walk through deploying a Remediation script that will collect data from specific Lenovo WMI classes using the HTTP Data Collector API. As a result, the data will be sent to a Log Analytics Workspace in Azure Monitor.

August 10, 2022
2 min read

Correcting the Qualcomm X55 WWAN Excessive Logging Issue

Symptoms

Continuously growing log files generated by the Qualcomm X55 WWAN service. These logs are located under %ProgramData%\Qualcomm® Snapdragon™ X55 5G Modem\SVClog

June 15, 2022
2 min read

Setting an Asset Tag on ThinkPads using Intune Proactive Remediations

Asset Tag Icon

For the unaware, Lenovo provides a Windows Utility to Read and Write Asset ID Information, specifically for ThinkPad. With this utility, you are able to set asset ID data such as an Owner Name, Owner Location, Asset Number and several other pieces of information.

March 16, 2022
4 min read

Using Winget to Install Applications as Part of a Configuration Manager Configuration Baseline

Winget Icon

Brief Background

The future of package management for Windows is Windows Package Manager. This simplifies the installation and management of applications using the winget tool.