Deploying Intel ME Firmware
Updates with Intune
Intel ME firmware have always been a struggle to keep up-to-date. This guide will walk through deploying these updates as a Win32 app.
Welcome to the ThinkDeploy Blog rss
Deploying Intel ME Firmware
Certificate-based BIOS Authentication
Beginning with 2022 ThinkPad models, it is now possible to configure systems to use a digital signing certificate instead of a supervisor password. Although this feature does not eliminate the challenge of initially securing the device, it does eliminate the need to exchange passwords in plain text when scripting BIOS settings changes.
Updating Lenovo Thin Installer with Proactive Remediations
If your endpoints rely on Thin Installer to update drivers/BIOS/firmware, it should always be on the latest release. As part of the certificate verification process for installing updates with Thin Installer, older versions of Thin Installer cannot validate packages signed with newer certificates. The only solution is to upgrade Thin Installer, hence the reason for this article.
Creating Local Repository Using PowerShell
There are various scenarios where one might want to quickly generate a local repository of Lenovo updates that can be consumed by Thin Installer or System Update in a scripted manner. This article will describe a PowerShell script that can be leveraged to create a repository for a specified machine type and OS. A scenario where this script might be used will also be described.
Adding Model Friendly Name to Intune Device Notes
As of today, there's still a limitation within the Intune portal to easily find the friendly name of a Lenovo system, i.e. ThinkPad T14 Gen 3. Instead, you're left with the Machine Type Model (21AH).
I'm sure there's a small group of people, if any, that have memorized what every MTM translates to for its respective friendly name.
To make this a bit easier, and with the help of Damien Van Robaeys' blog post, we can use the Graph API to populate the device notes property of an Intune device by matching the Model (aka MTM) to its friendly name.
Reporting on Update Status, BIOS Level, CVEs, and More
This post will walk through deploying a Remediation script that will collect data from specific Lenovo WMI classes using the HTTP Data Collector API. As a result, the data will be sent to a Log Analytics Workspace in Azure Monitor.
Correcting the Qualcomm X55 WWAN Excessive Logging Issue
Symptoms
Continuously growing log files generated by the Qualcomm X55 WWAN service. These logs are located under %ProgramData%\Qualcomm® Snapdragon™ X55 5G Modem\SVClog
Setting an Asset Tag on ThinkPads using Intune Proactive Remediations
For the unaware, Lenovo provides a Windows Utility to Read and Write Asset ID Information, specifically for ThinkPad. With this utility, you are able to set asset ID data such as an Owner Name, Owner Location, Asset Number and several other pieces of information.
Using Winget to Install Applications as Part of a Configuration Manager Configuration Baseline
Brief Background
The future of package management for Windows is Windows Package Manager. This simplifies the installation and management of applications using the winget tool.
Installing Updates from the Lenovo 3rd Party Catalog in a ConfigMgr Operating System Deployment
In some scenarios, there may be the desire to leverage the Lenovo Updates Catalog to apply applicable updates during an OS deployment task sequence. This article will cover how this might be achieved.