Previously, Lenovo provided two separate apps (Lenovo Settings and Lenovo Companion) that allowed the user to change hardware settings, run diagnostic scans, and check for software and driver updates. As of December 2017, all of the features in those two apps (discontinued) were merged into a single app Commercial Vantage
This post will walk through deploying Commercial Vantage as a ConfigMgr application.
This feature allows an admin to create a collection of the hardware drivers for a specified model in a format that can be imported into Microsoft System Center Configuration Manager (SCCM) or Microsoft Deployment Toolkit (MDT) to support OS Deployment.
This walk-through will cover deploying ThinkPad BIOS updates with Intune. These are provided as standalone executables so adding them as a Win32 app will involve converting them to the .intunewin format using the Win32 Content Prep Tool.
The SMBIOS Specification was updated again this year to add new enclosure type values that affect the IsDesktop, IsLaptop, and IsServer variables in MDT. These variables are populated by ZTIGather.wsf. To ensure your IsDesktop, IsLaptop, IsServer variables are accurate you should upgrade your MDT environment to version 8456.
Due to customer feedback, Lenovo is introducing a couple of new features focused on tracking updates. Traditionally, updates installed on the client were logged in the Updates_log(timestamp).txt.
Admittedly, parsing through the log to find out which updates were skipped, installed, or failed is not that easy. If you're deploying a task sequence to your Lenovo systems that runs Thin Installer, you can only see if Thin Installer runs or not. How do you tell which updates installed without logging into each system and checking the logs?
A new switch can now be added to your Thin Installer command line that will do the following upon execution:
There may be a need to run a report on your Think products to check which BIOS settings are enabled or disabled, or if there is even a BIOS supervisor password set.
This post will walk through creating a simple custom report in ConfigMgr that will display the following:
Now that your Windows 7 to 10 migration is complete, you may want to upgrade the TPM Spec version from 1.2 to 2.0 to take full advantage of Windows 10's security features, like Device Guard and Credential Guard.
This article will cover the TPM Firmware Switch Tool that was released to remedy affected ThinkCentres described in the LEN-15552 Security Advisory.
What follows is a brief look at what is possible and not necessarily recommended for everyone. Hopefully someone finds it useful.
Earlier at MMS this year (2017), a fantastic session on modern driver management in OS deployments was presented by Kim Oppalfens and Tom Degreef. This method and what it entails can be found here.
There are some definite advantages to pre-provisioning BitLocker. Pre-provisioning the disk will encrypt only used space, so when this step executes, the drive will be encrypted before the operating system has been laid down to the client, saving a ton of time.
The catch here is that in order for pre-provisioning to work, a TPM has to be present on the system AND enabled, as stated in the Pre-provision BitLocker step.