Posts

Deploying Lenovo Settings For Enterprise With Intune

Image
This post introduces Lenovo Settings for Enterprise, a new application that allows users to change hardware settings on Lenovo PCs, along with walking through how to deploy the app to Windows 10 devices in your organization with Intune.


Lenovo Settings is not available through the MS Business Store so you'll need to download the application from here Contained in the zip is a deployment guide along with Lenovo provided scripts to assist with installing and configuring the Lenovo Settings deployment.  The matrix below compares the features between Settings and Vantage.


Lenovo Settings Lenovo Vantage Hardware Settings ✓ ✓ System Update
Lenovo WiFi Security
Diagnostic Hardware Scan
User Guide

Upgrading TPM Spec 1.2 to 2.0 on ThinkPad using ConfigMgr Current Branch

Image
Now that your Windows 7 to 10 migration is complete, you may want to upgrade the TPM Spec version from 1.2 to 2.0 to take full advantage of Windows 10's security features, like Device Guard and Credential Guard.
This can be accomplished with the ThinkPad Setup Settings Capture/Playback Utility (SRSetupWin).  There's actually two separate utilities, with one supporting a broader range of models so take note of the supported systems sections.  Here's a link to both:
https://pcsupport.lenovo.com/downloads/DS102568
https://pcsupport.lenovo.com/downloads/DS032441
There are caveats when using this tool.  A supervisor password must be present on the system and the TPM must be cleared prior to converting, which will require physical presence.  That means a tech will have to touch each box.  If you're ok with these requirements and wish to proceed, keep on reading.
Note: Supervisor passwords cannot be set initially in an automated way.
First, create a Package in your console after yo…

Reporting BIOS Password States on Think Products with ConfigMgr Current Branch

Image
There may be a need to run a report on your Think products to check which BIOS settings are enabled or disabled, or if there is even a BIOS supervisor password set.

This post will walk through creating a simple custom report in ConfigMgr that will display the following:
All Lenovo Think productsModel (Friendly Names)Computer Name BIOS VersionIs TPM Enabled?Is TPM Activated?Secure Boot StatusUEFI Enabled?BIOS Password(s) Set
Extending Hardware Inventory

First, you'll need to extend hardware inventory to collect these two Lenovo WMI classes.

Lenovo_BiosSetting
Lenovo_Bios PasswordSettings

To make this a bit easier, there's a zip at the bottom of the page you can download that contains a MOF file you can import into your Default Client Settings that will add these classes.