Upgrading TPM Spec 1.2 to 2.0 on ThinkPad using ConfigMgr Current Branch

Now that your Windows 7 to 10 migration is complete, you may want to upgrade the TPM Spec version from 1.2 to 2.0 to take full advantage of Windows 10's security features, like Device Guard and Credential Guard.
This can be accomplished with the ThinkPad Setup Settings Capture/Playback Utility (SRSetupWin).  There's actually two separate utilities, with one supporting a broader range of models so take note of the supported systems sections.  Here's a link to both:
There are caveats when using this tool.  A supervisor password must be present on the system and the TPM must be cleared prior to converting, which will require physical presence.  That means a tech will have to touch each box.  If you're ok with these requirements and wish to proceed, keep on reading.
Note: Supervisor passwords cannot be set initially in an automated way.
First, create a Package in your console after yo…

Reporting BIOS Password States on Think Products with ConfigMgr Current Branch

There may be a need to run a report on your Think products to check which BIOS settings are enabled or disabled, or if there is even a BIOS supervisor password set.

This post will walk through creating a simple custom report in ConfigMgr that will display the following:
All Lenovo Think productsModel (Friendly Names)Computer Name BIOS VersionIs TPM Enabled?Is TPM Activated?Secure Boot StatusUEFI Enabled?BIOS Password(s) Set
Extending Hardware Inventory

First, you'll need to extend hardware inventory to collect these two Lenovo WMI classes.

Lenovo_Bios PasswordSettings

To make this a bit easier, there's a zip at the bottom of the page you can download that contains a MOF file you can import into your Default Client Settings that will add these classes.