DEPRECATED: Configuring Lenovo Vantage with an MDM
by Phil Jorgensen
Overview
Lenovo Vantage contains some features which may not be appropriate for enterprise users. Please read this section carefully to understand these features and consider whether they should be disabled in your specific environment.
Lenovo Software and Driver Updates – One of the features of Lenovo Vantage, called System Update, will automatically install updates for Lenovo software and drivers. Some IT organizations will want to disable this.
Ads, messaging, and metrics data collection – Lenovo Vantage tells users about special offers from Lenovo through in-app and toast messages. Lenovo Vantage also collects metrics/telemetry data about how users interact with the application. These things can be disabled.
This guide will demonstrate how to control parts of the Lenovo Vantage User Interface that is displayed to the user and how to deploy the configuration with MobileIron Cloud with Bridge or Microsoft Intune.
Lenovo Software and Driver Updates – One of the features of Lenovo Vantage, called System Update, will automatically install updates for Lenovo software and drivers. Some IT organizations will want to disable this.
Ads, messaging, and metrics data collection – Lenovo Vantage tells users about special offers from Lenovo through in-app and toast messages. Lenovo Vantage also collects metrics/telemetry data about how users interact with the application. These things can be disabled.
This guide will demonstrate how to control parts of the Lenovo Vantage User Interface that is displayed to the user and how to deploy the configuration with MobileIron Cloud with Bridge or Microsoft Intune.
Deployment from MobileIron
Log into MobileIron Cloud, click Configurations and click the Add button.
Tick the Windows 10+ box under the OS Version filter.
Select MobileIron Bridge from the available Configurations.
Enter a name and description (optional)
Add the PowerShell script file and click the Next button. The contents for the .ps1 file are included in this post below.
Choose the appropriate option for the new MI Bridge Configuration and click Done.
Status of the configuration can be checked under Devices > Configurations tab.
Deployment from Intune
This is assuming Lenovo Vantage has been added to the MS Store for Business, synced to your Azure Active Directory tenant’s Mobile Apps catalog and assigned for installation to the desired AAD group.
In the Intune dashboard, select Device Configuration > PowerShell scripts
In the Intune dashboard, select Device Configuration > PowerShell scripts
Click the +Add button to add a new PowerShell Script. Enter a Name and description.
Click the blue folder beside Script location to upload a file. The contents of the .ps1 file is included in this post below. Script settings can be defined to run using the logged-on credentials or enforcing a signature check on the script. For this guide, these options will be skipped. (Note: The settings that will be configured are commented in the script).
Click the blue Create button to add the PowerShell script to your tenant.
To assign the script to a group, click Assignments, Select groups, choose the desired group and Save settings.
Click the blue Create button to add the PowerShell script to your tenant.
To assign the script to a group, click Assignments, Select groups, choose the desired group and Save settings.
You can monitor the status under Monitor > Device Status
Example: Before Vantage Configurations
Example: After Vantage Configurations
Example: Before Vantage Configurations
Example: After Vantage Configurations
PowerShell Script:
<# PSScriptInfo
# Updated: 11/19/2019
#
# Set-VantageConfig_Updated.ps1
#
# This script is designed to hide Vantage features that may not be appropriate
# for enterprise customers. Each feature is commented out beside each GUID.
#
#>
##############################
### Transcript for logging ###
##############################
$stampDate = Get-Date
$vantageTempDir = "C:\Vantage\Config"
$transcriptName = $vantageTempDir + "\VantageConfig_" + $stampDate.ToFileTimeUtc() + ".txt"
Start-Transcript -Path $transcriptName -NoClobber
##########################################
### Start PowerShell as 64 bit process ###
##########################################
If ($ENV:PROCESSOR_ARCHITEW6432 -eq "AMD64") {
Try {
&"$ENV:WINDIR\SysNative\WindowsPowershell\v1.0\PowerShell.exe" -File $PSCOMMANDPATH
}
Catch {
Throw "Failed to start $PSCOMMANDPATH"
}
Exit
}
#######################################################
### Create Vantage registry key if it doesn't exist ###
#######################################################
$path = "HKLM:\SOFTWARE\Policies\Lenovo\E046963F.LenovoCompanion_k1h2ywk1493x8"
IF(!(Test-Path $path\Messaging))
{
New-Item -Path $path\Messaging -Force > $null
}
##########################################
###### Configuring Vantage Features ######
##########################################
Write-Output "----------------------------"
Write-Output "Configuring Vantage Features"
Write-Output "----------------------------"
$array = @( '2210FAAF-933B-4985-BC86-7E5C47EB2465' ` # Lenovo ID WelcomPage
'E0DF659E-02A6-417C-8B39-DB116529BFDD' ` # Preferences
'B6B55642-B0C4-44E0-BF18-719B100CF1FD' ` # Messaging Preferences
'9800b440-7EDf-4DF4-8F04-E2A88B5F856F' ` # Device Refresh
'9023E851-DE40-42C4-8175-1AE5953DE624' ` # Welcome Page
'56A7055C-B2A5-409E-B639-EAA0D009183E' ` # Location Tracking
'369C3066-08A0-415A-838C-9C56C5FBF5C4' ` # Anonymous Usage Statistics (Entire Feature)
'349B8C6E-6AE4-4FF3-B8A0-25D398E75AAE' ` # Anonymous Usage Statistics (Allow User Configuration)
'3499C08F-C249-43CE-AD89-EF4D7D1C5D54' ` # Anonymous Usage Statistics (User Default Preference)
'2885591F-F5A8-477A-9744-D1B9F30B5B79' ` # Store Rating and Feedback Popup
'DF4A82CD-019D-4768-80FE-8274DAFB6E80' ` # WiFi Security
'3130346B-C539-4BDF-BB58-AAFE3D0DC916' ` # User Feedback
'19841A14-32B9-4F67-9D3A-605EE6CEF187' ` # Tweet Us
'35966093-9FA9-4EB4-8CC7-145887B6E6EA' ` # Need Help
'88024006-BB4F-4CB5-AE9F-C048F5DBD1A1' ` # Lenovo ID
'A0A06B48-4F6A-4226-B127-F70EC0508B3B' ` # Apps & Offers - Disables every setting in this category
'B6899520-52FA-4851-AABE-A6E08AAB3102' ` # Lenovo Voice Commands - Disables every setting in this category
'DE00682F-16F2-4ECA-BBF3-768DA0D9EB33' ` # Messaging Preferences - Disables every setting in this category
'B3FA2B6F-4F61-4B57-8E7F-558FF3C40634' ` # Security Advisor - Disables every setting in this category
'18E12FC0-EACB-43CB-8231-87D9C09EE0DF' ` # Self Select - Disables every setting in this category
'6674459E-60E2-49DE-A791-510247897877' ` # SSRecs - Disables every setting in this category
'A191BF9F-60BE-4843-B4BA-441DD0AEB12E' ` # System Health and Support - Disables User Guide, Knowledge Base, Warranty & Services, Optimize, Tips & Tricks, and Discussion Forum
'C2A21829-4A59-463D-B14E-3E3E9CDB5B76' ` # Auto Launch - Disables every setting in this category
'C615AC2F-F818-4AF6-99CA-D95E6FF1BD18' ` # My Account
'D65D67BF-8916-4928-9B07-35E3A9A0EDC3' ` # Vantage Tutorial
)
foreach($i in $array){
New-ItemProperty -Path $path -Name $i -Value 0 -PropertyType DWord -Force > $null
}
#####################
### System Update ###
#####################
Write-Output "------------------------------"
Write-Output "Disabling System Update Plugin"
Write-Output "------------------------------"
$SUplugin = "HKLM:\SOFTWARE\WOW6432Node\Policies\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin"
IF(!(Test-Path $SUplugin))
{
New-Item -Path $SUplugin -Force > $null
}
New-ItemProperty -Path $SUplugin -Name Imc-Block -Value 1 -Force > $null # System Update Plugin
New-ItemProperty -Path $path -Name E40B12CE-C5DD-4571-BBC6-7EA5879A8472 -Value 0 -Force > $null # System Update GUI
Stop-Transcript