Manage Lenovo System Update with Intune

This post will describe how you can manage Lenovo System Update on
Windows 10 devices with Intune.

Before you begin, you will need:
System Update Administrator Tools - This contains the System Update ADM/ADMX files. By default, the contents are extracted to C:\SWTOOLS\TOOLS\AdminA Windows 10 device connected to Azure Active Directory and managed by IntuneSystem Update installed on the device Ingest the TVSU ADMX file Sign in to the Azure Device Management portalNavigate to Device Configuration > Profiles > Click Create ProfileEnter the required information for the new profile, for example:Name: Lenovo System Update configurationDescription: (Optional)Platform: Windows 10 and laterProfile Type: CustomIn the Custom OMA-URI Settings menu, click Add and enter the followingName: TVSU ADMX IngestDescription: (Optional)OMA-URI: ./Device/Vendor/MSFT/Policy/ConfigOperations/ADMXInstall/Lenovo/Policy/TVSUData Type: StringValue: Copy the contents of the tvsu.admx into this fieldClick OK to …

Lenovo Updates Catalog V2 for SCCM

New Catalog Format The Third-Party Software Update Catalogs node was a new addition for System Center Configuration Manager version 1806.  This introduced a new version of the well known "SCUP" catalog format that we refer to as "V2".

A V2 catalog contains individual update XML files for improved performance as well as the public portion of the signing certificates used to sign the updates in the catalog for increased security.  Lenovo offers a V2 version of our Lenovo Updates Catalog and, as of version 1902 of SCCM, it is presented as a partner catalog in the SCCM console making it easier to subscribe.  Prior to 1902 the catalog could be added manually using the following URL:

Lenovo Updates in SCCM 1902 

Deploy the Lenovo Updates Catalog Agent First! As part of the initial configuration steps, you will want to make sure you have the Lenovo Updates Products selected to be synchronized in your Software …

Deploying ThinInstaller With A Custom Repository Path Using Intune

This walk-through is a follow up to Hosting an Update Retriever Repository in an Azure Blob.

In this post, we're going to:
Deploy the latest version of ThinInstaller as a Win32 AppSet custom Repository and Log paths in the Configuration FileDefine a sample Scheduled Task to launch ThinInstaller and check for updates What you'll need:
Current version of ThinInstaller - LinkWin32 Content Prep Tool - LinkPowerShell Sample Script belowMake sure to replace the repoPath variable with your Blob Storage path.

$pkg = "lenovothininstaller1.3.0007-2019-04-25.exe"$installSwitch = "/VERYSILENT /SUPPRESSMSGBOXES /NORESTART"# Install ThinInstallerStart-Process".\$pkg" -ArgumentList $installSwitch -Wait # Identify Configuration File and Repository/Log Paths$configFile = [xml](Get-Content"${Env:ProgramFiles(x86)}\ThinInstaller\ThinInstaller.exe.configuration") $repoPath = "https://yourblobstoragepath"# Change Log location if desired…

What are Reboot Delayed updates?

Introducing Reboot Delayed (type 5) Updates You may have noticed updates with a new reboot type in your search results with the latest version of Update Retriever.

Reboot Delayed updates are typically either BIOS or component firmware updates.  In the past most of these updates were implemented as "Forces a reboot" (type 1) or "Power off" (type 4) updates because the updates themselves would either force a shutdown or reboot.

In an attempt to reduce the number of reboots required to keep systems up to date and to also work well with other update solutions, such as Windows Update, we have been redesigning these firmware updates to allow multiple firmware to be updated in one session.  The tool used to deliver the update, such as System Update or Thin Installer, will enforce a reboot once all updates have been applied. 

With firmware updates it simply isn't safe to postpone the reboot; therefore, the -noreboot command line parameter will not have an effect when …

What's New in Update Retriever

Introducing the “Manage driver packs” Feature in v5.00.0060 What is it? This feature allows an admin to create a collection of the hardware drivers for a specified model in a format that can be imported into Microsoft System Center Configuration Manager (SCCM) or Microsoft Deployment Toolkit (MDT) to support OS Deployment How is it different? This feature presents a list of only hardware drivers for a specified model based on what is currently available on the Lenovo Support web site instead of basing search results on content ready for use with System Update or Thin Installer. NOTE: Only Windows 10 is in scope for this feature. Who would use this? IT administrators that are performing custom imaging using SCCM and MDT always need to start with a set of hardware drivers specific to a model in order to get the best results. Any IT admin that wants to reduce the amount of time this process takes AND wants to use only the very latest drivers released will gain an advantage using this …

Hosting an Update Retriever Repository in an Azure Blob

When it comes to managing a centralized Update Retriever repository, challenges arise with widely distributed environments.  This is where leveraging a cloud storage solution can bring value.

I thought this post may be helpful for anyone piloting a "modern" way of updating their Think products.  This walk-through assumes the following tools are in place:
Update RetrieverThinInstaller on the clientAzure Blob Container (a free trial account with an included 5gb limit is what I used here). I won't cover creating the Storage account or Blob, just the process of uploading the Update Retriever content to the Blob container and how to configure the ThinInstaller Configuration XML on the client.

Populating the UR Repo

First, you'll need to download any new updates to your local machine or network share.  Currently, you can only point the UR repository location to a local drive or UNC path.

Once all updates are downloaded successfully, you'll need to upload them to the Blob…

Differences between Lenovo Patch and SCUP or SCCM 3rd Party Updates

Recently we've been getting questions regarding the difference between Lenovo Patch for SCCM and the 3rd party catalog subscription feature of SCUP and now SCCM.  This post will outline the main differences and similarities between these implementations.

Content One of the main advantages of Lenovo Patch is the fact that it includes a giant catalog of third party application patches.  The vast majority of these software providers will not be providing their own third-party patch catalogs for use with SCUP and SCCM.
Otherwise, the Lenovo content in Lenovo Patch is the same content that would be available through SCUP by subscribing to our Lenovo Updates Catalog.  Keep in mind that there are several technical restrictions on how updates are performed when deployed through WSUS.  So not all updates can be included in the catalog and we continue to work to reduce the number of exceptions.

With SCCM 1806 a new feature to subscribe to third party catalogs directly from the console was …