Deep dive setting up a Lenovo cloud repository in an Azure file share

In a previous post, I walked through a few steps on how to host an Update Retriever repository in an Azure blob storage.  This involved downloading the updates to a local machine, copying them to the blob, and configuring Thin Installer on the client to pull these updates down.

Another option is the Lenovo cloud repository feature in Update Retriever.  By choosing this option, only the package XML's will be downloaded to the repository while the full content will be hosted by Lenovo.  If you're moving your on-prem repository to the cloud, this option will most definitely cut down storage costs as these XML's are only a couple of Kilobytes in size.
A few things to note before exploring this route: System Update (version 5.07.0046 and later) is supportedThin Installer is NOT supported Azure Storage Account You'll need to create a new storage account first.  During the creation, make sure you set the account kind to StorageV2 since we're going to be using this as an Az…

Manage Lenovo Vantage for Enterprise with Intune

A previous post on Configuring Vantage with Intune walked through deploying a PowerShell script to customize specific features in the Vantage interface.

This post will build off Managing System Update with Intune and focus on ingesting the Vantage ADMX file and creating custom OMA-URI policies.  This solution is to provide a modern approach to what's currently offered in the application and deployment guide for Vantage found here.
Contained in the zip is a .reg file that will disable consumer features in the Vantage interface that aren't exactly necessary for Enterprise devices.  A snippet from the .reg file below.
;This reg file is generated by disabling the following policy settings in Administrative Templates -> Lenovo Vantage;1. Lenovo ID WelcomPage;2. Preferences;3. Messaging Preferences;4. Device Refresh;5. Welcome Page;6. Location Tracking;7. Anonymous Usage Statistics (Entire Feature);8. Anonymous Usage Statistics (Allow User Configuration);9. Anonymous Usag…

Lenovo Model Information in MDT

When using Microsoft Deployment Toolkit (MDT), the ZTIGather.wsf script will pull important information MDT needs and place it into variables for usage during a task sequence.   The %Model% variable is a key piece of information during task sequences especially for targeting software and drivers.  A popular example of the %Model% variable usage is the Total Control method of driver organization and injection by Johan Arwidmark.

Currently, when the model information is pulled from a Lenovo system, it will display the Lenovo Machine Type Model (MTM) in the Model variable as 20MD001YUS or 20MD003YUS, for example.  When using the MTM, the Out-of-Box Drivers library of model folders in MDT can quickly grow and become nearly repetitive.  The growth can become a management burden when attempting to maintain drivers, as each folder beginning with 20MD, for example, would have the same set of drivers in it.  To enable better management, we can edit the ZTIGather.wsf script to change where it pu…

System Update Suite and MEM: Part 2 Deploying and Configuring the Apps

Part 1 of the System Update Suite and MEM guide, we walk through creating an Application for System Update and Thin Installer.

This post will guide you through one way of configuring the different settings for System Update and Thin Installer using Configuration Items and Baselines.

We'll start out by creating a CI to detect if the current version of System Update is installed on clients.

Launch the Create Configuration Item wizard, set a name, and tick the box This configuration item contains application settings

Tick the Detect a specific application and deployment type radio button and select the current version of System Update from the application list

Click Next through the wizard to complete the creation of the CI.

Start the Create Configuration Baseline wizard, specify a name, and add the newly created CI

Deploy the Baseline to a Device Collection.  Ideally, the collection should contain Think branded devices only.  Right click on the deployment, Create New Collectio…

Manage Lenovo System Update with Intune

This post will describe how you can manage Lenovo System Update on
Windows 10 devices with Intune.

Before you begin, you will need:
System Update Administrator Tools - This contains the System Update ADM/ADMX files. By default, the contents are extracted to C:\SWTOOLS\TOOLS\AdminA Windows 10 device connected to Azure Active Directory and managed by IntuneSystem Update installed on the device Ingest the TVSU ADMX file Sign in to the Azure Device Management portalNavigate to Device Configuration > Profiles > Click Create ProfileEnter the required information for the new profile, for example:Name: Lenovo System Update configurationDescription: (Optional)Platform: Windows 10 and laterProfile Type: CustomIn the Custom OMA-URI Settings menu, click Add and enter the followingName: TVSU ADMX IngestDescription: (Optional)OMA-URI: ./Device/Vendor/MSFT/Policy/ConfigOperations/ADMXInstall/Lenovo/Policy/TVSUData Type: StringValue: Copy the contents of the tvsu.admx into this fieldClick OK to …

Deploying Lenovo System Update with automatic updates disabled

One of the features of Lenovo System Update is to automatically install the following types of updates:

Critical updates (BIOS, firmware, drivers, software)Recommendeddriver updates (not BIOS, firmware, or software) These updates are installed by scheduled tasks.  Some customers may want to deploy Lenovo System Update without these scheduled tasks, and also prevent their end-users from re-enabling automatic updates.  This can be accomplished in these steps: Install System UpdateDelete the scheduled tasksImport a .reg file that will hide the Scheduler option in the System Update GUI I have prepared a sample package which does these 3 things.  This is based on System Update 5.07.0092 which is the latest version at the time I'm writing this.
See Deploy_SU_No_Scheduler.bat - you can use this as-is, or use the same technique in your own scripts.

Updating Thunderbolt Software and Firmware with Microsoft Endpoint ConfigMgr

[Updated April 17, 2020: Updated repository to include latest updates. To get just the updated repository, download and unzip the zip file, then refresh your package content with the files from the \TP_TBT_TS-20200417\TP_TBT_TS_files\Thunderbolt Updates\repository folder. Remember to update your distribution points.] This post provides an alternative solution for deploying Thunderbolt software (driver), firmware, and BIOS updates to affected ThinkPads as described in this bulletin.  What makes this process difficult is the installation order in which these updates have to be applied.  The Thunderbolt driver and BIOS (not all models) are required to be installed first before the firmware can be updated, with a reboot in between.

To accomplish this task, a ConfigMgr sample Task Sequence has been developed with all necessary updates and provided as a zip which can be imported into your console.  The brains of the Task Sequence lies with the power of Thin Installer and two commands.  The…