Manage Lenovo System Update with Intune

This post will describe how you can manage Lenovo System Update on
Windows 10 devices with Intune.

Before you begin, you will need:
  • System Update Administrator Tools - This contains the System Update ADM/ADMX files. By default, the contents are extracted to C:\SWTOOLS\TOOLS\Admin
  • A Windows 10 device connected to Azure Active Directory and managed by Intune
  • System Update installed on the device

Ingest the TVSU ADMX file

  • Sign in to the Azure Device Management portal
  • Navigate to Device Configuration > Profiles > Click Create Profile
  • Enter the required information for the new profile, for example:
    • Name: Lenovo System Update configuration
    • Description: (Optional)
    • Platform: Windows 10 and later
    • Profile Type: Custom
  • In the Custom OMA-URI Settings menu, click Add and enter the following
    • Name: TVSU ADMX Ingest
    • Description: (Optional)
    • OMA-URI: ./Device/Vendor/MSFT/Policy/ConfigOperations/ADMXInstall/Lenovo/Policy/TVSU
    • Data Type: String
    • Value: Copy the contents of the tvsu.admx into this field
  • Click OK to complete adding the new OMA-URI row
  • Click Create to create the new profile
  • Assign the profile to a group.  This group should only include devices that have System Update installed.
Verify the settings have pushed to a device by launching Regedit and navigating to

HKLM\SOFTWARE\Microsoft\PolicyManager\AdmxDefault


Create a TVSU Policy

Example 1
  • Sign in to the Azure
    Device Management
    portal
  • Navigate to Device Configuration > Profiles >
    click the Lenovo System Update Configuration profile that was created earlier > Properties > Settings
  • In the Custom OMA-URI Settings menu, click Addand enter the following
    • Name: Admin Command Line
    • Description: Installs Critical and Recommended packages with a reboot type 3 (requires reboot)
    • OMA-URI:
      ./Device/Vendor/MSFT/Policy/Config/Lenovo~Policy~Cat_ThinkVantage_61~Cat_System_Update_63~Cat_UserSettings_74~Cat_General_78/Policy_Admin_CommandLine_154
    • Data Type: String
    • Value:
<enabled/>
<data id="Policy_TextBox_Element_Admin_CommandLine_155" value="/CM -search R -action INSTALL -includerebootpackages 3 -noicon -noreboot -nolicense -defaultupdate"/>

    • Click OK to complete adding the new OMA-URI row

Example 2

  • In the Custom OMA-URI Settings menu, click Addand enter the following
    • Name: Repository Path
    • Description: (Optional)
    • OMA-URI: ./Device/Vendor/MSFT/Policy/Config/Lenovo~Policy~Cat_ThinkVantage_61~Cat_System_Update_63~Cat_UserSettings_74~Cat_General_78/Policy_Repository_Location_116
    • Data Type: String
    • Value:
<enabled/>
<data id="Policy_TextBox_Element_Repository_Location_119" value="\\CustomRepoPath"/>
<data id="Policy_TextBox_Element_Repository_Location_120" value="\\CustomRepoPath2"/>
<data id="Policy_TextBox_Element_Repository_Location_121" value="\\CustomRepoPath3"/>

  • Click OK to complete adding the new OMA-URI row
  • Save the profile
Verify the policies have applied to the client by launching Regedit and navigate to

HKLM\SOFTWARE\Policies\Lenovo\System Update\UserSettings\General


Further Reading:

Enable ADMX-backed policies in MDM

Win32 and Desktop Bridge app policy

Comments