tag:blogger.com,1999:blog-66709046469739556132024-02-20T22:52:10.309-05:00Lenovo Think Deploy BlogUnknownnoreply@blogger.comBlogger68125tag:blogger.com,1999:blog-6670904646973955613.post-72181982833692568322022-01-05T12:53:00.010-05:002022-03-15T16:13:28.073-04:00We've moved!<div>All content from this blog has been moved to <a href="https://blog.lenovocdrt.com" target="_blank">https://blog.lenovocdrt.com</a></div><div><br /></div><div>Please reference the new site for future articles. Articles in this Blogger site will remain published and will have a link to the new location at the top if they've been moved.</div>
<br />
<hr />
<br />
<table border="1" style="width: 100%;">
<tbody>
<tr>
<td style="padding: 10px;">Please post any questions related to this
article in our <a href="http://forums.lenovo.com/t5/Enterprise-Management-Board/bd-p/sa01_eg">Enterprise
Client Management Forum</a>. Comments for this blog have been
disabled.</td>
</tr>
</tbody>
</table>Phil Jorgensenhttp://www.blogger.com/profile/11453108320856076366noreply@blogger.comtag:blogger.com,1999:blog-6670904646973955613.post-11900059127749128802021-09-20T10:57:00.000-04:002021-09-20T10:57:52.453-04:00Manage Dock Manager with Intune
<div style="font-family: inherit;">This post will serve as a reference for all available Dock Manager policies that can be configured in Intune.</div><div style="font-family: inherit;"><br /></div><div style="font-family: inherit;">Refer to the Dock Manager <a href="https://thinkdeploy.blogspot.com/2020/12/lenovo-dock-manager.html" target="_blank">blog</a> on how to create the Win32 app and for steps on how to ingest the Dock Manager ADMX in Intune, the same process can be found in the Manage Commercial Vantage with Intune <a href="https://thinkdeploy.blogspot.com/2020/11/manage-commercial-vantage-with-intune.html" target="_blank">blog</a>.</div><div style="font-family: inherit;"><span style="font-family: inherit;"><br /></span></div><div style="font-family: inherit;"><span style="font-family: inherit;">Below is a list of all possible settings, constructed as OMA-URIs</span></div><div><h2 style="font-family: inherit;">General</h2><div style="font-family: inherit;"><strong>Name: </strong>Ask Before Firmware Update</div><div style="font-family: inherit;"><strong><br /></strong></div><div><strong style="font-family: inherit;">Description: </strong>This setting will configure to enable/disable a prompt to the user before executing the firmware update.</div><div><br /></div><div>If this setting is enabled, prompt will ask the user to proceed executing update firmware.</div><div><br /></div><div>If this setting is disabled, prompt will not be shown and will directly proceed executing firmware update.</div><div><br /></div><div style="font-family: inherit;"><strong>OMA-URI:</strong><div class="dontoverflow"></div>./Device/Vendor/MSFT/Policy/Config/DockManager~Policy~LenovoCompany~DockManager~General/AskBeforeFirmwareUpdate</div><div style="font-family: inherit;"><strong><br /></strong></div><div style="font-family: inherit;"><strong>Values:</strong><pre><enabled/></pre><pre><disabled/></pre></div><div style="font-family: inherit;"><strong>Notes:</strong></div><hr style="font-family: inherit;" /><h2 style="font-family: inherit;"></h2><div style="font-family: inherit;"><strong>Name: </strong>Enable Notifications</div><div style="font-family: inherit;"><strong><br /></strong></div><div><strong style="font-family: inherit;">Description: </strong>This setting will configure whether to enable notifications during firmware download and update.</div><div> </div><div>If this setting is enabled, notification will be enabled and shown.</div><div><br /></div><div>If this setting is disabled, notification will not be shown.</div><div style="font-family: inherit;"><strong><br /></strong></div><div style="font-family: inherit;"><strong>OMA-URI:</strong><div class="dontoverflow"></div>./Device/Vendor/MSFT/Policy/Config/DockManager~Policy~LenovoCompany~DockManager~General/EnableNotifications</div><div style="font-family: inherit;"><strong><br /></strong></div><div style="font-family: inherit;"><strong>Values:</strong><pre><enabled/></pre><pre><disabled/></pre></div><div style="font-family: inherit;"><strong>Notes:</strong><hr /></div><div style="font-family: inherit;"><strong><br /></strong></div><div style="font-family: inherit;"><strong>Name: </strong>Log File Age to Cleanup</div><div style="font-family: inherit;"><strong><br /></strong></div><div style="font-family: inherit;"><strong>Description: </strong>If this setting is enabled, it will configure the number of elapsed days before deleting the outdated log files based on the number of days inputted inside the textbox in the options panel.</div><div style="font-family: inherit;"><strong><br /></strong></div><div style="font-family: inherit;"><strong>OMA-URI:</strong><div class="dontoverflow"></div>./Device/Vendor/MSFT/Policy/Config/DockManager~Policy~LenovoCompany~DockManager~General/LogfileAgeToCleanup</div><div style="font-family: inherit;"><strong><br /></strong></div><div><strong style="font-family: inherit;">Values:</strong><pre><enabled/>
<data id="LogfileAgeToCleanup_Prompt" value="30"/></pre><pre><disabled/></pre></div><div style="font-family: inherit;"><strong>Notes:</strong></div><hr style="font-family: inherit;" /><div style="font-family: inherit;"><strong><br /></strong></div><div style="font-family: inherit;"><strong>Name: </strong>Log File Max Size</div><div style="font-family: inherit;"><strong><br /></strong></div><div style="font-family: inherit;"><strong>Description: </strong>If this setting is enabled, it will specify the log max file size in kb before creating a new log file based on the inputted value inside the textbox in the options panel.</div><div style="font-family: inherit;"><strong><br /></strong></div><div style="font-family: inherit;"><strong>OMA-URI:</strong><div class="dontoverflow"></div>./Device/Vendor/MSFT/Policy/Config/DockManager~Policy~LenovoCompany~DockManager~General/LogfileMaxSize</div><div style="font-family: inherit;"><strong><br /></strong></div><div><strong style="font-family: inherit;">Values:</strong><pre><enabled/>
<data id="LogfileMaxSize_Prompt" value="1024"/></pre><pre><disabled/></pre></div><div style="font-family: inherit;"><strong>Notes:</strong></div><hr style="font-family: inherit;" /><h2><div style="font-family: inherit; font-size: medium; font-weight: 400;"><strong>Name: </strong>Repository Location</div><div style="font-family: inherit; font-size: medium; font-weight: 400;"><strong><br /></strong></div><div style="font-family: inherit; font-size: medium; font-weight: 400;"><strong>Description: </strong>If this setting is enabled, it will configure the specified repository location for downloading the latest firmware updates based on the inputted path inside the textbox in the options panel.</div><div style="font-family: inherit; font-size: medium; font-weight: 400;"><strong><br /></strong></div><div style="font-family: inherit; font-size: medium; font-weight: 400;"><strong>OMA-URI:</strong><div class="dontoverflow"></div>./Device/Vendor/MSFT/Policy/Config/DockManager~Policy~LenovoCompany~DockManager~General/RepositoryLocation</div><div style="font-family: inherit; font-size: medium; font-weight: 400;"><strong><br /></strong></div><div><strong style="font-family: inherit; font-size: medium; font-weight: 400;">Values:</strong><pre><span style="font-size: small;"><span style="font-weight: 400;"><enabled/>
<data id="RepositoryLocation_Prompt" value="\\share\dock-firmware"/></span></span></pre><pre><span style="font-size: small;"><span style="font-weight: 400;"><enabled/>
<data id="RepositoryLocation_Prompt" value="C:\dock-firmware"/></span></span></pre><pre><span style="font-size: small;"><span style="font-weight: 400;"><disabled/></span></span></pre></div><div style="font-family: inherit; font-size: medium; font-weight: 400;"><strong>Notes:</strong></div><div style="font-family: inherit; font-size: medium; font-weight: 400;"><hr style="font-family: inherit;" /><div style="font-family: inherit;"><br /></div></div></h2><div><h2 style="font-family: inherit;">Scheduler</h2><div><div style="font-family: inherit;"><strong>Name: </strong>Frequency</div><div style="font-family: inherit;"><strong><br /></strong></div><div style="font-family: inherit;"><strong>Description: </strong>If this settings is enabled, it will edit the frequency on how the next scheduled task's execute date should be updated. </div><div style="font-family: inherit;"><strong><br /></strong></div><div style="font-family: inherit;"><strong>OMA-URI:</strong><div class="dontoverflow"></div>./Device/Vendor/MSFT/Policy/Config/DockManager~Policy~LenovoCompany~DockManager~Scheduler/Frequency</div><div style="font-family: inherit;"><strong><br /></strong></div><div style="font-family: inherit;"><strong>Values:</strong><pre><enabled/>
<data id="Frequency_Dropdown" value="MONTHLY"/></pre><pre><disabled/></pre></div><div style="font-family: inherit;"><strong>Notes: </strong>Frequency values include DAILY,WEEKLY, and MONTHLY which can be configured on the dropdown provided inside the options panel.</div></div><hr style="font-family: inherit;" /><div style="font-family: inherit;"><strong style="font-family: inherit;"><br /></strong></div><div style="font-family: inherit;"><strong style="font-family: inherit;">Name: </strong><span style="font-family: inherit;">Run At</span></div><div><div style="font-family: inherit;"><strong><br /></strong></div><div style="font-family: inherit;"><strong>Description: </strong>If this setting is enabled, it will edit the time upon when the next scheduled task's execute date should be updated. </div><div style="font-family: inherit;"><strong><br /></strong></div><div style="font-family: inherit;"><strong>OMA-URI:</strong><div class="dontoverflow"></div>./Device/Vendor/MSFT/Policy/Config/DockManager~Policy~LenovoCompany~DockManager~Scheduler/RunAt</div><div style="font-family: inherit;"><strong><br /></strong></div><div style="font-family: inherit;"><strong>Values:</strong><pre><enabled/>
<data id="RunAt_Prompt" value="20:30:00"/></pre><pre><disabled/></pre></div><div><strong style="font-family: inherit;">Notes: </strong>Valid inputs includes any time of the day in 24:MM:SS format which can be inputted inside the textbox in the options panel.<hr style="font-family: inherit;" /><div style="font-family: inherit;"><strong><br /></strong></div><div style="font-family: inherit;"><strong>Name: </strong>Run Days</div><div style="font-family: inherit;"><strong><br /></strong></div><div style="font-family: inherit;"><strong>Description: </strong>If this setting is enabled, it will edit the day/s when the next scheduled task's execute date should be updated. </div><div style="font-family: inherit;"><br /></div><div style="font-family: inherit;">Valid inputs are 1-31 and can be separated by a comma (e.g. 1,2,31) which can be inputted inside the textbox in the options panel. </div><div style="font-family: inherit;"><strong><br /></strong></div><div style="font-family: inherit;"><strong>OMA-URI:</strong><div class="dontoverflow"></div>./Device/Vendor/MSFT/Policy/Config/DockManager~Policy~LenovoCompany~DockManager~Scheduler/RunDays</div><div style="font-family: inherit;"><strong><br /></strong></div><div style="font-family: inherit;"><strong>Values:</strong><pre><enabled/>
<data id="RunDays_Prompt" value="1,15"/></pre><pre><disabled/></pre></div><div><strong style="font-family: inherit;">Notes: </strong>This configuration will be use when the Frequency policy is enabled and set to "MONTHLY".<hr style="font-family: inherit;" /><div style="font-family: inherit;"><strong><br /></strong></div><div style="font-family: inherit;"><strong>Name: </strong>Run Month</div><div style="font-family: inherit;"><strong><br /></strong></div><div style="font-family: inherit;"><strong>Description: </strong>If this setting is enabled, it will edit the month/s when the next scheduled task's execute date should be updated. </div><div style="font-family: inherit;"><br /></div><div style="font-family: inherit;">Valid inputs are January-December and can be separated by a comma (e.g. January,February) which can be inputted inside the textbox in the options panel. </div><div style="font-family: inherit;"><strong><br /></strong></div><div style="font-family: inherit;"><strong>OMA-URI:</strong><div class="dontoverflow"></div>./Device/Vendor/MSFT/Policy/Config/DockManager~Policy~LenovoCompany~DockManager~Scheduler/RunMonth</div><div style="font-family: inherit;"><strong><br /></strong></div><div style="font-family: inherit;"><strong>Values:</strong><pre><enabled/>
<data id="RunMonth_Prompt" value="January,March,May,July,September,November"/></pre><pre><disabled/></pre></div><div><strong style="font-family: inherit;">Notes: </strong>This configuration will be use when the Frequency policy is enabled and set to "MONTHLY".<hr style="font-family: inherit;" /><div><div style="font-family: inherit;"><strong><br /></strong></div><div style="font-family: inherit;"><strong>Name: </strong>Run Monthly On</div><div style="font-family: inherit;"><strong><br /></strong></div><div style="font-family: inherit;"><strong>Description: </strong>If this setting is enabled, it will edit the month/s when the next scheduled task's execute date should be updated. </div><div style="font-family: inherit;"><br /></div><div style="font-family: inherit;">Valid inputs include: First, Second, Third, Fourth, Last; and can be separated by a comma (e.g. First,Second,Last) which can be inputted inside the textbox in the options panel. </div><div style="font-family: inherit;"><strong><br /></strong></div><div style="font-family: inherit;"><strong>OMA-URI:</strong><div class="dontoverflow"></div>./Device/Vendor/MSFT/Policy/Config/DockManager~Policy~LenovoCompany~DockManager~Scheduler/RunMonthlyOn</div><div style="font-family: inherit;"><strong><br /></strong></div><div style="font-family: inherit;"><strong>Values:</strong><pre><enabled/>
<data id="RunMonthlyOn_Prompt" value="First,Last"/></pre><pre><disabled/></pre></div><div style="font-family: inherit;"><strong>Notes: </strong>This configuration will be use when the Frequency policy is enabled and set to "MONTHLY".</div><div><hr style="font-family: inherit;" /><div><div style="font-family: inherit;"><strong><br /></strong></div><div style="font-family: inherit;"><strong>Name: </strong>Run On</div><div style="font-family: inherit;"><strong><br /></strong></div><div style="font-family: inherit;"><strong>Description: </strong>If this setting is enabled, it will edit the day of the week when the next scheduled task's execute date should be updated. </div><div style="font-family: inherit;"><br /></div><div style="font-family: inherit;">Valid inputs are Sunday-Monday and can be separated by a comma (e.g. Monday,Tuesday) which can be inputted inside the textbox in the options panel. </div><div style="font-family: inherit;"><strong><br /></strong></div><div style="font-family: inherit;"><strong>OMA-URI:</strong><div class="dontoverflow"></div>./Device/Vendor/MSFT/Policy/Config/DockManager~Policy~LenovoCompany~DockManager~Scheduler/RunOn</div><div style="font-family: inherit;"><strong><br /></strong></div><div style="font-family: inherit;"><strong>Values:</strong><pre><enabled/>
<data id="RunOn_Prompt" value="Sunday,Friday"/></pre><pre><disabled/></pre></div><div style="font-family: inherit;"><strong>Notes: </strong>This configuration will be use when the Frequency policy is enabled and set to "MONTHLY" or "WEEKLY".</div><div><hr style="font-family: inherit;" /><div style="font-family: inherit;"><br /></div></div></div></div></div></div></div></div></div></div></div><div><br /></div>
<hr />
<br />
<table border="1" style="width: 100%;">
<tbody>
<tr>
<td style="padding: 10px;">Please post any questions related to this
article in our <a href="http://forums.lenovo.com/t5/Enterprise-Management-Board/bd-p/sa01_eg">Enterprise
Client Management Forum</a>. Comments for this blog have been
disabled.</td>
</tr>
</tbody>
</table>Phil Jorgensenhttp://www.blogger.com/profile/11453108320856076366noreply@blogger.comtag:blogger.com,1999:blog-6670904646973955613.post-7137593013809515792021-06-03T15:27:00.001-04:002022-01-05T11:54:25.743-05:00Collecting and Storing Lenovo Warranty Information to Azure Monitor<div class="separator" style="clear: both; text-align: left;"><i>This article has been moved to <a href="https://blog.lenovocdrt.com/#/2021/az_monitor_warranty" target="_blank">https://blog.lenovocdrt.com/#/2021/az_monitor_warranty</a></i></div><div class="separator" style="clear: both; text-align: center;"><br /></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgc4aLnaAiqXgGQhFt11lM1ll4QQlWZMRmp4rOfZS5Eac5-x4cFOBZnRvIS2n2Rkq7ev-SzCdFGo8aI4-Y_C7jqUUAVUZslCvIsAfHt8b9uMzpxv0IwQ6_UFql5jLU4Jkcg5MdshqE-Ecc/s600/download.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="315" data-original-width="600" height="210" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgc4aLnaAiqXgGQhFt11lM1ll4QQlWZMRmp4rOfZS5Eac5-x4cFOBZnRvIS2n2Rkq7ev-SzCdFGo8aI4-Y_C7jqUUAVUZslCvIsAfHt8b9uMzpxv0IwQ6_UFql5jLU4Jkcg5MdshqE-Ecc/w400-h210/download.png" width="400" /></a></div><div><br /></div><div>A recent feature add (by popular demand) in Commercial Vantage is the ability to write the device's warranty information to WMI. </div><div><br /></div><div>The <b>Lenovo_WarrantyInformation </b>WMI class located under the <b>root\Lenovo</b> Namespace is created when the <b>"Write Warranty Information to WMI"</b> policy has been enabled on the device.</div><div><br /></div><div>In this post, we're going to walk through how this data can be collected from Intune managed devices and ingested into a Log Analytics Workspace in Azure Monitor.</div><div><br /></div><div>The solution is derived from an excellent Microsoft blog <a href="https://techcommunity.microsoft.com/t5/device-management-in-microsoft/how-to-collect-custom-inventory-from-azure-ad-joined-devices/ba-p/2280850#.YIGt2nOrV50.linkedin" target="_blank">post</a>, which provides an example of collecting BIOS information. Admittedly, I haven't explored the depths of Graph and was surprised to read that script outputs are stored in a <b>resultMessage</b> property on the service side, as noted in the post. </div><div><br /></div><div>Once I got the grasp of the workflow, I thought why not try and go after warranty information? Stepping outside of my comfort zone, I decided to take this a bit further by delving into Log Analytics and Azure Automation to automate the collection of this data using a scheduled Runbook. Fortunately, the MS docs have been incredibly helpful during my testing.</div><div><br /></div><div>Before you begin, make sure your test devices have the <a href="https://support.lenovo.com/us/en/solutions/hf003321-lenovo-vantage-for-enterprise" target="_blank">latest version</a> of Commercial Vantage installed and the GPO to write warranty information to WMI has been configured. Refer to this blog <a href="https://thinkdeploy.blogspot.com/2020/11/manage-commercial-vantage-with-intune.html" target="_blank">post</a> on how to deploy the setting with Intune or you can configure it manually using the provided .Admx template loaded into the local Group Policy Editor. You can verify data has been written to WMI by browsing to the namespace using WMIExplorer.</div><div><br /></div><div><span style="font-size: medium;">Deploy this PowerShell script to a user/device group to get started</span></div>
<div style="background: rgb(248, 248, 248); border-color: gray; border-image: initial; border-style: solid; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;"><pre style="line-height: 125%; margin: 0px;"><span style="color: green;">Get-CimInstance</span> -Namespace root/Lenovo -ClassName Lenovo_WarrantyInformation | <span style="color: green;">Select-Object</span> `
SerialNumber, `
Product, `
StartDate, `
EndDate, `
LastUpdateTime | <span style="color: green;">ConvertTo-Json</span>
</pre></div>
<div><span style="font-size: medium;"><br /></span></div><div>Once you're starting to see script execution has succeeded on your devices in the MEM <a href="https://endpoint.microsoft.com/#blade/Microsoft_Intune_DeviceSettings/DevicesWindowsMenu/powershell" target="_blank">portal</a>, access the data via Graph as demonstrated in the blog post referenced earlier.</div><div><br /></div><div>Here's an example of what you should expect to see in <a href="https://developer.microsoft.com/en-us/graph/graph-explorer" target="_blank">Graph Explorer</a>.</div><div><br /></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEipONJBeDXURhbXSk8qMsbX-JNk9TyGjnhBvCkHYE5wwaVo0p7l8cHdTK6yBWNaPcn8TXgbHMNMPMJWuTpV1PFKW9m5LTpNL-ID6yQso-vzEHMz_bqNRI1sTJP9VfjAJS9JMOGlmnuVMKI/s1123/Capture3.PNG" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="157" data-original-width="1123" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEipONJBeDXURhbXSk8qMsbX-JNk9TyGjnhBvCkHYE5wwaVo0p7l8cHdTK6yBWNaPcn8TXgbHMNMPMJWuTpV1PFKW9m5LTpNL-ID6yQso-vzEHMz_bqNRI1sTJP9VfjAJS9JMOGlmnuVMKI/s16000/Capture3.PNG" /></a></div><br /><div><br /></div><div>Now that we have data, we're going to send this to the Azure Monitor HTTP <a href="https://docs.microsoft.com/en-au/azure/azure-monitor/logs/data-collector-api" target="_blank">Data Collector API</a> using PowerShell. You'll need to note the Workspace ID and Primary Key of the Log Analytics workspace you intend on using.</div><div><br /></div><div>You can find this information under <b>Log Analytics workspace > Agents management</b></div><div><br /></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhVJAQDp-qZ7T8_Xuhyphenhyphenb56uehYFcsjR2fygFUxhKCDlafJJlR3cxIq-9OEWT5D77MKwDAriWLJqstT7d6IbhNCAjlBbG-DnQZ8IEZtunzuXm9z-JE6xUCEUtWXWDrsAWwmQrNpXB_OWAuM/s1079/Capture4.PNG" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="785" data-original-width="1079" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhVJAQDp-qZ7T8_Xuhyphenhyphenb56uehYFcsjR2fygFUxhKCDlafJJlR3cxIq-9OEWT5D77MKwDAriWLJqstT7d6IbhNCAjlBbG-DnQZ8IEZtunzuXm9z-JE6xUCEUtWXWDrsAWwmQrNpXB_OWAuM/s16000/Capture4.PNG" /></a></div><br /><div><br /></div><div>Next, we're going to setup a <a href="https://docs.microsoft.com/en-us/azure/automation/automation-runbook-types#powershell-runbooks" target="_blank">PowerShell Runbook</a> that will create a POST request to the HTTP Data Collector API that includes our list of devices to send.</div><div><br /></div><div>Prereqs: </div><div><ul style="text-align: left;"><li>Azure Automation account. If you haven't created one, refer to the <a href="https://docs.microsoft.com/en-us/azure/automation/automation-quickstart-create-account" target="_blank">MS doc</a> on how to do this.</li><li>Intune PowerShell SDK, which provides support for the Intune API through Graph. This module will need to be <a href="https://docs.microsoft.com/en-us/azure/automation/shared-resources/modules#import-modules" target="_blank">imported</a> from the PowerShell Gallery into Azure Automation before proceeding. Here's a short script to do so:</li></ul></div>
<div style="background: rgb(248, 248, 248); border-color: gray; border-image: initial; border-style: solid; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;"><pre style="line-height: 125%; margin: 0px;"><span style="color: #19177c;">$ResourceGroup</span> = <span style="color: #ba2121;">'<your resource group>'</span>
<span style="color: #19177c;">$AutomationAccount</span> = <span style="color: #ba2121;">'<your automation account>'</span>
<span style="color: #408080; font-style: italic;"># URL to Graph package: https://www.powershellgallery.com/packages/Microsoft.Graph.Intune</span>
<span style="color: green; font-weight: bold;">if</span> (!(<span style="color: green;">Get-AzAutomationModule</span> -ResourceGroupName <span style="color: #19177c;">$ResourceGroup</span> -AutomationAccountName <span style="color: #19177c;">$AutomationAccount</span> | <span style="color: green;">Where-Object</span> { <span style="color: #19177c;">$_</span>.Name <span style="color: #666666;">-eq</span> <span style="color: #19177c;">$ModuleName</span> <span style="color: #666666;">-and</span> <span style="color: #19177c;">$_</span>.ProvisioningState <span style="color: #666666;">-eq</span> <span style="color: #ba2121;">'Succeeded'</span> })) {
<span style="color: green;">New-AzAutomationModule</span> -Name <span style="color: #19177c;">$ModuleName</span> -ResourceGroupName <span style="color: #19177c;">$ResourceGroup</span> -AutomationAccountName <span style="color: #19177c;">$AutomationAccount</span> -ContentLinkUri <span style="color: #ba2121;">'https://www.powershellgallery.com/api/v2/package/Microsoft.Graph.Intune/6.1907.1.0'</span>
}</pre></div><div><br /></div><div>Verify the module's status shows <b>Available</b></div><div><b><br /></b></div><div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgwRx51Tpkxolxk6bGmTY1RxsdGALWapyEZGWrotcRvfZZ6Q8XgMgqDdXOygknQ39FjXIFO9eGxYR2oqN4wOafQwLGYecFlcUnBHSvltNQ6wgCFavgCv3syoRaNwEqaDDp8LPnDXLyYBks/s991/Capture5.PNG" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="591" data-original-width="991" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgwRx51Tpkxolxk6bGmTY1RxsdGALWapyEZGWrotcRvfZZ6Q8XgMgqDdXOygknQ39FjXIFO9eGxYR2oqN4wOafQwLGYecFlcUnBHSvltNQ6wgCFavgCv3syoRaNwEqaDDp8LPnDXLyYBks/s16000/Capture5.PNG" /></a></div></div><div><ul style="text-align: left;"><li>Two Azure Automation string type variables that will hold an Azure user account/encrypted password to authenticate to Graph (make sure this account has the appropriate permissions). These will be called using the <b><a href="https://docs.microsoft.com/en-us/azure/automation/shared-resources/variables?tabs=azure-powershell#internal-cmdlets-to-access-variables" target="_blank">Get-AutomationVariable</a> </b>internal cmdlets.</li></ul><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhqoopSycIAe7uyxZoZ17XEKojNpsWmaTumc1yS76e-mW86qspkkhYl77fKzjBStJWrRYSzYuFziyUKQRanI9A_S9pBncxQ4fZBFCWrPsqaZx1mriehLCFskIohwdjbw5KD85b_nrsvgcM/s1013/Capture6.PNG" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="337" data-original-width="1013" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhqoopSycIAe7uyxZoZ17XEKojNpsWmaTumc1yS76e-mW86qspkkhYl77fKzjBStJWrRYSzYuFziyUKQRanI9A_S9pBncxQ4fZBFCWrPsqaZx1mriehLCFskIohwdjbw5KD85b_nrsvgcM/s16000/Capture6.PNG" /></a></div><br /><div><br /></div></div><div>Once everything is ready to go, choose the Azure Automation account you want to use and click <b>Runbooks </b>and <b>Create a runbook</b>. Enter a name and choose <b>PowerShell </b>for the runbook type.</div><div><br /></div><div>I've adjusted the <a href="https://docs.microsoft.com/en-au/azure/azure-monitor/logs/data-collector-api#sample-requests" target="_blank">PowerShell sample</a> to include the JSON data that will be ingested to the Log Analytics Workspace. You'll need to replace the <b>$CustomerId </b>and <b>$SharedKey </b>variables with your Workspace ID and Primary Key. I've also set the <b>$LogType </b>variable to <b>WarrantyInformation </b>as this will be the name of the Custom Log that's created to store exactly what we're collecting, warranty information.</div><div><br /></div><div>Copy/paste the below script to your runbook</div><div><br /></div>
<div style="background: rgb(248, 248, 248); border-color: gray; border-image: initial; border-style: solid; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;"><pre style="line-height: 125%; margin: 0px;"><span style="color: #408080; font-style: italic;"><#</span>
<span style="color: #408080; font-style: italic;">Set internal automation cmdlets for Graph authentication</span>
<span style="color: #408080; font-style: italic;">Reference: https://docs.microsoft.com/en-us/azure/automation/shared-resources/variables?tabs=azure-powershell#internal-cmdlets-to-access-variables</span>
<span style="color: #408080; font-style: italic;">#></span>
<span style="color: #19177c;">$AdminUser</span> = <span style="color: green;">Get-AutomationVariable</span> -Name <span style="color: #ba2121;">'AdminUser'</span>
<span style="color: #19177c;">$AdminPassword</span> = <span style="color: green;">Get-AutomationVariable</span> -Name <span style="color: #ba2121;">'AdminPassword'</span>
<span style="color: #19177c;">$SecureAdminPassword</span> = <span style="color: green;">ConvertTo-SecureString</span> -String <span style="color: #19177c;">$AdminPassword</span> -AsPlainText -Force
<span style="color: #19177c;">$Cred</span> = <span style="color: green;">New-Object</span> System.Management.Automation.PSCredential (<span style="color: #19177c;">$AdminUser</span>, <span style="color: #19177c;">$SecureAdminPassword</span>)
<span style="color: #408080; font-style: italic;"># Connect to Graph Beta API</span>
<span style="color: green;">Update-MSGraphEnvironment</span> -SchemaVersion <span style="color: #ba2121;">'beta'</span>
<span style="color: green;">Connect-MSGraph</span> -PSCredential <span style="color: #19177c;">$Cred</span> | <span style="color: green;">Out-Null</span>
<span style="color: #408080; font-style: italic;"><# </span>
<span style="color: #408080; font-style: italic;">Gather warranty info from successful script executions</span>
<span style="color: #408080; font-style: italic;">Reference: https://techcommunity.microsoft.com/t5/device-management-in-microsoft/how-to-collect-custom-inventory-from-azure-ad-joined-devices/ba-p/2280850#.YIGt2nOrV50</span><span style="color: #ba2121; font-style: italic;">.link</span><span style="color: #408080; font-style: italic;">edin</span>
<span style="color: #408080; font-style: italic;">#></span>
<span style="color: #19177c;">$result</span> = <span style="color: green;">Invoke-MSGraphRequest</span> -HttpMethod GET -Url <span style="color: #ba2121;">'deviceManagement/deviceManagementScripts/<script id>/deviceRunStates?$expand=managedDevice'</span> | <span style="color: green;">Get-MSGraphAllPages</span>
<span style="color: #19177c;">$success</span> = <span style="color: #19177c;">$result</span> | <span style="color: green;">Where-Object</span> -Property errorCode <span style="color: #666666;">-EQ</span> 0
<span style="color: #19177c;">$resultMessage</span> = <span style="color: #19177c;">$success</span>.resultMessage
<span style="color: #19177c;">$Devices</span> = <span style="color: #19177c;">$resultMessage</span> | <span style="color: green;">ConvertFrom-Json</span>
<span style="color: #19177c;">$newjson</span> = <span style="color: #19177c;">$Devices</span> | <span style="color: green;">ConvertTo-Json</span>
<span style="color: #408080; font-style: italic;"><#</span>
<span style="color: #408080; font-style: italic;">Below sample request reference:</span>
<span style="color: #408080; font-style: italic;">https://docs.microsoft.com/en-au/azure/azure-monitor/logs/data-collector-api?WT.mc_id=EM-MVP-5002871&ranMID=24542&ranEAID=je6NUbpObpQ&ranSiteID=je6NUbpObpQ-Kk7A3ox8I8XgrRn0d4uDfA&epi=je6NUbpObpQ-Kk7A3ox8I8XgrRn0d4uDfA&irgwc=1&OCID=AID2000142_aff_7593_1243925&tduid=(ir__nxnprvrvwwkfq3kekk0sohzncu2xuln0dh1bwc9k00)(7593)(1243925)(je6NUbpObpQ-Kk7A3ox8I8XgrRn0d4uDfA)()&irclickid=_nxnprvrvwwkfq3kekk0sohzncu2xuln0dh1bwc9k00#sample-requests</span>
<span style="color: #408080; font-style: italic;">#></span>
<span style="color: #408080; font-style: italic;"># Replace with your Workspace ID</span>
<span style="color: #19177c;">$CustomerId</span> = <span style="color: #ba2121;">"xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"</span>
<span style="color: #408080; font-style: italic;"># Replace with your Primary Key</span>
<span style="color: #19177c;">$SharedKey</span> = <span style="color: #ba2121;">"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"</span>
<span style="color: #408080; font-style: italic;"># Specify the name of the record type that you'll be creating</span>
<span style="color: #19177c;">$LogType</span> = <span style="color: #ba2121;">"WarrantyInformation"</span>
<span style="color: #408080; font-style: italic;"># You can use an optional field to specify the timestamp from the data. If the time field is not specified, Azure Monitor assumes the time is the message ingestion time</span>
<span style="color: #19177c;">$TimeStampField</span> = <span style="color: #ba2121;">""</span>
<span style="color: #408080; font-style: italic;"># Create the function to create the authorization signature</span>
<span style="color: green; font-weight: bold;">Function</span> Build-Signature (<span style="color: #19177c;">$customerId</span>, <span style="color: #19177c;">$sharedKey</span>, <span style="color: #19177c;">$date</span>, <span style="color: #19177c;">$contentLength</span>, <span style="color: #19177c;">$method</span>, <span style="color: #19177c;">$contentType</span>, <span style="color: #19177c;">$resource</span>)
{
<span style="color: #19177c;">$xHeaders</span> = <span style="color: #ba2121;">"x-ms-date:"</span> + <span style="color: #19177c;">$date</span>
<span style="color: #19177c;">$stringToHash</span> = <span style="color: #19177c;">$method</span> + <span style="color: #ba2121;">"`n"</span> + <span style="color: #19177c;">$contentLength</span> + <span style="color: #ba2121;">"`n"</span> + <span style="color: #19177c;">$contentType</span> + <span style="color: #ba2121;">"`n"</span> + <span style="color: #19177c;">$xHeaders</span> + <span style="color: #ba2121;">"`n"</span> + <span style="color: #19177c;">$resource</span>
<span style="color: #19177c;">$bytesToHash</span> = <span style="color: #880000;">[Text.Encoding]</span><span style="border: 1px solid rgb(255, 0, 0);">::</span>UTF8.GetBytes(<span style="color: #19177c;">$stringToHash</span>)
<span style="color: #19177c;">$keyBytes</span> = <span style="color: #880000;">[Convert]</span><span style="border: 1px solid rgb(255, 0, 0);">::</span>FromBase64String(<span style="color: #19177c;">$sharedKey</span>)
<span style="color: #19177c;">$sha256</span> = <span style="color: green;">New-Object</span> System.Security.Cryptography.HMACSHA256
<span style="color: #19177c;">$sha256</span>.Key = <span style="color: #19177c;">$keyBytes</span>
<span style="color: #19177c;">$calculatedHash</span> = <span style="color: #19177c;">$sha256</span>.ComputeHash(<span style="color: #19177c;">$bytesToHash</span>)
<span style="color: #19177c;">$encodedHash</span> = <span style="color: #880000;">[Convert]</span><span style="border: 1px solid rgb(255, 0, 0);">::</span>ToBase64String(<span style="color: #19177c;">$calculatedHash</span>)
<span style="color: #19177c;">$authorization</span> = <span style="color: #ba2121;">'SharedKey {0}:{1}'</span> <span style="color: #666666;">-f</span> <span style="color: #19177c;">$customerId</span>,<span style="color: #19177c;">$encodedHash</span>
<span style="color: green; font-weight: bold;">return</span> <span style="color: #19177c;">$authorization</span>
}
<span style="color: #408080; font-style: italic;"># Create the function to create and post the request</span>
<span style="color: green; font-weight: bold;">Function</span> Post-LogAnalyticsData(<span style="color: #19177c;">$customerId</span>, <span style="color: #19177c;">$sharedKey</span>, <span style="color: #19177c;">$body</span>, <span style="color: #19177c;">$logType</span>)
{
<span style="color: #19177c;">$method</span> = <span style="color: #ba2121;">"POST"</span>
<span style="color: #19177c;">$contentType</span> = <span style="color: #ba2121;">"application/json"</span>
<span style="color: #19177c;">$resource</span> = <span style="color: #ba2121;">"/api/logs"</span>
<span style="color: #19177c;">$rfc1123date</span> = <span style="color: #880000;">[DateTime]</span><span style="border: 1px solid rgb(255, 0, 0);">::</span>UtcNow.ToString(<span style="color: #ba2121;">"r"</span>)
<span style="color: #19177c;">$contentLength</span> = <span style="color: #19177c;">$body</span>.Length
<span style="color: #19177c;">$signature</span> = Build-Signature `
-customerId <span style="color: #19177c;">$customerId</span> `
-sharedKey <span style="color: #19177c;">$sharedKey</span> `
-date <span style="color: #19177c;">$rfc1123date</span> `
-contentLength <span style="color: #19177c;">$contentLength</span> `
-method <span style="color: #19177c;">$method</span> `
-contentType <span style="color: #19177c;">$contentType</span> `
-resource <span style="color: #19177c;">$resource</span>
<span style="color: #19177c;">$uri</span> = <span style="color: #ba2121;">"https://"</span> + <span style="color: #19177c;">$customerId</span> + <span style="color: #ba2121;">".ods.opinsights.azure.com"</span> + <span style="color: #19177c;">$resource</span> + <span style="color: #ba2121;">"?api-version=2016-04-01"</span>
<span style="color: #19177c;">$headers</span> = <span style="border: 1px solid rgb(255, 0, 0);">@</span>{
<span style="color: #ba2121;">"Authorization"</span> = <span style="color: #19177c;">$signature</span><span style="border: 1px solid rgb(255, 0, 0);">;</span>
<span style="color: #ba2121;">"Log-Type"</span> = <span style="color: #19177c;">$logType</span><span style="border: 1px solid rgb(255, 0, 0);">;</span>
<span style="color: #ba2121;">"x-ms-date"</span> = <span style="color: #19177c;">$rfc1123date</span><span style="border: 1px solid rgb(255, 0, 0);">;</span>
<span style="color: #ba2121;">"time-generated-field"</span> = <span style="color: #19177c;">$TimeStampField</span><span style="border: 1px solid rgb(255, 0, 0);">;</span>
}
<span style="color: #19177c;">$response</span> = <span style="color: green;">Invoke-WebRequest</span> -Uri <span style="color: #19177c;">$uri</span> -Method <span style="color: #19177c;">$method</span> -ContentType <span style="color: #19177c;">$contentType</span> -Headers <span style="color: #19177c;">$headers</span> -Body <span style="color: #19177c;">$body</span> -UseBasicParsing
<span style="color: green; font-weight: bold;">return</span> <span style="color: #19177c;">$response</span>.StatusCode
}
<span style="color: #408080; font-style: italic;"># Submit the data to the API endpoint</span>
Post-LogAnalyticsData -customerId <span style="color: #19177c;">$customerId</span> -sharedKey <span style="color: #19177c;">$sharedKey</span> -body (<span style="color: #880000;">[System.Text.Encoding]</span><span style="border: 1px solid rgb(255, 0, 0);">::</span>UTF8.GetBytes(<span style="color: #19177c;">$newjson</span>)) -logType <span style="color: #19177c;">$logType</span>
</pre></div>
<div><br /></div><div>Click on <b>Test pane </b>and click on <b>Start</b>. After a few seconds, you should see <b>Complete</b></div><div><b><br /></b></div><div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj-g0YjEo9UmM6dtCX2fpwxWf7H4syPksK3QO4XHNf_73hbgbUaRC5p1CvB-8J0qX2-lVs7b0A4kM1pr3PHnM1UETfSS2eWzgE0jhyphenhyphenVsUe7Ibc0KjCxShgiA3zIc1GWsNGL4WAMvbhxpug/s851/Capture7.PNG" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="481" data-original-width="851" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj-g0YjEo9UmM6dtCX2fpwxWf7H4syPksK3QO4XHNf_73hbgbUaRC5p1CvB-8J0qX2-lVs7b0A4kM1pr3PHnM1UETfSS2eWzgE0jhyphenhyphenVsUe7Ibc0KjCxShgiA3zIc1GWsNGL4WAMvbhxpug/s16000/Capture7.PNG" /></a></div><br /></div><div><br /></div><div>Let's check out the new Custom Log in our <a href="https://portal.azure.com/#blade/Microsoft_Azure_Monitoring/AzureMonitoringBrowseBlade/lawsInsights" target="_blank">workspace</a>. Click the <b>Custom logs </b>blade. There should now be a <b>WarrantyInformation_CL </b>visible. Notice the type is <b>Ingestion API</b>. </div><div><br /></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjxWsX800vOXtAu1VVdLZ9S5YvastT_3ORnSKy2tNWRL8Oiz-0hH-oioTP2RQLp1vdRvq6fIfUPJ7XbvQpk9-HXACK1-ly9bG_D23EcaDDkAFlFVjFOJyf65NfilSfmm4iqgii7Ix7FX2o/s721/Capture8.PNG" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="489" data-original-width="721" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjxWsX800vOXtAu1VVdLZ9S5YvastT_3ORnSKy2tNWRL8Oiz-0hH-oioTP2RQLp1vdRvq6fIfUPJ7XbvQpk9-HXACK1-ly9bG_D23EcaDDkAFlFVjFOJyf65NfilSfmm4iqgii7Ix7FX2o/s16000/Capture8.PNG" /></a></div><br /><div><br /></div><div>Head over to the <a href="https://portal.azure.com/#blade/Microsoft_Azure_Monitoring/AzureMonitoringBrowseBlade/logs" target="_blank">Azure Monitor Logs</a> and run the following query to see our devices.</div><div>
<div style="background: rgb(248, 248, 248); border-color: gray; border-image: initial; border-style: solid; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;"><pre style="line-height: 125%; margin: 0px;">WarrantyInformation_CL
| order by Product_s
| distinct Product_s, StartDate_s, EndDate_s
</pre></div>
<br /></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiSZcNmLf7nIUbaJYCx0b8D5pAXBjKrXa_kUEw7f9Md_iG7j0hlSuhvcljr0oR6RDu0RuzwT1ISqOpYfvTm6xQLIBOWPnzlHV2SDYwXXA_tnT0_ERoIDunxbeyF0VoVevJzasCymCHlVyI/s1075/Capture9.PNG" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="595" data-original-width="1075" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiSZcNmLf7nIUbaJYCx0b8D5pAXBjKrXa_kUEw7f9Md_iG7j0hlSuhvcljr0oR6RDu0RuzwT1ISqOpYfvTm6xQLIBOWPnzlHV2SDYwXXA_tnT0_ERoIDunxbeyF0VoVevJzasCymCHlVyI/s16000/Capture9.PNG" /></a></div><br /><div>Yay! Warranty data!</div><div><br /></div><div>If you don't need to make any further changes with the Runbook, click on <b>Publish</b>. </div><div><br /></div><div>Another example would be if you wanted to only show devices whose Warranty ended in the year 2020, you could run this query</div><div><br /></div>
<div style="background: rgb(248, 248, 248); border-color: gray; border-image: initial; border-style: solid; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;"><pre style="line-height: 125%; margin: 0px;">WarrantyInformation_CL
| distinct SerialNumber_s, Product_s, StartDate_s, EndDate_s
| where EndDate_s contains "2020"
</pre></div>
<div><br /></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjYoIWo8noF9UQPaHfsUVOnp7DVlzGgoFHr5IzkFieiPeMyapoDQTlW8TQrUijtjFgj5LHsdLmOAEJrwvRWyxaK2rK02t2iDtCPaJKNqRJOM_RL9H_0_NjcvpF2Zv1uXG732-fsY-Hi2pU/s1075/Capture10.PNG" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="673" data-original-width="1075" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjYoIWo8noF9UQPaHfsUVOnp7DVlzGgoFHr5IzkFieiPeMyapoDQTlW8TQrUijtjFgj5LHsdLmOAEJrwvRWyxaK2rK02t2iDtCPaJKNqRJOM_RL9H_0_NjcvpF2Zv1uXG732-fsY-Hi2pU/s16000/Capture10.PNG" /></a></div><div><br /></div><div><br /></div><div>You can also pin a specific query to your dashboard if you desire</div><div><br /></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiCw4emvfz2dCQq03ILzTFDmuDgYu29uyEy-F-nV7rx_KlqLfyFwHJUMjxgIj2ZW_la_Ra_BCnW-Wnp_0esGhpAmE9XrtzYoZmZvRSbBzwehmwKQOV9u6zbVWr9RdMSCHL8d0_5NpS1ydw/s1093/Capture11.PNG" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="209" data-original-width="1093" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiCw4emvfz2dCQq03ILzTFDmuDgYu29uyEy-F-nV7rx_KlqLfyFwHJUMjxgIj2ZW_la_Ra_BCnW-Wnp_0esGhpAmE9XrtzYoZmZvRSbBzwehmwKQOV9u6zbVWr9RdMSCHL8d0_5NpS1ydw/s16000/Capture11.PNG" /></a></div><br /><div><br /></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiIwX0zPMzqapJYgoZNyxG_wth5pX0Mm2ZXnmhiYvFf4dAhQCCTx3hTnIKxyMQIsWMLVI4A4ROCpU-Hihy9l-UwmucF-j2VE937Yd-mbl311zQ1LKQ6bNZkwdwM2xvWvhXyO8vrSdtg-0k/s833/Capture12.PNG" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="345" data-original-width="833" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiIwX0zPMzqapJYgoZNyxG_wth5pX0Mm2ZXnmhiYvFf4dAhQCCTx3hTnIKxyMQIsWMLVI4A4ROCpU-Hihy9l-UwmucF-j2VE937Yd-mbl311zQ1LKQ6bNZkwdwM2xvWvhXyO8vrSdtg-0k/s16000/Capture12.PNG" /></a></div><br /><div><br /></div><div>Now we can set up a recurring <a href="https://docs.microsoft.com/en-us/azure/automation/shared-resources/schedules#create-a-schedule" target="_blank">schedule</a> for the Runbook to monitor our fleet's warranty.</div><div><br /></div><br />
<hr />
<br />
<table border="1" style="width: 100%;">
<tbody>
<tr>
<td style="padding: 10px;">Please post any questions related to this
article in our <a href="http://forums.lenovo.com/t5/Enterprise-Management-Board/bd-p/sa01_eg">Enterprise
Client Management Forum</a>. Comments for this blog have been
disabled.</td>
</tr>
</tbody>
</table>Phil Jorgensenhttp://www.blogger.com/profile/11453108320856076366noreply@blogger.comtag:blogger.com,1999:blog-6670904646973955613.post-78075559208018588182021-04-16T11:29:00.001-04:002022-01-05T11:58:46.188-05:00Configure BIOS Settings Through Intune with the Think BIOS Config Tool<p><i>This article has been moved to <a href="https://blog.lenovocdrt.com/#/2021/intune_bios_settings" target="_blank">https://blog.lenovocdrt.com/#/2021/intune_bios_settings</a></i></p><p>There's already several great articles out in the community that walk through how to configure BIOS settings through Intune. The majority of them being PowerShell solutions. </p><p>This post will provide an alternate method for configuring BIOS settings using our official <a href="https://thinkdeploy.blogspot.com/2016/08/the-think-bios-config-tool.html" target="_blank">Think BIOS Config HTA</a> that was introduced back in 2016. This solution can also be leveraged as part of an Autopilot deployment.</p><p>Before proceeding, make sure you have an exported .ini file that contains the desired BIOS settings you want applied to your target systems. Refer to the documentation provided in the TBCT zip on how to obtain this file. For this demonstration, I've exported the following .ini from a T14s (Intel)</p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjHWd7gk9f5ZJ1pV3k1eNpJzrxvTq5fqIIuMzlHvBVaWuTQOv4bBOcXAAbTIv8WwP_O42Bmm3bfOHGqOic1HXLuyIjJw8YrY0x9SLfDUMilSvsgCs5GGT982zVIhyphenhyphencDZCpqd3SsKQo3bd8/s512/INI.PNG" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="383" data-original-width="512" height="478" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjHWd7gk9f5ZJ1pV3k1eNpJzrxvTq5fqIIuMzlHvBVaWuTQOv4bBOcXAAbTIv8WwP_O42Bmm3bfOHGqOic1HXLuyIjJw8YrY0x9SLfDUMilSvsgCs5GGT982zVIhyphenhyphencDZCpqd3SsKQo3bd8/w640-h478/INI.PNG" width="640" /></a></div><br /><p>Since my target systems have a Supervisor password already set, the first line is the encrypted Supervisor password which was created using the specified secret key as part of the tool's capture process. Note, there's no way to set an initial Supervisor password with this tool.</p><p><span style="font-size: large;"><b>Preparing the Win32 App source files</b></span></p><p>Create a temp directory and place the HTA, .ini file, and the following sample PowerShell script (save as a <b>.ps1</b>), which will be used to call the tool and apply the .ini.</p><p><i>Note: </i>The $arg variable is critical as this holds the file and password switches. You'll need to replace <b>ThinkPadBiosConfig.ini </b>to whatever you named your .ini file. Replace <b>secretkey </b>to the encrypting key you specified during the capture process.</p><div style="background: rgb(255, 255, 255); border-color: gray; border-image: initial; border-style: solid; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;"><pre style="line-height: 125%; margin: 0px;">$tag = <span style="color: #a31515;">"$(</span><span style="border: 1px solid rgb(255, 0, 0);">$</span><span style="color: #a31515;">env:ProgramData)\Lenovo\ThinkBiosConfig\ThinkBiosConfig.tag"</span>
$arg = <span style="color: #a31515;">'"file=ThinkPadBiosConfig.ini" "key=secretkey"'</span>
$log = <span style="color: #a31515;">'"log=%ProgramData%\Lenovo\ThinkBiosConfig\""'</span>
<span style="color: blue;">try</span> {
<span style="color: blue;">if</span> (!(Test-Path -Path $tag -PathType Leaf)) {
Write-Host <span style="color: #a31515;">"Creating TBCT directory..."</span>
New-Item -ItemType File -Path $tag -Force -ErrorAction Stop</pre><pre style="line-height: 125%; margin: 0px;"> Set-Content -Path $tag -Value <span style="color: #a31515;">"Bios Settings Configured"</span>
Write-Host <span style="color: #a31515;">"Tag file created..."</span>
Start-Process cmd.exe -ArgumentList <span style="color: #a31515;">"/C ThinkBiosConfig.hta $arg $log"</span> -NoNewWindow -Wait
Write-Host <span style="color: #a31515;">"Bios Settings Configured"</span>
Exit 3010
}
<span style="color: blue;">else</span> {
Write-Host <span style="color: #a31515;">"Bios Settings already configured..."</span>
Exit 0
}
}
<span style="color: blue;">catch</span> [System.IO.IOException] {
Write-Host <span style="color: #a31515;">"$(</span><span style="border: 1px solid rgb(255, 0, 0);">$</span><span style="color: #a31515;">_.Exception.Message)"</span>
}
<span style="color: blue;">catch</span> {
Write-Host <span style="color: #a31515;">"$(</span><span style="border: 1px solid rgb(255, 0, 0);">$</span><span style="color: #a31515;">_.Exception.Message)"</span>
}
</pre></div>
<p>Your directory should have 3 items</p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiIswDA5PM5-mJZMHgk7j7TuzHIaLlGBcz_Vv1GJ-hiHaWKqoQUxE8f3smckebMjbVmqqL41dOOeLowZsvabOGgJ6beRtYs76URDpAizpt70eocu-z3x_ygoElssq7cA8dLeLHAKDpQLIY/s633/Directory.PNG" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="320" data-original-width="633" height="325" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiIswDA5PM5-mJZMHgk7j7TuzHIaLlGBcz_Vv1GJ-hiHaWKqoQUxE8f3smckebMjbVmqqL41dOOeLowZsvabOGgJ6beRtYs76URDpAizpt70eocu-z3x_ygoElssq7cA8dLeLHAKDpQLIY/w640-h325/Directory.PNG" width="640" /></a></div><br /><p><span style="font-size: large;"><b>Create/Upload the Win32 App</b></span></p><p>We're going to use the Win32 Content Prep <a href="https://github.com/Microsoft/Microsoft-Win32-Content-Prep-Tool" target="_blank">tool</a> to create an .intunewin file that will be uploaded to Intune.</p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjQFxIRV9Wuef-RjSiayVwuAw_nlnJgJH9ALQAyVoEm46holIal9Jqhr5ltjXrvnzdgr0x4DOF7B6uJQYchoc8lfe0JB6gOqSYTNlI7J-533uTgO-TOA9B3WygB0g4yyMJo785P6aFROgQ/s917/Win32Wrap.PNG" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="668" data-original-width="917" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjQFxIRV9Wuef-RjSiayVwuAw_nlnJgJH9ALQAyVoEm46holIal9Jqhr5ltjXrvnzdgr0x4DOF7B6uJQYchoc8lfe0JB6gOqSYTNlI7J-533uTgO-TOA9B3WygB0g4yyMJo785P6aFROgQ/s16000/Win32Wrap.PNG" /></a></div><br /><p>Once the .intunewin file has been created, sign into the <a href="https://endpoint.microsoft.com/#blade/Microsoft_Intune_DeviceSettings/AppsWindowsMenu/windowsApps" target="_blank">MEM admin center</a> and create a new Windows client app. Choose <b>Windows</b> <b>app (Win32)</b> for the app type and select the .intunewin package file to upload.</p><p>Specify the <b>App Information</b></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj0uCtkbjKNm9MsOo7fdOnddGL-cPupKUayuSMNGOZaGU41fcw4vkMlleJtSwXgC76Tky0lJWh1bOTFFZ9nXRsTHcw-WdrrkNqM0c5YUNNsHjvaeY4GQUMlYsgxWdJ9aYIgHxenWfApAxQ/s1086/AppInformation.PNG" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="976" data-original-width="1086" height="574" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj0uCtkbjKNm9MsOo7fdOnddGL-cPupKUayuSMNGOZaGU41fcw4vkMlleJtSwXgC76Tky0lJWh1bOTFFZ9nXRsTHcw-WdrrkNqM0c5YUNNsHjvaeY4GQUMlYsgxWdJ9aYIgHxenWfApAxQ/w640-h574/AppInformation.PNG" width="640" /></a></div><br /><p>Enter the <b>Install command:</b></p><div style="background: rgb(255, 255, 255); border-color: gray; border-image: initial; border-style: solid; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;"><pre style="line-height: 125%; margin: 0px;">powershell.exe -NoProfile -ExecutionPolicy Bypass -File .\Set-BiosSettings.ps1
</pre></div>
<p>and <b>Uninstall command:</b></p><div style="background: rgb(255, 255, 255); border-color: gray; border-image: initial; border-style: solid; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;"><pre style="line-height: 125%; margin: 0px;">cmd.exe /c del %ProgramData%\Lenovo\ThinkBiosConfig\ThinkBiosConfig.tag
</pre></div>
<p></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgCBjNubXG3sZDXtv-18_HLbhQ91MtLJ1pivcxm6h8sf1J36E8-EFLD6tgpPauwBgTA-sbvDb_QsTtKbJK9A9u2paSJqGL1WdK6VcvU0Me-h8W_oF3pklUeg8_sq9t6g-i_Ca7YBxEZQno/s1028/Program.PNG" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="979" data-original-width="1028" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgCBjNubXG3sZDXtv-18_HLbhQ91MtLJ1pivcxm6h8sf1J36E8-EFLD6tgpPauwBgTA-sbvDb_QsTtKbJK9A9u2paSJqGL1WdK6VcvU0Me-h8W_oF3pklUeg8_sq9t6g-i_Ca7YBxEZQno/s16000/Program.PNG" /></a></div><br /><b><br /></b><p></p><p>Set Operating system architecture<b> </b>to <b>64-bit </b>and Minimum operating system to <b>Windows 10 1607</b></p><p>Add a Registry requirement type rule to check the target system is Lenovo (Optional)</p><p>Key path: <b>HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\BIOS</b></p><p>Value name: <b>SystemManufacturer</b></p><p>Registry key requirement: <b>String comparison</b></p><p>Operator: <b>Equals</b></p><p>Value: <b>LENOVO</b></p><p></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEid78ld1bAjVbWWOV7wnk1bsg6XA3w_EFbAZEGBS0gOBDIvPIi1qCd8l8mgyzKoGVUV52nyESFKA8WVUjxl2E03xBMk2kzQsd2pvZgnwaVTYJsrQL1DcY2kXrDb0Y41dXqBzsg4m53rm5o/s1026/Requirements.PNG" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="970" data-original-width="1026" height="605" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEid78ld1bAjVbWWOV7wnk1bsg6XA3w_EFbAZEGBS0gOBDIvPIi1qCd8l8mgyzKoGVUV52nyESFKA8WVUjxl2E03xBMk2kzQsd2pvZgnwaVTYJsrQL1DcY2kXrDb0Y41dXqBzsg4m53rm5o/w640-h605/Requirements.PNG" width="640" /></a></div><br /><div class="separator" style="clear: both; text-align: center;"><br /></div>Add a File type rule to check for the presence of the tag that gets created by the PowerShell script. We'll use this for the detection method.<p></p><p>Path: <b>%ProgramData%\Lenovo\ThinkBiosConfig</b></p><p>File or folder: <b>ThinkBiosConfig</b></p><p>Detection method: <b>File or folder exists</b></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiECCG5SLm52xSr9IiL-PaZANjDT6DGCX5bYl1R7d6JlHlZFofRRJyRnvC65YT-vCFvALQn8ty1jIYqxp_0rxh-PPwPY28sxK1cbtkI6ExFmZXVp77zK0f09NPj8TJVvZ2nainYuEDrzD0/s1031/DetectionRules.PNG" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="981" data-original-width="1031" height="609" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiECCG5SLm52xSr9IiL-PaZANjDT6DGCX5bYl1R7d6JlHlZFofRRJyRnvC65YT-vCFvALQn8ty1jIYqxp_0rxh-PPwPY28sxK1cbtkI6ExFmZXVp77zK0f09NPj8TJVvZ2nainYuEDrzD0/w640-h609/DetectionRules.PNG" width="640" /></a></div><br /><p>Finally, Review + Save to create the new app and deploy to a Device Group. </p><p>On my test machine, I see toast notifications that show the BIOS has been configured and to reboot.</p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi-YLptAAvWddlOzQwFE44sYwRcsdi2F_e1eL3Te73acyzZKN9bRHmYK4DTK4truFDvTNfdycMu1GqEwrmE96HJ4I9tjRrm0kHCc9I62wWuz3_gDuWQRbtzHZpmrHbypbLdTpsK95ykEdg/s2048/Toast.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="2048" data-original-width="1109" height="640" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi-YLptAAvWddlOzQwFE44sYwRcsdi2F_e1eL3Te73acyzZKN9bRHmYK4DTK4truFDvTNfdycMu1GqEwrmE96HJ4I9tjRrm0kHCc9I62wWuz3_gDuWQRbtzHZpmrHbypbLdTpsK95ykEdg/w347-h640/Toast.png" width="347" /></a></div><br /><p>The tool generates a log file so here you can see my Supervisor password has been validated with the encrypting key and the settings have been applied successfully</p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgdLxy1Ts7mixPoUL6Hk2SpMLEVW-K3gMVEc75ig0jIblJuzOlnoPOYHJeRTvCsJV7Y0aGeMeP-KVw9_fNcJVzN4pj-xrwJpysSn9Kz_J56JBVFtVp2YntWc9f83xGixxjDQUHX-F9SUH4/s2048/Capture.PNG" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1542" data-original-width="2048" height="482" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgdLxy1Ts7mixPoUL6Hk2SpMLEVW-K3gMVEc75ig0jIblJuzOlnoPOYHJeRTvCsJV7Y0aGeMeP-KVw9_fNcJVzN4pj-xrwJpysSn9Kz_J56JBVFtVp2YntWc9f83xGixxjDQUHX-F9SUH4/w640-h482/Capture.PNG" width="640" /></a></div><p><br /></p><p><b>Additional Notes:</b></p><p></p><ul style="text-align: left;"><li>You can combine settings across different products into a single .ini and apply them to all of your devices which use the same BIOS password (only one password can be specified per .ini file). There may be a BIOS setting from one device with a value of <b>Enabled </b>whereas another device's value is <b>Enable</b>. For example: LockBIOSSetting,<b>Enable</b> vs. LockBIOSSetting,<b>Enabled </b>If one doesn't apply to a device, it will simply skip it.</li><li>If you choose to deploy this as a Required app for Autopilot devices, the dreaded reboot during ESP will occur, resulting in the extra user login.</li></ul><p></p><p><br /></p><p><br /></p><p><br /></p><p><br /></p><p><br /></p><p><br /></p><p><br /></p><p><br /></p><p><br /></p><p><br /></p><p><br /></p><p><br /></p><p><br /></p><p><br /></p><p><br /></p><p><br /></p><br />Phil Jorgensenhttp://www.blogger.com/profile/11453108320856076366noreply@blogger.comtag:blogger.com,1999:blog-6670904646973955613.post-59452438307285435052021-03-10T13:21:00.002-05:002022-01-05T11:59:55.299-05:00ThinkShield secure wipe using Microsoft Endpoint Manager<p> <i>This article has been moved to <a href="https://blog.lenovocdrt.com/#/2021/thinkshield_secure_wipe" target="_blank">https://blog.lenovocdrt.com/#/2021/thinkshield_secure_wipe</a></i></p><div class="separator" style="clear: both; text-align: center;"><br /></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh0eidyqqQI86ihajAkHIhaF0JMIpa5fO44DDJcrgquwMWaS5zL4Rww_N8KBR94PPzuFswbEbv0qY47dZR9Zb_cjO9yfzlgUIJuFsDQ84L9rk3ZlHsvGu6LMQViOoMsY7AKJt1k3OEBMTQ/s513/cq5dam.web.1280.1280.jpeg" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="147" data-original-width="513" height="150" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh0eidyqqQI86ihajAkHIhaF0JMIpa5fO44DDJcrgquwMWaS5zL4Rww_N8KBR94PPzuFswbEbv0qY47dZR9Zb_cjO9yfzlgUIJuFsDQ84L9rk3ZlHsvGu6LMQViOoMsY7AKJt1k3OEBMTQ/w522-h150/cq5dam.web.1280.1280.jpeg" width="522" /></a></div><br /><p></p><p><span style="font-size: large;">OVERVIEW</span></p><p>ThinkShield secure wipe is the successor to the ThinkPad Drive Erase Utility and is designed to provide the wipe out function of the SSD.</p><p>Although the Drive Erase Utility is still supported and provided as an external tool, ThinkShield secure wipe is fully integrated in the BIOS image and does not require any external tools.</p><p>Secure wipe can be executed locally by BIOS from the application menu of the Startup Boot Menu invoked by [F12] or remotely from OS through the WMI interface, which is what this post will be covering. </p><p><b>Supported Systems</b></p><p></p><ul style="text-align: left;"><li>All Comet Lake (2020) ThinkPad</li><li>ThinkCentre (Awaiting Confirmation)</li><li>ThinkStation (Awaiting Confirmation)</li></ul><p></p><p><i>DISCLAIMER: These examples are intended to demonstrate a few different methods available to deploy the solution and not necessarily a "Best Practice". Adjust accordingly to fit your environment's needs. There is also no auditing/reporting provided by these methods.</i></p><p><span style="font-size: large;">REQUIREMENTS</span></p><p>The WMI service for ThinkShield secure wipe is available only when one of the following is set</p><p></p><ul style="text-align: left;"><li><b>Supervisor Password (SVP)</b></li><li><b>System Management Password (SMP)</b></li></ul>OR<p></p><p></p><ul style="text-align: left;"><li><b>Hard Disk Password (HDP)</b></li></ul><p></p><p>Sample PowerShell script that executes secure wipe on target system.</p><p><a href="https://github.com/CDRT/Library/tree/master/secure-wipe">https://github.com/CDRT/Library/tree/master/secure-wipe</a></p><p>Save as <b>Invoke-ThinkShieldSecureWipe.ps1</b></p><p><span style="font-size: large;">EXAMPLE SCENARIO 1a - Deploy from MEMCM using <i>Run Scripts</i></span></p><p>Navigate to <b>Software Library > Scripts > Create Script</b> and either import <b>Invoke-ThinkShieldSecureWipe.ps1 </b>or copy the contents into the script editor field</p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjDT6qkzxp1sZz_oo2qS6BGfTxU0u3encapk9TvsrtFXMpvCKAdkdSY7sM-nXYW5TEH6h1NwnIGfNB0lB9FXtZDNswAU5zm8UdIrYxf-bfmHqhQnsJPrd8l5IfJEs6Lxj_qVA3VH4pz_co/s1349/Capture4.PNG" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1056" data-original-width="1349" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjDT6qkzxp1sZz_oo2qS6BGfTxU0u3encapk9TvsrtFXMpvCKAdkdSY7sM-nXYW5TEH6h1NwnIGfNB0lB9FXtZDNswAU5zm8UdIrYxf-bfmHqhQnsJPrd8l5IfJEs6Lxj_qVA3VH4pz_co/s16000/Capture4.PNG" /></a></div><p><br /></p><p>Specify the <b>EraseMethod</b>, <b>PasswordType</b>, and <b>Password </b>parameters. Details for each parameter is explained in the script header.</p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiFJf9-Mj6UobjM0D50Owh5cPloeEDVPHGMeKKYdFgUlhNkm6PLV7ZDMT7IVr81TPQ6OxH5DrLBIz64AY7edbkP4dPar2u7RY91A7-t1CSCdq68GcQGzIEkdNvyP_mm2gep9Q1il1GXb8I/s1295/Capture7.PNG" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1059" data-original-width="1295" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiFJf9-Mj6UobjM0D50Owh5cPloeEDVPHGMeKKYdFgUlhNkm6PLV7ZDMT7IVr81TPQ6OxH5DrLBIz64AY7edbkP4dPar2u7RY91A7-t1CSCdq68GcQGzIEkdNvyP_mm2gep9Q1il1GXb8I/s16000/Capture7.PNG" /></a></div><br /><p>Complete the <b>Create Script </b>wizard and Approve it</p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi3NETCR6UjLIki_tZD5QjoDPUE0_LpJgWunFkI22cnjYVGAeekPB3wHbacsG2q2PXHlCr1mDStWEbCfY-_C9NBR_IZVpfjRDVNrkOpJHWMj4o9ujFZE7xlrXgpmplhAIIQxd7PgCrj_9M/s1282/Capture8.PNG" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1059" data-original-width="1282" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi3NETCR6UjLIki_tZD5QjoDPUE0_LpJgWunFkI22cnjYVGAeekPB3wHbacsG2q2PXHlCr1mDStWEbCfY-_C9NBR_IZVpfjRDVNrkOpJHWMj4o9ujFZE7xlrXgpmplhAIIQxd7PgCrj_9M/s16000/Capture8.PNG" /></a></div><br /><p>Deploy to a single system or collection of systems. If successful, you should see a message stating the secure wipe succeeded and that the system needs to reboot to finish.</p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEibask1EMoHx_XJMMRxS1XDntqs6nTMz4g23673fX1YWrJ5_DuSGdwvuSpiUdNV8T__6_dFejn7DBQZPH8reEtvKVHhe69tdEAVnDEIbnAjA5eR0XvxxwZGgv5Fh0_4yOm1OfpRy2Tj674/s1261/Capture9.PNG" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1058" data-original-width="1261" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEibask1EMoHx_XJMMRxS1XDntqs6nTMz4g23673fX1YWrJ5_DuSGdwvuSpiUdNV8T__6_dFejn7DBQZPH8reEtvKVHhe69tdEAVnDEIbnAjA5eR0XvxxwZGgv5Fh0_4yOm1OfpRy2Tj674/s16000/Capture9.PNG" /></a></div><br /><div class="separator" style="clear: both; text-align: left;"><br /></div><p><span style="font-size: large;">EXAMPLE SCENARIO 1b - Deploy from MEMCM as a <i>Task Sequence</i></span></p><p>Create a new <b>Custom Task Sequence. </b>Edit the Task Sequence and add a <b>Run PowerShell Script </b>step. Tick the radio button <b>Enter a PowerShell script</b> and click <b>Edit Script...</b></p><p>Browse to <b>Invoke-ThinkShieldSecureWipe.ps1 </b>or copy the contents into the script editor.</p><p>In the <b>Parameters </b>field, enter the required parameters.</p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjj0bvyq41J7oK7zYBAeAKwIc0i-MYqrixKituszzi4ndHQN95PJ-kuY5rXhVnDvBvU7uGQ6w0J2pZNSQ-lq-Z-Uv690CU9T21NP7TkA605Ec0NajPVc06v2pnAxoHGgSD7CvUbHTgcZx4/s1182/Capture10.PNG" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1057" data-original-width="1182" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjj0bvyq41J7oK7zYBAeAKwIc0i-MYqrixKituszzi4ndHQN95PJ-kuY5rXhVnDvBvU7uGQ6w0J2pZNSQ-lq-Z-Uv690CU9T21NP7TkA605Ec0NajPVc06v2pnAxoHGgSD7CvUbHTgcZx4/s16000/Capture10.PNG" /></a></div><br /><p>Add a <b>Restart Computer </b>step to transition the system to secure wipe. In my lab, I deployed as an available Task Sequence and customized the notification texts.</p><div style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhlNbZndFamHTNO3iIlQtPMsHdFOT8G8VJHn9i1m7GdGh1pLbjxmfaNs-KoGfXT-flWKv8FtsZDXM05IKX1g4vdy41U4OT_TJ3s41oTKp5TcyFxI0nf5-xrnfMNRIvHr-PmLWw5_0oWOdw/s1283/Capture11.PNG"><img border="0" data-original-height="917" data-original-width="1283" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhlNbZndFamHTNO3iIlQtPMsHdFOT8G8VJHn9i1m7GdGh1pLbjxmfaNs-KoGfXT-flWKv8FtsZDXM05IKX1g4vdy41U4OT_TJ3s41oTKp5TcyFxI0nf5-xrnfMNRIvHr-PmLWw5_0oWOdw/s16000/Capture11.PNG" /></a></div><br /><p><span style="font-size: large;">EXAMPLE SCENARIO 2 - Deploy from Intune</span></p><p>Package the <b>Invoke-ThinkShieldSecureWipe.ps1 </b>as a Win32 app using the Microsoft Win32 Content Prep <a href="https://github.com/Microsoft/Microsoft-Win32-Content-Prep-Tool" target="_blank">Tool</a>.</p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgcwhnTgpe6hEQBKOSSPokyVpDvlW0kxIIHY-LrqoeloSJgtvqV2T_KviyE2fD3kTHMu88QGIunt098OwDY1x59Cbqla_cbFMyu8HtA8fift0KyzEbYpY00hNdR741UyC9cIPrMfDvkMGc/s979/Capture.PNG" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="732" data-original-width="979" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgcwhnTgpe6hEQBKOSSPokyVpDvlW0kxIIHY-LrqoeloSJgtvqV2T_KviyE2fD3kTHMu88QGIunt098OwDY1x59Cbqla_cbFMyu8HtA8fift0KyzEbYpY00hNdR741UyC9cIPrMfDvkMGc/s16000/Capture.PNG" /></a></div><div class="separator" style="clear: both; text-align: center;"><br /></div><p>Log into the <a href="https://endpoint.microsoft.com/#blade/Microsoft_Intune_DeviceSettings/AppsWindowsMenu/windowsApps" target="_blank">MEM admin center</a> and add a new <b>Win32 app</b>. Browse to the <b>Invoke-ThinkShieldSecureWipe.intunewin</b> file and add it for upload.</p><p>Specify App Information such as a <b>Name</b>, <b>Description</b>, and <b>Publisher</b></p><p></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiG5G0wbS3EPV6aWNAIja8PrgROJhL5NlKXXxlfeP7I-jsFxoVkxjUtvSg-SkhcNlyzVA0PxvbEJuXEqvfTKaA24GAEkkXtTs2UBmHoY4IFl1IkgepZDdeR308McOTxQKwzWEvHJI7ffcI/s1125/Capture2.PNG" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="974" data-original-width="1125" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiG5G0wbS3EPV6aWNAIja8PrgROJhL5NlKXXxlfeP7I-jsFxoVkxjUtvSg-SkhcNlyzVA0PxvbEJuXEqvfTKaA24GAEkkXtTs2UBmHoY4IFl1IkgepZDdeR308McOTxQKwzWEvHJI7ffcI/s16000/Capture2.PNG" /></a></div><br /><div class="separator" style="clear: both; text-align: center;"><br /></div>Specify Program details:<div><br /></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiN90NXBarwAaw0OaTn-NQVmlfUPkblCYhtpFk0Z7OsZXPwNhyn7QQjQg_vguqG_UGPSUy54CvQX2wLkTdsyuPJ5SysnY1Pp7CT5b2uJf98n-rXc6N02tNgTztw0JsRZLwB-dHHBh1aa4Q/s1073/Capture2.PNG" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="978" data-original-width="1073" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiN90NXBarwAaw0OaTn-NQVmlfUPkblCYhtpFk0Z7OsZXPwNhyn7QQjQg_vguqG_UGPSUy54CvQX2wLkTdsyuPJ5SysnY1Pp7CT5b2uJf98n-rXc6N02tNgTztw0JsRZLwB-dHHBh1aa4Q/s16000/Capture2.PNG" /></a></div><div><div class="separator" style="clear: both; text-align: center;"><br /></div><div><ul style="text-align: left;"><li><b>Install Command</b>: powershell.exe -ExecutionPolicy Bypass -File ".\Trigger-ThinkShieldSecureWipe.ps1" -EraseMethod ATAN -PasswordType SVP -Password secretsvp</li><li><b>Uninstall Command</b>: cmd.exe /c</li><li><b>Device Restart Behavior</b>: Determine based on return codes</li></ul><div><br /></div><div>Set the OS architecture to x64 and Minimum OS to 1607</div><div>Add an additional requirement rule to check the system is in fact a Lenovo system.</div><div><br /></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgbi4I5TXIwKXCxRAkcBcTcPGeJse2F5amFpjm0T26mttBtLqwWqItFh5uityk4y2xIUt_BMzFnpL10IAT3siwByHmYK94jiyOPPSh-GRPYzbEhWEjBgVJlOvFXGkvexuWG5oHkWXDti7A/s1605/Capture4.PNG" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="971" data-original-width="1605" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgbi4I5TXIwKXCxRAkcBcTcPGeJse2F5amFpjm0T26mttBtLqwWqItFh5uityk4y2xIUt_BMzFnpL10IAT3siwByHmYK94jiyOPPSh-GRPYzbEhWEjBgVJlOvFXGkvexuWG5oHkWXDti7A/s16000/Capture4.PNG" /></a></div><br /><div><ul style="text-align: left;"><li><b>Registry Type</b></li><ul><li><b>Key Path</b>: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\BIOS</li><li><b>Value Name</b>: SystemManufacturer</li><li><b>Key Requirement: </b>String Comparison</li><li><b>Operator: </b>Equals</li><li><b>Value</b>: LENOVO</li></ul></ul><div><br /></div></div><div>Set the detection rule to check the presence of a <b>File</b></div><div><b><br /></b></div><div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgk_l3bOj5sPxfuK8_DOei5pTgxDGU6lT0W2FR9DkljtVfbOnbpHe-7QPqvTTmuJ_io0r54srrYsv8rN0gBJyBnlmCFgE-9C8O8rEes2la5ddr9gdrwJvFg20Y_PzV1U77VaSbt1bOTCKo/s1607/Capture5.PNG" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="980" data-original-width="1607" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgk_l3bOj5sPxfuK8_DOei5pTgxDGU6lT0W2FR9DkljtVfbOnbpHe-7QPqvTTmuJ_io0r54srrYsv8rN0gBJyBnlmCFgE-9C8O8rEes2la5ddr9gdrwJvFg20Y_PzV1U77VaSbt1bOTCKo/s16000/Capture5.PNG" /></a></div></div><p></p><div>This file will be created automatically when the script is run.</div><ul style="text-align: left;"><li><b>Path</b>: %ProgramData%\Lenovo\ThinkShield</li><li><b>File or folder: </b>SecureWipe.tag</li><li><b>Detection method</b>: File or folder exists</li></ul><div>Deploy the app to a group. In my testing, I deployed as available and installed through the Company Portal. After a successful install, a toast notification is presented instructing for the reboot.</div><div><br /></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhiEIkEQQA1a5DjHopINdaJIFmCZ0I5EATfxdpjDDnzM6WpsXXc4QXYzHzhpt_YwHfofrsmMIkpbJEnnEhaKVPfZA5vnjMJGYm7BpE2BV_SbgNbIPy77AHsu_2NQm8RFLofW-ixXKD8GhY/s1077/Capture13.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1077" data-original-width="589" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhiEIkEQQA1a5DjHopINdaJIFmCZ0I5EATfxdpjDDnzM6WpsXXc4QXYzHzhpt_YwHfofrsmMIkpbJEnnEhaKVPfZA5vnjMJGYm7BpE2BV_SbgNbIPy77AHsu_2NQm8RFLofW-ixXKD8GhY/s16000/Capture13.png" /></a></div><br /><div><br /></div><div>Once a system has restarted, the final result will look like this. The system will automatically shut down.</div><div><br /></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhG8zJnJLHrwk2oTqoEvQrhYJASe13l4feTbsGPaq8Dx8UvpR7kM-SC0nK2fOFSPqIVtI1pK1TUeNp-EgrMjKpAhYPAV7f_cdLYRnB2SntNtugh74p9fFPXS2jMWQ7F41sexUAScdmNqS0/s2792/PXL_20210225_200612236.jpg" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1127" data-original-width="2792" height="258" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhG8zJnJLHrwk2oTqoEvQrhYJASe13l4feTbsGPaq8Dx8UvpR7kM-SC0nK2fOFSPqIVtI1pK1TUeNp-EgrMjKpAhYPAV7f_cdLYRnB2SntNtugh74p9fFPXS2jMWQ7F41sexUAScdmNqS0/w640-h258/PXL_20210225_200612236.jpg" width="640" /></a></div><br /><div><br /></div><p><span style="font-size: large;"><br /></span></p><p><span style="font-size: large;"><br /></span></p><p><span style="font-size: large;"><br /></span></p><p><span style="font-size: large;"><br /></span></p><p><span style="font-size: large;"><br /></span></p><p><span style="font-size: large;"><br /></span></p></div></div>Phil Jorgensenhttp://www.blogger.com/profile/11453108320856076366noreply@blogger.comtag:blogger.com,1999:blog-6670904646973955613.post-10810787291843884832020-12-14T12:07:00.002-05:002022-01-05T11:53:20.304-05:00Lenovo Odometer<p><i>This article has been moved to <a href="https://blog.lenovocdrt.com/#/2020/odometer" target="_blank">https://blog.lenovocdrt.com/#/2020/odometer</a></i></p><p> </p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhmrXHVd8JhNBoPWY4Tf81MyA1Is51yZRJb6o0xrJBjjbxN5g8esxSurYwYXpF5VKyzMGtcudiKZUkPyqYhtBtPLlCoY565GUH6toI73xUT1K6RfvsmC4OCHMkIJzaPTB5s04tninZKt0I_/s501/odometer_image.jpg" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="271" data-original-width="501" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhmrXHVd8JhNBoPWY4Tf81MyA1Is51yZRJb6o0xrJBjjbxN5g8esxSurYwYXpF5VKyzMGtcudiKZUkPyqYhtBtPLlCoY565GUH6toI73xUT1K6RfvsmC4OCHMkIJzaPTB5s04tninZKt0I_/s320/odometer_image.jpg" width="320" /></a></div><h2 style="text-align: left;">Introducing Lenovo Odometer</h2><p></p><div>In some previous articles we have highlighted how you can collect Lenovo Updates History from a new WMI class in the root\Lenovo namespace. See https://thinkdeploy.blogspot.com/2018/10/tracking-thininstaller-update-history.html</div><div><div><br /></div><div>We are now adding a new class under this namespace for the new "Odometer" feature found in the latest ThinkPads that were recently launched. This feature keeps track of several metrics that can provide an indication of how a system has been used. The metrics collected are:</div><div><ul style="text-align: left;"><li> <b>CPU Uptime</b> - amount of time CPU has been active in hours</li><li> <b>Shock events</b> - based on detections from accelerometer</li><li> <b>Thermal events</b> - registered high-temp conditions where CPU was throttled</li><li> <b>Battery cycles</b> - number of charge cycles performed on battery</li><li> <b>SSD Read/Writes</b> - number of reads and writes on one or more internal SSDs</li></ul></div><div><br /></div><div>These counters are maintained by the Embedded Controller and the current values are exposed each time the system boots using SMBIOS Table data. In order to have this data stored in a meaningful way so it can be inventoried and collected by MEM Configuration Manager, we have created a PowerShell script (odometer.ps1, available from download link below) that can be implemented as either a scheduled task or used on demand to populate the <b>Lenovo_Odometer</b> class in WMI. </div><div><br /></div><div>Once you have run the PowerShell script on a system that supports Odometer you will be able to find the data in WMI as shown below:</div><div><br /></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiUBcSrEykieK2n9jYiiYtvCF0NuePQ4ctl-8s0z2sYcuFPY85-gMXnFQYs4dSlurCr_noUKGLT8ccOJVAgxl1kxxHQwzHNstt68I_PuIrSqwJQzBTAhlw5Af_2ALSB_iel1Q9w9E2Qhje7/s1556/Odometer20URb.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="411" data-original-width="1556" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiUBcSrEykieK2n9jYiiYtvCF0NuePQ4ctl-8s0z2sYcuFPY85-gMXnFQYs4dSlurCr_noUKGLT8ccOJVAgxl1kxxHQwzHNstt68I_PuIrSqwJQzBTAhlw5Af_2ALSB_iel1Q9w9E2Qhje7/s16000/Odometer20URb.png" /></a></div><br /><div><br /></div><div>As previously mentioned, you could also run the "odometer.ps1" using the very useful Run Scripts feature in the Config Manager console. With that you will be able to get direct feedback from the device in the console as shown below:</div><div><br /></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhgxYmEwIJtlAorhJcQEz7GhtTDmol4CM-RiyVfd9Ju1UYwRTSIs5amstIw963SIpV_AHp5R-hhz4SN2KTTj1ZnmPDZrIYsBHxbvWfeJKM3lU8a9TNJdQSMlz-X2vQNPKYzYw__7409x9mN/s678/RunScript2.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="675" data-original-width="678" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhgxYmEwIJtlAorhJcQEz7GhtTDmol4CM-RiyVfd9Ju1UYwRTSIs5amstIw963SIpV_AHp5R-hhz4SN2KTTj1ZnmPDZrIYsBHxbvWfeJKM3lU8a9TNJdQSMlz-X2vQNPKYzYw__7409x9mN/s16000/RunScript2.png" /></a></div><br /><div class="separator" style="clear: both; text-align: center;"><br /></div><div><br /></div><div>The Config Manager hardware inventory can be extended to include the <b>Lenovo_Odometer</b> custom class using the "odometer.mof" file provide in the zip file linked below. In Config Manager you can import the file as a new Hardware Inventory Class in your Client Settings. For more information on extending hardware inventory, refer to the docs here:</div><div><a href="https://docs.microsoft.com/en-us/sccm/core/clients/manage/inventory/extend-hardware-inventory">https://docs.microsoft.com/en-us/sccm/core/clients/manage/inventory/extend-hardware-inventory</a></div><div><br /></div><div>Once clients have reported inventory, you can create an SSRS report on the data that would like like the following:</div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgqifpP5Vv4TGFVz8zHCuxtdtuCGHFNt2om7mD9vxLw-DzyjWW0QOKt-DSk0y9t6EnMoXWjnp-eDsPFKvAY8bapq03FbUoHQWllgFo7X-2WfubBsVuLPYwOXMB1vAdecc2THG4rhImNSiMT/s1184/report2.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="696" data-original-width="1184" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgqifpP5Vv4TGFVz8zHCuxtdtuCGHFNt2om7mD9vxLw-DzyjWW0QOKt-DSk0y9t6EnMoXWjnp-eDsPFKvAY8bapq03FbUoHQWllgFo7X-2WfubBsVuLPYwOXMB1vAdecc2THG4rhImNSiMT/s16000/report2.png" /></a></div><br /><div><br /></div><h4 style="text-align: left;">Supported Systems</h4><div><ul style="text-align: left;"><li>ThinkPad P1 (Gen 3) / ThinkPad X1 Extreme (Gen 3)</li><li>ThinkPad T14 (Intel/AMD)/ ThinkPad T14 Healthcare Edition / ThinkPad P14s</li><li>ThinkPad T15 / ThinkPad P15s</li><li>ThinkPad T14s (Intel/AMD)</li><li>ThinkPad X13 (Intel/AMD)</li><li>ThinkPad X13 Yoga</li><li>ThinkPad X1 Carbon (8th gen)</li><li>ThinkPad X1 Yoga (5th gen)</li><li>ThinkPad P15v / ThinkPad T15p</li><li>ThinkPad L14 (Intel)</li><li>ThinkPad L15 (Intel)</li><li>ThinkPad P15 / ThinkPad P15G</li><li>ThinkPad P17</li></ul></div><div><br /></div><div><a href="https://download.lenovo.com/cdrt/tools/odometer_01.zip" rel="nofollow" target="_blank">Download .PS1 and .MOF files for this solution.</a></div></div>Unknownnoreply@blogger.comtag:blogger.com,1999:blog-6670904646973955613.post-60205738190298431942020-12-10T15:28:00.008-05:002021-10-18T09:15:50.732-04:00Lenovo Dock Manager<p><b></b></p><div class="separator" style="clear: both; text-align: center;"><b><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjkl6liZkytev0_lBFmYzXYlDS6fz0Q6yO2Jx8a-BQwjqflqWzhsT9155s7JKcEMeznqktY5V_EY3B7Zutc7GcTnKNZldP8KoR2fvS31EXUbIahyNKEWq21tCRUpH37FnTlhXqy8WTLG5E/s198/Picture2.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="198" data-original-width="197" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjkl6liZkytev0_lBFmYzXYlDS6fz0Q6yO2Jx8a-BQwjqflqWzhsT9155s7JKcEMeznqktY5V_EY3B7Zutc7GcTnKNZldP8KoR2fvS31EXUbIahyNKEWq21tCRUpH37FnTlhXqy8WTLG5E/s0/Picture2.png" /></a></b></div><span><div><i>Updated 2/1/21 - Added Intune deployment steps</i></div><div><i>Updated 10/18/21 - Update list of supported docks</i></div><b style="font-size: x-large;">Introduction</b></span><p></p><p>Lenovo Dock Manager is a new solution that reduces the effort that IT administrators spend on the large scale deployment of Lenovo dock firmware updates. This solution runs on your PC and maintains a cache of the current firmware versions for supported Lenovo docks. When a dock is attached that has down-level firmware, it is automatically updated by Dock Manager. Video resources and links that may be helpful can be found below:</p><blockquote style="border: none; margin: 0px 0px 0px 40px; padding: 0px;"><p style="text-align: left;"><a href="https://support.lenovo.com/videos/nvid500262" target="_blank"><span style="font-family: inherit;">Lenovo Dock Manager Overview</span></a></p></blockquote><blockquote style="border: none; margin: 0px 0px 0px 40px; padding: 0px;"><p style="text-align: left;"><a href="https://support.lenovo.com/videos/nvid500261" target="_blank"><span style="font-family: inherit;">Firmware Updates and Information Queries</span></a></p></blockquote><blockquote style="border: none; margin: 0px 0px 0px 40px; padding: 0px;"><p style="text-align: left;"><a href="https://support.lenovo.com/videos/nvid500260" target="_blank"><span style="font-family: inherit;">Configuration and Deployment</span></a></p></blockquote><blockquote style="border: none; margin: 0px 0px 0px 40px; padding: 0px;"><p style="text-align: left;"><span style="font-family: inherit;">Dock Manager and User Guide can be downloaded here: <a href="https://support.lenovo.com/us/en/solutions/ht037099#dm" rel="nofollow" target="_blank">Lenovo Tools for Administrators</a> </span></p></blockquote><p>It can automatically download firmware updates from Lenovo Support directly over the Internet or from a local repository on your network that is created and maintained using Update Retriever. The four-character "machine type" for the supported docks listed below can be used in Update Retriever when searching for the latest firmware packages.</p><p>The application can also record data from docks into WMI (<b>root\Lenovo\Dock_Manager</b>) for administrators to query remotely for management purposes. Such details can include:</p><p></p><ul style="text-align: left;"><li>Dock Machine Type</li><li>Firmware Version</li><li>MAC address</li><li>Connected devices - monitors, USB devices</li></ul><div><span style="font-size: large;"><b>Supported Docks</b></span></div><div><ul style="text-align: left;"><li>ThinkPad Thunderbolt 4 Workstation Dock [<a href="https://pcsupport.lenovo.com/accessories/pd500533" target="_blank">40B0</a>]</li><li>ThinkPad Universal Thunderbolt 4 Dock [<a href="https://support.lenovo.com/solutions/pd500503" target="_blank">40B0</a>]</li><li>ThinkPad Universal USB-C Dock [<a href="https://support.lenovo.com/solutions/pd500519" target="_blank">40AY</a>]</li><li>ThinkPad Thunderbolt 3 Essential Dock [<a href="https://support.lenovo.com/solutions/PD500373" target="_blank">40AV</a>]</li><li>ThinkPad Thunderbolt 3 Dock Gen 2 [<a href="https://support.lenovo.com/solutions/PD500265" target="_blank">40AN</a>]</li><li>ThinkPad Thunderbolt 3 Dock Gen 1 [<a href="https://support.lenovo.com/solutions/ACC100356" target="_blank">40AC</a>]</li><li>ThinkPad Thunderbolt 3 Workstation Dock Gen 2 [<a href="https://support.lenovo.com/solutions/PD500333" target="_blank">40AN</a>]</li><li>ThinkPad USB-C Dock Gen 2 [<a href="https://support.lenovo.com/solutions/ACC500106" target="_blank">40AS</a>]</li><li>ThinkPad USB-C with USB-A Dock [<a href="https://support.lenovo.com/solutions/PD500180" target="_blank">40AF</a>]</li><li>ThinkPad USB-C Dock Gen 1 [<a href="https://support.lenovo.com/solutions/ACC100348" target="_blank">40A9</a>]</li></ul></div><p><span style="font-size: large;"><b>Deploying Dock Manager with ConfigMgr</b></span></p><p>Dock Manager is provided as an executable. Here's an example of how to deploy with Microsoft Endpoint Manager Configuration Manager (ConfigMgr) using the Application model.</p><p>In the console, navigate to the <b>Software > Application Management > Applications </b>node and click <b>Create Application </b>in the ribbon bar.</p><p>Tick the <b>Manually specify the application information</b> radio button, click <b>Next</b></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh47zB-DJYfBKiqOK0kEFXOjN6K7z9WNaSbTXh8wgQOoXmuM2wdz126lhfIrubKGKAnN2hqlyptcGvDP08c94rA26R8MwUUkCT5pzI8GLgQ1cRvZ_fOVRYsYlgyb0-rimyjg5mqKFL2xUk/s780/Capture.PNG" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="693" data-original-width="780" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh47zB-DJYfBKiqOK0kEFXOjN6K7z9WNaSbTXh8wgQOoXmuM2wdz126lhfIrubKGKAnN2hqlyptcGvDP08c94rA26R8MwUUkCT5pzI8GLgQ1cRvZ_fOVRYsYlgyb0-rimyjg5mqKFL2xUk/s16000/Capture.PNG" /></a></div><p><br /></p><p>Specify information about the app, click <b>Next</b></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj_DLjnSKS3ewvSkKnX9HwR37Nf2yp5jUjN7J_EubBPbaSixrtltTZNbtMgPfL17IDNnvA54JcBrdWZkdEDaZxeq1yxtp5VFyK_pfdw9ybw_CDrVOaWjnRVZVdU-yglyNnBmAf7tAsVUGk/s780/Capture2.PNG" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="693" data-original-width="780" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj_DLjnSKS3ewvSkKnX9HwR37Nf2yp5jUjN7J_EubBPbaSixrtltTZNbtMgPfL17IDNnvA54JcBrdWZkdEDaZxeq1yxtp5VFyK_pfdw9ybw_CDrVOaWjnRVZVdU-yglyNnBmAf7tAsVUGk/s16000/Capture2.PNG" /></a></div><div><br /></div><div><br /></div><div><br /></div><div>Enter Software Center details, click <b>Next</b></div><div><br /></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi6c9uqabcz3e-ZLd2F5oToZA7GqAwWjarsN5bem29yz2DQ4ON2Kc5c-b5d_rhTuI53o1_3ReyChX0y39-w-ledjdk6YcdudsOsAUVb3TdVjq50eLghfSa5_biZ6VpVppiDO36p-KyW8bU/s780/Capture3.PNG" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="693" data-original-width="780" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi6c9uqabcz3e-ZLd2F5oToZA7GqAwWjarsN5bem29yz2DQ4ON2Kc5c-b5d_rhTuI53o1_3ReyChX0y39-w-ledjdk6YcdudsOsAUVb3TdVjq50eLghfSa5_biZ6VpVppiDO36p-KyW8bU/s16000/Capture3.PNG" /></a></div><div><br /></div><div><br /></div><div>Set the deployment type to <b>Script Installer </b>and click <b>Next</b></div><br /><div style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhcQx41nHwBhgVwz6msj2hQdykcdkcE06Lx_77LmNGKZJNHKNjX5awxVm-hLwCt3nqsuSQurVDZv6nYHANJjH4g2tmH6ot9BMUf3FWy07lzWJ11WA3rdYBA0t4V_9yMeZtW-1yAPGNw4vs/s791/Capture4.PNG"><img border="0" data-original-height="703" data-original-width="791" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhcQx41nHwBhgVwz6msj2hQdykcdkcE06Lx_77LmNGKZJNHKNjX5awxVm-hLwCt3nqsuSQurVDZv6nYHANJjH4g2tmH6ot9BMUf3FWy07lzWJ11WA3rdYBA0t4V_9yMeZtW-1yAPGNw4vs/s16000/Capture4.PNG" /></a></div><div><br /></div><div><br /></div><div>Set the deployment type name and click <b>Next</b></div><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiY6Ukt26lDtnRmto2h8dDoNuyCmv9gqbsuvwDDG41tuBHPId2bzIdH_T-wgLTCbg_At8X93usiV0baB0fc-uf4ogj6oafE7hsnMNbFfUA3qzKawpfCIVQ_gOtKUjPOxOCwQj4VEblKv-k/s791/Capture5.PNG" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="703" data-original-width="791" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiY6Ukt26lDtnRmto2h8dDoNuyCmv9gqbsuvwDDG41tuBHPId2bzIdH_T-wgLTCbg_At8X93usiV0baB0fc-uf4ogj6oafE7hsnMNbFfUA3qzKawpfCIVQ_gOtKUjPOxOCwQj4VEblKv-k/s16000/Capture5.PNG" /></a></div><div><br /></div><div><br /></div><div>Enter the content location path to the <b>dock_manager_setup.exe </b></div><div>Install command: </div><div style="background: rgb(248, 248, 248); border-color: gray; border-image: initial; border-style: solid; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;"><pre style="line-height: 125%; margin: 0px;">"dock_manager_setup.exe" /VERYSILENT
</pre></div>
<div><br /></div><div>Uninstall command:</div><div><div style="background: rgb(248, 248, 248); border-color: gray; border-image: initial; border-style: solid; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;"><pre style="line-height: 16.25px; margin-bottom: 0px; margin-top: 0px;">unins000.exe /SILENT
</pre></div><div><br /></div></div><div>Uninstall start in:</div><div><div style="background: rgb(248, 248, 248); border-color: gray; border-image: initial; border-style: solid; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;"><pre style="line-height: 16.25px; margin-bottom: 0px; margin-top: 0px;">%ProgramFiles%\Lenovo\Dock Manager
</pre></div><div><br /></div></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgZ5HTbJxfY0J7jNGLAuUuhNwLa1sD14Key7PwIO-qE0eGQrfzOvkwB8C9iOjg1UpgYoGm8bk0_zDoPT4LzwT18XoviWo2Pz4IP1VBVcR56Sw_lvBfa4gf6lWENLChvGm1ivC3e3-8xFvY/s791/Capture6.PNG" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="703" data-original-width="791" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgZ5HTbJxfY0J7jNGLAuUuhNwLa1sD14Key7PwIO-qE0eGQrfzOvkwB8C9iOjg1UpgYoGm8bk0_zDoPT4LzwT18XoviWo2Pz4IP1VBVcR56Sw_lvBfa4gf6lWENLChvGm1ivC3e3-8xFvY/s16000/Capture6.PNG" /></a></div><div><br /></div><div><br /></div><div>Set the detection rule setting type to <b>Registry</b></div><div>Hive: <b>HKLM</b></div><div>Key:</div><div><div style="background: rgb(248, 248, 248); border-color: gray; border-image: initial; border-style: solid; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;"><pre style="line-height: 16.25px; margin-bottom: 0px; margin-top: 0px;">SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DockManager_is1
</pre></div><div><br /></div></div><div>Value:</div><div><div style="background: rgb(248, 248, 248); border-color: gray; border-image: initial; border-style: solid; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;"><pre style="line-height: 16.25px; margin-bottom: 0px; margin-top: 0px;">DisplayVersion</pre></div></div><div><br /></div><div>Data Type: <b>String</b></div><div><b><br /></b></div><div>Tick the radio button for <b>This registry setting must satisfy the following rule...</b></div><div>Operator: <b>Equals</b></div><div>Value:</div><div><div style="background: rgb(248, 248, 248); border-color: gray; border-image: initial; border-style: solid; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;"><pre style="line-height: 16.25px; margin-bottom: 0px; margin-top: 0px;">1.0.0.125
</pre></div><div><br /></div></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgu29JGR9un6kc9rEVmdu4It5aBQsW_gy109sgARHViXJvarqJMZuRRyWzdb95EeR0jQ_ngNd5FFI3kx0ruZlClRdG1Ptl3WM8AmUaF43P3nYSMWmwmfvbg1CqveL_OHQyMYIGLfc5uCyA/s611/Capture7.PNG" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="606" data-original-width="611" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgu29JGR9un6kc9rEVmdu4It5aBQsW_gy109sgARHViXJvarqJMZuRRyWzdb95EeR0jQ_ngNd5FFI3kx0ruZlClRdG1Ptl3WM8AmUaF43P3nYSMWmwmfvbg1CqveL_OHQyMYIGLfc5uCyA/s16000/Capture7.PNG" /></a></div><div><br /></div><div><br /></div><div>Set the installation behavior to <b>Install for system </b>and logon requirement to <b>Whether or not a user is logged on</b></div><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhHA8otiKE575eH27fWNpPSIt3Ey6GU0JKP6kV3l7PXI5B8Fij3KcwRWiHIm6PUT-w3Z5dP-HK_h7U_llaTNiLKCf_lkYKCRLKaBgENHuG4J3xNNmCZ3budL3pt2eHuT9CLjKRpL-hF_SY/s791/Capture8.PNG" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="703" data-original-width="791" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhHA8otiKE575eH27fWNpPSIt3Ey6GU0JKP6kV3l7PXI5B8Fij3KcwRWiHIm6PUT-w3Z5dP-HK_h7U_llaTNiLKCf_lkYKCRLKaBgENHuG4J3xNNmCZ3budL3pt2eHuT9CLjKRpL-hF_SY/s16000/Capture8.PNG" /></a></div><div><br /></div><div><br /></div><div>Add any installation requirements such as <b>Operating system </b>is <b>One of Windows 10 (64-bit)</b></div><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh9w4kZYKOS5-XRI4onFaD7GKmkkKcM1bf5qsDimO2zawoSh8n-FlQPrLg6rdXOKbQscNrwkzIzQVDgh-B_EHwjoetlNwv2kfo0z6BV0jzmO2kPTaBBGTyTjCt5Rua6AJad08pJz-1N2oo/s791/Capture9.PNG" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="703" data-original-width="791" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh9w4kZYKOS5-XRI4onFaD7GKmkkKcM1bf5qsDimO2zawoSh8n-FlQPrLg6rdXOKbQscNrwkzIzQVDgh-B_EHwjoetlNwv2kfo0z6BV0jzmO2kPTaBBGTyTjCt5Rua6AJad08pJz-1N2oo/s16000/Capture9.PNG" /></a></div><div><br /></div><div><br /></div><div>Complete the deployment type and App wizards</div><div><br /></div><div><br /></div><div><b style="font-size: x-large;">Deploying Dock Manager with Intune</b></div><div><br /></div><div>Using the Win32 Content Prep <a href="https://github.com/Microsoft/Microsoft-Win32-Content-Prep-Tool" target="_blank">Tool</a>, convert Dock Manager Setup executable to an .intunewin format. A sample command would look like this</div><div><br /></div><div style="background: rgb(248, 248, 248); border-color: gray; border-image: initial; border-style: solid; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;"><pre style="line-height: 125%; margin: 0px;">IntuneWinAppUtil.exe -c "C:\IntuneWin\DM\" -s "dock_manager_setup.exe" -o "C:\IntuneWin\output\" -q
</pre></div>
<div><br /></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi4Kkb4Lh9yUtIIzFp_R7QY9Ter2v7AjFXfzAbqHNRMszAoA9JhO4whAtQDuqiAUre_1E-0Ga3G1kCjO7F071zqLFKcRKwon9PWhrkNRmCyB-cl9VEiYcXYlNY8EnquyYRby6e_HQK-hSk/s1033/Capture.PNG" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="768" data-original-width="1033" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi4Kkb4Lh9yUtIIzFp_R7QY9Ter2v7AjFXfzAbqHNRMszAoA9JhO4whAtQDuqiAUre_1E-0Ga3G1kCjO7F071zqLFKcRKwon9PWhrkNRmCyB-cl9VEiYcXYlNY8EnquyYRby6e_HQK-hSk/s16000/Capture.PNG" /></a></div><br /><div><br /></div><div>Login to the <a href="https://endpoint.microsoft.com/#blade/Microsoft_Intune_DeviceSettings/AppsWindowsMenu/windowsApps" target="_blank">Endpoint admin center</a> to create a new Windows app and select the <b>Windows app (Win32)</b> type.</div><div><br /></div><div>Select the <b>dock_manager_setup.intunewin </b>app package file.</div><div><br /></div><div>Enter required and optional information about the app</div><div><br /></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj_oaWYCo0aHfB9Pq97Lr85e7Pd3q7cMyju9WXl_qMQuFh7y2z6GGJCNCQq38cDnTkViZC8gcl_R-R0hiXEkQsACH4ilNFCPpygC6muUkcSazvir33BFTuQpx9x4dF-MiSwhN6LyemQLew/s1112/Capture.PNG" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1081" data-original-width="1112" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj_oaWYCo0aHfB9Pq97Lr85e7Pd3q7cMyju9WXl_qMQuFh7y2z6GGJCNCQq38cDnTkViZC8gcl_R-R0hiXEkQsACH4ilNFCPpygC6muUkcSazvir33BFTuQpx9x4dF-MiSwhN6LyemQLew/s16000/Capture.PNG" /></a></div><br /><div class="separator" style="clear: both; text-align: center;"><br /></div>Enter the install command<div><div style="background: rgb(248, 248, 248); border-color: gray; border-image: initial; border-style: solid; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;"><pre style="line-height: 125%; margin: 0px;">dock_manager_setup.exe /VERYSILENT
</pre></div>
<div><br /></div>and uninstall command</div><div style="background: rgb(248, 248, 248); border-color: gray; border-image: initial; border-style: solid; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;"><pre style="line-height: 125%; margin: 0px;">%ProgramFiles%\Lenovo\Dock Manager\unins000.exe /SILENT
</pre></div>
<div><br /></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgN-GVcMlbBXbZ0ZYvpbybErZ_VHsfSDiGvhGeF0J9p6aaCVv5RdtGsOr5sHaOKRFeDiBIpfEpk7LPcTivBFjP3aVX1Ta-LVS83SxQW7rcLk-b6_xMMwjIH7a0LqbLN51OskxizVkcyJQY/s1088/Capture2.PNG" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="781" data-original-width="1088" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgN-GVcMlbBXbZ0ZYvpbybErZ_VHsfSDiGvhGeF0J9p6aaCVv5RdtGsOr5sHaOKRFeDiBIpfEpk7LPcTivBFjP3aVX1Ta-LVS83SxQW7rcLk-b6_xMMwjIH7a0LqbLN51OskxizVkcyJQY/s16000/Capture2.PNG" /></a></div><br /><div><br /></div><div>Set the requirements. You can take it a bit further with a detection script to check if a supported dock is currently connected to the system. Here's a sample PowerShell script</div><div style="background: rgb(248, 248, 248); border-color: gray; border-image: initial; border-style: solid; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;"><pre style="line-height: 125%; margin: 0px;"><span style="color: #408080; font-style: italic;"># Check for Thunderbolt 3 Dock Gen 2</span>
<span style="color: #19177c;">$dock</span> = <span style="color: green;">Get-WmiObject</span> -Class Win32_PnPEntity | <span style="color: green;">Where-Object</span> { <span style="color: #19177c;">$_</span>.DeviceID <span style="color: #666666;">-like</span> <span style="color: #ba2121;">'USB\VID_2109&PID_8887*'</span> }
<span style="color: green; font-weight: bold;">if</span> (<span style="color: #19177c;">$dock</span>) {
<span style="color: green;">Write-Output</span> <span style="color: #ba2121;">"Thunderbolt 3 Dock Detected!"</span>
}
<span style="color: green; font-weight: bold;">else</span> {
Exit 1
}
</pre></div>
<div><br /></div><div><br /></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjxvtZqfMAypHGWLCVCPL4pAFBdOXFYrhCNFludzT8GMBUKYb0gxxPgkbDYR4SkpkMlWzxWR5uhAboeGb2wxWvdT9NTJLR6Cw6k8p7RAcjvvT6qyDQB96oSQDgI7boJ4J-2I3cuiTnH6us/s1121/Capture3.PNG" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="734" data-original-width="1121" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjxvtZqfMAypHGWLCVCPL4pAFBdOXFYrhCNFludzT8GMBUKYb0gxxPgkbDYR4SkpkMlWzxWR5uhAboeGb2wxWvdT9NTJLR6Cw6k8p7RAcjvvT6qyDQB96oSQDgI7boJ4J-2I3cuiTnH6us/s16000/Capture3.PNG" /></a></div><br /><div><br /></div><div>Enter the detection rules to verify the current version of Dock Manager is installed</div><div><br /></div><div>Key path:</div><div style="background: rgb(248, 248, 248); border-color: gray; border-image: initial; border-style: solid; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;"><pre style="line-height: 125%; margin: 0px;">HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DockManager_is1
</pre></div>
<div><br /></div><div>Value name: <b>DisplayVersion</b></div><div>Detection method: <b>String comparison</b></div><div>Operator: <b>Equals</b></div><div>Value: <b>1.0.0.125</b></div><div><br /></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEheKvCVgTX0oes6ujmtHK1-Jzv_0BguSoS9rcSEB3nbvdQ_l-At-6NQxRTUM-fua5MVccH_AwDXlX4Pp3ekMD_dKEqdmn4gE_LgMt7DsQJk7z0bbsg8BACc4B3NdIIwC2YtkNJay1dcKiI/s576/Capture4.PNG" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="519" data-original-width="576" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEheKvCVgTX0oes6ujmtHK1-Jzv_0BguSoS9rcSEB3nbvdQ_l-At-6NQxRTUM-fua5MVccH_AwDXlX4Pp3ekMD_dKEqdmn4gE_LgMt7DsQJk7z0bbsg8BACc4B3NdIIwC2YtkNJay1dcKiI/s16000/Capture4.PNG" /></a></div><br /><div><br /></div><div>Finish out the wizard and assign to a group</div><div><br /><div class="separator" style="clear: both; text-align: center;"><br /></div><div class="separator" style="clear: both; text-align: left;"><span style="font-size: large;"><b>Dock Manager WMI Class</b></span></div><div class="separator" style="clear: both; text-align: left;">You can <a href="https://docs.microsoft.com/en-us/mem/configmgr/core/clients/manage/inventory/extend-hardware-inventory" target="_blank">extend hardware inventory</a> in Config Manager to collect the data written by Dock Manager on your clients by importing the provided .mof file below.</div><div class="separator" style="clear: both; text-align: left;"><br /></div><div class="separator" style="clear: both; text-align: left;"><a href="https://download.lenovo.com/cdrt/blog/ConfigMgr-MOF-DockManager.zip" target="_blank">Download</a></div><div class="separator" style="clear: both; text-align: left;"><br /></div><div class="separator" style="clear: both; text-align: left;">An example from Resource Explorer </div><div class="separator" style="clear: both; text-align: left;"><br /></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg8t8vKjbaVK5jjA4vyxdMGP6AGHWD7adcdw61gPcsBa_avu4nzK6fj7ZgBNDuzy3gDFPNzNZrAONbdcrtaFoy-Ft_Y4CxA10M6rO8Q4gSVsKER4juYA8UQJ10DtbdRAtWN7c-8f50Cz7I/s879/Capture.PNG" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="393" data-original-width="879" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg8t8vKjbaVK5jjA4vyxdMGP6AGHWD7adcdw61gPcsBa_avu4nzK6fj7ZgBNDuzy3gDFPNzNZrAONbdcrtaFoy-Ft_Y4CxA10M6rO8Q4gSVsKER4juYA8UQJ10DtbdRAtWN7c-8f50Cz7I/s16000/Capture.PNG" /></a></div><br /><div class="separator" style="clear: both; text-align: left;"><br /></div><div class="separator" style="clear: both; text-align: left;">Sample report of what can be gathered using SSRS</div><div class="separator" style="clear: both; text-align: left;"><br /></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhLpHDkK6eAGhWYYpxUm3SUmNZWG3sQx2Q3EzWJiUfnfYg5b2Q_3Xmr2Za1orzedQvagvk1QTTjecFrOY8p4WW-u85drt2lE7XnjWRylq6Mm6W0DJKm-1Zprosb_22hwl4lySxKF2Zw7Xw/s1830/Picture1.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="473" data-original-width="1830" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhLpHDkK6eAGhWYYpxUm3SUmNZWG3sQx2Q3EzWJiUfnfYg5b2Q_3Xmr2Za1orzedQvagvk1QTTjecFrOY8p4WW-u85drt2lE7XnjWRylq6Mm6W0DJKm-1Zprosb_22hwl4lySxKF2Zw7Xw/s16000/Picture1.png" /></a></div><br /><div class="separator" style="clear: both; text-align: left;"><br /></div><br /><p><br /></p><p><br /></p></div>Phil Jorgensenhttp://www.blogger.com/profile/11453108320856076366noreply@blogger.comtag:blogger.com,1999:blog-6670904646973955613.post-60041480783366647542020-11-24T11:17:00.017-05:002022-06-10T15:24:13.085-04:00Manage Commercial Vantage with Intune<div><span style="font-family: inherit;"><i>This article has moved to </i></span><a href="https://docs.lenovocdrt.com/#/cv/management/intune/intune">https://docs.lenovocdrt.com/#/cv/management/intune/intune</a></div><div><span style="font-family: inherit;"><br /></span></div><div><span style="font-family: inherit;">Following up on the intro to Commercial Vantage </span><a href="https://thinkdeploy.blogspot.com/2020/11/deploying-commercial-vantage-with-intune.html" style="font-family: inherit;" target="_blank">post</a><span style="font-family: inherit;">, this one will walk through managing a few of the policies with Intune. This will be very similar to </span><a href="https://thinkdeploy.blogspot.com/2019/07/manage-lenovo-system-update-with-intune.html" style="font-family: inherit;" target="_blank">Managing System Update with Intune</a><span style="font-family: inherit;"> so some of the content will transfer here.</span></div><div><span style="font-family: inherit;"><br />Before you begin, you will need:<br /><ul><li>Commercial Vantage .admx/.adml files - Found in the App/Deployment Guide zip which can be downloaded from the landing page <a href="https://support.lenovo.com/solutions/hf003321-lenovo-vantage-for-enterprise" target="_blank">here</a>.</li><li>A Windows 10 device connected to Azure Active Directory and managed by Intune</li><li>Commercial Vantage installed on the device.</li></ul><h2>Ingest the Commercial Vantage ADMX file</h2><ul style="text-align: left;"><li>Sign in to the <a href="https://endpoint.microsoft.com/" target="_blank" title="Azure Device Management">Azure Device Management</a> portal</li><li>Navigate to <b>Devices > Configuration Profiles > </b>click<b> Create Profile</b></li><ul><li>Select the <b>Windows 10 and later </b>platform</li><li>Choose the <b>Custom </b>profile and click <b>Create</b></li></ul><li>Enter the information for the new profile, for example:</li><ul><li><b>Name: </b>Commercial Vantage ADMX Ingest</li><li><b>Description:</b> (Optional)</li></ul><li>In the <b>Custom OMA-URI Settings</b> menu, click <b>Add </b>and enter the following</li><ul><li><b>Name</b>: ADMX Ingest</li><li><b>Description</b>: (Optional)</li><li style="text-align: left;"><b>OMA-URI</b>: ./Device/Vendor/MSFT/Policy/ConfigOperations/ADMXInstall/CommercialVantage/Policy/CommercialVantage</li><li><b>Data Type</b>: String</li><li><b>Value</b>: Copy the contents of the <b>CommercialVantage.admx</b> into this field</li></ul><li>Click <b>OK </b>to complete adding the new OMA-URI row</li><li>Click <b>Create </b>to create the new profile</li><li>Assign the profile to a group. This group should only include devices that have Vantage installed.</li></ul>Verify the settings have pushed to a device by launching <b>Regedit</b> and navigating to <br /><br /><b>HKLM\SOFTWARE\Microsoft\PolicyManager\AdmxDefault</b></span></div><span><div style="font-family: inherit;"><span style="font-family: inherit;"><br /></span></div><div style="font-family: inherit;"><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjbxYwGRH5Gc5J5ZKMO2F3yHMf0WwLc0POgRvDlUFO_d_LBSzjGajl83RH_I2hDN6of37Df2S5Tsw_ovcApVGt30_kGLqVYhaIyWvFlbRH9VDnMKTvCrBXSQ0QXjqj7iDnzMttSpcljdpY/s1821/Capture.PNG" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1125" data-original-width="1821" height="395" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjbxYwGRH5Gc5J5ZKMO2F3yHMf0WwLc0POgRvDlUFO_d_LBSzjGajl83RH_I2hDN6of37Df2S5Tsw_ovcApVGt30_kGLqVYhaIyWvFlbRH9VDnMKTvCrBXSQ0QXjqj7iDnzMttSpcljdpY/w640-h395/Capture.PNG" width="640" /></a></div><br /><div class="separator" style="clear: both; text-align: center;"><br /></div><br /><div class="separator" style="clear: both; text-align: center;"><br /></div></div><div style="font-family: inherit;"><span style="font-family: inherit;"><h2>Create a Vantage Policy</h2>Example:<br /><ul><li>Repeating the same steps, create a second <b>Custom </b>profile and name it something like <b>Commercial Vantage Config</b>. This one will contain all of the policies you wish to deploy. This example, I'm going to choose to disable the Dashboard.</li><li>In the <b>Custom OMA-URI</b> Settings menu, click <b>Add </b>and enter the following</li><ul><li><b>Name</b>: Dashboard</li><li><b>Description</b>: (Optional)</li><li><b>OMA-URI</b>:<br />./Device/Vendor/MSFT/Policy/Config/CommercialVantage~Policy~03E445D7B5956335BEDEF9340AC7E092~8EB4B7362B69050BFD52D7A0636C0562/26EB604F31FEA5A31B30EE1DA8B6774D</li><li><b>Data Type</b>: String</li><li><b>Value</b>: <enabled/></li></ul></ul><div>Click <b>Save </b>to add the new OMA-URI Setting and click <b>Review + save </b>to save the profile. Assign the to same group as above.</div><div><br /></div><div><b><span style="font-size: large;">Client Side Results</span></b></div></span></div><div style="font-family: inherit;"><br /></div><div style="font-family: inherit;">Before the client receives the new profile, here's a screenshot of Vantage with no configuration polices assigned. You're presented with the Dashboard and a handful of tabs in the upper right: <b>Device | WiFi security | Support | Preference Settings</b></div><div style="font-family: inherit;"><br /></div><div class="separator" style="clear: both; font-family: inherit; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEidMl0Nvj8IbpS1h9zhhU1KN-HcfUI9qS30VA6jXPV-XI6Ct97eLYCRWkPv3UAORNt6Sk95sM0x8ikD3LKL2xE9goSth0YIC4HbeYD7pELu1p7-6uHOS8vlCeyDdxThjpzUVORQibZ7h1s/s1920/Capture5.PNG" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1020" data-original-width="1920" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEidMl0Nvj8IbpS1h9zhhU1KN-HcfUI9qS30VA6jXPV-XI6Ct97eLYCRWkPv3UAORNt6Sk95sM0x8ikD3LKL2xE9goSth0YIC4HbeYD7pELu1p7-6uHOS8vlCeyDdxThjpzUVORQibZ7h1s/s16000/Capture5.PNG" /></a></div><br /><div style="font-family: inherit;"><br /></div><div><div>After the client receives the profile, verify by launching Regedit and navigate to:</div><div><br /></div><div><b>HKLM\SOFTWARE\Policies\Lenovo\Commercial Vantage</b></div><div><br /></div><div>I added a few other settings in my profile</div><div><br /></div></div><div style="font-family: inherit;"><b style="background-color: white; color: #717171; font-family: Roboto, sans-serif; font-size: 15px;"><br /></b></div><div style="font-family: inherit;"><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi2cQTipAFETOt-9TythqyojyjL4cKYBWApL1ueXur1ZF3l75XhKa4RgCw2RvR-y2eCSluRs-kaWmbLNjt9kp-fM2QWe5MFNkEELAKw0rse-qzSyLbZZom-ND7WzT2SMQpcFZYsGBQqov8/s1049/Capture4.PNG" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1016" data-original-width="1049" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi2cQTipAFETOt-9TythqyojyjL4cKYBWApL1ueXur1ZF3l75XhKa4RgCw2RvR-y2eCSluRs-kaWmbLNjt9kp-fM2QWe5MFNkEELAKw0rse-qzSyLbZZom-ND7WzT2SMQpcFZYsGBQqov8/s16000/Capture4.PNG" /></a></div><br /><b style="background-color: white; color: #717171; font-family: Roboto, sans-serif; font-size: 15px;"><br /></b></div><div><div>When I relaunch Vantage, the UI now looks a bit different</div><div><br /></div></div><div><span face="Roboto, sans-serif" style="color: #717171;"><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgc-T-Xw7MKaoyBtpggoe3_NhNd5TpHZPeikFw53FX_JgW4VSvh-NyG2HFXxBGrPWVE_dyup8FXcv5b3W88Cof3_bs6emAcCT_k1InaXPNYjYjUiF205HYFv4u3DsZb8rzN8vnaWrEkoOE/s1920/Capture3.PNG" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1020" data-original-width="1920" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgc-T-Xw7MKaoyBtpggoe3_NhNd5TpHZPeikFw53FX_JgW4VSvh-NyG2HFXxBGrPWVE_dyup8FXcv5b3W88Cof3_bs6emAcCT_k1InaXPNYjYjUiF205HYFv4u3DsZb8rzN8vnaWrEkoOE/s16000/Capture3.PNG" /></a></div><br /><span style="background-color: white; font-size: 15px;"><br /></span></span></div><div style="font-family: inherit;"><span style="font-family: inherit;">Below is a list of all possible settings, constructed as OMA-URIs</span></div><div><h2 style="font-family: inherit;">Dashboard</h2><div style="font-family: inherit;"><strong>Name: </strong>Dashboard</div><div style="font-family: inherit;"><strong><br /></strong></div><div style="font-family: inherit;"><strong>Description: </strong>When this policy is enabled, Dashboard feature of Commercial Vantage will be turned off </div><div style="font-family: inherit;"><strong><br /></strong></div><div style="font-family: inherit;"><strong>OMA-URI:</strong><div class="dontoverflow"></div>./Device/Vendor/MSFT/Policy/Config/CommercialVantage~Policy~03E445D7B5956335BEDEF9340AC7E092~8EB4B7362B69050BFD52D7A0636C0562/26EB604F31FEA5A31B30EE1DA8B6774D</div><div style="font-family: inherit;"><strong><br /></strong></div><div style="font-family: inherit;"><strong>Values:</strong><pre><enabled/></pre><pre><disabled/></pre></div><div style="font-family: inherit;"><strong>Notes:</strong></div><hr style="font-family: inherit;" /><h2 style="font-family: inherit;">Device</h2><div style="font-family: inherit;"><strong>Name: </strong>Smart Assist</div><div style="font-family: inherit;"><strong><br /></strong></div><div style="font-family: inherit;"><strong>Description: </strong>When this policy is enabled, Smart Assist feature of Commercial Vantage will be turned off</div><div style="font-family: inherit;"><strong><br /></strong></div><div style="font-family: inherit;"><strong>OMA-URI:</strong><div class="dontoverflow"></div>./Device/Vendor/MSFT/Policy/Config/CommercialVantage~Policy~03E445D7B5956335BEDEF9340AC7E092~7D8BB8A33C8A8577FC2188C5539DFDBB/1631A70618C59A6199301D764A23F246</div><div style="font-family: inherit;"><strong><br /></strong></div><div style="font-family: inherit;"><strong>Values:</strong><pre><enabled/></pre><pre><disabled/></pre></div><div style="font-family: inherit;"><strong>Notes:</strong><hr /></div><div style="font-family: inherit;"><strong>Name: </strong>Device Settings</div><div style="font-family: inherit;"><strong><br /></strong></div><div style="font-family: inherit;"><strong>Description: </strong>When this policy is enabled, Device Settings feature of Commercial Vantage will be turned off</div><div style="font-family: inherit;"><strong><br /></strong></div><div style="font-family: inherit;"><strong>OMA-URI:</strong><div class="dontoverflow"></div>./Device/Vendor/MSFT/Policy/Config/CommercialVantage~Policy~03E445D7B5956335BEDEF9340AC7E092~7D8BB8A33C8A8577FC2188C5539DFDBB/45F6F49C7B88A4F6681C08269E51869F</div><div style="font-family: inherit;"><strong><br /></strong></div><div style="font-family: inherit;"><strong>Values:</strong><pre><enabled/></pre><pre><disabled/></pre></div><div style="font-family: inherit;"><strong>Notes:</strong><hr /></div><div style="font-family: inherit;"><strong>Name: </strong>System Update</div><div style="font-family: inherit;"><strong><br /></strong></div><div style="font-family: inherit;"><strong>Description: </strong>When this policy is enabled, System Update feature of Commercial Vantage will be turned off</div><div style="font-family: inherit;"><strong><br /></strong></div><div style="font-family: inherit;"><strong>OMA-URI:</strong><div class="dontoverflow"></div>./Device/Vendor/MSFT/Policy/Config/CommercialVantage~Policy~03E445D7B5956335BEDEF9340AC7E092~7D8BB8A33C8A8577FC2188C5539DFDBB/C2A1B40F7DC05396F6FC85A58E76A0A2</div><div style="font-family: inherit;"><strong><br /></strong></div><div style="font-family: inherit;"><strong>Values:</strong><pre><enabled/></pre><pre><disabled/></pre></div><div style="font-family: inherit;"><strong>Notes:</strong></div><hr style="font-family: inherit;" /><div style="font-family: inherit;"><strong>Name: </strong>My Device</div><div style="font-family: inherit;"><strong><br /></strong></div><div style="font-family: inherit;"><strong>Description: </strong>When this policy is enabled, My Device feature of Commercial Vantage will be turned off </div><div style="font-family: inherit;"><strong><br /></strong></div><div style="font-family: inherit;"><strong>OMA-URI:</strong><div class="dontoverflow"></div>./Device/Vendor/MSFT/Policy/Config/CommercialVantage~Policy~03E445D7B5956335BEDEF9340AC7E092~7D8BB8A33C8A8577FC2188C5539DFDBB/E39E265DD63799F578A4F5EF9ED9E271</div><div style="font-family: inherit;"><strong><br /></strong></div><div style="font-family: inherit;"><strong>Values:</strong><pre><enabled/></pre><pre><disabled/></pre></div><div style="font-family: inherit;"><strong>Notes:</strong></div><hr style="font-family: inherit;" /><h2 style="font-family: inherit;">Device Settings</h2><div><div style="font-family: inherit;"><strong>Name: </strong>Microphone Settings</div><div style="font-family: inherit;"><strong><br /></strong></div><div style="font-family: inherit;"><strong>Description: </strong>When this policy is enabled, the Microphone Settings features of Commercial Vantage will be turned off</div><div style="font-family: inherit;"><strong><br /></strong></div><div style="font-family: inherit;"><strong>OMA-URI:</strong><div class="dontoverflow"></div>./Device/Vendor/MSFT/Policy/Config/CommercialVantage~Policy~03E445D7B5956335BEDEF9340AC7E092~7D8BB8A33C8A8577FC2188C5539DFDBB~8BFC79DE8BB6F9B73316906802BA1CF8~0DCC7F7AF7643439978A86FD8954E056/3DE55572B38BBE99A42335869E037DF3</div><div style="font-family: inherit;"><strong><br /></strong></div><div style="font-family: inherit;"><strong>Values:</strong><pre><enabled/></pre><pre><disabled/></pre></div><div style="font-family: inherit;"><strong>Notes:</strong></div><div><hr style="font-family: inherit;" /><div style="font-family: inherit;"><strong>Name: </strong>Audio Smart Settings</div><div style="font-family: inherit;"><strong><br /></strong></div><div style="font-family: inherit;"><strong>Description: </strong>When this policy is enabled, Audio Smart Settings feature of Commercial Vantage will be turned off</div><div style="font-family: inherit;"><strong><br /></strong></div><div style="font-family: inherit;"><strong>OMA-URI:</strong><div class="dontoverflow"></div>./Device/Vendor/MSFT/Policy/Config/CommercialVantage~Policy~03E445D7B5956335BEDEF9340AC7E092~7D8BB8A33C8A8577FC2188C5539DFDBB~8BFC79DE8BB6F9B73316906802BA1CF8~0DCC7F7AF7643439978A86FD8954E056/4E23CB25D710E406CF34EE9C2D5E8F77</div><div style="font-family: inherit;"><strong><br /></strong></div><div style="font-family: inherit;"><strong>Values:</strong><pre><enabled/></pre><pre><disabled/></pre></div><div style="font-family: inherit;"><strong>Notes:</strong></div><div><hr style="font-family: inherit;" /><div style="font-family: inherit;"><strong>Name: </strong>Camera</div><div style="font-family: inherit;"><strong><br /></strong></div><div style="font-family: inherit;"><strong>Description: </strong>When this policy is enabled, the Camera features of Commercial Vantage will be turned off</div><div style="font-family: inherit;"><strong><br /></strong></div><div style="font-family: inherit;"><strong>OMA-URI:</strong><div class="dontoverflow"></div>./Device/Vendor/MSFT/Policy/Config/CommercialVantage~Policy~03E445D7B5956335BEDEF9340AC7E092~7D8BB8A33C8A8577FC2188C5539DFDBB~8BFC79DE8BB6F9B73316906802BA1CF8~2F1A3379F15869B17CDC4166675CF9F4/70DA5C43A08ABFF6465613AD5E3426D8</div><div style="font-family: inherit;"><strong><br /></strong></div><div style="font-family: inherit;"><strong>Values:</strong><pre><enabled/></pre><pre><disabled/></pre></div><div><strong style="font-family: inherit;">Notes:</strong><hr style="font-family: inherit;" /><div style="font-family: inherit;"><strong>Name: </strong>Display</div><div style="font-family: inherit;"><strong><br /></strong></div><div style="font-family: inherit;"><strong>Description: </strong>When this policy is enabled, the Display features of Commercial Vantage will be turned off</div><div style="font-family: inherit;"><strong><br /></strong></div><div style="font-family: inherit;"><strong>OMA-URI:</strong><div class="dontoverflow"></div>./Device/Vendor/MSFT/Policy/Config/CommercialVantage~Policy~03E445D7B5956335BEDEF9340AC7E092~7D8BB8A33C8A8577FC2188C5539DFDBB~8BFC79DE8BB6F9B73316906802BA1CF8~2F1A3379F15869B17CDC4166675CF9F4/BCC3FA02172D8F220765BCC0DAF5897A</div><div style="font-family: inherit;"><strong><br /></strong></div><div style="font-family: inherit;"><strong>Values:</strong><pre><enabled/></pre><pre><disabled/></pre></div><div><strong style="font-family: inherit;">Notes:</strong><hr style="font-family: inherit;" /><div style="font-family: inherit;"><strong>Name: </strong>Intelligent Keyboard</div><div style="font-family: inherit;"><strong><br /></strong></div><div style="font-family: inherit;"><strong>Description: </strong>When this policy is enabled, Intelligent Keyboard feature of Commercial Vantage will be turned off</div><div style="font-family: inherit;"><strong><br /></strong></div><div style="font-family: inherit;"><strong>OMA-URI:</strong><div class="dontoverflow"></div>./Device/Vendor/MSFT/Policy/Config/CommercialVantage~Policy~03E445D7B5956335BEDEF9340AC7E092~7D8BB8A33C8A8577FC2188C5539DFDBB~8BFC79DE8BB6F9B73316906802BA1CF8~DC6ABC1D9A065D6934DBBF4A781C1743/B472A13920E69AD5EA4E8C8AE4F32DBA</div><div style="font-family: inherit;"><strong><br /></strong></div><div style="font-family: inherit;"><strong>Values:</strong><pre><enabled/></pre><pre><disabled/></pre></div><div><strong style="font-family: inherit;">Notes:</strong><hr style="font-family: inherit;" /><div><div style="font-family: inherit;"><strong>Name: </strong>Power Settings</div><div style="font-family: inherit;"><strong>Description: </strong>When this policy is enabled, the Power Settings of Commercial Vantage will be turned off</div><div style="font-family: inherit;"><strong>OMA-URI:</strong><div class="dontoverflow"></div>./Device/Vendor/MSFT/Policy/Config/CommercialVantage~Policy~03E445D7B5956335BEDEF9340AC7E092~7D8BB8A33C8A8577FC2188C5539DFDBB~8BFC79DE8BB6F9B73316906802BA1CF8~E4F5170489B8C677D42DEB4590E140A7/5C2B0833E82D16B3417540950063B3B1</div><div style="font-family: inherit;"><strong>Values:</strong><pre><enabled/></pre><pre><disabled/></pre></div><div style="font-family: inherit;"><strong>Notes:</strong></div><div><hr style="font-family: inherit;" /><div><div style="font-family: inherit;"><strong>Name: </strong>DPM Power Settings</div><div style="font-family: inherit;"><strong><br /></strong></div><div style="font-family: inherit;"><strong>Description: </strong>When this policy is enabled, the DPM Power Settings of Commercial Vantage will be turned off</div><div style="font-family: inherit;"><strong><br /></strong></div><div style="font-family: inherit;"><strong>OMA-URI:</strong><div class="dontoverflow"></div>./Device/Vendor/MSFT/Policy/Config/CommercialVantage~Policy~03E445D7B5956335BEDEF9340AC7E092~7D8BB8A33C8A8577FC2188C5539DFDBB~8BFC79DE8BB6F9B73316906802BA1CF8~E4F5170489B8C677D42DEB4590E140A7/664C30E3A0368439C2BF8EEA05E32EE9</div><div style="font-family: inherit;"><strong><br /></strong></div><div style="font-family: inherit;"><strong>Values:</strong><pre><enabled/></pre><pre><disabled/></pre></div><div style="font-family: inherit;"><strong>Notes: </strong><i>Added in version 2104.10</i></div><div><hr style="font-family: inherit;" /><div style="font-family: inherit;"><strong>Name: </strong>Battery Settings</div><div><strong style="font-family: inherit;"><br /></strong></div><div><strong style="font-family: inherit;">Description: </strong>When this policy is enabled, the Battery Settings features of Commercial Vantage will be turned off.</div><div><br /></div><div>Battery percentage for starting and stopping charge threshold can only be set in increments of 5. Any value input will be rolled to next increment of 5.</div><div><br /></div><div>If IT Admin sets a "Start Charging" greater than "Stop Charging", Vantage will ignore "Start Charging" set by Admin and will "Start Charging" at 5% less than "Stop Charging"</div><div>Ex: IT Admin sets "Start Charging" = 60 and "Stop Charging" = 50. Then, Vantage will "Start Charging" at 45 “ Since "Stop Charging" = 50</div><div><br /></div><div>If checkbox to "Automatically set the start charging" is checked by IT Admin, Vantage will ignore "Start Charging" set by Admin and will "Start Charging" at "Stop Charging" minus 5.</div><div>Ex: If checkbox selected and "Stop Charging" is set to 90, then "Start Charging" is set to 85.</div><div><br /></div><div>When the toggle to "automatically set threshold" is on then Battery Threshold "Start" can not be set.</div><div style="font-family: inherit;"><strong><br /></strong></div><div style="font-family: inherit;"><strong>OMA-URI:</strong><div class="dontoverflow"></div>./Device/Vendor/MSFT/Policy/Config/CommercialVantage~Policy~03E445D7B5956335BEDEF9340AC7E092~7D8BB8A33C8A8577FC2188C5539DFDBB~8BFC79DE8BB6F9B73316906802BA1CF8~E4F5170489B8C677D42DEB4590E140A7/6A6C1333A96BD99C316FC0AC169C6B8D</div><div><strong style="font-family: inherit;"><br /></strong></div><div><strong style="font-family: inherit;">Value:</strong><pre><enabled/></pre><pre><data id="30B3EB897294AF0A770737E004CCE7B0" value="true"/></pre><pre><data id="4B9DE8D61B215393ED7255D0719FA5FA" value="60"/></pre><pre><data id="2FE339B04615BBA5C913F45FB6A1B34D" value="80"/></pre><pre><data id="51A1765894644A2F58B9AF5EE7F65922" value="false"/></pre></div><div><strong style="font-family: inherit;">Notes: </strong><i>Added in version 2104.10</i></div><div><i><br /></i></div><div><span style="font-family: inherit;">If this policy is enabled, the Battery Settings section in the GUI will disappear.</span></div><div><pre>4B9DE8D61B215393ED7255D0719FA5FA = Threshold Start</pre><pre>2FE339B04615BBA5C913F45FB6A1B34D = Threshold Stop</pre><pre>51A1765894644A2F58B9AF5EE7F65922 = Auto Start Charging</pre><hr style="font-family: inherit;" /><div><div style="font-family: inherit;"><strong>Name: </strong>Power Smart Settings</div><div style="font-family: inherit;"><strong><br /></strong></div><div style="font-family: inherit;"><strong>Description: </strong>When this policy is enabled, the Power Smart Settings of Commercial Vantage will be turned off</div><div style="font-family: inherit;"><strong><br /></strong></div><div style="font-family: inherit;"><strong>OMA-URI:</strong><div class="dontoverflow"></div>./Device/Vendor/MSFT/Policy/Config/CommercialVantage~Policy~03E445D7B5956335BEDEF9340AC7E092~7D8BB8A33C8A8577FC2188C5539DFDBB~8BFC79DE8BB6F9B73316906802BA1CF8~E4F5170489B8C677D42DEB4590E140A7/ADB803E7378E121123D5E08D9A2D0AE3</div><div style="font-family: inherit;"><strong><br /></strong></div><div style="font-family: inherit;"><strong>Values:</strong><pre><enabled/></pre><pre><disabled/></pre></div><div style="font-family: inherit;"><strong>Notes: </strong><i>Added in version 2104.10</i><strong style="font-family: inherit;"> </strong></div><div style="font-family: inherit;"><br /></div><div style="font-family: inherit;">Desktop Power Manager for ThinkCentre</div><div><hr style="font-family: inherit;" /><div style="font-family: inherit;"><strong>Name: </strong>Standby Settings</div><div style="font-family: inherit;"><strong><br /></strong></div><div style="font-family: inherit;"><strong>Description: </strong>When this policy is enabled, Standby Settings feature of Commercial Vantage will be turned off</div><div style="font-family: inherit;"><strong><br /></strong></div><div style="font-family: inherit;"><strong>OMA-URI:</strong><div class="dontoverflow"></div>./Device/Vendor/MSFT/Policy/Config/CommercialVantage~Policy~03E445D7B5956335BEDEF9340AC7E092~7D8BB8A33C8A8577FC2188C5539DFDBB~8BFC79DE8BB6F9B73316906802BA1CF8~E4F5170489B8C677D42DEB4590E140A7/B0FE740B6951DD55D924F47EE0577466</div><div style="font-family: inherit;"><strong><br /></strong></div><div style="font-family: inherit;"><strong>Values:</strong><pre><enabled/></pre><pre><disabled/></pre></div><div><strong style="font-family: inherit;">Notes: </strong><i>Added in version 2104.10</i><hr style="font-family: inherit;" /><div><div style="font-family: inherit;"><strong>Name: </strong>Energy Star</div><div style="font-family: inherit;"><strong><br /></strong></div><div style="font-family: inherit;"><strong>Description: </strong>When this policy is enabled, the Standby Settings features of Commercial Vantage will be turned off</div><div style="font-family: inherit;"><strong><br /></strong></div><div style="font-family: inherit;"><strong>OMA-URI:</strong><div class="dontoverflow"></div>./Device/Vendor/MSFT/Policy/Config/CommercialVantage~Policy~03E445D7B5956335BEDEF9340AC7E092~7D8BB8A33C8A8577FC2188C5539DFDBB~8BFC79DE8BB6F9B73316906802BA1CF8~E4F5170489B8C677D42DEB4590E140A7/D2EF91148F6CAD7276895C6CB7051E06</div><div style="font-family: inherit;"><strong><br /></strong></div><div style="font-family: inherit;"><strong>Values:</strong><pre><enabled/></pre><pre><disabled/></pre></div><div style="font-family: inherit;"><strong>Notes: </strong><i>Added in version 2104.10</i></div><div><hr style="font-family: inherit;" /><div><div style="font-family: inherit;"><strong>Name: </strong>Active Protection System Settings</div><div style="font-family: inherit;"><strong><br /></strong></div><div style="font-family: inherit;"><strong>Description: </strong>When this policy is enabled, the Active Protection System Settings features of Commercial Vantage will be turned off</div><div style="font-family: inherit;"><strong><br /></strong></div><div style="font-family: inherit;"><strong>OMA-URI:</strong><div class="dontoverflow"></div>./Device/Vendor/MSFT/Policy/Config/CommercialVantage~Policy~03E445D7B5956335BEDEF9340AC7E092~7D8BB8A33C8A8577FC2188C5539DFDBB~8BFC79DE8BB6F9B73316906802BA1CF8~45D8B8B2CBDB4610CAB05A18CF2C9868/3E5A8FB355FCCB817AD1D3DEFAC78170</div><div style="font-family: inherit;"><strong><br /></strong></div><div style="font-family: inherit;"><strong>Values:</strong><pre><enabled/></pre><pre><disabled/></pre></div><div style="font-family: inherit;"><strong>Notes: </strong><i>Added in version 2104.10</i></div><div><hr style="font-family: inherit;" /><div style="font-family: inherit;"><strong>Name: </strong>Intelligent Screen</div><div style="font-family: inherit;"><strong><br /></strong></div><div style="font-family: inherit;"><strong>Description: </strong>When this policy is enabled, the Intelligent Screen features of Commercial Vantage will be turned off</div><div style="font-family: inherit;"><strong><br /></strong></div><div style="font-family: inherit;"><strong>OMA-URI:</strong><div class="dontoverflow"></div>./Device/Vendor/MSFT/Policy/Config/CommercialVantage~Policy~03E445D7B5956335BEDEF9340AC7E092~7D8BB8A33C8A8577FC2188C5539DFDBB~8BFC79DE8BB6F9B73316906802BA1CF8~45D8B8B2CBDB4610CAB05A18CF2C9868/9DB9CAC9C421AFDB3A3381486210EA6C</div><div style="font-family: inherit;"><strong><br /></strong></div><div style="font-family: inherit;"><strong>Values:</strong><pre><enabled/></pre><pre><disabled/></pre></div><div style="font-family: inherit;"><strong>Notes:</strong></div><div><hr style="font-family: inherit;" /><div style="font-family: inherit;"><strong>Name: </strong>Intelligent Security Settings</div><div style="font-family: inherit;"><strong><br /></strong></div><div style="font-family: inherit;"><strong>Description: </strong>When this policy is enabled, the Intelligent Security Settings features of Commercial Vantage will be turned off</div><div style="font-family: inherit;"><strong><br /></strong></div><div style="font-family: inherit;"><strong>OMA-URI:</strong><div class="dontoverflow"></div>./Device/Vendor/MSFT/Policy/Config/CommercialVantage~Policy~03E445D7B5956335BEDEF9340AC7E092~7D8BB8A33C8A8577FC2188C5539DFDBB~8BFC79DE8BB6F9B73316906802BA1CF8~45D8B8B2CBDB4610CAB05A18CF2C9868/E01515303271B7087B61546ECED61B39</div><div style="font-family: inherit;"><strong><br /></strong></div><div style="font-family: inherit;"><strong>Values:</strong><pre><enabled/></pre><pre><disabled/></pre></div><div style="font-family: inherit;"><strong>Notes: </strong><i>Added in version 2104.10</i></div><hr style="font-family: inherit;" /><h2 style="font-family: inherit;">System Update</h2><div style="font-family: inherit;"><strong>Name: </strong>System Update Configuration</div><div style="font-family: inherit;"><strong><br /></strong></div><div style="font-family: inherit;"><strong>Description: </strong>This policy setting provides the ability for the Administrator to config the filter of searching updates. If you enable this policy setting, Commercial Vantage will searching for updates base on this filter. This policy affects both manual and auto update.</div><div style="font-family: inherit;"><strong><br /></strong></div><div style="font-family: inherit;"><strong>OMA-URI:</strong><div class="dontoverflow">./Device/Vendor/MSFT/Policy/Config/CommercialVantage~Policy~03E445D7B5956335BEDEF9340AC7E092~7D8BB8A33C8A8577FC2188C5539DFDBB~162A79B7E43E726881D582DBA5C8B0B7/E1181AE4156C9E11CAF88FC6416AE108</div></div><div style="font-family: inherit;"><strong><br /></strong></div><div style="font-family: inherit;"><strong>Values:</strong><pre><enabled/></pre><pre><data id="602015B22CFEA08C53FEC8C3E81356BF" value="true"/></pre><pre><data id="CE7D1526B3D8674705FF75DFF52B4416" value="true"/></pre><pre><data id="7C75C7AA6FF288235BCA3886FA9A4176" value="true"/></pre><pre><data id="94803C37291A574BB4CAF4DFAE682CC2" value="true"/></pre><pre><data id="7326616EB323392D1BB0E6436A4A02AF" value="false"/></pre><pre><data id="6564E6607DD79991C0A56F009A4102FA" value="true"/></pre><pre><data id="B78D824B47B0EC632B7EDEF30B63E2D9" value="true"/></pre><pre><data id="A0DEF98CD96C592582382A3453CB78BA" value="true"/></pre><pre><data id="8E6885D7C10107B5CD98053B7D8B2A6E" value="true"/></pre><pre><data id="A45D902F95DDD3B8597B21175A66A804" value="true"/></pre><pre><data id="46302403B9C32072305518FE20DC6720" value="false"/></pre><pre><data id="FDC13AFD3BA418958D122D78105C2F90" value="false"/></pre><pre><data id="3297105136FCEC5D3432C0FA2FDB73BB" value="false"/></pre><pre><data id="C62002C924CF75712313AC1CF94525AB" value="false"/></pre><pre><data id="9A82A62C3EF3BA2FCC142413A1FAC951" value="false"/></pre></div><div style="font-family: inherit;"><strong>Notes: </strong>All elements must be specified with a value of either True or False. Reference the legend below for Boolean id elements to string match.<div><pre>602015B22CFEA08C53FEC8C3E81356BF = Critical Applications</pre><pre>CE7D1526B3D8674705FF75DFF52B4416 = Critical Drivers</pre><pre>7C75C7AA6FF288235BCA3886FA9A4176 = Critical BIOS</pre><pre>94803C37291A574BB4CAF4DFAE682CC2 = Critical Firmware</pre><pre>7326616EB323392D1BB0E6436A4A02AF = Critical Others</pre><pre>6564E6607DD79991C0A56F009A4102FA = Recommended Applications</pre><pre>B78D824B47B0EC632B7EDEF30B63E2D9 = Recommended Drivers</pre><pre>A0DEF98CD96C592582382A3453CB78BA = Recommended BIOS</pre><pre>8E6885D7C10107B5CD98053B7D8B2A6E = Recommended Firmware</pre><pre>A45D902F95DDD3B8597B21175A66A804 = Recommended Others</pre><pre>46302403B9C32072305518FE20DC6720 = Optional Applications</pre><pre>FDC13AFD3BA418958D122D78105C2F90 = Optional Drivers</pre><pre>3297105136FCEC5D3432C0FA2FDB73BB = Optional BIOS</pre><pre>C62002C924CF75712313AC1CF94525AB = Optional Firmware</pre><pre>9A82A62C3EF3BA2FCC142413A1FAC951 = Optional Others</pre></div></div><hr style="font-family: inherit;" /><div style="font-family: inherit;"><strong>Name:</strong> System Update Repository</div><div style="font-family: inherit;"><strong><br /></strong></div><div style="font-family: inherit;"><strong>Description: </strong>Defines the location of where System Update will pickup available content.</div><div style="font-family: inherit;"><strong><br /></strong></div><div style="font-family: inherit;"><strong>OMA-URI:</strong><div class="dontoverflow">./Device/Vendor/MSFT/Policy/Config/CommercialVantage~Policy~03E445D7B5956335BEDEF9340AC7E092~7D8BB8A33C8A8577FC2188C5539DFDBB~162A79B7E43E726881D582DBA5C8B0B7/BD0C70F0CE887CC46496DD7BF81C0B8C</div></div><div style="font-family: inherit;"><strong><br /></strong></div><div style="font-family: inherit;"><strong>Value:</strong><pre><enabled/></pre><pre><data id="BD0C70F0CE887CC46496DD7BF81C0B8C" value="\\your_repository"/></pre></div><div style="font-family: inherit;"><strong>Notes: </strong>Supports UNC paths or a local drive.</div><hr style="font-family: inherit;" /><div style="font-family: inherit;"><strong>Name:</strong> Auto Update</div><div style="font-family: inherit;"><strong><br /></strong></div><div style="font-family: inherit;"><strong>Description: </strong>This policy setting provides the ability for the Administrator to control auto update. If you enable this policy setting, the auto update will be enabled. If you disable this policy setting, the auto update will be disabled. If you do not configure this policy setting, it will keep the last status and can be controlled by the end user. By default, auto update will install critical updates and recommended driver. If you want customization, please change the setting "Configure System Update"</div><div style="font-family: inherit;"><strong><br /></strong></div><div style="font-family: inherit;"><strong>OMA-URI:</strong><div class="dontoverflow"></div>./Device/Vendor/MSFT/Policy/Config/CommercialVantage~Policy~03E445D7B5956335BEDEF9340AC7E092~7D8BB8A33C8A8577FC2188C5539DFDBB~162A79B7E43E726881D582DBA5C8B0B7~E4FF6280DA9B32B3629E2DCFE74DCCDB/CD787218E9D584BCE873273A0AFD7F05</div><div style="font-family: inherit;"><strong><br /></strong></div><div style="font-family: inherit;"><strong>Value:</strong><pre><pre><enabled/></pre><pre><disabled/></pre></pre></div><div style="font-family: inherit;"><strong>Notes:</strong></div><hr style="font-family: inherit;" /><div style="font-family: inherit;"><strong>Name:</strong> AutoUpdateScheduleDayOfWeek</div><div style="font-family: inherit;"><strong><br /></strong></div><div style="font-family: inherit;"><strong>Description: </strong>This policy setting provides the ability for Administrator to configure the day of week for auto update.</div><div style="font-family: inherit;"><strong><br /></strong></div><div style="font-family: inherit;"><strong>OMA-URI:</strong><div class="dontoverflow"></div>./Device/Vendor/MSFT/Policy/Config/CommercialVantage~Policy~03E445D7B5956335BEDEF9340AC7E092~7D8BB8A33C8A8577FC2188C5539DFDBB~162A79B7E43E726881D582DBA5C8B0B7~E4FF6280DA9B32B3629E2DCFE74DCCDB/80393D48344F26E5AE90D0F22D6B676F</div><div style="font-family: inherit;"><strong><br /></strong></div><div style="font-family: inherit;"><strong>Value:</strong><pre><enabled/></pre><pre><data id="80393D48344F26E5AE90D0F22D6B676F" value="3"/></pre></div><div style="font-family: inherit;"><strong>Notes: </strong>The value should be a number (0-6), where 0 means Sunday, 1 means Monday, 2 means Tuesday...</div><hr style="font-family: inherit;" /><div><div style="font-family: inherit;"><strong>Name:</strong> Defer Update</div><div><strong style="font-family: inherit;"><br /></strong></div><div><strong style="font-family: inherit;">Description: </strong>This policy setting provides the ability for the Administrator to control defer update. If you enable this policy setting, when there are some updates that needs to reboot the system, the end user can defer update for 1 hour. If you disable or do not configure this policy setting, the end user can cancel the update</div><div style="font-family: inherit;"><strong><br /></strong></div><div style="font-family: inherit;"><strong>OMA-URI:</strong><div class="dontoverflow"></div>./Device/Vendor/MSFT/Policy/Config/CommercialVantage~Policy~03E445D7B5956335BEDEF9340AC7E092~7D8BB8A33C8A8577FC2188C5539DFDBB~162A79B7E43E726881D582DBA5C8B0B7~E4FF6280DA9B32B3629E2DCFE74DCCDB/C015CAB39D5B210745DC6D0F43029C21</div><div style="font-family: inherit;"><strong><br /></strong></div><div style="font-family: inherit;"><strong>Value:</strong><pre><pre><enabled/></pre><pre><disabled/></pre></pre></div><div style="font-family: inherit;"><strong>Notes: </strong><i>Added in version 2104.10 v2</i></div><hr style="font-family: inherit;" /><div><div style="font-family: inherit;"></div><div><div style="font-family: inherit;"><strong>Name:</strong> Turn Off Run-Once Task</div><div><strong style="font-family: inherit;"><br /></strong></div><div><strong style="font-family: inherit;">Description: </strong>When this policy is enabled, the initial check for updates by Commercial Vantage is turned off.</div><div style="font-family: inherit;"><strong><br /></strong></div><div style="font-family: inherit;"><strong>OMA-URI:</strong><div class="dontoverflow"></div>./Device/Vendor/MSFT/Policy/Config/CommercialVantage~Policy~03E445D7B5956335BEDEF9340AC7E092~7D8BB8A33C8A8577FC2188C5539DFDBB~162A79B7E43E726881D582DBA5C8B0B7~E4FF6280DA9B32B3629E2DCFE74DCCDB/D89714B27390B0E22E66BCA5C8A43FAE</div><div style="font-family: inherit;"><strong><br /></strong></div><div style="font-family: inherit;"><strong>Value:</strong><pre><pre><enabled/></pre><pre><disabled/></pre></pre></div><div style="font-family: inherit;"><strong>Notes: </strong><i>Added in version 2104.10 v2</i></div><hr style="font-family: inherit;" /><div><div style="font-family: inherit;"><strong>Name:</strong> AutoUpdateScheduleTime</div><div style="font-family: inherit;"><strong><br /></strong></div><div style="font-family: inherit;"><strong>Description: </strong>This policy setting provides the ability for the Administrator to config the time for auto update.</div><div style="font-family: inherit;"><strong><br /></strong></div><div style="font-family: inherit;"><strong>OMA-URI:</strong><div class="dontoverflow"></div>./Device/Vendor/MSFT/Policy/Config/CommercialVantage~Policy~03E445D7B5956335BEDEF9340AC7E092~7D8BB8A33C8A8577FC2188C5539DFDBB~162A79B7E43E726881D582DBA5C8B0B7~E4FF6280DA9B32B3629E2DCFE74DCCDB/EC653B23E1449655915FA566BEA54E40</div><div style="font-family: inherit;"><strong><br /></strong></div><div style="font-family: inherit;"><strong>Value:</strong><pre><enabled/></pre><pre><data id="EC653B23E1449655915FA566BEA54E40" value="10:00:00"/></pre></div><div style="font-family: inherit;"><strong>Notes: </strong>Format HH:mm:ss For example 18:30:00 for 6:30PM.</div><div><div style="font-family: inherit;"></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></span><div><hr /><div><strong>Name: </strong>Warranty Information</div><div><strong style="font-family: inherit;"><br /></strong></div><div><strong style="font-family: inherit;">Description: </strong>This policy setting allows the Administrator to hide the warranty information in Commercial Vantage. If you enable it, the warranty information will be removed from the Commercial Vantage. If you disable or not config it, the warranty information will be shown.</div><div style="font-family: inherit;"><strong><br /></strong></div><div style="font-family: inherit;"><strong>OMA-URI:</strong><div class="dontoverflow"></div>./Device/Vendor/MSFT/Policy/Config/CommercialVantage~Policy~03E445D7B5956335BEDEF9340AC7E092~7D8BB8A33C8A8577FC2188C5539DFDBB~4D633640E5CF3443867C0771CE6106B0/29310C221BB9070F63950B4D1EF6E2FD</div><div style="font-family: inherit;"><strong>Values:</strong><pre><enabled/></pre><pre><disabled/></pre></div><div style="font-family: inherit;"><strong>Notes: </strong><i>Added in version 2104.10</i></div></div><div><div style="font-family: inherit;"></div></div><div><hr /><div><strong>Name: </strong>Write Warranty Information to WMI</div><div><strong style="font-family: inherit;"><br /></strong></div><div><strong style="font-family: inherit;">Description: </strong>This policy setting allows the Administrator to enable Commercial Vantage to writing the warranty information for the system into the Lenovo Namespace WMI table. If you enable it, the warranty information will be written into WMI table. If you disable or not config it, the warranty information will not be written into WMI table.</div><div style="font-family: inherit;"><strong><br /></strong></div><div style="font-family: inherit;"><strong>OMA-URI:</strong><div class="dontoverflow"></div>./Device/Vendor/MSFT/Policy/Config/CommercialVantage~Policy~03E445D7B5956335BEDEF9340AC7E092~7D8BB8A33C8A8577FC2188C5539DFDBB~4D633640E5CF3443867C0771CE6106B0/8431B9B72EC21BF09C22F293D7E3F2D5</div><div style="font-family: inherit;"><strong><br /></strong></div><div style="font-family: inherit;"><strong>Values:</strong><pre><enabled/></pre><pre><disabled/></pre></div><div style="font-family: inherit;"><strong>Notes: </strong><i>Added in version 2104.10</i></div></div><hr style="font-family: inherit;" /><h2 style="font-family: inherit;">EULA</h2><div style="font-family: inherit;"><strong>Name: </strong>Auto Accept EULA</div><div style="font-family: inherit;"><strong><br /></strong></div><div style="font-family: inherit;"><strong>Description: </strong>When you use this policy to disable the end user EULA and Privacy window, a notification will go back to Lenovo that the EULA has been accepted. No other data is collected</div><div style="font-family: inherit;"><strong><br /></strong></div><div style="font-family: inherit;"><strong>OMA-URI:</strong><div class="dontoverflow"></div>./Device/Vendor/MSFT/Policy/Config/CommercialVantage~Policy~03E445D7B5956335BEDEF9340AC7E092~261C3D29FFEB46D46D29941DC7D22786/423D78F64EDE5D50939BFF9E369A1FC4</div><div style="font-family: inherit;"><strong><br /></strong></div><div style="font-family: inherit;"><strong>Values:</strong><pre><enabled/></pre><pre><disabled/></pre></div><div style="font-family: inherit;"><strong>Notes:</strong></div><hr style="font-family: inherit;" /><h2 style="font-family: inherit;">Wifi Security</h2><div style="font-family: inherit;"><strong>Name: </strong>Wifi Security</div><div style="font-family: inherit;"><strong><br /></strong></div><div style="font-family: inherit;"><strong>Description: </strong>When this policy is enabled, Wifi Security feature of Commercial Vantage will be turned off</div><div style="font-family: inherit;"><strong><br /></strong></div><div style="font-family: inherit;"><strong>OMA-URI:</strong><div class="dontoverflow"></div>./Device/Vendor/MSFT/Policy/Config/CommercialVantage~Policy~03E445D7B5956335BEDEF9340AC7E092~247D6178BE8CC3C83409E26C3E1CE0D9/11116BCCD9E515307397B1CE23E74D13</div><div style="font-family: inherit;"><strong><br /></strong></div><div style="font-family: inherit;"><strong>Values:</strong><pre><enabled/></pre><pre><disabled/></pre></div><div style="font-family: inherit;"><strong>Notes:</strong></div><div style="font-family: inherit;"><br /></div><div>To verify the schedule, open Task Scheduler as Admin and navigate to <b>Lenovo > ImController > Plugins</b></div><div><br /></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgvpjrH-z6dH6TtXWYaL7uwujxIKzGQEZjlurIOHNonjKPu6Eb0bTYa2Ii7FHU4TIwaNWu7MHIf8DHbp4LTyBe6YJ6N-jSKpNqJTa3d3hpMGnxq9SAGtcBXs7E-PmF2NoilE-juPuIx3L0/s1370/Capture.PNG" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="529" data-original-width="1370" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgvpjrH-z6dH6TtXWYaL7uwujxIKzGQEZjlurIOHNonjKPu6Eb0bTYa2Ii7FHU4TIwaNWu7MHIf8DHbp4LTyBe6YJ6N-jSKpNqJTa3d3hpMGnxq9SAGtcBXs7E-PmF2NoilE-juPuIx3L0/s16000/Capture.PNG" /></a></div><br /><div><br /></div><div><br /></div><div><div><span style="font-family: inherit;"><i>Updated 2/1/21: Added OMA-URI's for EULA and custom Repository</i></span></div><div><span style="font-family: inherit;"><i>Updated 2/11/21: preferenceSettings and getSupport have been removed from version 2011.14</i></span></div><div><span style="font-family: inherit;"><i>Updated 3/3/21: All available settings constructed as OMA-URIs</i></span></div><div><i>Updated 5/12/21: New policies added to version 2104.10</i></div></div><div><i>Update 7/6/21: New policies added to version 2104.10 v2</i></div><div><i><br /></i></div><div><table border="1" style="width: 667px;"><tbody><tr><td style="padding: 10px;">Please post any questions related to this article in our <a href="http://forums.lenovo.com/t5/Enterprise-Management-Board/bd-p/sa01_eg">Enterprise Client Management Forum</a>. Comments for this blog have been disabled.</td></tr></tbody></table></div><div><br /></div>Phil Jorgensenhttp://www.blogger.com/profile/11453108320856076366noreply@blogger.comtag:blogger.com,1999:blog-6670904646973955613.post-50177002563192363162020-11-10T15:33:00.008-05:002022-03-23T13:46:52.201-04:00Deploying Commercial Vantage With Intune<div class="separator" style="clear: both; text-align: left;"><i>This article has moved to </i><a href="https://blog.lenovocdrt.com/#/2020/cv_intune_deploy">https://blog.lenovocdrt.com/#/2020/cv_intune_deploy</a></div><div class="separator" style="clear: both; text-align: center;"><br /></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhBw8kEs9OPJK2Q5LJQX9BPmdhyphenhyphen71Qk25BsrderET-9Z75dbrwjjxugcWleOYSrd8IyG6wtj6mNGAlXmXyynHPMTExiV1ODB-bvuxI-0cCuMvSo-KU-C1pDEJyHJ7_GkgH9N3nW9otoCJIb/s102/LenovoVantage.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="102" data-original-width="102" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhBw8kEs9OPJK2Q5LJQX9BPmdhyphenhyphen71Qk25BsrderET-9Z75dbrwjjxugcWleOYSrd8IyG6wtj6mNGAlXmXyynHPMTExiV1ODB-bvuxI-0cCuMvSo-KU-C1pDEJyHJ7_GkgH9N3nW9otoCJIb/s0/LenovoVantage.png" /></a></div><br /><h2 style="text-align: left;">Introducing Commercial Vantage</h2><div>Lenovo Vantage for Enterprise version 20.x is end-of-life as it does not support the new keyboard design, Intelligent Cooling, or Smart Standby in the 2020 ThinkPads. In addition, it has a server-side piece which will be sunset in early 2021. When this happens, some GUI components of the old Vantage will stop working.</div><div><br /></div><div>Commercial Vantage 10.x supports all of the new models and will be updated going forward. It launches much faster than the old Vantage and does not rely on any server-side components.</div><div><br /></div><div>You can download the latest version of Commercial Vantage with Deployment Guide here:</div><div><br /></div>
<div style="background: rgb(248, 248, 248); border-color: gray; border-image: initial; border-style: solid; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;"><pre style="line-height: 125%; margin: 0px;"><a href="https://support.lenovo.com/solutions/hf003321">https://support.lenovo.com/solutions/hf003321</a>
</pre></div><br />
<div><b style="font-size: large;">PREPARING THE WIN32 APP</b></div><div>Once the zip has been downloaded and extracted, use the <a href="https://github.com/Microsoft/Microsoft-Win32-Content-Prep-Tool" target="_blank">Content Prep Tool</a> to convert to an .intunewin format. There's already a provided batch file that handles the installation of all dependencies, certs, and .msix bundle so this will be used as the setup file. A sample command would be:</div><div><br />
<div style="background: rgb(248, 248, 248); border-color: gray; border-image: initial; border-style: solid; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;"><pre style="line-height: 125%; margin: 0px;">IntuneWinAppUtil.exe -c "C:\IntuneWin\LenovoCommercialVantage_10.2010.11.0_v1" -s "setup-commercial-vantage.bat" -o "C:\IntuneWin\output" -q
</pre></div>
</div><div><br /></div><div class="separator" style="clear: both; text-align: center;"><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhT9cPUwLYhSNIVNqlthnie5bQrFdaz9LZ7bmj1a7UjCpwh11nseykJY9g9-KD21xWZAecqbGxIjp0HiAzq6d0PK3VNPQvhKg7-ZDdO08xRegMfP9YpewwFy0jdeLAUNqHOhHFuVFQVqpU/s1115/Capture.PNG" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="630" data-original-width="1115" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhT9cPUwLYhSNIVNqlthnie5bQrFdaz9LZ7bmj1a7UjCpwh11nseykJY9g9-KD21xWZAecqbGxIjp0HiAzq6d0PK3VNPQvhKg7-ZDdO08xRegMfP9YpewwFy0jdeLAUNqHOhHFuVFQVqpU/s16000/Capture.PNG" /></a></div><br /><div style="text-align: left;"><b><span style="font-size: medium;">CREATING THE WIN32 APP</span></b></div></div><div>Login to the <a href="https://endpoint.microsoft.com/#blade/Microsoft_Intune_DeviceSettings/AppsWindowsMenu/windowsApps" target="_blank">MEM admin center</a> and add a new Windows app (Win32). Select the new App package file created above, which should be named <b>setup-commercial-vantage.intunewin </b>and click OK.</div><div><br /></div><div>Fill out the necessary fields in the App information section and click Review + save</div><div><br /></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhSP39K0kCRZg9Toqi38xLDFMW-QuVCPWPiU29fhLr_2DFi0KX9Cg0y2OKGj5TPVwMyTwLkXITrSOnfL-qNtk6rnQ-6XO07JZ40gwLnQfXUQbw3bC3XMvflOVi6KZ4pBuwZ44TafJo78YE/s853/Capture6.PNG" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="853" data-original-width="717" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhSP39K0kCRZg9Toqi38xLDFMW-QuVCPWPiU29fhLr_2DFi0KX9Cg0y2OKGj5TPVwMyTwLkXITrSOnfL-qNtk6rnQ-6XO07JZ40gwLnQfXUQbw3bC3XMvflOVi6KZ4pBuwZ44TafJo78YE/s16000/Capture6.PNG" /></a></div><br /><div>In the Edit application section, this is where the install/uninstall commands will be specified.</div><div><br /></div><div>Install command</div><div>
<div style="background: rgb(248, 248, 248); border-color: gray; border-image: initial; border-style: solid; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;"><pre style="line-height: 125%; margin: 0px;">setup-commercial-vantage.bat
</pre></div>
</div><div><br /></div><div>Uninstall command</div><div>
<div style="background: rgb(248, 248, 248); border-color: gray; border-image: initial; border-style: solid; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;"><pre style="line-height: 125%; margin: 0px;">C:\Windows\Sysnative\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Bypass -File .\uninstall_vantage_v8\uninstall_all.ps1
</pre></div>
</div><div><br /></div><div>Set Device restart behavior to <b>Determine behavior based on return codes</b>.</div><div><br /></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiOYegfSSKniJK8PrLaqUsKpkT6kOH3W-va5YQU4DaafBwLPkuGAVesqmvBHCErZft-i2MlKpW0lRtoeux4nkfLndw8fAovBghx5UjKVojljbD1rgPZnb482W_jdCR-4HFRaqNvmtQ0m3I/s727/Capture3.PNG" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="549" data-original-width="727" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiOYegfSSKniJK8PrLaqUsKpkT6kOH3W-va5YQU4DaafBwLPkuGAVesqmvBHCErZft-i2MlKpW0lRtoeux4nkfLndw8fAovBghx5UjKVojljbD1rgPZnb482W_jdCR-4HFRaqNvmtQ0m3I/s16000/Capture3.PNG" /></a></div><br /><div>In the Requirements section, set the Operating system architecture to <b>64-bit </b>and Minimum operating system to <b>1809</b></div><div><b><br /></b></div><div>Add an additional Registry type requirement rule that will only apply to Lenovo branded systems. </div><div><br /></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg-Ja3y5l6o33gycjVxiU9djvI7yzXEQj48FFHsgke_SqvXfIYK6b-nffekcneM-t9qgR9aek5DTOl4_PiaMaZkUDm8hr0cCdYIvezyqVuxVmvSP6A2gnf3kgg79yY-eZexLIHj4115a_A/s753/Capture.PNG" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="607" data-original-width="753" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg-Ja3y5l6o33gycjVxiU9djvI7yzXEQj48FFHsgke_SqvXfIYK6b-nffekcneM-t9qgR9aek5DTOl4_PiaMaZkUDm8hr0cCdYIvezyqVuxVmvSP6A2gnf3kgg79yY-eZexLIHj4115a_A/s16000/Capture.PNG" /></a></div><div><br /></div><div>Key path</div><div>
<div style="background: rgb(248, 248, 248); border-color: gray; border-image: initial; border-style: solid; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;"><pre style="line-height: 125%; margin: 0px;">HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\BIOS
</pre></div>
</div><div><br /></div><div>Value name</div><div>
<div style="background: rgb(248, 248, 248); border-color: gray; border-image: initial; border-style: solid; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;"><pre style="line-height: 125%; margin: 0px;">SystemManufacturer
</pre></div>
</div><div><br /></div><div>Registry key requirement: <b>String comparison</b></div><div>Operator: <b>Equals</b></div><div><br /></div><div>Value</div><div>
<div style="background: rgb(248, 248, 248); border-color: gray; border-image: initial; border-style: solid; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;"><pre style="line-height: 125%; margin: 0px;">LENOVO
</pre></div>
</div><div><br /></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhqV011mv3BJr_mS9A47R3TfKJIzEy-dhO7JDdFL24oDNgRmn_erO5kK2vhfXSa0MgE9x1wiPvJ_aTg4hpBHYNQSteH0ByBXo5HxluVwriLIkyNYKvRbPdITU-jKRzj2MWxltjfwta-OVM/s515/Capture7.PNG" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="415" data-original-width="515" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhqV011mv3BJr_mS9A47R3TfKJIzEy-dhO7JDdFL24oDNgRmn_erO5kK2vhfXSa0MgE9x1wiPvJ_aTg4hpBHYNQSteH0ByBXo5HxluVwriLIkyNYKvRbPdITU-jKRzj2MWxltjfwta-OVM/s16000/Capture7.PNG" /></a></div><br /><div>For the detection rule, a custom script detection will be used. Commercial Vantage depends on these 2 services to run</div><div><ul style="text-align: left;"><li><b>ImControllerService</b></li><li><b>LenovoVantageService</b></li></ul><div>This sample PowerShell script can be used for detection <i>(Note: If the Store is not blocked in your environment, remove the version from the string match. Vantage will automatically update itself as new versions are released. )</i></div></div><div><br />
<div style="background: rgb(248, 248, 248); border-color: gray; border-image: initial; border-style: solid; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;"><pre style="line-height: 125%; margin: 0px;"><div style="background-color: #fffffe; color: #333333; font-family: Consolas, "Courier New", monospace; font-size: 13px; line-height: 18px;"><div style="line-height: 18px;"><div><span style="color: darkblue;">If</span> <span style="color: black;">(</span><span style="color: blue;">Get-Service</span> <span style="color: darkgrey;">-</span>Name ImControllerService <span style="color: darkgrey;">-</span>ErrorAction SilentlyContinue<span style="color: black;">)</span> <span style="color: black;">{</span></div><div> <span style="color: darkblue;">If</span> <span style="color: black;">(</span><span style="color: blue;">Get-Service</span> <span style="color: darkgrey;">-</span>Name LenovoVantageService <span style="color: darkgrey;">-</span>ErrorAction SilentlyContinue<span style="color: black;">)</span> <span style="color: black;">{</span></div><div> <span style="color: darkblue;">If</span> <span style="color: black;">(</span><span style="color: blue;">Get-AppxPackage</span> <span style="color: darkgrey;">-</span>AllUsers <span style="color: darkgrey;">|</span> <span style="color: blue;">Where-Object</span> <span style="color: black;">{</span> <span style="color: orangered;">$_.PackageFullName</span> <span style="color: darkgrey;">-match</span> <span style="color: black;">"</span><span style="color: darkred;">LenovoSettingsforEnterprise_10.2010.11.0</span><span style="color: black;">"</span> <span style="color: black;">})</span> <span style="color: black;">{</span></div><div> <span style="color: blue;">Write-Host</span> <span style="color: black;">"</span><span style="color: darkred;">All Services and App Present</span><span style="color: black;">"</span></div><div> <span style="color: black;">}</span></div><div> <span style="color: black;">}</span></div><div><span style="color: black;">}</span></div></div></div></pre></div>
</div><div><br /></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhFN6XojEUi8T0lDzYxCzAO__tnytXquAEmitZuBntlmquRUMo5LRQ3H4tuQlS8Y0ucdwxNik5TAc8SK3MDolN_Kj938MRvXhhijLUB36KzC6Hzc_CM-NqsBmqlOqQHK7tmIoQRWv7Fpc8/s735/Capture8.PNG" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="375" data-original-width="735" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhFN6XojEUi8T0lDzYxCzAO__tnytXquAEmitZuBntlmquRUMo5LRQ3H4tuQlS8Y0ucdwxNik5TAc8SK3MDolN_Kj938MRvXhhijLUB36KzC6Hzc_CM-NqsBmqlOqQHK7tmIoQRWv7Fpc8/s16000/Capture8.PNG" /></a></div><br /><div>Click Review and then Save to complete the app creation and content upload to Intune. Once the upload has finished, assign to a group.</div><div><br /></div><div><span style="font-size: medium;"><b>RESULTS</b></span></div><div>Track the installation through the IntuneManagementExtension.log</div><div><br /></div><div>Here we can see the minimum OS version requirement has been met</div><div><br /></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgXCMrF0zsZ6aZ4XV-3cBB_qHiRnb1HjsBxMM7g5LivZfp2XLha92tWI68WwQN8WmI4oWhcwtyCGubKtKN-PiS9vcQKLbq5flnZV_fjK7M9sl13x7Fu5yrwEiqYVo1MCo3Co-0UopQjdcg/s1318/Capture.PNG" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="238" data-original-width="1318" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgXCMrF0zsZ6aZ4XV-3cBB_qHiRnb1HjsBxMM7g5LivZfp2XLha92tWI68WwQN8WmI4oWhcwtyCGubKtKN-PiS9vcQKLbq5flnZV_fjK7M9sl13x7Fu5yrwEiqYVo1MCo3Co-0UopQjdcg/s16000/Capture.PNG" /></a></div><br /><div><br /></div><div>The additional requirement to check if the system is in fact a Lenovo system is true</div><div><br /></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiK2GjRDyEpXywQ7FmNDVbn8zP3eAkP5ViGqP5XDKvTvfHymLCu00iOWJB7bXqFhAQk7ZCVYxKKztBsZVnNRytHTlVzSHvk4_Iitu0skyCfhOzU-GvJqrsQy5iEOwyTary9Mu6wvt8kk-E/s1292/Capture2.PNG" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="436" data-original-width="1292" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiK2GjRDyEpXywQ7FmNDVbn8zP3eAkP5ViGqP5XDKvTvfHymLCu00iOWJB7bXqFhAQk7ZCVYxKKztBsZVnNRytHTlVzSHvk4_Iitu0skyCfhOzU-GvJqrsQy5iEOwyTary9Mu6wvt8kk-E/s16000/Capture2.PNG" /></a></div><br /><div><br /></div><div>The PowerShell detection script finds both services and app are now present</div><div class="separator" style="clear: both; text-align: center;"><br /></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjtQubiv8asoSRZU9fBSQY-N6D2t7RofFcc1jtGpncRpeGH1JciBmJknhWbzfYZrX84TWu2sCGbp5HJfNxZu5_j-zzXmuFj7ItF3KLZxxFXiW6geKyPDLynR0gwlzxH3ZFZ3ox9spPLH_Y/s1191/Capture.PNG" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="257" data-original-width="1191" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjtQubiv8asoSRZU9fBSQY-N6D2t7RofFcc1jtGpncRpeGH1JciBmJknhWbzfYZrX84TWu2sCGbp5HJfNxZu5_j-zzXmuFj7ItF3KLZxxFXiW6geKyPDLynR0gwlzxH3ZFZ3ox9spPLH_Y/s16000/Capture.PNG" /></a></div><br /><div class="separator" style="clear: both; text-align: center;"><br /></div><div><br /></div><div><br /></div><div><br /></div><div><br /></div><div><br /></div>Phil Jorgensenhttp://www.blogger.com/profile/11453108320856076366noreply@blogger.comtag:blogger.com,1999:blog-6670904646973955613.post-86724023830682232802020-10-14T21:15:00.010-04:002022-03-31T11:07:56.529-04:00Autopilot + System Update = Latest drivers<div><i>This article has been moved to </i><a href="https://blog.lenovocdrt.com/#/2020/ap_su">https://blog.lenovocdrt.com/#/2020/ap_su</a></div><div><br /></div>This post walks you through updating your Think product's drivers during Autopilot using System Update.<div><br /></div><div>Ideally, you'll want the most current drivers installed on the device prior to the user's first sign-in. </div><div><br /></div><div>Pre-req's:</div><div><ul style="text-align: left;"><li>Latest version of <a href="https://support.lenovo.com/sv/en/solutions/ht037099#tvsu" target="_blank">System Update</a></li><li>Microsoft's Win32 Content Prep <a href="https://github.com/Microsoft/Microsoft-Win32-Content-Prep-Tool" target="_blank">tool</a></li><li>Sample PowerShell script that performs the following:</li><ul><li>Installs System Update</li><li>Sets the AdminCommandLine registry value that will:</li><ul><li>Download/install type 3 packages (drivers only). More info on package types can be found in the updated Deployment <a href="https://download.lenovo.com/cdrt/docs/DG-SystemUpdateSuite.pdf" target="_blank">Guide</a>.</li><li>Writes the installation status of each update to WMI.</li></ul><li>Configures the System Update UI</li><li>Disables the default scheduled tasks created by System Update.</li><li>Sets a custom scheduled task for System Update to run. Change it to what makes sense for your environment.</li></ul></ul><div>Save the below as <b>Configure-TVSUandScheduledTask.ps1</b></div></div><!--HTML generated using hilite.me--><div style="background: rgb(248, 248, 248); border-color: gray; border-image: initial; border-style: solid; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;"><pre style="line-height: 125%; margin: 0px;"><div style="background-color: #fffffe; color: #333333; font-family: Consolas, "Courier New", monospace; font-size: 14px; line-height: 19px;"><div style="line-height: 19px;"><div><span style="color: darkgreen; font-style: italic;"><# </span></div><div><span style="color: darkgreen; font-style: italic;">DISCLAIMER: </span></div><br /><div><span style="color: darkgreen; font-style: italic;">These sample scripts are not supported under any Lenovo standard support </span></div><br /><div><span style="color: darkgreen; font-style: italic;">program or service. The sample scripts are provided AS IS without warranty </span></div><br /><div><span style="color: darkgreen; font-style: italic;">of any kind. Lenovo further disclaims all implied warranties including, </span></div><br /><div><span style="color: darkgreen; font-style: italic;">without limitation, any implied warranties of merchantability or of fitness for </span></div><br /><div><span style="color: darkgreen; font-style: italic;">a particular purpose. The entire risk arising out of the use or performance of </span></div><br /><div><span style="color: darkgreen; font-style: italic;">the sample scripts and documentation remains with you. In no event shall </span></div><br /><div><span style="color: darkgreen; font-style: italic;">Lenovo, its authors, or anyone else involved in the creation, production, or </span></div><br /><div><span style="color: darkgreen; font-style: italic;">delivery of the scripts be liable for any damages whatsoever (including, </span></div><br /><div><span style="color: darkgreen; font-style: italic;">without limitation, damages for loss of business profits, business interruption, </span></div><br /><div><span style="color: darkgreen; font-style: italic;">loss of business information, or other pecuniary loss) arising out of the use </span></div><br /><div><span style="color: darkgreen; font-style: italic;">of or inability to use the sample scripts or documentation, even if Lenovo </span></div><br /><div><span style="color: darkgreen; font-style: italic;">has been advised of the possibility of such damages. </span></div><div><span style="color: darkgreen; font-style: italic;">#></span> </div><br /><div><span style="color: darkgreen; font-style: italic;"><#</span></div><div><span style="color: purple; font-style: italic;">.</span><span style="color: darkgrey; font-style: italic;">SYNOPSIS</span></div><div><span style="color: darkgreen; font-style: italic;"> Script to install and configure Lenovo System Update. </span></div><br /><div><span style="color: purple; font-style: italic;">.</span><span style="color: darkgrey; font-style: italic;">DESCRIPTION</span></div><div><span style="color: darkgreen; font-style: italic;"> Script will install Lenovo System Update and set the necessary registry subkeys and values that downloads/installs </span></div><div><span style="color: darkgreen; font-style: italic;"> reboot type 3 packages on the system. Certain UI settings are configured for an optimal end user experience.</span></div><div><span style="color: darkgreen; font-style: italic;"> The default Scheduled Task created by System Update will be disabled. A custom Scheduled Task for System Update will be created.</span></div><div><span style="color: darkgreen; font-style: italic;">#></span></div><br /><div><span style="color: darkgreen; font-style: italic;">##### Install System Update</span></div><div><span style="color: orangered;">$pkg</span> <span style="color: darkgrey;">=</span> <span style="color: black;">"</span><span style="color: darkred;">system_update_5.07.0110</span><span style="color: black;">"</span></div><div><span style="color: orangered;">$switches</span> <span style="color: darkgrey;">=</span> <span style="color: black;">"</span><span style="color: darkred;">/verysilent /norestart</span><span style="color: black;">"</span></div><div><span style="color: blue;">Start-Process</span> <span style="color: black;">"</span><span style="color: darkred;">.\</span><span style="color: orangered;">$pkg</span><span style="color: black;">"</span> <span style="color: darkgrey;">-</span>ArgumentList <span style="color: orangered;">$switches</span> <span style="color: darkgrey;">-</span>Wait</div><br /><div><span style="color: darkgreen; font-style: italic;">##### Set SU AdminCommandLine</span></div><div><span style="color: orangered;">$RegKey</span> <span style="color: darkgrey;">=</span> <span style="color: black;">"</span><span style="color: darkred;">HKLM:\SOFTWARE\Policies\Lenovo\System Update\UserSettings\General</span><span style="color: black;">"</span></div><div><span style="color: orangered;">$RegName</span> <span style="color: darkgrey;">=</span> <span style="color: black;">"</span><span style="color: darkred;">AdminCommandLine</span><span style="color: black;">"</span></div><div><span style="color: orangered;">$RegValue</span> <span style="color: darkgrey;">=</span> <span style="color: black;">"</span><span style="color: darkred;">/CM -search A -action INSTALL -includerebootpackages 3 -noicon -noreboot -exporttowmi</span><span style="color: black;">"</span></div><br /><div><span style="color: darkgreen; font-style: italic;"># Create Subkeys if they don't exist</span></div><div><span style="color: darkblue;">if</span> <span style="color: black;">(</span><span style="color: darkgrey;">!</span><span style="color: black;">(</span><span style="color: blue;">Test-Path</span> <span style="color: orangered;">$RegKey</span><span style="color: black;">))</span> <span style="color: black;">{</span></div><div> <span style="color: blue;">New-Item</span> <span style="color: darkgrey;">-</span>Path <span style="color: orangered;">$RegKey</span> <span style="color: darkgrey;">-</span>Force <span style="color: darkgrey;">|</span> <span style="color: blue;">Out-Null</span></div><div> <span style="color: blue;">New-ItemProperty</span> <span style="color: darkgrey;">-</span>Path <span style="color: orangered;">$RegKey</span> <span style="color: darkgrey;">-</span>Name <span style="color: orangered;">$RegName</span> <span style="color: darkgrey;">-</span>Value <span style="color: orangered;">$RegValue</span> <span style="color: darkgrey;">|</span> <span style="color: blue;">Out-Null</span></div><div><span style="color: black;">}</span></div><div><span style="color: darkblue;">else</span> <span style="color: black;">{</span></div><div> <span style="color: blue;">New-ItemProperty</span> <span style="color: darkgrey;">-</span>Path <span style="color: orangered;">$RegKey</span> <span style="color: darkgrey;">-</span>Name <span style="color: orangered;">$RegName</span> <span style="color: darkgrey;">-</span>Value <span style="color: orangered;">$RegValue</span> <span style="color: darkgrey;">-</span>Force <span style="color: darkgrey;">|</span> <span style="color: blue;">Out-Null</span></div><div><span style="color: black;">}</span></div><br /><div><span style="color: darkgreen; font-style: italic;">##### Configure SU interface</span></div><div><span style="color: orangered;">$ui</span> <span style="color: darkgrey;">=</span> <span style="color: black;">"</span><span style="color: darkred;">HKLM:\SOFTWARE\WOW6432Node\Lenovo\System Update\Preferences\UserSettings\General</span><span style="color: black;">"</span></div><div><span style="color: orangered;">$values</span> <span style="color: darkgrey;">=</span> <span style="color: darkblue;">@</span><span style="color: black;">{</span></div><br /><div> <span style="color: black;">"</span><span style="color: darkred;">AskBeforeClosing</span><span style="color: black;">"</span> <span style="color: darkgrey;">=</span> <span style="color: black;">"</span><span style="color: darkred;">NO</span><span style="color: black;">"</span></div><br /><div> <span style="color: black;">"</span><span style="color: darkred;">DisplayLicenseNotice</span><span style="color: black;">"</span> <span style="color: darkgrey;">=</span> <span style="color: black;">"</span><span style="color: darkred;">NO</span><span style="color: black;">"</span></div><br /><div> <span style="color: black;">"</span><span style="color: darkred;">MetricsEnabled</span><span style="color: black;">"</span> <span style="color: darkgrey;">=</span> <span style="color: black;">"</span><span style="color: darkred;">NO</span><span style="color: black;">"</span></div><div> </div><div> <span style="color: black;">"</span><span style="color: darkred;">DebugEnable</span><span style="color: black;">"</span> <span style="color: darkgrey;">=</span> <span style="color: black;">"</span><span style="color: darkred;">YES</span><span style="color: black;">"</span></div><br /><div><span style="color: black;">}</span></div><br /><div><span style="color: darkblue;">if</span> <span style="color: black;">(</span><span style="color: blue;">Test-Path</span> <span style="color: orangered;">$ui</span><span style="color: black;">)</span> <span style="color: black;">{</span></div><div> <span style="color: darkblue;">foreach</span> <span style="color: black;">(</span><span style="color: orangered;">$item</span> <span style="color: darkblue;">in</span> <span style="color: orangered;">$values.GetEnumerator</span><span style="color: black;">()</span> <span style="color: black;">)</span> <span style="color: black;">{</span></div><div> <span style="color: blue;">New-ItemProperty</span> <span style="color: darkgrey;">-</span>Path <span style="color: orangered;">$ui</span> <span style="color: darkgrey;">-</span>Name <span style="color: orangered;">$item.Key</span> <span style="color: darkgrey;">-</span>Value <span style="color: orangered;">$item.Value</span> <span style="color: darkgrey;">-</span>Force</div><div> <span style="color: black;">}</span></div><div><span style="color: black;">}</span></div><br /><div><span style="color: darkgreen; font-style: italic;"><# </span></div><div><span style="color: darkgreen; font-style: italic;">Run SU and wait until the Tvsukernel process finishes.</span></div><div><span style="color: darkgreen; font-style: italic;">Once the Tvsukernel ends, Autopilot flow will continue.</span></div><div><span style="color: darkgreen; font-style: italic;">#></span></div><div><span style="color: orangered;">$su</span> <span style="color: darkgrey;">=</span> <span style="color: blue;">Join-Path</span> <span style="color: darkgrey;">-</span>Path <span style="color: orangered;">$</span><span style="color: black;">{</span><span style="color: orangered;">env:ProgramFiles(x86)</span><span style="color: black;">}</span> <span style="color: darkgrey;">-</span>ChildPath <span style="color: black;">"</span><span style="color: darkred;">Lenovo\System Update\tvsu.exe</span><span style="color: black;">"</span></div><div><span style="color: darkgrey;">&</span><span style="color: orangered;">$su</span> <span style="color: darkgrey;">/</span>CM <span style="color: darkgrey;">|</span> <span style="color: blue;">Out-Null</span></div><div><span style="color: blue;">Wait-Process</span> <span style="color: darkgrey;">-</span>Name Tvsukernel</div><br /><div><span style="color: darkgreen; font-style: italic;"># Disable the default System Update scheduled tasks</span></div><div><span style="color: blue;">Get-ScheduledTask</span> <span style="color: darkgrey;">-</span>TaskPath <span style="color: black;">"</span><span style="color: darkred;">\TVT\</span><span style="color: black;">"</span> <span style="color: darkgrey;">|</span> <span style="color: blue;">Disable-ScheduledTask</span></div><br /><div><span style="color: darkgreen; font-style: italic;">##### Disable Scheduler Ability. </span></div><div><span style="color: darkgreen; font-style: italic;"># This will prevent System Update from creating the default scheduled tasks when updating to future releases.</span></div><div><span style="color: orangered;">$sa</span> <span style="color: darkgrey;">=</span> <span style="color: black;">"</span><span style="color: darkred;">HKLM:\SOFTWARE\WOW6432Node\Lenovo\System Update\Preferences\UserSettings\Scheduler</span><span style="color: black;">"</span></div><div><span style="color: blue;">Set-ItemProperty</span> <span style="color: darkgrey;">-</span>Path <span style="color: orangered;">$sa</span> <span style="color: darkgrey;">-</span>Name <span style="color: black;">"</span><span style="color: darkred;">SchedulerAbility</span><span style="color: black;">"</span> <span style="color: darkgrey;">-</span>Value <span style="color: black;">"</span><span style="color: darkred;">NO</span><span style="color: black;">"</span></div><br /><div><span style="color: darkgreen; font-style: italic;">##### Create a custom scheduled task for System Update</span></div><div><span style="color: orangered;">$taskAction</span> <span style="color: darkgrey;">=</span> <span style="color: blue;">New-ScheduledTaskAction</span> <span style="color: darkgrey;">-</span>Execute <span style="color: orangered;">$su</span> <span style="color: darkgrey;">-</span>Argument <span style="color: black;">'</span><span style="color: darkred;">/CM</span><span style="color: black;">'</span></div><div><span style="color: orangered;">$taskTrigger</span> <span style="color: darkgrey;">=</span> <span style="color: blue;">New-ScheduledTaskTrigger</span> <span style="color: darkgrey;">-</span>Weekly <span style="color: darkgrey;">-</span>DaysOfWeek Monday <span style="color: darkgrey;">-</span>At 9am</div><div><span style="color: orangered;">$taskUserPrincipal</span> <span style="color: darkgrey;">=</span> <span style="color: blue;">New-ScheduledTaskPrincipal</span> <span style="color: darkgrey;">-</span>UserId <span style="color: black;">'</span><span style="color: darkred;">SYSTEM</span><span style="color: black;">'</span></div><div><span style="color: orangered;">$taskSettings</span> <span style="color: darkgrey;">=</span> <span style="color: blue;">New-ScheduledTaskSettingsSet</span> <span style="color: darkgrey;">-</span>Compatibility Win8</div><div><span style="color: orangered;">$task</span> <span style="color: darkgrey;">=</span> <span style="color: blue;">New-ScheduledTask</span> <span style="color: darkgrey;">-</span>Action <span style="color: orangered;">$taskAction</span> <span style="color: darkgrey;">-</span>Principal <span style="color: orangered;">$taskUserPrincipal</span> <span style="color: darkgrey;">-</span>Trigger <span style="color: orangered;">$taskTrigger</span> <span style="color: darkgrey;">-</span>Settings <span style="color: orangered;">$taskSettings</span></div><div><span style="color: blue;">Register-ScheduledTask</span> <span style="color: darkgrey;">-</span>TaskName <span style="color: black;">'</span><span style="color: darkred;">Run-TVSU</span><span style="color: black;">'</span> <span style="color: darkgrey;">-</span>InputObject <span style="color: orangered;">$task</span> <span style="color: darkgrey;">-</span>Force</div></div></div>
</pre></div>
<div><br /></div><div><br /></div><div><span style="font-size: large;">Preparing the Win32 App</span></div><div>Once all pre-requisites are downloaded to a source location, run the Content Prep tool to package the content as an .intunewin package. A sample command would be:</div><div><br /><div style="background: rgb(248, 248, 248); border-color: gray; border-image: initial; border-style: solid; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;"><pre style="line-height: 125%; margin: 0px;">IntuneWinAppUtil.exe -c <span style="color: #ba2121;">"C:\SU\"</span> -s <span style="color: #ba2121;">"Configure-TVSUandScheduledTask.ps1"</span> -o <span style="color: #ba2121;">"C:\SU\output"</span>
</pre></div>
</div><div class="separator" style="clear: both; text-align: center;"><br /></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiGpTi36_i3mGUFr7-p5Qy-Sfq6qcsl2GdDPSYphss3XAop-LuJQzRNgiP2CaCzG622Ns27sQQWpD48QqgQkxhNzZb_JI46s11pGjFKus_7fYUIkwz2ENDjEtehC9t9vMk3i2VdmYJQigU/s1910/Capture.PNG" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="579" data-original-width="1910" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiGpTi36_i3mGUFr7-p5Qy-Sfq6qcsl2GdDPSYphss3XAop-LuJQzRNgiP2CaCzG622Ns27sQQWpD48QqgQkxhNzZb_JI46s11pGjFKus_7fYUIkwz2ENDjEtehC9t9vMk3i2VdmYJQigU/s16000/Capture.PNG" /></a></div><br /><div class="separator" style="clear: both; text-align: left;"><br /></div><div class="separator" style="clear: both; text-align: left;"><br /></div><div class="separator" style="clear: both; text-align: left;"><span style="font-size: large;">Add Win32 App</span></div><div class="separator" style="clear: both; text-align: left;">Add a new Windows app in the <a href="https://endpoint.microsoft.com/#blade/Microsoft_Intune_DeviceSettings/AppsWindowsMenu/windowsApps" target="_blank">MEM admin center</a>, and choose the <b>Windows app (Win32) </b>app type. Select the .intunewin app created earlier and click ok to upload.</div><div class="separator" style="clear: both; text-align: left;"><br /></div><div class="separator" style="clear: both; text-align: left;">Fill out the necessary information for each section.</div><div class="separator" style="clear: both; text-align: left;"><br /></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhnRUhR3x14lbr8ONkfAqF1OwcrTq5wMv6i2XScHocEYIA_VO2H3_615-zL5b5UnjeP_nMKwBDhkyMy79gBtuyGN0KwRT1kdVYoQU7LCFDHDQHPsJWqSGzVKFI-yvRwyz69N44a3g_KglA/s747/AppInfo.PNG" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="553" data-original-width="747" height="474" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhnRUhR3x14lbr8ONkfAqF1OwcrTq5wMv6i2XScHocEYIA_VO2H3_615-zL5b5UnjeP_nMKwBDhkyMy79gBtuyGN0KwRT1kdVYoQU7LCFDHDQHPsJWqSGzVKFI-yvRwyz69N44a3g_KglA/w640-h474/AppInfo.PNG" title="App Information" width="640" /></a></div><br /><div class="separator" style="clear: both; text-align: left;">For the Install command enter the following:</div><div style="background: rgb(248, 248, 248); border-color: gray; border-image: initial; border-style: solid; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;"><pre style="line-height: 125%; margin: 0px;">powershell.exe -ExecutionPolicy Bypass <span style="color: #666666;">-File</span> .\Configure-TVSUandScheduledTask.ps1
</pre></div>
<div class="separator" style="clear: both; text-align: left;"><br /></div><div class="separator" style="clear: both; text-align: left;">Since there's no uninstall, just enter <b>cmd.exe /c </b></div><div class="separator" style="clear: both; text-align: left;"><br /></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgYFAihRzDMtIP9MAbIgGoXSIIvuBtUOKODkf8Ybos42qhv2NfFrzAJIZnbLazrb6KjUaeMFRvnK9WAcZzlHBCXxPb07MR171zWNsFh48EEpiBngMZX5yr55jzXVZkva0CoNKji6ZBnG9I/s653/Program.PNG" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="275" data-original-width="653" height="270" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgYFAihRzDMtIP9MAbIgGoXSIIvuBtUOKODkf8Ybos42qhv2NfFrzAJIZnbLazrb6KjUaeMFRvnK9WAcZzlHBCXxPb07MR171zWNsFh48EEpiBngMZX5yr55jzXVZkva0CoNKji6ZBnG9I/w640-h270/Program.PNG" width="640" /></a></div><br /><div class="separator" style="clear: both; text-align: left;">For Requirements:</div><div class="separator" style="clear: both; text-align: left;"><ul style="text-align: left;"><li><b>OS Architecture: x86,x64</b></li><li><b>Minimum OS: Windows 10 1607</b></li></ul></div><div><br /></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgpnLl56orEBau3dhhHP3sQVjNz6W3Eiv0LzMSBE1RWLVSC0IM8O9OkT5Cxdryane_L1kHu9a288E1FdW-KvpcBsYFJXQik8lXxQIicyaMTL7XAQst1rluu5NjQMVX7zI7XKi12iLkDqRI/s705/Requirements.PNG" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="249" data-original-width="705" height="226" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgpnLl56orEBau3dhhHP3sQVjNz6W3Eiv0LzMSBE1RWLVSC0IM8O9OkT5Cxdryane_L1kHu9a288E1FdW-KvpcBsYFJXQik8lXxQIicyaMTL7XAQst1rluu5NjQMVX7zI7XKi12iLkDqRI/w640-h226/Requirements.PNG" width="640" /></a></div><br /><div class="separator" style="clear: both; text-align: left;">Additional Requirement type: <b>Registry</b></div><div class="separator" style="clear: both; text-align: left;"><ul style="text-align: left;"><li>Key path: <b>HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\BIOS</b></li><li>Value name: <b>SystemManufacturer</b></li><li>Registry key requirement: <b>String comparison</b></li><li>Operator: <b>Equals</b></li><li>Value: <b>LENOVO</b></li></ul><div>This ensures the app will only run on Lenovo systems</div></div><div class="separator" style="clear: both; text-align: left;"><div><br /></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjyazzX9nuRbyqNXtnX0oi918RSuqOQbKj5qhvnsb-NsphhcWHTeQtVF2RwEEVM1b7slMJs8vwkv-rYwmGS0Gor_xNA2ttljKINIrdhoGVWTOOXpiJ8YdqCTv9EtQZWKXfAyw3aqhZUWMs/s569/Addtl-Requirements.PNG" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="465" data-original-width="569" height="524" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjyazzX9nuRbyqNXtnX0oi918RSuqOQbKj5qhvnsb-NsphhcWHTeQtVF2RwEEVM1b7slMJs8vwkv-rYwmGS0Gor_xNA2ttljKINIrdhoGVWTOOXpiJ8YdqCTv9EtQZWKXfAyw3aqhZUWMs/w640-h524/Addtl-Requirements.PNG" width="640" /></a></div><br /><div>Detection rule type: <b>File</b></div><div><br /></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgfh40HjkQ85K4wwSpngsgGBZBiaBFLHOywEWqaJjUXBCluHXuPK7FvnxJspGA42g8dWu8yR9QBw9GQJPXNxcdwGz5Z1AowXm6j40hvY7JdbuGPNrtPnJa8z9i2QpuuAalqKYpZmjr6qSg/s665/DetectionRules.PNG" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="119" data-original-width="665" height="114" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgfh40HjkQ85K4wwSpngsgGBZBiaBFLHOywEWqaJjUXBCluHXuPK7FvnxJspGA42g8dWu8yR9QBw9GQJPXNxcdwGz5Z1AowXm6j40hvY7JdbuGPNrtPnJa8z9i2QpuuAalqKYpZmjr6qSg/w640-h114/DetectionRules.PNG" width="640" /></a></div><div class="separator" style="clear: both; text-align: left;"><br /></div><ul style="text-align: left;"><li>Path: <b>%ProgramData%\Lenovo\SystemUpdate\sessionSE</b></li><li>File or folder: <b>update_history.txt</b></li><li>Detection method: <b>File or folder exists</b></li></ul><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjv3kcuQ2FXMYNGMXnEd-5wrVAtcMPvJP1qo_KhrcxWFeuwEKIh9pc4aQnXAVkfKrGAphWHYLgYD9sENvyMByXgr04U4nFuD92PgcIR9iLEbX6nJZAq1M-54HqqtP4F8nllt9XXdxHI0Y0/s575/DetectionRule.PNG" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="357" data-original-width="575" height="398" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjv3kcuQ2FXMYNGMXnEd-5wrVAtcMPvJP1qo_KhrcxWFeuwEKIh9pc4aQnXAVkfKrGAphWHYLgYD9sENvyMByXgr04U4nFuD92PgcIR9iLEbX6nJZAq1M-54HqqtP4F8nllt9XXdxHI0Y0/w640-h398/DetectionRule.PNG" width="640" /></a></div><br /><div>The update_history.txt is generated since we're specifying the <b>-exporttowmi </b>switch in the AdminCommandLine. Since the system will be going through Autopilot for the first time, this obviously won't be present.</div><div><br /></div><div>Assign the app to a group containing Autopilot registered devices.</div><div><br /></div><div>If you already have an <a href="https://docs.microsoft.com/en-us/mem/autopilot/enrollment-status" target="_blank">Enrollment Status Page</a> profile configured, add this app to the list of selected apps that are required to install before the device can be used. This ensures System Update completes before proceeding to the next phase.</div><div><br /></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgDvtAXt42cKZjhkylGbq3KaoBTlbEY8fThmZYFai212Bw2AlUXiy2LmNb0LCxJOJFahISxUi3QbjPoU2EJ9vGGPUm_xcOom08NWxuFC2hOSw-IFT9BOfKNG0RZXaa0x-r2enimk2tPUrs/s527/ESP.PNG" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="323" data-original-width="527" height="392" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgDvtAXt42cKZjhkylGbq3KaoBTlbEY8fThmZYFai212Bw2AlUXiy2LmNb0LCxJOJFahISxUi3QbjPoU2EJ9vGGPUm_xcOom08NWxuFC2hOSw-IFT9BOfKNG0RZXaa0x-r2enimk2tPUrs/w640-h392/ESP.PNG" width="640" /></a></div><br /><div><span style="font-size: large;">Viewing the Results</span></div><div>A look through the IntuneManagementExtension.log, you'll see the <b>update_history.txt</b> file was not detected</div><div><br /></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiRM3-9hoO8_dzqJEAvr6ozyQfIoNjWJx5XHxBGDYRDqNXkQzfyC29onSnKaZOq_I0zgmkuubhn3BGbY8HFm1IKLeHiuqYDKeJgDVLkzPpkEpFEkB_-lnocW-uaM4lLLgF-_H6BmNe4pGE/s1920/DetectionFalse.PNG" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="751" data-original-width="1920" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiRM3-9hoO8_dzqJEAvr6ozyQfIoNjWJx5XHxBGDYRDqNXkQzfyC29onSnKaZOq_I0zgmkuubhn3BGbY8HFm1IKLeHiuqYDKeJgDVLkzPpkEpFEkB_-lnocW-uaM4lLLgF-_H6BmNe4pGE/s16000/DetectionFalse.PNG" /></a></div><br /><div><br /></div><div>Several minutes later, it's now detected</div><div><br /></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiTkmt1Mpvo1a7W5-QAkSbC3XyAY1-Z4w9u-Q-s87H3WQqYlQKHj_oaSigkIA1Gp6TSX4kKCASWqJBkKkt5WyTzIORNQlJLXidrTXVxaKKZoWvvIQB0UiZmfmfLbhYimBaXwJd6NaLBByg/s1910/DetectionTrue.PNG" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="439" data-original-width="1910" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiTkmt1Mpvo1a7W5-QAkSbC3XyAY1-Z4w9u-Q-s87H3WQqYlQKHj_oaSigkIA1Gp6TSX4kKCASWqJBkKkt5WyTzIORNQlJLXidrTXVxaKKZoWvvIQB0UiZmfmfLbhYimBaXwJd6NaLBByg/s16000/DetectionTrue.PNG" /></a></div><br /><div><br /></div><div>You can then run the following PowerShell command to see which updates were installed</div><div><br /></div><div style="background: rgb(248, 248, 248); border-color: gray; border-image: initial; border-style: solid; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;"><pre style="line-height: 125%; margin: 0px;"><span style="color: green;">Get-ChildItem</span> -Path C<span style="border: 1px solid rgb(255, 0, 0);">:</span>\ProgramData\lenovo\SystemUpdate\sessionSE\update_history.txt | <span style="color: green;">Select-String</span> -SimpleMatch <span style="color: #ba2121;">"Success"</span> | fl Line
</pre></div>
<div><br /></div><div>The screenshot below shows the results from a ThinkPad T480s preloaded with Windows 10 1903. 13 drivers updated successfully!</div><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhMQUwv2wzX3S9sAvMEFL7PyQS9CalF7xx0GPTf5HdXK4msKIAQAmpvj2Zgr0NqV30-54ljwAR2a6afDi8AUuxSXFt5cTjUvuXidtLtejd22cQmKFP2aaiQ5T0kjzGZO0S8u-x457sQt-A/s2048/capture.PNG" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1088" data-original-width="2048" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhMQUwv2wzX3S9sAvMEFL7PyQS9CalF7xx0GPTf5HdXK4msKIAQAmpvj2Zgr0NqV30-54ljwAR2a6afDi8AUuxSXFt5cTjUvuXidtLtejd22cQmKFP2aaiQ5T0kjzGZO0S8u-x457sQt-A/s16000/capture.PNG" /></a></div><br /><div><br /></div><div><br /></div><div><br /></div></div><div class="separator" style="clear: both; text-align: center;"><br /></div><div class="separator" style="clear: both; text-align: center;"><br /></div><div class="separator" style="clear: both; text-align: center;"><br /></div><div class="separator" style="clear: both; text-align: center;"><br /></div><div class="separator" style="clear: both; text-align: center;"><br /></div><div class="separator" style="clear: both; text-align: center;"><br /></div><div class="separator" style="clear: both; text-align: center;"><br /></div><div class="separator" style="clear: both; text-align: center;"><br /></div><br />Phil Jorgensenhttp://www.blogger.com/profile/11453108320856076366noreply@blogger.comtag:blogger.com,1999:blog-6670904646973955613.post-16103747029685082872020-07-29T13:15:00.004-04:002022-02-04T13:16:25.846-05:00Dynamically Install Hardware Support Apps with Microsoft Endpoint ConfigMgr<div><i>This article has moved to <a href="https://blog.lenovocdrt.com/#/2020/dynamic_hsa" target="_blank">https://blog.lenovocdrt.com/#/2020/dynamic_hsa</a></i></div><div><br /></div>This post is intended to provide another solution to install the recently released HSA packs for your ThinkPad in a ConfigMgr Task Sequence.<div><br /></div><div>For an in-depth overview of these HSA packs and installation script, refer to this <a href="https://thinkdeploy.blogspot.com/2020/06/hardware-support-apps-without-microsoft.html" target="_blank">post</a>. </div><div><br /></div><div>To make this process a bit easier and to reduce the number of steps in your Task Sequence, this solution goes hand in hand with an older post (<a href="https://thinkdeploy.blogspot.com/2017/09/dynamically-update-bios-on-think.html" target="_blank">Dynamically Updating BIOS</a>).</div><div><br /></div><div><font size="6">Workflow</font></div><div>We can achieve this in essentially 3 steps in a Task Sequence. </div><div><ul><li>Set the correct Package to download for the applicable model (PowerShell script)</li><li>Download Package to a custom path on the client</li><li>Installation using the <b>Install-HSA.ps1 </b>script (provided <a href="https://thinkdeploy.blogspot.com/2020/06/hardware-support-apps-without-microsoft.html" target="_blank">here</a>)</li></ul><div><br /></div></div><div><font size="5">Step 1: Download HSA Pack</font></div><div><font size="5"><br /></font></div><div>First, you'll need to download/extract the contents of the HSA pack to a desired location and place the <b>Install-HSA.ps1 </b>file in the top level directory. </div><div><br /></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjD-JmEQ9DsTYrExqsC3zs_oT-elu2PWmaPiA4AA3hiZ1SG1n0M9AzgHyrtJWw96IqD-Asa5ExzNhBNmw3qChB6YlhVPmrvYmL19icN7ea769FtKiLiweKOfStRiTIBJ5caTofF13Awbdo/s779/Capture3.PNG" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="515" data-original-width="779" height="414" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjD-JmEQ9DsTYrExqsC3zs_oT-elu2PWmaPiA4AA3hiZ1SG1n0M9AzgHyrtJWw96IqD-Asa5ExzNhBNmw3qChB6YlhVPmrvYmL19icN7ea769FtKiLiweKOfStRiTIBJ5caTofF13Awbdo/w625-h414/Capture3.PNG" width="625" /></a></div><div><br /></div><div><font size="5">Step 2: Create Legacy Package(s)</font></div><div><font size="5"><br /></font></div><div>In the ConfigMgr console, create a Package (No Program) and enter the following details</div><div><ul style="text-align: left;"><li><b>Name - </b>Friendly name of the system. For example, <b>ThinkPad X13 Yoga Gen 1</b></li><ul><li>This can be found in the <a href="https://support.lenovo.com/us/en/solutions/ht104042" target="_blank">deployment recipe card</a> for the model</li></ul><li><b>Version </b>- This is optional, but I entered the HSA pack version, which can be found in the ReadMe</li><li><b>Description/Comment</b> - This is the first 4 of the MTM. For Example, <b>20SX,20SY</b></li><ul><li>Also found in the deployment recipe card</li></ul></ul><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEik_7CM9FjmLC8Hm-UCDJ9W4-NtJL6DyQa-fkatdtpYYjAyYtQly3ksg55Lkx4eZ_ATJWT6GzpbW794NzCnI-ngf4unU1JZIB9Ixwm6JbSdYNCvkTkl3FbeKxyABzlhsB2zi4RBqQVdaZI/s609/Capture.PNG" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="609" data-original-width="594" height="625" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEik_7CM9FjmLC8Hm-UCDJ9W4-NtJL6DyQa-fkatdtpYYjAyYtQly3ksg55Lkx4eZ_ATJWT6GzpbW794NzCnI-ngf4unU1JZIB9Ixwm6JbSdYNCvkTkl3FbeKxyABzlhsB2zi4RBqQVdaZI/w610-h625/Capture.PNG" width="610" /></a></div><div><br /></div><ul style="text-align: left;"><li><b>MIF Name </b>- HSA</li><li><b>MIF Version </b>- Windows 10 Build. For example <b>1909</b></li><ul><li>The HSA pack will show which build of Windows 10 it's intended for in the ReadMe</li></ul></ul><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhRD1fchWMtBMUBDMqbvZYWjnhEtfjGc9jOsQ3OYx2Q6aShi_gj_yU_DnszVijcL2FOQWKrxTJGVtlF-uc6rZu7K5tSp2XtKsb-3vMsk4CJ9qxOMz1dP54p_iScCclEVPd_SLqTRIQTCfI/s609/Capture2.PNG" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="609" data-original-width="594" height="625" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhRD1fchWMtBMUBDMqbvZYWjnhEtfjGc9jOsQ3OYx2Q6aShi_gj_yU_DnszVijcL2FOQWKrxTJGVtlF-uc6rZu7K5tSp2XtKsb-3vMsk4CJ9qxOMz1dP54p_iScCclEVPd_SLqTRIQTCfI/w610-h625/Capture2.PNG" width="610" /></a></div><div><br /></div></div><div><br /></div><div>If you don't already have a Package containing your Scripts, create another one for this purpose. </div><div><br /></div><div><font size="5">Step 3: Generating the Packages XML</font></div><div><font size="5"><br /></font></div><div>Referencing the Dynamic BIOS Update <a href="https://thinkdeploy.blogspot.com/2017/09/dynamically-update-bios-on-think.html" target="_blank">post</a>, you'll need to generate an XML containing your Packages. This XML will contain the necessary data in order to match the HSA Package to your ThinkPad. To generate the XML, the following PowerShell commands can be used</div><div><br /></div><div style="background: rgb(248, 248, 248); border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;"><pre style="line-height: 125%; margin: 0px;"><span style="color: #408080; font-style: italic;"># Connect to ConfigMgr Site </span>
<span style="color: #19177c;">$SiteCode</span> = $(<span style="color: green;">Get-WmiObject</span> -ComputerName "<span style="color: #19177c;">$ENV:COMPUTERNAME"</span> -Namespace "root\SMS" -Class "SMS_ProviderLocation").SiteCode
<span style="color: #408080; font-style: italic;"># Get Package data and export XML</span>
<span style="color: green;">Get-WmiObject</span> -Class sms_package -Namespace root\sms\site_<span style="color: #19177c;">$sitecode</span> | <span style="color: green;">Select-Object</span> pkgsourcepath, Description, Manufacturer, MifFileName, MifName, MIFVersion, Name, PackageID, ShareName, Version | <span style="color: green;">Sort-Object</span> -Property Name | <span style="color: green;">Export-Clixml</span> -path <span style="color: #ba2121;">'_Packages.xml'</span> -force
</pre></div><br />
<div>If you open the XML, the contents should be similar to this</div><div><br /></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiKJ-AjZiUm2OdYpfeM9qST4ngF1ij9GtyJQSwbYhDZzuQYHpzpHw2SZYsSF7GjPWJF0yNoxMY-MNK462oc_5U-WsnvpWfK-8pNr42jawqanit6kO88UuXCeOPFtCf0KYeW02rrqwsL16Q/s1008/Capture8.PNG" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="246" data-original-width="1008" height="154" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiKJ-AjZiUm2OdYpfeM9qST4ngF1ij9GtyJQSwbYhDZzuQYHpzpHw2SZYsSF7GjPWJF0yNoxMY-MNK462oc_5U-WsnvpWfK-8pNr42jawqanit6kO88UuXCeOPFtCf0KYeW02rrqwsL16Q/w625-h154/Capture8.PNG" width="625" /></a></div><div><br /></div><div>Copy this XML to your Scripts folder. Along with the XML, another piece to the puzzle is needed to be able to grab the correct HSA Package during the Task Sequence. The below PowerShell script (<b>Get-DynamicHsaPackages.ps1</b>) will look at the Packages.xml, match the Name/MTM to it's corresponding HSA Package, and leverage the <b>OSDDownloadDownloadPackages </b>override<b> </b>variable in the Download Package Content step. This script needs to be saved in your Scripts folder as well.</div><div><br /></div><div style="background: rgb(248, 248, 248); border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;"><pre style="line-height: 125%; margin: 0px;">[<span style="color: green; font-weight: bold;">CmdletBinding</span>()]
<span style="color: green; font-weight: bold;">param</span> (
[<span style="color: green; font-weight: bold;">Parameter</span>(<span style="color: green; font-weight: bold;">ValueFromPipelineByPropertyName</span>,
<span style="color: green; font-weight: bold;">Position</span> = 0)]
<span style="color: #880000;">[string]</span>
<span style="color: #19177c;">$MatchProperty</span> = <span style="color: #ba2121;">'Name'</span>,
[<span style="color: green; font-weight: bold;">Parameter</span>(<span style="color: green; font-weight: bold;">ValueFromPipelineByPropertyName</span>,
<span style="color: green; font-weight: bold;">Position</span> = 1)]
<span style="color: #880000;">[string]</span>
<span style="color: #19177c;">$ModelVersion</span> = (<span style="color: green;">Get-WmiObject</span> -Class Win32_ComputerSystemProduct -Namespace root\cimv2).Version,
[<span style="color: green; font-weight: bold;">Parameter</span>(<span style="color: green; font-weight: bold;">ValueFromPipelineByPropertyName</span>,
<span style="color: green; font-weight: bold;">Position</span> = 1)]
<span style="color: #880000;">[string]</span>
<span style="color: #19177c;">$MTM</span> = ((<span style="color: green;">Get-WmiObject</span> -Class Win32_ComputerSystem | <span style="color: green;">Select-Object</span> -ExpandProperty Model).SubString(0, 4)).Trim(),
[<span style="color: green; font-weight: bold;">Parameter</span>(<span style="color: green; font-weight: bold;">ValueFromPipelineByPropertyName</span>,
<span style="color: green; font-weight: bold;">Position</span> = 2)]
<span style="color: #880000;">[string]</span>
<span style="color: #19177c;">$PackageXMLLibrary</span> = <span style="color: #ba2121;">".\_Packages.xml"</span>,
[<span style="color: green; font-weight: bold;">Parameter</span>(<span style="color: green; font-weight: bold;">ValueFromPipelineByPropertyName</span>,
<span style="color: green; font-weight: bold;">Position</span> = 3)]
[<span style="color: green; font-weight: bold;">ValidateSet</span>(<span style="color: #ba2121;">"1909"</span>, <span style="color: #ba2121;">"2004"</span>)]
<span style="color: #880000;">[string]</span>
<span style="color: #19177c;">$OSVersion</span> = <span style="color: #ba2121;">""</span>
)
<span style="color: #408080; font-style: italic;">#XML for all packages</span>
<span style="color: #880000;">[xml]</span><span style="color: #19177c;">$Packages</span> = <span style="color: green;">Get-Content</span> -Path <span style="color: #19177c;">$PackageXMLLibrary</span>
<span style="color: #408080; font-style: italic;">#environment variable call for task sequence only</span>
<span style="color: green; font-weight: bold;">try</span> {
<span style="color: #19177c;">$tsenv</span> = <span style="color: green;">New-Object</span> -ComObject Microsoft.SMS.TSEnvironment
<span style="color: #19177c;">$tsenvInitialized</span> = <span style="color: #19177c;">$true</span>
}
<span style="color: green; font-weight: bold;">catch</span> {
<span style="color: green;">Write-Host</span> -Object <span style="color: #ba2121;">'Not executing in a tasksequence'</span>
<span style="color: #19177c;">$tsenvInitialized</span> = <span style="color: #19177c;">$false</span>
}
<span style="color: #19177c;">$PackageID</span> = (<span style="color: green;">Import-Clixml</span> <span style="color: #19177c;">$PackageXMLLibrary</span> | ? { <span style="color: #19177c;">$_</span>.<span style="color: #19177c;">$MatchProperty</span>.Split(<span style="color: #ba2121;">','</span>).Contains(<span style="color: #19177c;">$ModelVersion</span>) <span style="color: #666666;">-and</span> <span style="color: #19177c;">$_</span>.MifName <span style="color: #666666;">-eq</span> <span style="color: #ba2121;">"HSA"</span> <span style="color: #666666;">-and</span> <span style="color: #19177c;">$_</span>.MifVersion <span style="color: #666666;">-match</span> <span style="color: #19177c;">$OSVersion</span> <span style="color: #666666;">-and</span> <span style="color: #19177c;">$_</span>.Description <span style="color: #666666;">-match</span> <span style="color: #19177c;">$MTM</span> }).PackageID
<span style="color: #19177c;">$PackageID</span>
<span style="color: green; font-weight: bold;">if</span> (<span style="color: #19177c;">$tsenvInitialized</span>) {
<span style="color: #19177c;">$tsenv</span>.Value(<span style="color: #ba2121;">'OSDDownloadDownloadPackages'</span>) = <span style="color: #19177c;">$PackageID</span>
}
</pre></div>
<div><br /></div><div><font size="5">Step 4: Putting It All Together</font></div><div>In my testing, I created a Child Task Sequence containing everything above and have added to my main Task Sequence. Here's what it would look like</div><div><br /></div><div><b>Run PowerShell Script:</b> Select the Scripts Package containing:</div><div><ul style="text-align: left;"><li>_.Packages XML</li><li>Get-DynamicHsaPackages.ps1</li></ul><div><b>Script Name</b>: Get-DynamicHsaPackages.ps1</div><div><br /></div><div><b>Parameters</b>: -OSVersion '1909'</div></div><div><ul style="text-align: left;"><li>If you're deploying Windows 10 1909, this is the parameter you'll set. Once the 2004 HSA Packs are released and you are deploying Windows 10 2004, the parameter would then be set to -OSVersion '2004'</li></ul><div><b>PowerShell execution policy: </b>Set to Bypass</div></div><div><span> </span><br /></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgenNtX-Z73w4RI-OTwA33-4ngvwt93l-0xMX7jDM7o3uV3kB9RlrBM1YlRCQjxKUkBjxI-AUttIbUO9eo2KujRdFpDuSIlXpOTUoYUMf8TRAqsTTM9J3L6zoZ4nRmNzG903glkuk5-vlQ/s761/Capture4.PNG" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="592" data-original-width="761" height="486" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgenNtX-Z73w4RI-OTwA33-4ngvwt93l-0xMX7jDM7o3uV3kB9RlrBM1YlRCQjxKUkBjxI-AUttIbUO9eo2KujRdFpDuSIlXpOTUoYUMf8TRAqsTTM9J3L6zoZ4nRmNzG903glkuk5-vlQ/w625-h486/Capture4.PNG" width="625" /></a></div><div><br /></div><div><br /></div><div><b>Download Package Content</b>: This step will eventually get overridden due to the <b>OSDDownloadDownloadPackages </b>variable being set in the <b>Get-DynamicHsaPackages</b> script. So create an empty Package and add it here.</div><div><br /></div><div><b>Custom path:</b> This is where the HSA Package will be downloaded to on the client. Here, I'm using the <b>%_SMSTSMDataPath% </b>(I have my drivers set to download here as well). On the client, this will resolve to C:\_SMSTaskSequence\HSAs\<HSA PackageID></div><div><br /></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjZ_Fhx4lDARBIQaCS3UbZoiSMDrtiq7t04Vk95X2ndA3WPGRQ116nsWqPRz3JVlM1GA4Otksl-Hy5eVsUJyOle-c03cK9VvDadsLSE48OkJEatcClyVCw0saMoY5xCeC0RwatreGTuobc/s761/Capture5.PNG" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="592" data-original-width="761" height="486" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjZ_Fhx4lDARBIQaCS3UbZoiSMDrtiq7t04Vk95X2ndA3WPGRQ116nsWqPRz3JVlM1GA4Otksl-Hy5eVsUJyOle-c03cK9VvDadsLSE48OkJEatcClyVCw0saMoY5xCeC0RwatreGTuobc/w625-h486/Capture5.PNG" width="625" /></a></div><div><br /></div><div><br /></div><div><b>Run Command Line</b>: This step calls PowerShell to execute the <b>Install-HSA.ps1 </b>with parameters to install all HSAs offline (WinPE).</div><div><br /></div><div><div style="background: rgb(248, 248, 248); border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;"><pre style="line-height: 125%; margin: 0px;">powershell.exe -ExecutionPolicy Bypass -Command (<span style="color: green; font-weight: bold;">%</span>_SMSTSMDataPath%\HSAs\*\Install-HSA.ps1 -Offline -All -DebugInformation)
</pre></div>
</div><div><br /></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgpQ5pwb098H8cmSqWXndLuvIM7xaiG-MG4yxqXBc53IkfdHzXmPdre2CoqJLUtOXYfBS0M_WRJd1rIwaSEyimjYPgL9IT9tEwDsC75_Lz4db6MukXfhwe3_Ejn2Tzwov_WIMNvO3yltkY/s850/Capture6.PNG" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="632" data-original-width="850" height="466" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgpQ5pwb098H8cmSqWXndLuvIM7xaiG-MG4yxqXBc53IkfdHzXmPdre2CoqJLUtOXYfBS0M_WRJd1rIwaSEyimjYPgL9IT9tEwDsC75_Lz4db6MukXfhwe3_Ejn2Tzwov_WIMNvO3yltkY/w625-h466/Capture6.PNG" width="625" /></a></div><div><br /></div><div>This being a Child Task Sequence, I've added it to my main Task Sequence right after my Install Drivers step and before the Setup Windows and ConfigMgr Client step</div><div><br /></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEggAE8hx2ftOIZaiNRjymt1FZMz9Lk9l5aRMl9ROKjiQq0o-lkhrZd7MaQlqEphyphenhypheniTNIHzySwZHTinz3pyiwouMoWRy0IQSFk72M5CwY9hbocwIv7RDb0muCZJtHeya9YZ5_C0oZXW1nHw/s348/Capture7.PNG" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="152" data-original-width="348" height="219" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEggAE8hx2ftOIZaiNRjymt1FZMz9Lk9l5aRMl9ROKjiQq0o-lkhrZd7MaQlqEphyphenhypheniTNIHzySwZHTinz3pyiwouMoWRy0IQSFk72M5CwY9hbocwIv7RDb0muCZJtHeya9YZ5_C0oZXW1nHw/w500-h219/Capture7.PNG" width="500" /></a></div><div class="separator" style="clear: both; text-align: center;"><br /></div><div><br /></div><div><font size="5">Notes</font></div><div>It's crucial to enter the correct information in the Packages, specifically the first 4 characters of the system's MTM which will reside in the Description/Comment of the Package. If you have a mixture of AMD and Intel boxes, these systems will have the same friendly name in WMI but have separate HSA packs. When you create the ConfigMgr Packages, you can have 2 identical Package names but the MTM's should be different. The script will match the necessary properties and download the correct Package.</div><div><br /></div><div><br /></div><div><br /></div><div><br /></div>Phil Jorgensenhttp://www.blogger.com/profile/11453108320856076366noreply@blogger.comtag:blogger.com,1999:blog-6670904646973955613.post-16616277631369844102020-06-19T15:49:00.001-04:002022-01-05T12:01:02.701-05:00Hardware Support Apps without the Microsoft Store<div><i>This article has been moved to <a href="https://blog.lenovocdrt.com/#/2020/hsa-1" target="_blank">https://blog.lenovocdrt.com/#/2020/hsa-1</a></i></div><div><em><br /></em></div><em>(Contributor: Thad Lawson)</em><br />
<h2>
Introduction</h2>
With versions of Windows 10 since 1809, Microsoft has introduced the concept of Modern Drivers. These new drivers have a few requirements:<br />
<div>
<ol style="text-align: left;">
<li>Declarative: The driver must be INF installable with no co-installers</li>
<li>Componentized: The driver must support the architecture of having a base driver with optional extension drivers for customizations above the base functionality</li>
<li>Hardware Support Apps: Any software required for working with the device must be in the form of a UWP app available from the Microsoft Store and will be associated to this driver in the INF.</li>
</ol>
<div>
One intent of these items is to simplify in-place upgrades. With this approach, if a Windows 10 device is upgraded to a new build by Windows Update and any new drivers are required, Windows Update can install the driver and it can trigger the software to be installed automatically from the Microsoft Store.</div>
</div>
<div>
<br /></div>
<div>
But what happens if you have blocked access to the Microsoft Store? You will end up with a driver installed for a component without the software to control the device. Keep in mind that not all device drivers will require a software component. However, for those that do you may need them to get the full user experience from your device.</div>
<div>
<br /></div>
<div>
So how do you deploy these Hardware Support Apps (HSAs) without using the Microsoft Store? This is where Lenovo's Hardware Support App Packs come in.</div>
<div>
<br /></div>
<div>Starting in late June of 2020 you will begin to see these show up on the Lenovo Support site on the Drivers & Software page for the specific model, under the Enterprise Management component. These will be available for the new products just launched and going forward. The HSA Packs are similar to our SCCM Driver Packs. They contain just the source files to install the apps for specific models. One difference between the two is that the HSA Packs will typically need to be updated much less frequently. With this architecture, the driver may change several times and continue to use the same HSA.</div>
<div>
<br /></div>
<div>
The HSA Pack will be a self-extracting executable file like our SCCM Driver Packs. When you extract one you will get a folder structure with each app's source files contained in their own folder. By default a folder with a random name will be used to prevent any kind of symlink vulnerability.</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgV4Urr-9rnfdP6erZ_1QriOuCyGmxwG0VvOo2p8vvWdRAHGgJgWdMPj_5R32zWT-nABioYJMfqTgNNzxGYby0EEEMiJOjlyh4h_UH1PqNiTLv32YdnAr3JUdLnh9RhC1PLQL_Yokm5PtiC/s343/hsa_directory.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="302" data-original-width="343" height="282" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgV4Urr-9rnfdP6erZ_1QriOuCyGmxwG0VvOo2p8vvWdRAHGgJgWdMPj_5R32zWT-nABioYJMfqTgNNzxGYby0EEEMiJOjlyh4h_UH1PqNiTLv32YdnAr3JUdLnh9RhC1PLQL_Yokm5PtiC/w320-h282/hsa_directory.png" width="320" /></a></div>
<div>
<br /></div>
<div>
<br />
<h2 style="text-align: left;">
<b>Scripted Install of Hardware Support Apps during a Task Sequence</b></h2>
We have created a script to read JSON manifest files provided in the HSA packs. The script can be leveraged in MEM/SCCM or MDT. Below is the PowerShell script you can use for installation.<br />
<!--HTML generated using hilite.me--><br />
<div style="background: rgb(255, 255, 255); border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;">
<pre style="line-height: 125%; margin: 0px;"><span style="color: green;">################################################################################</span>
<span style="color: green;">## ##</span>
<span style="color: green;">## Title: Install-HSA.ps1 ##</span>
<span style="color: green;">## Publisher: Lenovo ##</span>
<span style="color: green;">## Version: 1.02 ##</span>
<span style="color: green;">## Date: 2020-06-03 ##</span>
<span style="color: green;">## ##</span>
<span style="color: green;">## Legal Disclaimer ##</span>
<span style="color: green;">## ##</span>
<span style="color: green;">## The sample scripts are not supported under any Lenovo standard support ##</span>
<span style="color: green;">## program or service. The sample scripts are provided AS IS without ##</span>
<span style="color: green;">## warranty of any kind. Lenovo further disclaims all implied warranties ##</span>
<span style="color: green;">## including, without limitation, any implied warranties of ##</span>
<span style="color: green;">## merchantability or of fitness for a particular purpose. The entire risk ##</span>
<span style="color: green;">## arising out of the use or performance of the sample scripts and ##</span>
<span style="color: green;">## documentation remains with you. In no event shall Lenovo, its authors, ##</span>
<span style="color: green;">## or anyone else involved in the creation, production, or delivery of the ##</span>
<span style="color: green;">## scripts be liable for any damages whatsoever (including, without ##</span>
<span style="color: green;">## limitation, damages for loss of business profits, business ##</span>
<span style="color: green;">## interruption, loss of business information, or other pecuniary loss) ##</span>
<span style="color: green;">## arising out of the use of or inability to use the sample scripts or ##</span>
<span style="color: green;">## documentation, even if Lenovo has been advised of the possibility of ##</span>
<span style="color: green;">## such damages. ##</span>
<span style="color: green;">## ##</span>
<span style="color: green;">################################################################################</span>
<span style="color: green;"><#</span>
<span style="color: #a31515;">.SYNOPSIS</span><span style="color: green;"></span>
<span style="color: green;"> List the names of or install Hardware Support Applications (HSA) by </span>
<span style="color: green;"> reading manifest files located in the subdirectories.</span>
<span style="color: #a31515;">.DESCRIPTION</span><span style="color: green;"></span>
<span style="color: green;"> By reading manifest files found in the subdirectories of a Hardware Support </span>
<span style="color: green;"> Applications Pack, this script allows for the deployment of one, many, or </span>
<span style="color: green;"> all Hardware Support Applications for a given model. All installations are </span>
<span style="color: green;"> against an offline installation of Windows 10.</span>
<span style="color: #a31515;">.PARAMETER</span><span style="color: green;"> LIST</span>
<span style="color: green;"> Used to list the names of all Hardware Support Applications in the </span>
<span style="color: green;"> subdirectories. Returns the list of the Hardware Support </span>
<span style="color: green;"> Applications names to the screen.</span>
<span style="color: green;"> -LIST</span>
<span style="color: #a31515;">.PARAMETER</span><span style="color: green;"> EXPORT</span>
<span style="color: green;"> Used to list the names of all Hardware Support Applications in the </span>
<span style="color: green;"> subdirectories. Returns the list of names to the Export_<Date><Time>.log </span>
<span style="color: green;"> file in the directory from which the script was executed.</span>
<span style="color: green;"> -LIST -EXPORT</span>
<span style="color: #a31515;">.PARAMETER</span><span style="color: green;"> OFFLINE</span>
<span style="color: green;"> Used to install the Hardware Support Applications.</span>
<span style="color: green;"> -OFFLINE <-ALL, FILE '<FileName>.txt', or -NAME '<HSA Name>'></span>
<span style="color: #a31515;">.PARAMETER</span><span style="color: green;"> ALL</span>
<span style="color: green;"> Used to install all Hardware Support Applications in the subdirectories </span>
<span style="color: green;"> below the script.</span>
<span style="color: green;"> -OFFLINE -ALL</span>
<span style="color: #a31515;">.PARAMETER</span><span style="color: green;"> FILE</span>
<span style="color: green;"> Used to install a list of Hardware Support Applications. The text file </span>
<span style="color: green;"> should be formatted with one Hardware Support Application name per line. </span>
<span style="color: green;"> The file should reside in the same folder as the Install-HSA.ps1 script. </span>
<span style="color: green;"> The names can be found using the -LIST parameter. </span>
<span style="color: green;"> -OFFLINE -FILE '<FileName>.txt'</span>
<span style="color: #a31515;">.PARAMETER</span><span style="color: green;"> NAME</span>
<span style="color: green;"> Used to install one Hardware Support Application. The name can be found </span>
<span style="color: green;"> using the -LIST parameter.</span>
<span style="color: green;"> -OFFLINE -NAME '<HSA Name>'</span>
<span style="color: #a31515;">.PARAMETER</span><span style="color: green;"> NOSMSTS</span>
<span style="color: green;"> Used when running in WinPE, but not in a Microsoft.SMS.TSEnvironment, </span>
<span style="color: green;"> provided by Microsoft Endpoint Manager (MEM), System Center </span>
<span style="color: green;"> Configuration Manager (SCCM), or Microsoft Deployment Toolkit (MDT).</span>
<span style="color: green;"> Call this parameter with the drive letter where the Windows partition has </span>
<span style="color: green;"> the Windows folder already installed.</span>
<span style="color: green;"> -NOSMSTS '<Drive Letter>:'</span>
<span style="color: #a31515;">.PARAMETER</span><span style="color: green;"> DEBUGINFORMATION</span>
<span style="color: green;"> Use to turn on Transcript logging and full logging of DISM Commands. The </span>
<span style="color: green;"> transcript file can be found at C:\Windows\Logs. There will be a separate </span>
<span style="color: green;"> log file from each DISM command generated at C:\Windows\Logs\DISM.</span>
<span style="color: green;"> -DEBUGINFORMATION</span>
<span style="color: #a31515;">.EXAMPLE</span><span style="color: green;"></span>
<span style="color: green;"> .\Install-HSA.ps1 -LIST</span>
<span style="color: #a31515;">.EXAMPLE</span><span style="color: green;"></span>
<span style="color: green;"> .\Install-HSA.ps1 -LIST -EXPORT</span>
<span style="color: #a31515;">.EXAMPLE</span><span style="color: green;"></span>
<span style="color: green;"> .\Install-HSA.ps1 -OFFLINE -NAME 'Lenovo Pen Settings'</span>
<span style="color: #a31515;">.EXAMPLE</span><span style="color: green;"></span>
<span style="color: green;"> .\Install-HSA.ps1 -OFFLINE -FILE 'List.txt'</span>
<span style="color: #a31515;">.EXAMPLE</span><span style="color: green;"></span>
<span style="color: green;"> .\Install-HSA.ps1 -OFFLINE -NOSMSTS 'D:' -ALL</span>
<span style="color: #a31515;">.EXAMPLE</span><span style="color: green;"></span>
<span style="color: green;"> .\Install-HSA.ps1 -OFFLINE -NOSMSTS 'D:' -ALL -DEBUGINFORMATION</span>
<span style="color: #a31515;">.NOTES</span><span style="color: green;"></span>
<span style="color: green;"> Return Code 1 = Both the -LIST and -OFFLINE commands were used. Only one </span>
<span style="color: green;"> of these two parameters can be used at a time.</span>
<span style="color: green;"> Return Code 2 = More than one -ALL, -FILE, or -NAME were used. Only one </span>
<span style="color: green;"> of these three parameters can be used at a time.</span>
<span style="color: green;"> Return Code 3 = No *_HSA_Manifest.json files were found in the </span>
<span style="color: green;"> subdirectories.</span>
<span style="color: green;"> Return Code 4 = When using the -FILE parameter, the file name was not </span>
<span style="color: green;"> found in the directory where the script resides.</span>
<span style="color: green;">#></span>
<span style="color: green;">#######################</span>
<span style="color: green;"># SCRIPT PARAMETERS #</span>
<span style="color: green;">#######################</span>
[<span style="color: blue;">CmdletBinding</span>(DefaultParameterSetName = <span style="color: #a31515;">'GetList'</span>)]
<span style="color: blue;">Param</span>(
[<span style="color: blue;">Parameter</span>(<span style="color: blue;">ParameterSetName</span> = <span style="color: #a31515;">'GetList'</span>)]
[switch]$List,
[<span style="color: blue;">Parameter</span>(<span style="color: blue;">ParameterSetName</span> = <span style="color: #a31515;">'GetList'</span>)]
[switch]$Export,
[<span style="color: blue;">Parameter</span>(<span style="color: blue;">ParameterSetName</span> = <span style="color: #a31515;">'InstallOffline'</span>)]
[switch]$Offline,
[<span style="color: blue;">Parameter</span>(<span style="color: blue;">ParameterSetName</span> = <span style="color: #a31515;">'InstallOffline'</span>)]
[ValidateNotNullOrEmpty()]
[string]$Name,
[<span style="color: blue;">Parameter</span>(<span style="color: blue;">ParameterSetName</span> = <span style="color: #a31515;">'InstallOffline'</span>)]
[ValidateNotNullOrEmpty()]
[string]$File,
[<span style="color: blue;">Parameter</span>(<span style="color: blue;">ParameterSetName</span> = <span style="color: #a31515;">'InstallOffline'</span>)]
[switch]$All,
[<span style="color: blue;">Parameter</span>(<span style="color: blue;">ParameterSetName</span> = <span style="color: #a31515;">'InstallOffline'</span>)]
[ValidateNotNullOrEmpty()]
[string]$NoSMSTS,
[<span style="color: blue;">Parameter</span>(<span style="color: blue;">ParameterSetName</span> = <span style="color: #a31515;">'GetList'</span>)]
[<span style="color: blue;">Parameter</span>(<span style="color: blue;">ParameterSetName</span> = <span style="color: #a31515;">'InstallOffline'</span>)]
[switch]$DebugInformation
)
<span style="color: green;">###############</span>
<span style="color: green;"># FUNCTIONS #</span>
<span style="color: green;">###############</span>
<span style="color: green;">#Install-HSA</span>
<span style="color: blue;">Function</span> Install-HSA
{
[<span style="color: blue;">CmdletBinding</span>()]
<span style="color: blue;">param</span> (
[PSCustomObject]$HSAPackage,
[String]$HSAName
)
$OutDep = $Null
<span style="color: blue;">If</span>((($HSAName -contains $HSAPackage.hsa) -and ($Null -ne $HSAName))-or $All)
{
<span style="color: blue;">ForEach</span>($Dep <span style="color: blue;">in</span> $HSAPackage.Dependencies)
{
$OutDep += <span style="color: #a31515;">" /DependencyPackagePath:`"$(</span><span style="border: 1px solid rgb(255, 0, 0);">$</span><span style="color: #a31515;">HSAPackage.JSONPath)\$(</span><span style="border: 1px solid rgb(255, 0, 0);">$</span><span style="color: #a31515;">Dep)`""</span>
}
$DISMLog = <span style="color: #a31515;">""</span>
<span style="color: blue;">If</span>($DebugInformation)
{
<span style="color: blue;">If</span>(!(Test-Path -Path <span style="color: #a31515;">"$(</span><span style="border: 1px solid rgb(255, 0, 0);">$</span><span style="color: #a31515;">LogPath)\DISM"</span>))
{
New-Item -Path <span style="color: #a31515;">"$(</span><span style="border: 1px solid rgb(255, 0, 0);">$</span><span style="color: #a31515;">LogPath)\DISM"</span> -ItemType Directory
}
$DISMLog = <span style="color: #a31515;">" /LogLevel:4 /LogPath:`"$LogPath\DISM\$(</span><span style="border: 1px solid rgb(255, 0, 0);">$</span><span style="color: #a31515;">HSAPackage.hsa).log`""</span>
}
$DISMArgs = <span style="color: #a31515;">"/Add-ProvisionedAppxPackage /PackagePath:`"$(</span><span style="border: 1px solid rgb(255, 0, 0);">$</span><span style="color: #a31515;">HSAPackage.JSONPath)\$(</span><span style="border: 1px solid rgb(255, 0, 0);">$</span><span style="color: #a31515;">HSAPackage.appx)`" /LicensePath:`"$(</span><span style="border: 1px solid rgb(255, 0, 0);">$</span><span style="color: #a31515;">HSAPackage.JSONPath)\$(</span><span style="border: 1px solid rgb(255, 0, 0);">$</span><span style="color: #a31515;">HSAPackage.license)`"$(</span><span style="border: 1px solid rgb(255, 0, 0);">$</span><span style="color: #a31515;">OutDep) /Region:`"All`"$DISMLog"</span>
Write-Host <span style="color: #a31515;">"Offline DISM - $(</span><span style="border: 1px solid rgb(255, 0, 0);">$</span><span style="color: #a31515;">HSAPackage.hsa)"</span>
<span style="color: blue;">If</span>($NoSMSTSPresent)
{
Write-Host <span style="color: #a31515;">"Using string data from NoSMSTS parameter to define the root drive letter for the DISM /Image parameter."</span>
}
$DISMArgs = <span style="color: #a31515;">"/Image:$(</span><span style="border: 1px solid rgb(255, 0, 0);">$</span><span style="color: #a31515;">Drive)\ $(</span><span style="border: 1px solid rgb(255, 0, 0);">$</span><span style="color: #a31515;">DISMArgs)"</span>
Write-Host <span style="color: #a31515;">"$env:windir\system32\Dism.exe $DISMArgs"</span>
Start-Process -FilePath <span style="color: #a31515;">"$env:windir\system32\Dism.exe"</span> -ArgumentList $DISMArgs -Wait
}
}
<span style="color: green;">##################</span>
<span style="color: green;"># SCRIPT SETUP #</span>
<span style="color: green;">##################</span>
$FilePresent = $false
$NamePresent = $false
$NoSMSTSPresent = $false
<span style="color: blue;">If</span>(($PSBoundParameters.ContainsKey(<span style="color: #a31515;">'List'</span>) -and $PSBoundParameters.ContainsKey(<span style="color: #a31515;">'Offline'</span>)))
{
Write-Host <span style="color: #a31515;">"Use just one from the following list of parameters: -List or -Offline. Review the script usage information for using these parameters."</span>
<span style="color: blue;">Return</span> 1
}
<span style="color: blue;">If</span>($Offline)
{
<span style="color: blue;">If</span>(($PSBoundParameters.ContainsKey(<span style="color: #a31515;">'All'</span>) -and $PSBoundParameters.ContainsKey(<span style="color: #a31515;">'File'</span>) -and $PSBoundParameters.ContainsKey(<span style="color: #a31515;">'Name'</span>)) -or ($PSBoundParameters.ContainsKey(<span style="color: #a31515;">'All'</span>) -and $PSBoundParameters.ContainsKey(<span style="color: #a31515;">'File'</span>)) -or ($PSBoundParameters.ContainsKey(<span style="color: #a31515;">'All'</span>) -and $PSBoundParameters.ContainsKey(<span style="color: #a31515;">'Name'</span>)) -or ($PSBoundParameters.ContainsKey(<span style="color: #a31515;">'File'</span>) -and $PSBoundParameters.ContainsKey(<span style="color: #a31515;">'Name'</span>)) -or ((!($PSBoundParameters.ContainsKey(<span style="color: #a31515;">'All'</span>)) -and (!($PSBoundParameters.ContainsKey(<span style="color: #a31515;">'File'</span>))) -and (!($PSBoundParameters.ContainsKey(<span style="color: #a31515;">'Name'</span>))))))
{
Write-Host <span style="color: #a31515;">"Use just one from the following list of parameters: -All, -Name, or -File. Review the script usage information for using these parameters."</span>
<span style="color: blue;">Return</span> 2
}
<span style="color: blue;">ElseIf</span>($PSBoundParameters.ContainsKey(<span style="color: #a31515;">'File'</span>))
{
$FilePresent = $true
}
<span style="color: blue;">ElseIf</span>($PSBoundParameters.ContainsKey(<span style="color: #a31515;">'Name'</span>))
{
$NamePresent = $true
}
}
<span style="color: blue;">If</span>($PSBoundParameters.ContainsKey(<span style="color: #a31515;">'NoSMSTS'</span>))
{
$NoSMSTSPresent = $true
}
<span style="color: green;">#Setup Vars</span>
$ScriptDir = Split-Path $Script:MyInvocation.MyCommand.Path
<span style="color: blue;">If</span>(($Offline) -and (!($NoSMSTSPresent)))
{
$TSenv = New-Object -COMObject Microsoft.SMS.TSEnvironment
<span style="color: blue;">If</span>($TSEnv.value(<span style="color: #a31515;">"OSDTargetSystemDrive"</span>) -ne <span style="color: #a31515;">""</span>)
{
$Drive = <span style="color: #a31515;">"$(</span><span style="border: 1px solid rgb(255, 0, 0);">$</span><span style="color: #a31515;">TSEnv.value("OSDTargetSystemDrive"))"</span>
}
<span style="color: blue;">Else</span>
{
$Drive = <span style="color: #a31515;">"$(</span><span style="border: 1px solid rgb(255, 0, 0);">$</span><span style="color: #a31515;">TSEnv.value("OSDisk"))"</span>
}
}
<span style="color: blue;">ElseIf</span>(($Offline) -and ($NoSMSTSPresent))
{
$Drive = $NoSMSTS
}
<span style="color: blue;">ElseIf</span>($List)
{
$Drive = $env:SystemDrive
}
$LogDate = Get-Date -Format yyyyMMddHHmmss
<span style="color: blue;">If</span>($DebugInformation)
{
$LogPath = <span style="color: #a31515;">"$(</span><span style="border: 1px solid rgb(255, 0, 0);">$</span><span style="color: #a31515;">Drive)\Windows\Logs"</span>
$LogFile = <span style="color: #a31515;">"$LogPath\$(</span><span style="border: 1px solid rgb(255, 0, 0);">$</span><span style="color: #a31515;">myInvocation.MyCommand)_$(</span><span style="border: 1px solid rgb(255, 0, 0);">$</span><span style="color: #a31515;">LogDate).log"</span>
<span style="color: green;">######################</span>
<span style="color: green;"># START TRANSCRIPT #</span>
<span style="color: green;">######################</span>
Start-Transcript $LogFile -Append -NoClobber
Write-Host <span style="color: #a31515;">"Debug enabled"</span>
}
<span style="color: green;">##########</span>
<span style="color: green;"># MAIN #</span>
<span style="color: green;">##########</span>
$MFJs = Get-ChildItem -path $ScriptDir -Recurse -File -Include <span style="color: #a31515;">"*_manifest.json"</span>
<span style="color: blue;">If</span>($Null -eq $MFJs)
{
Write-Host <span style="color: #a31515;">"No HSA_Manifest.JSON files found in the subfolder structure."</span>
<span style="color: blue;">Return</span> 3
}
<span style="color: blue;">Else</span>
{
$HSAPackages = <span style="border: 1px solid rgb(255, 0, 0);">@</span>()
<span style="color: blue;">ForEach</span>($MFJ <span style="color: blue;">in</span> $MFJs)
{
$MFJData = Get-Content -Path <span style="color: #a31515;">"$(</span><span style="border: 1px solid rgb(255, 0, 0);">$</span><span style="color: #a31515;">MFJ.FullName)"</span> | ConvertFrom-Json
$HSAPackages += New-Object PSObject -Property <span style="border: 1px solid rgb(255, 0, 0);">@</span>{<span style="color: #a31515;">'JSONPath'</span> = $MFJ.DirectoryName<span style="border: 1px solid rgb(255, 0, 0);">;</span> <span style="color: #a31515;">'HSA'</span> = $MFJData.HSA<span style="border: 1px solid rgb(255, 0, 0);">;</span> <span style="color: #a31515;">'Appx'</span> = $MFJData.Appx<span style="border: 1px solid rgb(255, 0, 0);">;</span> <span style="color: #a31515;">'License'</span> = $MFJData.License<span style="border: 1px solid rgb(255, 0, 0);">;</span> <span style="color: #a31515;">'Dependencies'</span> = $MFJData.Dependencies}
}
}
<span style="color: blue;">If</span>($List -or $PSBoundParameters.Count -eq 0 -or ($DebugInformation -and $PSBoundParameters.Count -eq 1))
{
<span style="color: blue;">If</span>($PSBoundParameters.ContainsKey(<span style="color: #a31515;">'Export'</span>))
{
<span style="color: blue;">ForEach</span>($Package <span style="color: blue;">in</span> $HSAPackages)
{
$Package.hsa | Out-File <span style="color: #a31515;">"$ScriptDir\Export_$LogDate.txt"</span> -Append -Noclobber
}
}
<span style="color: blue;">Else</span>
{
<span style="color: blue;">ForEach</span>($Package <span style="color: blue;">in</span> $HSAPackages)
{
Write-Host $Package.hsa
}
}
}
<span style="color: blue;">If</span>($Offline)
{
<span style="color: blue;">If</span>($All)
{
Write-Host <span style="color: #a31515;">"Installing all HSAs found in the folder structure."</span>
}
<span style="color: blue;">ElseIf</span>($NamePresent)
{
Write-Host <span style="color: #a31515;">"Installing the $Name HSA."</span>
}
<span style="color: blue;">ElseIf</span>($FilePresent)
{
Write-Host <span style="color: #a31515;">"Reading the list of HSAs from $File."</span>
<span style="color: blue;">If</span>(!(Test-Path -Path <span style="color: #a31515;">"$ScriptDir\$File"</span>))
{
Write-Host <span style="color: #a31515;">"File: $File not found in $ScriptDir"</span>
<span style="color: blue;">Return</span> 4
}
}
<span style="color: blue;">ForEach</span>($Package <span style="color: blue;">in</span> $HSAPackages)
{
<span style="color: blue;">If</span>($All)
{
Install-HSA -HSAPackage $Package
}
<span style="color: blue;">ElseIf</span>($FilePresent -or $NamePresent)
{
<span style="color: blue;">If</span>($FilePresent)
{
$InstallFileArray = <span style="border: 1px solid rgb(255, 0, 0);">@</span>()
$InstallFileArray = Get-Content -Path <span style="color: #a31515;">"$ScriptDir\$File"</span>
<span style="color: blue;">ForEach</span>($InstallFile <span style="color: blue;">in</span> $InstallFileArray)
{
Install-HSA -HSAPackage $Package -HSAName $InstallFile
}
}
<span style="color: blue;">If</span>($NamePresent)
{
Install-HSA -HSAPackage $Package -HSAName $Name
}
}
$InstallFileArray = $Null
}
}
<span style="color: blue;">If</span>($DebugInformation)
{
<span style="color: green;">#####################</span>
<span style="color: green;"># STOP TRANSCRIPT #</span>
<span style="color: green;">#####################</span>
Stop-Transcript
}
</pre>
</div>
<br />
<ul>
<li><b>List Functionality</b> – Used to list the names of all Hardware Support Applications in the subdirectories. Returns the list of all Hardware Support Applications names to the screen.</li>
<ul>
<li>Export – Used to list the names of all Hardware Support Applications in the subdirectories. Returns the list of all Hardware Support Applications names to the Export_<Date><Time>.log file in the same directory from which the script was executed.</li>
</ul>
<li><b>Offline Install Functionality</b> – Used to install the Hardware Support Applications.</li>
<ul>
<li>All – Used to install all Hardware Support Applications in the subdirectories below the script.</li>
<li>File – Used to install a list of Hardware Support Applications. The text file should be formatted with one Hardware Support Application name per line. The file should reside in the same folder as the Install-HSA.ps1 script. The names can be found using the -LIST parameter</li>
<li>Name – Used to install one Hardware Support Application. The name can be found using the -LIST </li>
</ul>
<li><b>NoSMSTS</b> – used when running in winPE, but not in a Microsoft.SMS.TSEnvironment, provided by Microsoft Endpoint Manager (MEM) / System Center Configuration Manager (SCCM) or Microsoft Deployment Toolkit (MDT).</li>
<ul>
<li>Call this parameter with the drive letter and colon (:) where the Windows partition has the Windows folder already installed.</li>
</ul>
<li><b>DebugInformation</b> – Used to turn on transcript logging and full logging of DISM commands. The transcript file can be found at C:\Windows\Logs. There will be a separate log file from each DISM command generated at C:\Windows\Logs\DISM.</li>
</ul>
<div>
For MEM/SCCM and MDT implementations, we are providing the following guidance for the items needed to successfully deploying Lenovo devices. Each implementation has guidance on WinPE Optional Components Requirements, the package to convey the content to the device, and the Task Sequence task information to perform the install.</div>
<div>
<br /></div>
<h2 style="text-align: left;">
<b>MEM/SCCM Implementation</b></h2>
</div>
<div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<h3 style="text-align: left;">
Windows PE Optional Components Requirements</h3>
<ul style="text-align: left;">
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhoNUXUgd2rVXFjhabvprWwlMQHd37LUkVQUgpBZdUrTra0OD8f9d3aYDKKfYMQJ2Qe4Cyh4YsOxIPbUvjHEcxg4Oc8MbSoWqFtBw4R1KOd_tCsF4Gcpc-DlBdKcQnqYZYfFab6rFeEm_s/s1600/HSA+WinPE+OC.PNG" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="761" data-original-width="727" height="640" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhoNUXUgd2rVXFjhabvprWwlMQHd37LUkVQUgpBZdUrTra0OD8f9d3aYDKKfYMQJ2Qe4Cyh4YsOxIPbUvjHEcxg4Oc8MbSoWqFtBw4R1KOd_tCsF4Gcpc-DlBdKcQnqYZYfFab6rFeEm_s/s640/HSA+WinPE+OC.PNG" width="610" /></a></div>
<ul>
<li>Microsoft .NET (WinPE-NetFx)</li>
<li>Windows PowerShell (WinPE-PowerShell)</li>
<li>Windows PowerShell (WinPE-DismCmdlets)</li>
</ul>
</ul>
<h3 style="text-align: left;">
Packaging</h3>
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjHm-zFvUmGuWHcOTdxPTfmqaLqT0KaM5BZDx-FwJKP3MayJ57TuEgIRakyApAZt8wkyNtL0nqkFQA7eggw8F9qmHmMM6KUg-BwNf0bK9wh_0lIRfbEhIW0pziMxHFDJfYRFPiFx45hqrA/s1600/HSA+Folder+Structure+w+script.PNG" style="margin-left: 1em; margin-right: 1em; text-align: center;"><img border="0" data-original-height="385" data-original-width="986" height="248" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjHm-zFvUmGuWHcOTdxPTfmqaLqT0KaM5BZDx-FwJKP3MayJ57TuEgIRakyApAZt8wkyNtL0nqkFQA7eggw8F9qmHmMM6KUg-BwNf0bK9wh_0lIRfbEhIW0pziMxHFDJfYRFPiFx45hqrA/s640/HSA+Folder+Structure+w+script.PNG" width="640" /></a><br />
<ul style="text-align: left;">
<ol>
<li>Download and extract the required HSA package from Lenovo's website.</li>
<li>Copy the Install-HSA.ps1 script to the directory where the HSA package was extracted.<br />*** NOTE *** If you are going to install more than one HSA, but not all, and are going to use the -FILE parameter, be sure to include the text file with the list of HSA Names in the same directory as the script file.</li>
<li>Create a legacy package with the source files pointed to the directory where the HSA pack is extracted. There is no need to create a program associated with this legacy package.</li>
<li>Distribute to your environment.</li>
</ol>
</ul>
<h3 style="text-align: left;">
Task Sequence</h3>
<ul style="text-align: left;">
</ul>
<ol style="text-align: left;"><div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiYpx13TxOzy34njUineVmNiObS9R5_T3emj0ntUhOP6XX05jQwKcHy4xC8uu_UBmEo__BOaOTI1MUrh55E25eOEK4RLhZmVHvEaxyMHObDbT8sNfc9qgbLbAAHP3JIt6WWWXDSSxmTUj8/s1600/HSA+TS+PS+Task+1.PNG" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="992" data-original-width="1171" height="539" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiYpx13TxOzy34njUineVmNiObS9R5_T3emj0ntUhOP6XX05jQwKcHy4xC8uu_UBmEo__BOaOTI1MUrh55E25eOEK4RLhZmVHvEaxyMHObDbT8sNfc9qgbLbAAHP3JIt6WWWXDSSxmTUj8/s640/HSA+TS+PS+Task+1.PNG" width="640" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEitLJjWs103a3CL9m7JyBdlZoSCyiOa9fuxTPdTK37xt_GJtnWO9yzp3nMsHQqa48hE6D_UwaBaMYeCPrHv_yBuYBVUvwzo2gwHX8ofTKibZl9vQuAZz2DoWQxYrE4BA6sI5sNCWNwGiVo/s1600/HSA+TS+PS+Task+2.PNG" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="992" data-original-width="1171" height="540" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEitLJjWs103a3CL9m7JyBdlZoSCyiOa9fuxTPdTK37xt_GJtnWO9yzp3nMsHQqa48hE6D_UwaBaMYeCPrHv_yBuYBVUvwzo2gwHX8ofTKibZl9vQuAZz2DoWQxYrE4BA6sI5sNCWNwGiVo/s640/HSA+TS+PS+Task+2.PNG" width="640" /></a></div>
<li>After the Apply Operating System task, but before the Setup Windows and Configuration Manager task, add a <b>Run PowerShell Script</b> task.</li>
<li>On the Properties tab, choose the <b>Select a package with a PowerShell script</b> option. Click the <b>Browse</b> button to locate and select the package created above.</li>
<li>In the Script name textbox, enter <b>Install-HSA.ps1</b>.</li>
<li>In the Parameters textbox, enter the parameters required. Ex. -Offline -All -DebugInformation.</li>
<li>On the Options tab, if needed, add the <b>conditional statement</b> and <b>any WMI queries</b> to target by model.</li>
<ol type="A">
</ol>
</ol>
<h2 style="text-align: left;">
<b>MDT Implementation</b></h2>
</div>
<div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<h3 style="text-align: left;">
Windows PE (WinPE) Features Requirements</h3>
<ul style="text-align: left;">
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh9ZZ54CxRN2nVYQB6g4axne0RTa2a9PnbMrRTOsYlzdDCbCNdQNcSLBgfd0xdWLZ5lW28HHsqI3dkGpTNM2OnGHCy0upzMd6In6ebtSmiEBYuouIhOYfbtAx5xixuhsOgpNy5LogX6Kp4/s1600/HSA+WinPE.PNG" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="726" data-original-width="721" height="640" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh9ZZ54CxRN2nVYQB6g4axne0RTa2a9PnbMrRTOsYlzdDCbCNdQNcSLBgfd0xdWLZ5lW28HHsqI3dkGpTNM2OnGHCy0upzMd6In6ebtSmiEBYuouIhOYfbtAx5xixuhsOgpNy5LogX6Kp4/s640/HSA+WinPE.PNG" width="634" /></a></div>
<ul>
<li>.NET Framework</li>
<li>Windows PowerShell</li>
<li>DISM Cmdlets</li>
</ul>
</ul>
<h3 style="text-align: left;">
Application</h3>
<ul style="text-align: left;">
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjMvxiM_sb1LhIga_8w5kMGRHL3VaE-cpzioRP6p8YLfwLf-fbzEJ1oEfBzYp5R-6E1Cs5BCQvUIIsFHS5CTXJwqM2fBZT6-Pxx-NGUzs7en0_e4YsFvPdtR-jydZ6U06Ud7BjHVYbka2o/s1600/HSA+Folder.PNG" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="727" data-original-width="954" height="486" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjMvxiM_sb1LhIga_8w5kMGRHL3VaE-cpzioRP6p8YLfwLf-fbzEJ1oEfBzYp5R-6E1Cs5BCQvUIIsFHS5CTXJwqM2fBZT6-Pxx-NGUzs7en0_e4YsFvPdtR-jydZ6U06Ud7BjHVYbka2o/s640/HSA+Folder.PNG" width="640" /></a></div>
<ol>
<li>Download and extract the required HSA package from Lenovo's website.</li>
<li>Copy the Install-HSA.ps1 script to the directory where the HSA package was extracted.<br />*** NOTE *** If you are going to install more than one HSA, but not all, and are going to use the -FILE parameter, be sure to include the text file with the list of HSA Names in the same directory as the script file.</li>
<li>Create an application in MDT. We will use this to neatly store the files in MDT. When the wizard asks for executable, you can put anything, as we will not be using the application functionality to install the HSA.</li>
</ol>
</ul>
<h3 style="text-align: left;">
Task Sequence</h3>
<ul style="text-align: left;">
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj5zUQBPOm-t4Rijgz-mtYzfHbEnCJyzbititWN88sD9_Mi2gEmKOCxDan5xl54x_4LQu3IWbFUqngH3SxALvw-DsFeXHrVv9rOvyA33lLqbhpu_u6M9CeOxlSm7-QX0cgOdoFN8NAPLb0/s1600/HSA+TS+1.PNG" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="813" data-original-width="901" height="576" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj5zUQBPOm-t4Rijgz-mtYzfHbEnCJyzbititWN88sD9_Mi2gEmKOCxDan5xl54x_4LQu3IWbFUqngH3SxALvw-DsFeXHrVv9rOvyA33lLqbhpu_u6M9CeOxlSm7-QX0cgOdoFN8NAPLb0/s640/HSA+TS+1.PNG" width="640" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiO6sEecuBttAqBaTwuW2bFi7EJMIcSWZbriTHJLiNjoLquOmZd5OdTVox8dXdwULWOxQinJorXzIKJqcOya5MPf4AzWdn7ZvOJxvYOL9MDwirN4kA-fcu4i6622SVvvzrYv880gyW5slY/s1600/HSA+TS+2.PNG" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="815" data-original-width="1069" height="486" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiO6sEecuBttAqBaTwuW2bFi7EJMIcSWZbriTHJLiNjoLquOmZd5OdTVox8dXdwULWOxQinJorXzIKJqcOya5MPf4AzWdn7ZvOJxvYOL9MDwirN4kA-fcu4i6622SVvvzrYv880gyW5slY/s640/HSA+TS+2.PNG" width="640" /></a></div>
</ul>
<ol style="text-align: left;">
<li>In the Task Sequence, after the Apply Operating System task in the Install phase, but before the Restart Computer task in the PostInstall phase, add a Run Command Line task and give it a name.</li>
<li>In the command line, enter the following command:</li>
</ol>
<span style="font-family: courier;">powershell.exe -WindowStyle Hidden -ExecutionPolicy Bypass -Command "Copy-Item '%DeployRoot%\Applications\<ApplicationFolderNameHere>' -Destination %OSDisk%\OSDTemp\ -Recurse; %OSDisk%\OSDTemp\Install-HSA.ps1 -OFFLINE -ALL -DEBUGINFORMATION; Remove-Item %OSDisk%\OSDTemp -Recurse -Force"</span></div>
<div>
The command above will copy all files and folders from the Application folder defined, execute the Install-HSA.ps1 script, and remove the content from the %OSDisk% drive.</div>
<div>
<br />
<ol start="3" style="text-align: left;">
<li>Be sure to change <ApplicationFolderNameHere> to the actual folder name of the Application.</li>
<li>On the Options tab, if needed, add the conditional statement and any WMI queries to target by model.</li>
</ol>
<ul style="text-align: left;"><ol type="A">
</ol>
</ul>
</div>
<h2 style="text-align: left;">
<b><span style="font-family: inherit;">Noteworthy</span></b></h2>
<div>
<ul>
<li>Not Applicable HSAs - Even though an HSA is in a Lenovo supplied HSA pack, that does not necessarily mean it will apply to every build of a model. For example:</li>
<ul>
<li>On the ThinkPad T15 Gen 1, not all builds of this model will have an Nvidia Graphics Card, so the Nvidia Graphics HSA may or may not be needed.</li>
<li>Many models have an option to utilize Intel Optane Storage. The HSA is only needed if the device contains the Optane disk drive.</li>
</ul>
<li>HSAs not installing as SYSTEM account - In an MEM/SCCM Task Sequence, after the Setup Windows and Configuration Manager task, the task sequence runs as the SYSTEM account. Many HSAs will not install under the SYSTEM account, so we recommend installing in WinPE.</li>
</ul>
</div>
Unknownnoreply@blogger.comtag:blogger.com,1999:blog-6670904646973955613.post-89519727514527920322020-06-16T11:42:00.003-04:002022-02-04T13:15:48.053-05:00Lenovo Updates Catalog V3 for SCCM<div><i>This article has moved to <a href="https://blog.lenovocdrt.com/#/2020/lucv3" target="_blank">https://blog.lenovocdrt.com/#/2020/lucv3</a></i></div><div><i><b><font color="#9e9e9e"><br /></font></b></i></div><div><i><b><font color="#9e9e9e">(Contributors: Devin McDermott)</font></b></i></div><div><br /></div>The Lenovo Updates Catalog has been upgraded to the V3 format. The catalog is still hosted at the same URL:<br />
<div>
<br /></div>
<div><font face="courier">
https://download.lenovo.com/luc/v2/LenovoUpdatesCatalog2v2.cab</font></div>
<div>
<br /></div>
<div>
<br /></div>
<div>
The URL and file name did not change so as to avoid all subscribers having to change their subscription settings. The V3 format simply adds some additional files that allow the updates in the catalog to be categorized.</div>
<div>
<br /></div>
<div>
Previously when subscribing to the V2 catalog, all the updates in the catalog would automatically be published with meta data only. Now with the V3 catalog, you can specify one or more categories to automatically publish instead of publishing all updates. The categories in the Lenovo Updates Catalog are broken down into Model and Update Type (BIOS, driver, application).</div>
<div><br /></div>
<div><p>
The categories can be selected when initially syncing the catalog or right-clicking on the catalog and selecting properties.</p>
<center>
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgZA0jHszt2m7MM3OV9nIMVoC48jZOFtBVyxSrJKF_D1i4_JA9X13-T0wxe1-ymtbURjHHxvBROJmSkETUC2tMbRcq95SrkV0NJQM0I3_w0hqefmbZbjdJzw-eKu0aXuRmkgb1Sgxvd8H6O/s1600/selectedCategories.PNG" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="753" data-original-width="778" height="640" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgZA0jHszt2m7MM3OV9nIMVoC48jZOFtBVyxSrJKF_D1i4_JA9X13-T0wxe1-ymtbURjHHxvBROJmSkETUC2tMbRcq95SrkV0NJQM0I3_w0hqefmbZbjdJzw-eKu0aXuRmkgb1Sgxvd8H6O/w622-h640/selectedCategories.PNG" width="622" /></a></center>
<center><em>Intial sync</em></center>
<p></p>
<center><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhPXiyK7VWJGfbUhJZTTLJZ8z7GMamXYmZhxR1ZLMLO0nb2QSnPEJJ3hJsbivXLf21MLyKQgQdaPk21znx-R2KdZJLury-_7U_xa5iaTnp6Ei39OBrJRefCrNykr4kHJ2Fl0CkVpj2k0tgV/s1600/properties.PNG" style="clear: right; margin-bottom: 1em; margin-left: auto; margin-right: auto;"><img border="0" data-original-height="1551" data-original-width="1552" height="640" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhPXiyK7VWJGfbUhJZTTLJZ8z7GMamXYmZhxR1ZLMLO0nb2QSnPEJJ3hJsbivXLf21MLyKQgQdaPk21znx-R2KdZJLury-_7U_xa5iaTnp6Ei39OBrJRefCrNykr4kHJ2Fl0CkVpj2k0tgV/w605-h640/properties.PNG" width="605" /></a>
</center>
<center><em>Properties dialog</em></center>
<p>
Once categories are selected, the content can be staged which means it will be automatically downloaded to the top level software update point. This will remove the need to download the content through the Configuration Manager console prior to deployment.</p>
<center>
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhgPviBMvUssb40twarQb5FUiZMJV4fa5JHks-BlEAZ3EUwF8bRhL6ui2yDaK6zcjF85gh6O3iDqSclH9ukuUWjPDF0fD5WDCErkG2kwCVwIiP7Ll3DWX8V6l_BpALvg7kQWqwTNxCQy7jE/s1600/prestage.PNG" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="753" data-original-width="778" height="619" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhgPviBMvUssb40twarQb5FUiZMJV4fa5JHks-BlEAZ3EUwF8bRhL6ui2yDaK6zcjF85gh6O3iDqSclH9ukuUWjPDF0fD5WDCErkG2kwCVwIiP7Ll3DWX8V6l_BpALvg7kQWqwTNxCQy7jE/w640-h619/prestage.PNG" width="640" /></a></center><center><br /></center><h3>Summary</h3>
<p>
With the introduction of the V3 format, you now have more granular control over what content from the catalog is published into your environment. With thousands of updates in a third-party catalog, this can make a big difference in the amount of data managed in your environment as well as the amount of processing your clients perform during their scan cycles.
</p><h4 style="text-align: left;">More Information</h4><div><a href="https://docs.microsoft.com/en-us/mem/configmgr/sum/deploy-use/third-party-software-updates" target="_blank">https://docs.microsoft.com/en-us/mem/configmgr/sum/deploy-use/third-party-software-updates</a><br /></div>
</div>Unknownnoreply@blogger.comtag:blogger.com,1999:blog-6670904646973955613.post-91984156382806054632020-05-04T11:46:00.006-04:002022-03-23T13:48:25.515-04:00Deep dive setting up a Lenovo cloud repository in an Azure file share<div class="separator" style="clear: both; text-align: left;"><i>This article has moved to </i><a href="https://blog.lenovocdrt.com/#/2020/ur_az_fs" target="_blank">https://blog.lenovocdrt.com/#/2020/ur_az_fs</a></div><div class="separator" style="clear: both; text-align: center;"><br /></div><div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEifdHu3YngM2qh5VRhysh_UR_YnmB0tOd4kRSsYks8YE23XwdrCsvPTTuavQEwOtkgVOpl0yVtgs-FuDl6xN4M2VD4vWY6gdJ7ZymolnSNdd9Ti7SUSPuK2mNeA-2BWVKLIa7Mowi3dzAI/s1600/images.jpg" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="225" data-original-width="225" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEifdHu3YngM2qh5VRhysh_UR_YnmB0tOd4kRSsYks8YE23XwdrCsvPTTuavQEwOtkgVOpl0yVtgs-FuDl6xN4M2VD4vWY6gdJ7ZymolnSNdd9Ti7SUSPuK2mNeA-2BWVKLIa7Mowi3dzAI/s1600/images.jpg" /></a></div>
<br />
In a previous <a href="https://thinkdeploy.blogspot.com/2019/04/hosting-update-retriever-repository-in.html" target="_blank">post</a>, I walked through a few steps on how to host an Update Retriever repository in an Azure blob storage. This involved downloading the updates to a local machine, copying them to the blob, and configuring Thin Installer on the client to pull these updates down.<br />
<div>
<br /></div>
<div>
Another option is the <b>Lenovo cloud repository </b>feature in Update Retriever. By choosing this option, only the package XML's will be downloaded to the repository while the full content will be hosted by Lenovo. If you're moving your on-prem repository to the cloud, this option will most definitely cut down storage costs as these XML's are only a couple of Kilobytes in size.</div>
<div>
<br /></div>
<div>
A few things to note before exploring this route:</div>
<div>
<ul>
<li>System Update (version 5.07.0046 and later) is supported</li><li>Commercial Vantage is supported</li>
<li>Thin Installer is <b>NOT </b>supported</li>
</ul>
</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEihJgW51q2kaFvdQ_3wPMOQM1CiVl8-N_YOgT59ptQTq2xMurbmspKrt2vyn1icHyB-DIOUcwMpLwb5-_dNT2WLBlG-HdUU3X-wGzi3aSYD32u0YVoxH5v7vTnXqo02A60Z4W_2NyuVkB4/s1600/Capture.PNG" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="203" data-original-width="614" height="210" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEihJgW51q2kaFvdQ_3wPMOQM1CiVl8-N_YOgT59ptQTq2xMurbmspKrt2vyn1icHyB-DIOUcwMpLwb5-_dNT2WLBlG-HdUU3X-wGzi3aSYD32u0YVoxH5v7vTnXqo02A60Z4W_2NyuVkB4/s640/Capture.PNG" width="640" /></a></div>
<div>
<span style="font-size: large;">Azure Storage Account</span></div>
<div>
You'll need to create a <a href="https://docs.microsoft.com/en-us/azure/storage/common/storage-account-create?tabs=azure-portal#create-a-storage-account" target="_blank">new storage account</a> first. During the creation, make sure you set the account kind to <b>StorageV2</b> since we're going to be using this as an <a href="https://docs.microsoft.com/en-us/azure/storage/files/storage-how-to-create-file-share?tabs=azure-portal#prerequisites" target="_blank">Azure file share</a>. </div>
<div>
<br /></div>
<div>
After creation, go to the new storage account and scroll down to the <b>File service </b>section and click <b>File shares</b>. Click <b>+File share</b>, give it a name and click <b>Create</b>.<br />
<br />
The URL of the share can be found in <b>Properties</b><br />
<b><br /></b>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgJJqxsH_jIjQcRm8aXm8XdTUsSSMwMV3BUuG-EmWf45RWEsR45_e4gPgAnQPtg4Xzr4M7O0IlLovrWeeS5K-njSYikggRwIp3Y3TH0xaEUYW6iG2EnmwYbAOQlWf2O3VivEO7oIdDvOFU/s1600/Capture3.PNG" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="515" data-original-width="803" height="410" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgJJqxsH_jIjQcRm8aXm8XdTUsSSMwMV3BUuG-EmWf45RWEsR45_e4gPgAnQPtg4Xzr4M7O0IlLovrWeeS5K-njSYikggRwIp3Y3TH0xaEUYW6iG2EnmwYbAOQlWf2O3VivEO7oIdDvOFU/s640/Capture3.PNG" width="640" /></a></div>
<b><br /></b></div>
<div>
<br /></div>
<div>
You'll need to take note of one of the <b>Access keys </b>for the storage account, which will be used to later on. These can be found under <b>Settings > Access keys</b>. </div>
<div>
<b><br /></b></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhSFzPmAMYnr192gsxlkU_vRIfYgJQqoJZgUv64JKAYDtGK0hvm6-oVup0jnVaWjsD46L3cV61ZlI7diZD_gfmCqv1iSHX0RmaDNmdqMZpnONkVxEEABktGMG37m2NCsjEQpmGh1AxYwK0/s1600/Capture2.PNG" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="514" data-original-width="987" height="332" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhSFzPmAMYnr192gsxlkU_vRIfYgJQqoJZgUv64JKAYDtGK0hvm6-oVup0jnVaWjsD46L3cV61ZlI7diZD_gfmCqv1iSHX0RmaDNmdqMZpnONkVxEEABktGMG37m2NCsjEQpmGh1AxYwK0/s640/Capture2.PNG" width="640" /></a></div>
<div>
<b><br /></b></div>
<div>
<b><br /></b></div>
<div>
Being that this is in a test tenant, I set the Storage account to be accessed from <b>All networks</b>. You can lock the access down to specific vNets and/or IP ranges under <b>Settings > Firewalls and virtual networks</b>.</div>
<div>
<b><br /></b></div>
<div>
<span style="font-size: large;">Update Retriever</span></div>
<div>
Install the <a href="https://support.lenovo.com/us/en/solutions/ht037099#ur" target="_blank">latest version</a> of Update Retriever on a technician system. We're going to use <b><a href="https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/cmdkey" target="_blank">cmdkey</a> </b>to store the Azure storage account credentials. Launch PowerShell and enter the following command (replacing the storage account name and access key):<br />
<br /></div>
<div>
<div style="background: rgb(248, 248, 248); border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;">
<pre style="line-height: 125%; margin: 0px;"><span style="color: green;">Invoke-Expression</span> -Command <span style="color: #ba2121;">"cmdkey /add:<storageaccountname>.file.core.windows.net /user:Azure\<storageaccountname> /pass:<accesskey>"</span>
</pre>
</div>
<div>
<b><br /></b></div>
<div>
You should see cmdkey return a <b>Credential added successfully </b>message. You can verify by opening <b>Credential Manager </b>and looking under <b>Windows Credentials</b>.<br />
<br />
Now, launch Update Retriever and select <b>Lenovo</b> <b>Cloud repository. </b>Instead of entering the URL of the file share, enter it as a UNC path:<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhRpIihyphenhyphentJLS0VK3elo_vVejxqak63Bm5v4Fa42zolGc7qpibyKh8Np1P19_OHYfn5DQcr5S4GKjcoFEjrk8q2uJNSMwo3_99NtCjpVCHGinQZwSKNJJGEtU2sMQgnMiPOxNqgY8a99kEU/s1600/Capture4.PNG" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="343" data-original-width="603" height="364" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhRpIihyphenhyphentJLS0VK3elo_vVejxqak63Bm5v4Fa42zolGc7qpibyKh8Np1P19_OHYfn5DQcr5S4GKjcoFEjrk8q2uJNSMwo3_99NtCjpVCHGinQZwSKNJJGEtU2sMQgnMiPOxNqgY8a99kEU/s640/Capture4.PNG" width="640" /></a></div>
Set any other options and click <b>Continue</b>. You may see a spinning wheel for a bit but will eventually proceed to the <b>Get new updates </b>screen. Here you can add your MTM's and check for updates. You should see Update Retriever connect to your Azure file share and download content.<br />
<br />
If you look in Event Viewer under <b>Applications and Services Logs > Lenovo > ThinkVantage > UpdateRetriever </b>and look through the <b>This is the operational log of ThinkVantage UpdateRetriever </b>log, you'll see Events like this:<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiHPCdpJSSigmSSQiPMg5fhIak2qSeeBWq2aKw7zjz9JRgJxCZZ05GxWmanXagw8ChrHHlMYIXbwlAlyL_7S7eVUfluJAo6RFSwlWD16bexE4eJm5-QT8BHGBrD7gfEmcFzdXexuRO6EvI/s1600/Capture5.PNG" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="444" data-original-width="826" height="344" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiHPCdpJSSigmSSQiPMg5fhIak2qSeeBWq2aKw7zjz9JRgJxCZZ05GxWmanXagw8ChrHHlMYIXbwlAlyL_7S7eVUfluJAo6RFSwlWD16bexE4eJm5-QT8BHGBrD7gfEmcFzdXexuRO6EvI/s640/Capture5.PNG" width="640" /></a></div>
<br />
Back in the Azure portal, navigate to your file share and you should now see all of the package ID directories with corresponding .xml's, as well as the database.xml.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgps5jnOra4mSafkhXVEDg7ZCSXnATUgtEmsC7u7KD8yx7jyVtzLcJZqaZoVOP5s4XztnFEwMRgXPoyF0hdrBjpGIwELmJJpEX1TflDTtr_wHN9am81DJsNSVeh18cFjH5EGXKq-lsSBcM/s1600/Capture6.PNG" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="320" data-original-width="557" height="227" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgps5jnOra4mSafkhXVEDg7ZCSXnATUgtEmsC7u7KD8yx7jyVtzLcJZqaZoVOP5s4XztnFEwMRgXPoyF0hdrBjpGIwELmJJpEX1TflDTtr_wHN9am81DJsNSVeh18cFjH5EGXKq-lsSBcM/s400/Capture6.PNG" width="400" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhfO94HWpiR3dyByWwrCd1DqsPq7_3jsuJQJMOqWiqqo7tLpyLKEf4sKK-aLI03p9hkk_j3dGl_m978NXpX6Kcdc_iSyNH419WPpBidrq7KqQ4xpxp2R8DSQtCgsVd1E93pfN2ALNeT7I8/s1600/Capture7.PNG" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="357" data-original-width="340" height="400" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhfO94HWpiR3dyByWwrCd1DqsPq7_3jsuJQJMOqWiqqo7tLpyLKEf4sKK-aLI03p9hkk_j3dGl_m978NXpX6Kcdc_iSyNH419WPpBidrq7KqQ4xpxp2R8DSQtCgsVd1E93pfN2ALNeT7I8/s400/Capture7.PNG" width="380" /></a></div>
<br /></div>
<div>
<span style="font-size: large;">Client-side Config</span><br />
<span style="font-size: medium;">I'm going to build off the previous post, <a href="https://thinkdeploy.blogspot.com/2019/07/manage-lenovo-system-update-with-intune.html" target="_blank">Managing System Update with Intune</a>, and add one more requirement here. We need to upload and deploy a PowerShell script to add the Azure storage account credentials on the client. Unfortunately, SAS tokens aren't supported with SMB access so you'll have to use the Storage Account Access Key.</span><br />
<span style="font-size: medium;"><br /></span>
<span style="font-size: medium;">Copy the same command that was used earlier into a <b>.ps1 </b>file and add it by navigating to <b>Intune > Device Configuration > Scripts </b>in the Azure portal. </span><br />
<span style="font-size: medium;"><br /></span>
<span style="font-size: medium;">Set the Script settings to:</span><br />
<span style="font-size: medium;"><br /></span>
<span style="font-size: medium;"><b>Run this script using the logged on credentials - Yes</b></span><br />
<span style="font-size: medium;"><b>Run script in 64 bit PowerShell host - Yes</b></span><br />
<span style="font-size: medium;"><b><br /></b></span>
Assign to a group.</div><div>
<br />
I've already set my System Update scheduled task, as described in the <a href="https://thinkdeploy.blogspot.com/2020/03/system-update-suite-and-mem-part-2.html" target="_blank">System Update Suite and MEM</a> post.<br />
<br />
To confirm everything works, I manually start the scheduled task and monitor the <b>tvsu_<timestamp>.log </b>which can be found under <b>%ProgramData%\Lenovo\SystemUpdate\logs</b><br />
<b><br /></b>
I can see the client connects to the repository and finds the database.xml<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj3lof3eaPwSJowvxrx1OacsJl0MJ958Hgsq5JCTttysBfzu-g9J-xOWL0D-2WDrHhOTGf3tEpUUZ5QFsZzN7NG7o4_k6LqQwNd-myzoPbe3a3_b-6_0abG6CJKYLXCC37oiWPApTKXrIc/s1600/Capture9.PNG" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="499" data-original-width="1029" height="310" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj3lof3eaPwSJowvxrx1OacsJl0MJ958Hgsq5JCTttysBfzu-g9J-xOWL0D-2WDrHhOTGf3tEpUUZ5QFsZzN7NG7o4_k6LqQwNd-myzoPbe3a3_b-6_0abG6CJKYLXCC37oiWPApTKXrIc/s640/Capture9.PNG" width="640" /></a></div>
<br />
And further down the log, once the client parses through the database.xml for applicable updates, the packages are downloaded from Lenovo<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhJeO8_DbhMZFxYNlQmEYp98ESEeywkESKCtjvDmKBALNX50L5StstrD6iAt5KFih8mOEI4MXlkjCQ_COhHGiSsiSTNg9AXq69D1PJBavpjNpFbY4yKMi5JD4CygdvnyDYl9SHA5kz4GXU/s1600/Capture10.PNG" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="263" data-original-width="967" height="174" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhJeO8_DbhMZFxYNlQmEYp98ESEeywkESKCtjvDmKBALNX50L5StstrD6iAt5KFih8mOEI4MXlkjCQ_COhHGiSsiSTNg9AXq69D1PJBavpjNpFbY4yKMi5JD4CygdvnyDYl9SHA5kz4GXU/s640/Capture10.PNG" width="640" /></a></div>
<br />
I've set my AdminCommandLine to list the updates so I can select which ones to install.<br />
<br />
<div style="background: rgb(248, 248, 248); border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;">
<pre style="line-height: 125%; margin: 0px;">/CM -search A -action LIST -includerebootpackages 3,5 -noreboot -noicon -exporttowmi
</pre>
</div>
<br />
And here's a screenshot of updates that are applicable to download and install<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj6Rn4NlZ7lALFV6oqgGnp0_2ngoFS2mXeqaDNFx5AHztjeJHOp2ZmxhFfe1YKDslQvbqr7dNq4GSICziFHSWiElrSh7y-ZcDa3AlmHRabt7V8k-KKIzUaxgoUgPlJNuwaVM9KN5ok8MHI/s1600/Capture8.PNG" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="396" data-original-width="885" height="286" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj6Rn4NlZ7lALFV6oqgGnp0_2ngoFS2mXeqaDNFx5AHztjeJHOp2ZmxhFfe1YKDslQvbqr7dNq4GSICziFHSWiElrSh7y-ZcDa3AlmHRabt7V8k-KKIzUaxgoUgPlJNuwaVM9KN5ok8MHI/s640/Capture8.PNG" width="640" /></a></div>
<br />
<br />If you're using Commercial Vantage, ensure you've configured the Local Repository GPO to point to the UNC of your Azure File Share.</div><div><br /></div><div>
Further Reading:<br />
<br />
<a href="https://docs.microsoft.com/en-us/azure/storage/files/storage-files-faq#security-authentication-and-access-control">https://docs.microsoft.com/en-us/azure/storage/files/storage-files-faq#security-authentication-and-access-control</a><br />
<br /></div>
</div>
Phil Jorgensenhttp://www.blogger.com/profile/11453108320856076366noreply@blogger.comtag:blogger.com,1999:blog-6670904646973955613.post-5788190384211619742020-04-01T13:54:00.001-04:002021-04-13T13:06:28.176-04:00DEPRECATED: Manage Lenovo Vantage for Enterprise with IntuneA previous post on <a href="https://thinkdeploy.blogspot.com/2018/01/configuring-lenovo-vantage-with-mdm.html" target="_blank">Configuring Vantage with Intune</a> walked through deploying a PowerShell script to customize specific features in the Vantage interface.<br />
<div>
<br /></div>
<div>
This post will build off <a href="https://thinkdeploy.blogspot.com/2019/07/manage-lenovo-system-update-with-intune.html" target="_blank">Managing System Update with Intune</a> and focus on ingesting the Vantage ADMX file and creating custom OMA-URI policies. This solution is to provide a modern approach to what's currently offered in the application and deployment guide for Vantage found <a href="https://support.lenovo.com/ch/en/solutions/hf003321" target="_blank">here</a>.</div>
<div>
<br /></div>
<div>
Contained in the <a href="https://download.lenovo.com/pccbbs//thinkvantage_en/metroapps/Vantage/LenovoVantage_20.1908.3.0.zip" target="_blank">zip</a> is a .reg file that will disable consumer features in the Vantage interface that aren't exactly necessary for Enterprise devices. A snippet from the .reg file below.</div>
<!-- HTML generated using hilite.me --><br />
<div style="background: #ffffff; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;">
<table><tbody>
<tr><td><pre style="line-height: 125%; margin: 0;"></pre>
</td><td><pre style="line-height: 125%; margin: 0;"><span style="color: #888888;">;This reg file is generated by disabling the following policy settings in Administrative Templates -> Lenovo Vantage</span>
<span style="color: #888888;">;1. Lenovo ID WelcomPage</span>
<span style="color: #888888;">;2. Preferences</span>
<span style="color: #888888;">;3. Messaging Preferences</span>
<span style="color: #888888;">;4. Device Refresh</span>
<span style="color: #888888;">;5. Welcome Page</span>
<span style="color: #888888;">;6. Location Tracking</span>
<span style="color: #888888;">;7. Anonymous Usage Statistics (Entire Feature)</span>
<span style="color: #888888;">;8. Anonymous Usage Statistics (Allow User Configuration)</span>
<span style="color: #888888;">;9. Anonymous Usage Statistics (User Default Preference)</span>
<span style="color: #888888;">;10. Store Rating and Feedback Popup</span>
<span style="color: #888888;">;11. WiFi Security</span>
<span style="color: #888888;">;12. User Feedback</span>
<span style="color: #888888;">;13. Tweet Us</span>
<span style="color: #888888;">;14. Need Help</span>
<span style="color: #888888;">;15. Lenovo ID</span>
<span style="color: #888888;">;16. Apps & Offers - disable every setting in this category</span>
<span style="color: #888888;">;17. Lenovo Voice Commands - disable everything in this category</span>
<span style="color: #888888;">;18. Messaging Preferences - disable everything in this category</span>
<span style="color: #888888;">;19. Security Advisor - disable everything in this category</span>
<span style="color: #888888;">;20. Self Select - disable everything in this category</span>
<span style="color: #888888;">;21. SSRecs - disable everything in this category</span>
<span style="color: #888888;">;22. System Health and Support - disable User Guide, Knowledge Base, Warranty & Services, Optimize, Tips & Tricks, and Discussion Forum</span>
<span style="color: #888888;">;23. Auto Launch - disable everything in this category</span>
<span style="color: #888888;">;24. My Account</span>
<span style="color: #888888;">;25. Vantage Tutorial</span>
<span style="color: #888888;">;After disabling these things, the features that remain in Vantage are Hardware Settings, Hardware Scan, and System Update</span>
</pre>
</td></tr>
</tbody></table>
</div>
<br />
Before Vantage can be of any use, the Lenovo System Interface Foundation driver needs to be installed as it provides the <span style="white-space: pre-wrap;">required communication between this application and the computer hardware.</span> This is an .exe and the latest version can always be downloaded from <a href="https://filedownload.lenovo.com/enm/sift/core/SystemInterfaceFoundation.exe" target="_blank">here</a>.<br />
<br />
<span style="font-size: large;">Create and Upload the System Interface Foundation Win32 App</span><br />
You'll need to use the Win32 Content Prep <a href="https://github.com/microsoft/Microsoft-Win32-Content-Prep-Tool" target="_blank">Tool</a> to convert the app into the .intunewin format.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEghPkXUroXOfR1eQ6GR3PdKV_n1yL-OzxKipc-HG8Ke5utHa4Dr4GzWmkyUS558rjwyN2hTAYW6JhGx3-6P_H5XnjcYHE0ljIDre0TGyeAdxic-smXy63aqj5UK1jueEILfI-wKcmpbCNw/s1600/Capture.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="308" data-original-width="848" height="232" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEghPkXUroXOfR1eQ6GR3PdKV_n1yL-OzxKipc-HG8Ke5utHa4Dr4GzWmkyUS558rjwyN2hTAYW6JhGx3-6P_H5XnjcYHE0ljIDre0TGyeAdxic-smXy63aqj5UK1jueEILfI-wKcmpbCNw/s640/Capture.PNG" width="640" /></a></div>
<br />
Once finished, a <b>SystemInterfaceFoundation.intunewin</b> file will be created in the output directory.<br />
<br />
Log in to the Device Management <a href="http://management.portal.azure.com/" target="_blank">portal</a> and navigate to <b>Apps > Windows > Add </b>and choose <b>Windows app (Win32) </b>for the appl type.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgkA8jCvJ0hxlI-FXcdJ2wccCAIBhvLmivDXRwhl5xmno7mnr7j3Tx0LvvYTVKIWQUJCOyDfxWYkn4dJ8aOj_hbOOS_nd7aV7qlpMabcB5NDPZVN4fEdZdk8fWMqmjvDY-09BTCHsLRGxk/s1600/Capture.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="549" data-original-width="789" height="444" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgkA8jCvJ0hxlI-FXcdJ2wccCAIBhvLmivDXRwhl5xmno7mnr7j3Tx0LvvYTVKIWQUJCOyDfxWYkn4dJ8aOj_hbOOS_nd7aV7qlpMabcB5NDPZVN4fEdZdk8fWMqmjvDY-09BTCHsLRGxk/s640/Capture.PNG" width="640" /></a></div>
<br />
The first step in the wizard is to upload the <b>.intunewin</b> file and fill out required and/or optional information about the app.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg3LB2T4ngKzySHuQObJZFHInjZca6DT_cOs8W6qqt7Aq09hAerPz-9HzUgXCdWvUVQ4ILU4jPlS_cl_k0lHh6e9gvljTpc-BIY11utyWhEscwUVkax5cud56bmscV6WBtpG1KwRUn08Cw/s1600/Capture.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="651" data-original-width="774" height="538" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg3LB2T4ngKzySHuQObJZFHInjZca6DT_cOs8W6qqt7Aq09hAerPz-9HzUgXCdWvUVQ4ILU4jPlS_cl_k0lHh6e9gvljTpc-BIY11utyWhEscwUVkax5cud56bmscV6WBtpG1KwRUn08Cw/s640/Capture.PNG" width="640" /></a></div>
<br />
Enter the <b>Install</b>/<b>Uninstall</b> commands in Step 2<br />
<!-- HTML generated using hilite.me --><br />
<div style="background: #ffffff; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;">
<pre style="line-height: 125%; margin: 0;"><span style="color: #0000cc;">SystemInterfaceFoundation.exe /verysilent /NORESTART /type</span><span style="color: #333333;">=</span><span style="background-color: #fff0f0;">installpackageswithreboot</span></pre>
</div>
<!-- HTML generated using hilite.me --><br />
<div style="background: #ffffff; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;">
<pre style="line-height: 125%; margin: 0;"><span style="background-color: #e3d2d2; color: #a61717;">%SYSTEMROOT%\Sysnative\ImController.InfInstaller.exe</span> <span style="background-color: #e3d2d2; color: #a61717;">-uninstall</span>
</pre>
</div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhKgBZfXXDHS7RuKPs_DPm-SjOSOM2zaofWU6CvtbhZiAW7U64hTxeea8k8ES_LogOmvwUjx91aULeqQO9Ddk4Ud5J-wDn3BxIH6IHlS5o13HCaXmxsAXT3vKKOEM2Wq6gu-IbmIgOOl3k/s1600/Capture.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="555" data-original-width="784" height="452" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhKgBZfXXDHS7RuKPs_DPm-SjOSOM2zaofWU6CvtbhZiAW7U64hTxeea8k8ES_LogOmvwUjx91aULeqQO9Ddk4Ud5J-wDn3BxIH6IHlS5o13HCaXmxsAXT3vKKOEM2Wq6gu-IbmIgOOl3k/s640/Capture.PNG" width="640" /></a></div>
<br />
Set the requirements in Step 3<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj9y2_ckJebuIXL5jbwdnx-CLpaJnfnsT2WXslJ5kr_K6qmSPmOVt0zKyEeywlHW32arYU44ZbyE-gz5ia5K_0g4eYiePbRgBnIJNe7Rl1-R_F8L8tSsTXRFRPH8mMgyJ1wAxb88TCCbrM/s1600/Capture.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="512" data-original-width="777" height="420" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj9y2_ckJebuIXL5jbwdnx-CLpaJnfnsT2WXslJ5kr_K6qmSPmOVt0zKyEeywlHW32arYU44ZbyE-gz5ia5K_0g4eYiePbRgBnIJNe7Rl1-R_F8L8tSsTXRFRPH8mMgyJ1wAxb88TCCbrM/s640/Capture.PNG" width="640" /></a></div>
<br />
For Detection rules, the recommended way to determine if LSIF is installed is to query for the ImController service. Here's a short PowerShell detection script that can be used<br />
<!-- HTML generated using hilite.me --><br />
<div style="background: #ffffff; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;">
<table><tbody>
<tr><td><pre style="line-height: 125%; margin: 0;"></pre>
</td><td><pre style="line-height: 125%; margin: 0;">$lsif = <span style="color: blue;">"ImControllerService"</span>
<span style="color: navy; font-weight: bold;">If</span> (Get-Service -Name $lsif -ErrorAction SilentlyContinue) {
Write-Host <span style="color: blue;">"Installed"</span>
}
</pre>
</td></tr>
</tbody></table>
</div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgxU9P7uq8SMLFSUAxapEwFPOz23-pDCOAbIOcKToABgivte52SjbrI92bl_3JPsIsk-swcYmZ5kMEm4_av0ABzE2aRTNm9kp2EfzE1ZXmZAPlQKOrILBLYy84bMTXbHDkH-dglLdwVLQQ/s1600/Capture.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="328" data-original-width="774" height="270" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgxU9P7uq8SMLFSUAxapEwFPOz23-pDCOAbIOcKToABgivte52SjbrI92bl_3JPsIsk-swcYmZ5kMEm4_av0ABzE2aRTNm9kp2EfzE1ZXmZAPlQKOrILBLYy84bMTXbHDkH-dglLdwVLQQ/s640/Capture.PNG" width="640" /></a></div>
<br />
Continue through the<b> Add app </b>wizard and deploy to a group containing Think products. If you have a fleet of ThinkPad P1's, a Dynamic Membership Rule for this group would be<br />
<div style="background: #ffffff; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;">
<pre style="line-height: 125%; margin: 0;">(device.deviceModel -startsWith "20MD") -or (device.deviceModel -startsWith "20ME")
</pre>
</div>
<br />
<span style="font-size: large;"><br />
</span> <span style="font-size: large;">Ingest the Vantage ADMX file</span><br />
Just like System Update, you'll need to ingest the ADMX file provided in the .zip, located under <b>LenovoVantage_20.1908.3.0\Group Policy Settings</b>.<br />
<br />
Back in the portal, navigate to <b>Devices > Windows > Configuration Profiles</b> <b>> Create Profile</b><br />
<b><br />
</b> Choose the platform <b>Windows 10 and later </b>and select the <b>Custom </b>profile<br />
<br />
Set the following fields:<br />
<b>Name</b> - Unique name such as <b>Lenovo Vantage ADMX Ingest</b><br />
<b>Custom OMA-URI: </b>Constructed as stated in the <a href="https://docs.microsoft.com/en-us/windows/client-management/mdm/win32-and-centennial-app-policy-configuration#ingesting-an-app-admx-file" target="_blank">docs</a>.<br />
<!-- HTML generated using hilite.me --> <br />
<div style="background: #ffffff; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;">
<pre style="line-height: 125%; margin: 0;">./Device/Vendor/MSFT/Policy/ConfigOperations/ADMXInstall/<b>{AppName}/{SettingType}/{FileUid or AdmxFileName}</b></pre>
</div>
<br />
Replace the following variables with something unique, such as:<br />
<ul>
<li><b>{AppName}:</b> LenovoVantage</li>
<li><b>{SettingType}: </b>Policy</li>
<li><b>{AdmxFileName}</b>: LenovoCompanion</li>
</ul>
<div>
<b>Data Type: </b>String</div>
<div>
<b>Value</b>: Copy the contents from the LenovoCompanion.admx file here</div>
<div>
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhD-iXsb7IcpM1UaZVnRrKYZZc0bwbBCIY6J1z5rAitDfhm1UQjmd-7m1FFqxo0NKK5g2Eo_jE4qMkMNcvyGgHOvwlJAyZ1QlDEY5nbTbrxBflSgea1Hd_yd53M_E6N6hhB_p9JguQnQA0/s1600/Capture.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="415" data-original-width="1153" height="230" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhD-iXsb7IcpM1UaZVnRrKYZZc0bwbBCIY6J1z5rAitDfhm1UQjmd-7m1FFqxo0NKK5g2Eo_jE4qMkMNcvyGgHOvwlJAyZ1QlDEY5nbTbrxBflSgea1Hd_yd53M_E6N6hhB_p9JguQnQA0/s640/Capture.PNG" width="640" /></a></div>
<div>
<br /></div>
Click <b>OK </b>to create the ADMX Ingest policy and assign it to a group.<br />
<br />
<br />
<span style="font-size: large;">Configure Vantage Settings</span><br />
You can either add additional OMA-URI Settings to the ADMX Ingest policy above or create a separate policy with these settings.<br />
<br />
In my testing, I've created a separate policy for these. The OMA-URI Setting needs to be formatted like this (<a href="https://docs.microsoft.com/en-us/windows/client-management/mdm/win32-and-centennial-app-policy-configuration#ingesting-an-app-admx-file" target="_blank">Reference</a>)<br />
<!-- HTML generated using hilite.me --><br />
<div style="background: #ffffff; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;">
<pre style="line-height: 125%; margin: 0;">./Device/Vendor/MSFT/Policy/Config/<b>{AppName}</b>~<b>{SettingType}</b>~<b>{CategoryPathFromADMX}</b>/<b>{SettingFromADMX}</b>
</pre>
</div>
<br />
With this, an example to replace the variables with data from the Vantage ADMX<br />
<br />
<b>{AppName}: </b>LenovoVantage (Matched with what was configured during the ingestion)<br />
<b>{SettingType}: </b>Policy (Match with what was configured during the ingestion)<br />
<b>{<span style="color: red;">CategoryPathFromADMX</span>}: </b>This is obtained by traversing the <b>parentCategory </b>parameter<br />
<span style="color: #0b5394; font-weight: bold;">{SettingfromADMX}: </span>This is the <b>policy name </b>(GUID).<br />
<div style="background: #ffffff; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;">
<pre style="line-height: 125%; margin: 0;"><policy name="<span style="color: #0b5394;"><b>9800b440-7EDf-4DF4-8F04-E2A88B5F856F</b></span>" class="Both" displayName="$(string.9800b440-7EDf-4DF4-8F04-E2A88B5F856F)" explainText="$(string.9800b440-7EDf-4DF4-8F04-E2A88B5F856FExp)" key="Software\Policies\Lenovo\E046963F.LenovoCompanion_k1h2ywk1493x8" valueName="9800b440-7EDf-4DF4-8F04-E2A88B5F856F">
<parentCategory ref="<span style="color: red;"><b>CAT_BEA4CF23_6B19_4DC7_9F10_2DDE18EA21B5</b></span>" />
<supportedOn ref="SUPPORTED_OS" />
<enabledValue>
<decimal value="1" />
</enabledValue>
<disabledValue>
<decimal value="0" />
</disabledValue>
</policy>
</pre>
</div>
<br />
The Vantage settings in the ADMX file can be quite confusing since they're all identified as GUIDs.<br />
<br />
If you open the LenovoCompanion.adml and do a find for <b>9800b440-7EDf-4DF4-8F04-E2A88B5F856F</b>, you'll see it translates to <b>Tweet Us</b>.<br />
<!-- HTML generated using hilite.me --><br />
<div style="background: #ffffff; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;">
<pre style="line-height: 125%; margin: 0;"><string id="CAT_CBB42131_9FE0_464F_A487_54E343AD1ABF">SmartSettings</string>
<string id="CAT_759E6127_5792_4092_8C44_4FD3F3082BBC">Input</string>
<string id="CAT_695B871E_CE26_4712_8803_780EFA2EF587">HubPage</string>
<string id="66F78DA8-2C3F-4651-B958-BA5457F38745">HardwareSettings</string>
<string id="B6B55642-B0C4-44E0-BF18-719B100CF1FD">Need Help</string>
<b><span style="color: #0b5394;"><string id="9800b440-7EDf-4DF4-8F04-E2A88B5F856F">Tweet Us</string></span></b>
<!-- HubPage -->
<string id="F1B673AD-A28D-4AEF-A884-A54DB59515D8">NaviButtonList</string>
<string id="10DF05AE-BA16-4808-A436-A40A925F6EF6">RecommendSettings</string>
<!-- Power -->
</pre>
</div>
<br />
Now we can add these settings in Intune. The end result is to hide these features from the Vantage interface so each setting you add, the value will need to be <b><disabled/></b><br />
<b><br />
</b> <br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjMKFy-wmgNvOss-WkwodlFkmKGvaHCdcIr_4_NoBXCMzeBbS4qyktjqAtbYdVh-UhfRfdLx8bpfNwR0nGZVdGxUc0TcaHFQK4dbv3qq8kRUsw4sgSkH1NcJHcyizxl6g4XocNcsWSkASA/s1600/Capture.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="413" data-original-width="574" height="460" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjMKFy-wmgNvOss-WkwodlFkmKGvaHCdcIr_4_NoBXCMzeBbS4qyktjqAtbYdVh-UhfRfdLx8bpfNwR0nGZVdGxUc0TcaHFQK4dbv3qq8kRUsw4sgSkH1NcJHcyizxl6g4XocNcsWSkASA/s640/Capture.PNG" width="640" /></a></div>
<br />
Here's a before and after of the Vantage homepage after the system receives the policies<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhuBbUJjPoxdl7m0MNONPA3MygxNQGMZvLeCy4OFBkeTGFNT5vpEVlmO-1oB_jIVDL5wB9wypft6G0jxHdInzFuk6q2DzjxeEEzWj2cLjKy_BEK-cAh__NQczCt9Gr2DhsY0SVSvmDF19Y/s1600/Capture2.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="858" data-original-width="1600" height="342" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhuBbUJjPoxdl7m0MNONPA3MygxNQGMZvLeCy4OFBkeTGFNT5vpEVlmO-1oB_jIVDL5wB9wypft6G0jxHdInzFuk6q2DzjxeEEzWj2cLjKy_BEK-cAh__NQczCt9Gr2DhsY0SVSvmDF19Y/s640/Capture2.PNG" width="640" /></a></div>
<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj5vLfwKUaqEdw0hbKm_88bQElD4SyX0pC8UGR5qGL9h9suebUJzukpn85HRF1XTWAcjHxuuLRIpbeBB4AFzG3fII3t4xyJmYElGPmaPs27JA-AMA1Ksx3kGpjnAmm4A70mSQ8zWob4vgE/s1600/Capture.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="848" data-original-width="1600" height="338" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj5vLfwKUaqEdw0hbKm_88bQElD4SyX0pC8UGR5qGL9h9suebUJzukpn85HRF1XTWAcjHxuuLRIpbeBB4AFzG3fII3t4xyJmYElGPmaPs27JA-AMA1Ksx3kGpjnAmm4A70mSQ8zWob4vgE/s640/Capture.PNG" width="640" /></a></div>
<br />
<br />
Below are all of the settings taken from the <b>LenovoVantage_disable_consumer_features.reg </b>file, converted to Custom OMA-URI Settings which can be copied into Intune to deploy.<br />
<br />
<span style="font-family: inherit;">Lenovo ID Welcome Page</span><br />
<div style="background: #ffffff; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;">
<pre style="line-height: 125%; margin: 0;">./Device/Vendor/MSFT/Policy/Config/LenovoVantage~Policy~CAT_BEA4CF23_6B19_4DC7_9F10_2DDE18EA21B5/2210FAAF-933B-4985-BC86-7E5C47EB2465
</pre>
</div>
<br />
<span style="font-family: inherit;">Preferences</span><br />
<div style="background: #ffffff; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;">
<pre style="line-height: 125%; margin: 0;">./Device/Vendor/MSFT/Policy/Config/LenovoVantage~Policy~CAT_BEA4CF23_6B19_4DC7_9F10_2DDE18EA21B5/2885591F-F5A8-477A-9744-D1B9F30B5B79
</pre>
</div>
<br />
<div style="font-size: 11pt; margin: 0in;">
<span style="font-family: inherit;">Messaging Preferences</span></div>
<div style="background: #ffffff; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;">
<pre style="line-height: 125%; margin: 0;">./Device/Vendor/MSFT/Policy/Config/LenovoVantage~Policy~CAT_BEA4CF23_6B19_4DC7_9F10_2DDE18EA21B5/9E38C0C2-C37B-433A-B874-7CBDA3DEB944
</pre>
</div>
<br />
Device Refresh<br />
<div style="background: #ffffff; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;">
<pre style="line-height: 125%; margin: 0;">./Device/Vendor/MSFT/Policy/Config/LenovoVantage~Policy~CAT_BEA4CF23_6B19_4DC7_9F10_2DDE18EA21B5/9800b440-7EDf-4DF4-8F04-E2A88B5F856F
</pre>
</div>
<br />
Welcome Page<br />
<div style="background: #ffffff; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;">
<pre style="line-height: 125%; margin: 0;">./Device/Vendor/MSFT/Policy/Config/LenovoVantage~Policy~CAT_BEA4CF23_6B19_4DC7_9F10_2DDE18EA21B5/369C3066-08A0-415A-838C-9C56C5FBF5C4
</pre>
</div>
<br />
Location Tracking<br />
<div style="background: #ffffff; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;">
<pre style="line-height: 125%; margin: 0;">./Device/Vendor/MSFT/Policy/Config/LenovoVantage~Policy~CAT_BEA4CF23_6B19_4DC7_9F10_2DDE18EA21B5/41A76A93-E02F-4703-862F-5187D84E7D90
</pre>
</div>
<br />
Anonymous Usage Statistics (Allow User Configuration)<br />
<div style="background: #ffffff; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;">
<pre style="line-height: 125%; margin: 0;">./Device/Vendor/MSFT/Policy/Config/LenovoVantage~Policy~CAT_BEA4CF23_6B19_4DC7_9F10_2DDE18EA21B5/422FDE50-51D5-4A5B-9A44-7B19BCD03A29_UserConfigurable
</pre>
</div>
<br />
Anonymous Usage Statistics (Entire Feature)<br />
<div style="background: #ffffff; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;">
<pre style="line-height: 125%; margin: 0;">./Device/Vendor/MSFT/Policy/Config/LenovoVantage~Policy~CAT_BEA4CF23_6B19_4DC7_9F10_2DDE18EA21B5/422FDE50-51D5-4A5B-9A44-7B19BCD03A29
</pre>
</div>
<br />
Anonymous Usage Statistics (User Default Preference)<br />
<div style="background: #ffffff; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;">
<pre style="line-height: 125%; margin: 0;">./Device/Vendor/MSFT/Policy/Config/LenovoVantage~Policy~CAT_BEA4CF23_6B19_4DC7_9F10_2DDE18EA21B5/422FDE50-51D5-4A5B-9A44-7B19BCD03A29_UserDefaultPreference
</pre>
</div>
<br />
Store Rating and Feedback Popup<br />
<div style="background: #ffffff; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;">
<pre style="line-height: 125%; margin: 0;">./Device/Vendor/MSFT/Policy/Config/LenovoVantage~Policy~CAT_BEA4CF23_6B19_4DC7_9F10_2DDE18EA21B5/56A7055C-B2A5-409E-B639-EAA0D009183E
</pre>
</div>
<br />
WiFi Security<br />
<div style="background: #ffffff; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;">
<pre style="line-height: 125%; margin: 0;">./Device/Vendor/MSFT/Policy/Config/LenovoVantage~Policy~CAT_BEA4CF23_6B19_4DC7_9F10_2DDE18EA21B5/6F486CF5-5D51-4AE8-ABA9-089B5CB96420
</pre>
</div>
<br />
User Feedback<br />
<div style="background: #ffffff; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;">
<pre style="line-height: 125%; margin: 0;">./Device/Vendor/MSFT/Policy/Config/LenovoVantage~Policy~CAT_BEA4CF23_6B19_4DC7_9F10_2DDE18EA21B5/9023E851-DE40-42C4-8175-1AE5953DE624
</pre>
</div>
<br />
Tweet Us<br />
<div style="background: #ffffff; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;">
<pre style="line-height: 125%; margin: 0;">./Device/Vendor/MSFT/Policy/Config/LenovoVantage~Policy~CAT_BEA4CF23_6B19_4DC7_9F10_2DDE18EA21B5/9800b440-7EDf-4DF4-8F04-E2A88B5F856F
</pre>
</div>
<br />
Need Help<br />
<div style="background: #ffffff; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;">
<pre style="line-height: 125%; margin: 0;">./Device/Vendor/MSFT/Policy/Config/LenovoVantage~Policy~CAT_BEA4CF23_6B19_4DC7_9F10_2DDE18EA21B5/B6B55642-B0C4-44E0-BF18-719B100CF1FD
</pre>
</div>
<br />
Lenovo ID<br />
<div style="background: #ffffff; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;">
<pre style="line-height: 125%; margin: 0;">./Device/Vendor/MSFT/Policy/Config/LenovoVantage~Policy~CAT_BEA4CF23_6B19_4DC7_9F10_2DDE18EA21B5/E0DF659E-02A6-417C-8B39-DB116529BFDD
</pre>
</div>
<br />
Apps & Offers (Disables every setting in this category)<br />
<div style="background: #ffffff; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;">
<pre style="line-height: 125%; margin: 0;">./Device/Vendor/MSFT/Policy/Config/LenovoVantage~Policy~CAT_BEA4CF23_6B19_4DC7_9F10_2DDE18EA21B5~CAT_19841A14-32B9-4F67-9D3A-605EE6CEF187/A0A06B48-4F6A-4226-B127-F70EC0508B3B
</pre>
</div>
<br />
Lenovo Voice Commands (Disables every setting in this category)<br />
<div style="background: #ffffff; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;">
<pre style="line-height: 125%; margin: 0;">./Device/Vendor/MSFT/Policy/Config/LenovoVantage~Policy~CAT_BEA4CF23_6B19_4DC7_9F10_2DDE18EA21B5~CAT_3130346B-C539-4BDF-BB58-AAFE3D0DC916/3130346B-C539-4BDF-BB58-AAFE3D0DC916
</pre>
</div>
<br />
Messaging Preferences (Disables every setting in this category)<br />
<div style="background: #ffffff; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;">
<pre style="line-height: 125%; margin: 0;">./Device/Vendor/MSFT/Policy/Config/LenovoVantage~Policy~CAT_BEA4CF23_6B19_4DC7_9F10_2DDE18EA21B5~CAT_19841A14-32B9-4F67-9D3A-605EE6CEF187/DE00682F-16F2-4ECA-BBF3-768DA0D9EB33
</pre>
</div>
<br />
Security Advisor (Disables every setting in this category)<br />
<div style="background: #ffffff; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;">
<pre style="line-height: 125%; margin: 0;">./Device/Vendor/MSFT/Policy/Config/LenovoVantage~Policy~CAT_BEA4CF23_6B19_4DC7_9F10_2DDE18EA21B5~CAT_19841A14-32B9-4F67-9D3A-605EE6CEF187/19841A14-32B9-4F67-9D3A-605EE6CEF187
</pre>
</div>
<br />
Enable/Disable Self Select<br />
<div style="background: #ffffff; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;">
<pre style="line-height: 125%; margin: 0;">./Device/Vendor/MSFT/Policy/Config/LenovoVantage~Policy~CAT_BEA4CF23_6B19_4DC7_9F10_2DDE18EA21B5~CAT_6D61CB4A-263C-4B21-8F14-7446CDB34DB5/DF4A82CD-019D-4768-80FE-8274DAFB6E80
</pre>
</div>
<br />
SSRecs (Disables every setting in this category)<br />
<div style="background: #ffffff; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;">
<pre style="line-height: 125%; margin: 0;">./Device/Vendor/MSFT/Policy/Config/LenovoVantage~Policy~CAT_BEA4CF23_6B19_4DC7_9F10_2DDE18EA21B5~CAT_50A95048-024E-4EE4-970E-D879F468D073/6674459E-60E2-49DE-A791-510247897877
</pre>
</div>
<br />
Tips & Tricks<br />
<div style="background: #ffffff; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;">
<pre style="line-height: 125%; margin: 0;">./Device/Vendor/MSFT/Policy/Config/LenovoVantage~Policy~CAT_BEA4CF23_6B19_4DC7_9F10_2DDE18EA21B5~CAT_50A95048-024E-4EE4-970E-D879F468D073/C615AC2F-F818-4AF6-99CA-D95E6FF1BD18
</pre>
</div>
<br />
User Guide<br />
<div style="background: #ffffff; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;">
<pre style="line-height: 125%; margin: 0;">./Device/Vendor/MSFT/Policy/Config/LenovoVantage~Policy~CAT_BEA4CF23_6B19_4DC7_9F10_2DDE18EA21B5~CAT_50A95048-024E-4EE4-970E-D879F468D073/18E12FC0-EACB-43CB-8231-87D9C09EE0DF
</pre>
</div>
<br />
Discussion Forum<br />
<div style="background: #ffffff; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;">
<pre style="line-height: 125%; margin: 0;">./Device/Vendor/MSFT/Policy/Config/LenovoVantage~Policy~CAT_BEA4CF23_6B19_4DC7_9F10_2DDE18EA21B5~CAT_50A95048-024E-4EE4-970E-D879F468D073/D65D67BF-8916-4928-9B07-35E3A9A0EDC3
</pre>
</div>
<br />
Knowledge Base<br />
<div style="background: #ffffff; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;">
<pre style="line-height: 125%; margin: 0;">./Device/Vendor/MSFT/Policy/Config/LenovoVantage~Policy~CAT_BEA4CF23_6B19_4DC7_9F10_2DDE18EA21B5~CAT_50A95048-024E-4EE4-970E-D879F468D073/6674459E-60E2-49DE-A791-510247897877
</pre>
</div>
<br />
Warranty & Services<br />
<div style="background: #ffffff; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;">
<pre style="line-height: 125%; margin: 0;">./Device/Vendor/MSFT/Policy/Config/LenovoVantage~Policy~CAT_BEA4CF23_6B19_4DC7_9F10_2DDE18EA21B5~CAT_50A95048-024E-4EE4-970E-D879F468D073/A191BF9F-60BE-4843-B4BA-441DD0AEB12E
</pre>
</div>
<br />
Auto Launch (Disables every setting in this category)<br />
<div style="background: #ffffff; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;">
<pre style="line-height: 125%; margin: 0;">./Device/Vendor/MSFT/Policy/Config/LenovoVantage~Policy~CAT_BEA4CF23_6B19_4DC7_9F10_2DDE18EA21B5~CAT_9AD38BD9-1CC2-436D-9141-CEF922CBC078/6D0911B9-08E8-4A54-BEF5-CABD6761AEA8
</pre>
</div>
<br />
My Account<br />
<div style="background: #ffffff; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;">
<pre style="line-height: 125%; margin: 0;">./Device/Vendor/MSFT/Policy/Config/LenovoVantage~Policy~CAT_BEA4CF23_6B19_4DC7_9F10_2DDE18EA21B5~CAT_50A95048-024E-4EE4-970E-D879F468D073/C615AC2F-F818-4AF6-99CA-D95E6FF1BD18
</pre>
</div>
<br />
Vantage Tutorial<br />
<div style="background: #ffffff; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;">
<pre style="line-height: 125%; margin: 0;">./Device/Vendor/MSFT/Policy/Config/LenovoVantage~Policy~CAT_BEA4CF23_6B19_4DC7_9F10_2DDE18EA21B5~CAT_50A95048-024E-4EE4-970E-D879F468D073/D65D67BF-8916-4928-9B07-35E3A9A0EDC3
</pre>
</div>
<br />
<br />
<br />
<br />
<br />Phil Jorgensenhttp://www.blogger.com/profile/11453108320856076366noreply@blogger.comtag:blogger.com,1999:blog-6670904646973955613.post-36581793920212502622020-03-30T14:23:00.000-04:002020-03-30T14:51:45.364-04:00Lenovo Model Information in MDT<span style="font-family: "arial" , "helvetica" , sans-serif;">When using Microsoft Deployment Toolkit (MDT), the ZTIGather.wsf script will pull important information MDT needs and place it into variables for usage during a task sequence. The %Model% variable is a key piece of information during task sequences especially for targeting software and drivers. A popular example of the %Model% variable usage is the <a href="https://deploymentresearch.com/mdt-2013-lite-touch-driver-management/" rel="nofollow" target="_blank">Total Control</a> method of driver organization and injection by Johan Arwidmark.</span><br />
<div class="MsoNormal">
<div class="MsoNormal">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div class="MsoNormal">
<span style="font-family: "arial" , "helvetica" , sans-serif;">Currently, when the model information is pulled from a Lenovo system, it will display the Lenovo Machine Type Model (MTM) in the Model variable as 20MD001YUS or 20MD003YUS, for example. When using the MTM, the Out-of-Box Drivers library of model folders in MDT can quickly grow and become nearly repetitive. The growth can become a management burden when attempting to maintain drivers, as each folder beginning with 20MD, for example, would have the same set of drivers in it. To enable better management, we can edit the ZTIGather.wsf script to change where it pulls the model information on Lenovo computers. The script change will set the %Model% variable to the friendly name from WMI, such as ThinkPad P1.</span></div>
<div class="MsoNormal">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div class="MsoNormal">
<span style="color: red; font-family: "arial" , "helvetica" , sans-serif;">Please make a backup copy of ZTIGather.wsf prior to editing.</span></div>
<div class="MsoNormal">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div class="MsoNormal">
<span style="font-family: "arial" , "helvetica" , sans-serif;">In the ZTIGather.wsf, we are going to add a bit of logic to detect if the Make is Lenovo and act accordingly to set the model information.</span></div>
<div class="MsoNormal">
<h4>
<span style="font-family: "arial" , "helvetica" , sans-serif;">ZTIGather.wsf</span></h4>
<div style="background: #ffffff; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;">
<pre style="line-height: 125%; margin: 0;"><span style="color: green;">' Get the make, model, and memory from the Win32_ComputerSystem class</span>
<span style="color: blue;">Set</span> objResults = objWMI.InstancesOf(<span style="color: #a31515;">"Win32_ComputerSystem"</span>)
<span style="color: blue;">For</span> <span style="color: blue;">each</span> objInstance <span style="color: blue;">in</span> objResults
<span style="color: blue;">If</span> <span style="color: blue;">not</span> IsNull(objInstance.Manufacturer) <span style="color: blue;">then</span>
sMake = Trim(objInstance.Manufacturer)
<span style="color: blue;">End</span> <span style="color: blue;">if</span>
<span style="color: blue;">If</span> sMake <> <span style="color: #a31515;">"LENOVO"</span> <span style="color: blue;">Then</span>
<span style="color: blue;">If</span> <span style="color: blue;">not</span> IsNull(objInstance.Model) <span style="color: blue;">then</span>
sModel = Trim(objInstance.Model)
<span style="color: blue;">End</span> <span style="color: blue;">if</span>
<span style="color: blue;">End</span> <span style="color: blue;">if</span>
<span style="color: blue;">If</span> <span style="color: blue;">not</span> IsNull(objInstance.TotalPhysicalMemory) <span style="color: blue;">then</span>
sMemory = Trim(Int(objInstance.TotalPhysicalMemory / 1024 / 1024))
<span style="color: blue;">End</span> <span style="color: blue;">if</span>
<span style="color: blue;">Next</span>
<span style="color: blue;">If</span> sMake = <span style="color: #a31515;">""</span> <span style="color: blue;">then</span>
oLogging.CreateEntry <span style="color: #a31515;">"Unable to determine make via WMI."</span>, LogTypeInfo
<span style="color: blue;">End</span> <span style="color: blue;">if</span>
<span style="color: blue;">If</span> sMake <> <span style="color: #a31515;">"LENOVO"</span> <span style="color: blue;">Then</span>
<span style="color: blue;">If</span> sModel = <span style="color: #a31515;">""</span> <span style="color: blue;">then</span>
oLogging.CreateEntry <span style="color: #a31515;">"Unable to determine model via WMI."</span>, LogTypeInfo
<span style="color: blue;">End</span> <span style="color: blue;">if</span>
<span style="color: blue;">End</span> <span style="color: blue;">If</span>
<span style="color: green;">' Get the UUID from the Win32_ComputerSystemProduct class</span>
<span style="color: blue;">Set</span> objResults = objWMI.InstancesOf(<span style="color: #a31515;">"Win32_ComputerSystemProduct"</span>)
<span style="color: blue;">For</span> <span style="color: blue;">each</span> objInstance <span style="color: blue;">in</span> objResults
<span style="color: blue;">If</span> <span style="color: blue;">not</span> IsNull(objInstance.UUID) <span style="color: blue;">then</span>
sUUID = Trim(objInstance.UUID)
<span style="color: blue;">End</span> <span style="color: blue;">if</span>
<span style="color: blue;">If</span> sMake = <span style="color: #a31515;">"LENOVO"</span> <span style="color: blue;">Then</span>
<span style="color: blue;">If</span> <span style="color: blue;">not</span> IsNull(objInstance.Version) <span style="color: blue;">then</span>
sModel = Trim(objInstance.Version)
<span style="color: blue;">End</span> <span style="color: blue;">if</span>
<span style="color: blue;">End</span> <span style="color: blue;">if</span>
<span style="color: blue;">Next</span>
<span style="color: blue;">If</span> sUUID = <span style="color: #a31515;">""</span> <span style="color: blue;">then</span>
oLogging.CreateEntry <span style="color: #a31515;">"Unable to determine UUID via WMI."</span>, LogTypeInfo
<span style="color: blue;">End</span> <span style="color: blue;">if</span>
<span style="color: blue;">If</span> sMake = <span style="color: #a31515;">"LENOVO"</span> <span style="color: blue;">Then</span>
<span style="color: blue;">If</span> sModel = <span style="color: #a31515;">""</span> <span style="color: blue;">then</span>
oLogging.CreateEntry <span style="color: #a31515;">"Unable to determine model via WMI."</span>, LogTypeInfo
<span style="color: blue;">End</span> <span style="color: blue;">if</span>
<span style="color: blue;">End</span> <span style="color: blue;">if</span>
</pre>
</div>
<br /></div>
</div>
<div class="MsoNormal">
<span style="font-family: "arial" , "helvetica" , sans-serif;">While on the topic of model information and injecting drivers, there is an additional change to ensure that only the drivers for the model being deployed are applied. While testing driver packs, we have found an instance where the incorrect driver folder may be used. This is caused by one model name being an exact substring of a second model. An example would be ThinkPad P1 and ThinkPad P1 Gen 2. They both contain ThinkPad P1.</span></div>
<div class="MsoNormal">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div class="MsoNormal">
<span style="font-family: "arial" , "helvetica" , sans-serif;">For this to be an issue, Out-of-Box Drivers repository would need to be alphabetized, ThinkPad P1 would need to be above ThinkPad P1 Gen 2 in the list of folders. When the DriverGroup001 variable is set to %Make%\%Model%, the ZTIConfigFile.vbs searches for the matching Out-of-Box Drivers folder structure to apply to the variable. By default, the script applies the last found instance. This means, in the above example, when deploying a Lenovo ThinkPad P1, the script will find Lenovo\ThinkPad P1 Gen 2 and assign it to the DriverGroup001 variable. What needs to happen is for there to be an exact match.</span></div>
<div class="MsoNormal">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div class="MsoNormal">
<span style="font-family: "arial" , "helvetica" , sans-serif;">In the ZTIConfigFile.vbs, there is one line of code to edit. Editing this line of code will allow the script to precisely define the Out-Of-Box Drivers subfolder(s) when reading the DriverGroup001 variable.</span></div>
<div class="MsoNormal">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div class="MsoNormal">
<span style="color: red; font-family: "arial" , "helvetica" , sans-serif;">Please make a backup copy of ZTIConfigFile.vbs prior to editing.</span></div>
<div class="MsoNormal">
<h4>
<span style="font-family: "arial" , "helvetica" , sans-serif;">ZTIConfigFile.vbs</span></h4>
</div>
<div class="MsoNormal">
<span style="font-family: "arial" , "helvetica" , sans-serif;">Change the following line of vbscript code from</span><br />
<br />
<div style="background: #ffffff; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;">
<pre style="line-height: 125%; margin: 0;"><span style="color: blue;">If</span> InStr(1,sName & <span style="color: #a31515;">"\"</span>, oGroupItem, vbTextCompare ) <> 0 <span style="color: blue;">then</span>
</pre>
</div>
<br />
<span style="font-family: "arial" , "helvetica" , sans-serif;"><b>to</b></span></div>
<div class="MsoNormal">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="background: #ffffff; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;">
<pre style="line-height: 125%; margin: 0;"><span style="color: blue;">If</span> InStr(1,sName & <span style="color: #a31515;">"\"</span>, oGroupItem, vbTextCompare ) <> 0 <span style="color: blue;">AND</span> (LEN(sName) = LEN(oGroupItem)) <span style="color: blue;">then</span>
</pre>
</div>
<br />
<span style="font-family: "arial" , "helvetica" , sans-serif;">
<span style="font-family: "arial" , "helvetica" , sans-serif;">The original line of code performs a compare to find if the DriverGroup001 variable matches </span><b>any </b><span style="font-family: "arial" , "helvetica" , sans-serif;">subfolders. The issue in this line of code is that if the deployed model is a ThinkPad P1, but we have subfolders for the ThinkPad P1 and ThinkPad P1 Gen 2, the search will find both but use the </span></span><span style="font-family: "arial" , "helvetica" , sans-serif;">last match. If the DriverGroups.xml is organized alphabetically, then the last subfolder found in this example is the ThinkPad P1 Gen 2. Since the example deployment was for a ThinkPad P1, this will result in the incorrect set of drivers being applied to the device.</span><br />
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span>
<div class="MsoNormal">
<span style="font-family: "arial" , "helvetica" , sans-serif;">The edited line of code retains the original search for the text from DriverGroup001, but now checks that the length of the DriverGroup001 variable is the same as the Out-Of-Box Drivers subgroup name being queried. The result of the new line of code is that only the group being searched for will be used.</span></div>
<div>
<br /></div>
Thad Lawsonhttp://www.blogger.com/profile/10734436262181666720noreply@blogger.comtag:blogger.com,1999:blog-6670904646973955613.post-22052362215288217602020-03-12T13:25:00.003-04:002021-07-08T10:27:46.182-04:00System Update Suite and MEM: Part 2 Configuring and Deploying the Apps<a href="https://thinkdeploy.blogspot.com/2020/01/system-update-suite-and-mem-part-1.html" target="_blank">Part 1</a> of the System Update Suite and MEM guide, we walk through creating an Application for System Update and Thin Installer.<br />
<br />
This post will guide you through one way of configuring the different settings for System Update and Thin Installer using <a href="https://docs.microsoft.com/en-us/configmgr/compliance/deploy-use/create-configuration-items" target="_blank">Configuration Items</a> and <a href="https://docs.microsoft.com/en-us/configmgr/compliance/deploy-use/create-configuration-baselines" target="_blank">Baselines</a>.<br />
<br />
<b><span style="font-size: large;">STEP 1</span></b><br />
We'll start out by creating a CI to detect if the current version of System Update is installed on clients.<br />
<br />
Launch the <b>Create Configuration Item </b>wizard, set a name, and tick the box <b>This configuration item contains application settings</b><br />
<b><br />
</b> <br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgOD3Qu60g3mQR6QegkpipKyCTs2X9eP-vPp3KY_Zxw42DzoNtq6ayP3K0MvyALk3iDSeJGhNkC81U4wFzbFwUmwiluPvL1FE0Q7QUv-ReJCAstDoavG70XmnoxImbZ_m7h0MlRY6wg728/s1600/CIwizard.PNG" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1199" data-original-width="1600" height="476" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgOD3Qu60g3mQR6QegkpipKyCTs2X9eP-vPp3KY_Zxw42DzoNtq6ayP3K0MvyALk3iDSeJGhNkC81U4wFzbFwUmwiluPvL1FE0Q7QUv-ReJCAstDoavG70XmnoxImbZ_m7h0MlRY6wg728/s640/CIwizard.PNG" width="640" /></a></div>
<b><br />
</b> <br />
Tick the <b>Detect a specific application and deployment type </b>radio button and select the current version of System Update from the application list<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjUKO3u9PbWc1nHXK_frlg8xna0QxT61xn_9D_jIVX8bFeo91fru-grDqmrFqc47grTbK4cTDR7rmgjil5Bm-bKgeI7S5CiW9sbdMXxHcnvzhdQnc6wlcQlMU90ZvJNeZglUU_dmt2iYxQ/s1600/CIwizard2.PNG" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="907" data-original-width="1600" height="362" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjUKO3u9PbWc1nHXK_frlg8xna0QxT61xn_9D_jIVX8bFeo91fru-grDqmrFqc47grTbK4cTDR7rmgjil5Bm-bKgeI7S5CiW9sbdMXxHcnvzhdQnc6wlcQlMU90ZvJNeZglUU_dmt2iYxQ/s640/CIwizard2.PNG" width="640" /></a></div>
<br />
Click <b>Next </b>through the wizard to complete the creation of the CI.<br />
<br />
Start the <b>Create Configuration Baseline </b>wizard, specify a name, and add the newly created CI<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj7aOF9naPcWEyLVQXGxmCP-wg3Xk6QZVgB-7g5Ujm7PvU3JwYS0boIm0SqsCVBo1dYWl5Np9aDPhfGG0dAUXcdk6hT8X2fmRgjwqIIvRE80jK1EhnXZ3SSw5dN-uSnkzzS6WCOEhMoPr8/s1600/CBwizard.PNG" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1237" data-original-width="1536" height="514" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj7aOF9naPcWEyLVQXGxmCP-wg3Xk6QZVgB-7g5Ujm7PvU3JwYS0boIm0SqsCVBo1dYWl5Np9aDPhfGG0dAUXcdk6hT8X2fmRgjwqIIvRE80jK1EhnXZ3SSw5dN-uSnkzzS6WCOEhMoPr8/s640/CBwizard.PNG" width="640" /></a></div>
<br />
<br />
Deploy the Baseline to a Device Collection. Ideally, the collection should contain Think branded devices only. Right click on the deployment, Create New Collection, choose Non-compliant<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiLBR1SsbGk8H4b_Ja0TO5s2SVwt0tiUWcl_8Pa3SaKTnzQ8f6JoTjKWlYH2MCcjMMWAfJoajolS46iZ2IfVeVF8UgfeefzxUd90SQ6QYP0JbMsLajqfKQpZNSBJBmtxim45_W2sN4AtPM/s1600/CBnoncompliantcollection.PNG" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="508" data-original-width="1600" height="202" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiLBR1SsbGk8H4b_Ja0TO5s2SVwt0tiUWcl_8Pa3SaKTnzQ8f6JoTjKWlYH2MCcjMMWAfJoajolS46iZ2IfVeVF8UgfeefzxUd90SQ6QYP0JbMsLajqfKQpZNSBJBmtxim45_W2sN4AtPM/s640/CBnoncompliantcollection.PNG" width="640" /></a></div>
<br />
On a client where System Update is not installed, open the ConfigMgr applet, click on the Configurations, select the Baseline and click Evaluate. The Compliance State should return Non-compliant, which is also noted in the report:<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhbgxogZCd5a0arwZ2FOx1vnB5RN55KHcU5AcJxfZJO1eb6S2BLVTiPe1Zy5dSrJbCdTeNYHN2jA0DYi8MmMoPfila-ASUIV166AoYXipO2jH8qJl7eenC7bDijZUbShqYo5xayZVu3_-o/s1600/SU-DetectReport.PNG" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="844" data-original-width="1366" height="245" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhbgxogZCd5a0arwZ2FOx1vnB5RN55KHcU5AcJxfZJO1eb6S2BLVTiPe1Zy5dSrJbCdTeNYHN2jA0DYi8MmMoPfila-ASUIV166AoYXipO2jH8qJl7eenC7bDijZUbShqYo5xayZVu3_-o/s400/SU-DetectReport.PNG" width="400" /></a></div>
<br />
Once a full update on the Non-compliant Device Collection runs, the client will be populated here.<br />
To ensure System Update is installed on this client, deploy the System Update Application as a required Application. Looking at the Deployment Status, I see a count of 2 systems that don't have the current version of System Update installed<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh7JoeVXm7hT2a3IkcWR5vrRvUPuf4CACow7H_cEG0MSpfnuU9mjp2n7VibpQ9wShvLXVklFGxiFPbEfKY9W76BUfDvULW0imZ3dM-vj0UFrqpHYS7cC1FC9gdguIP0ku9R83fIVVLX388/s1600/CB-Status.PNG" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="499" data-original-width="1600" height="198" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh7JoeVXm7hT2a3IkcWR5vrRvUPuf4CACow7H_cEG0MSpfnuU9mjp2n7VibpQ9wShvLXVklFGxiFPbEfKY9W76BUfDvULW0imZ3dM-vj0UFrqpHYS7cC1FC9gdguIP0ku9R83fIVVLX388/s640/CB-Status.PNG" width="640" /></a></div>
<br />
Back on the client, if you open the ConfigMgr applet, trigger a Machine Policy Retrieval & Eval Cycle and App Deployment Eval Cycle, System Update will be pushed down. You can then check the status of the Baseline and verify the Compliance State should now show as Compliant<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjiju47lSUww1fWtS-v5WixZXIZ8T8kMg9mgPoe6cVy9IBLozajU7Gq6I-7emSZbsu9F5HgrBEWV4DgrounG_y9vKx1_ZmAbohBGYIrlo8_lh_VSteh8ScTi3b6cJl-DLj3h3RPdD-cTbA/s1600/CBCompliant.PNG" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="749" data-original-width="979" height="305" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjiju47lSUww1fWtS-v5WixZXIZ8T8kMg9mgPoe6cVy9IBLozajU7Gq6I-7emSZbsu9F5HgrBEWV4DgrounG_y9vKx1_ZmAbohBGYIrlo8_lh_VSteh8ScTi3b6cJl-DLj3h3RPdD-cTbA/s400/CBCompliant.PNG" width="400" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<br />
This system will now drop out of the Non-compliant Device Collection once the scheduled membership eval hits.<br />
<br />
<b><span style="font-size: large;">STEP 2</span></b><br />
Now that System Update is installed, there's a handful of settings I want to configure. To do this, I'll create another Configuration Item. On the <b>Specify settings for this operating system </b>screen, add the following setting/compliance rules:<br />
<br />
____________________<br />
<i>General</i><br />
<b>Name</b>: Set AdminCommandLine<br />
<b>Setting Type:</b> Registry value<br />
<b>Data Type:</b> String<br />
<b>Hive Name: </b>HKLM<br />
<b>Key Name: </b>SOFTWARE\Policies\Lenovo\System Update\UserSettings\General<br />
<b>Value Name: </b>AdminCommandLine<br />
<i><br />
</i> <i>Compliance Rules</i><br />
<b>Name: </b>Set AdminCommandLine<br />
<b>Description</b>: This directs System Update to a specific repository<br />
<b>The setting must comply with the following rule:</b><br />
Set AdminCommandLine Equals /CM -search A -action INSTALL -repository \\dp01.cdrt.com\UR-CLOUDREPO -includerebootpackages 1,3,5 -noicon -noreboot -nolicense -exporttowmi<br />
<b>Remediate noncompliant rules when supported</b><br />
____________________<br />
<br />
____________________<br />
<i>General</i><br />
<b>Name</b>: Set AskBeforeClosing<br />
<b>Setting Type:</b> Registry value<br />
<b>Data Type:</b> String<br />
<b>Hive Name: </b>HKLM<br />
<b>Key Name: </b>SOFTWARE\Policies\Lenovo\System Update\UserSettings\General<br />
<b>Value Name: </b>AskBeforeClosing<br />
<i><br />
</i> <i>Compliance Rules</i><br />
<b>Name: </b>Set AskBeforeClosing<br />
<b>Description: </b>Removes the prompt to close System Update<br />
<b>The setting must comply with the following rule:</b><br />
Set AskBeforeClosing Equals NO<br />
<b>Remediate noncompliant rules when supported</b><br />
____________________<br />
<br />
____________________<br />
<i>General</i><br />
<b>Name</b>: Set DebugEnable<br />
<b>Setting Type:</b> Registry value<br />
<b>Data Type:</b> String<br />
<b>Hive Name: </b>HKLM<br />
<b>Key Name: </b>SOFTWARE\Policies\Lenovo\System Update\UserSettings\General<br />
<b>Value Name: </b>DebugEnable<br />
<i><br />
</i> <i>Compliance Rules</i><br />
<b>Name: </b>Set DebugEnable<br />
<b>Description: </b><span style="font-family: inherit;"><span class="TextRun SCXW131474969 BCX7" data-contrast="auto" lang="EN-US" style="-webkit-tap-highlight-color: transparent; -webkit-user-drag: none; background-color: white; font-variant-ligatures: none; line-height: 17.2667px; margin: 0px; padding: 0px; user-select: text;" xml:lang="EN-US"><span class="NormalTextRun SCXW131474969 BCX7" style="-webkit-tap-highlight-color: transparent; -webkit-user-drag: none; background-color: inherit; margin: 0px; padding: 0px; user-select: text;">Enables you to log process results to the file named ApplicabilityRulesTrace.</span></span><span class="TextRun SCXW131474969 BCX7" data-contrast="auto" lang="EN-US" style="-webkit-tap-highlight-color: transparent; -webkit-user-drag: none; background-color: white; font-variant-ligatures: none; line-height: 17.2667px; margin: 0px; padding: 0px; user-select: text;" xml:lang="EN-US"><span class="NormalTextRun SCXW131474969 BCX7" style="-webkit-tap-highlight-color: transparent; -webkit-user-drag: none; background-color: inherit; margin: 0px; padding: 0px; user-select: text;">txt</span></span><span class="TextRun SCXW131474969 BCX7" data-contrast="auto" lang="EN-US" style="-webkit-tap-highlight-color: transparent; -webkit-user-drag: none; background-color: white; font-variant-ligatures: none; line-height: 17.2667px; margin: 0px; padding: 0px; user-select: text;" xml:lang="EN-US"><span class="NormalTextRun SCXW131474969 BCX7" style="-webkit-tap-highlight-color: transparent; -webkit-user-drag: none; background-color: inherit; margin: 0px; padding: 0px; user-select: text;">.</span></span><span class="EOP SCXW131474969 BCX7" data-ccp-props="{"134233279":true,"201341983":0,"335559738":12,"335559739":12,"335559740":259}" style="-webkit-tap-highlight-color: transparent; -webkit-user-drag: none; background-color: white; line-height: 17.2667px; margin: 0px; padding: 0px; user-select: text;"> </span></span><br />
<b>The setting must comply with the following rule:</b><br />
Set AskBeforeClosing Equals YES<br />
<b>Remediate noncompliant rules when supported</b><br />
____________________<br />
<br />
____________________<br />
<i>General</i><br />
<b>Name</b>: Set DisplayLicenseNotice<br />
<b>Setting Type:</b> Registry value<br />
<b>Data Type:</b> String<br />
<b>Hive Name: </b>HKLM<br />
<b>Key Name: </b>SOFTWARE\Policies\Lenovo\System Update\UserSettings\General<br />
<b>Value Name: </b>DisplayLicenseNotice<br />
<i><br />
</i> <i>Compliance Rules</i><br />
<b>Name: </b>Set DisplayLicenseNotice<br />
<b>Description: </b><span style="font-family: inherit;"><span class="TextRun SCXW196231699 BCX7" data-contrast="auto" lang="EN-US" style="-webkit-tap-highlight-color: transparent; -webkit-user-drag: none; background-color: white; font-variant-ligatures: none; line-height: 17.2667px; margin: 0px; padding: 0px; user-select: text;" xml:lang="EN-US"><span class="NormalTextRun SCXW196231699 BCX7" style="-webkit-tap-highlight-color: transparent; -webkit-user-drag: none; background-color: inherit; margin: 0px; padding: 0px; user-select: text;">Enables you to skip the license agreement that will be displayed before the update packages pick list is populated.</span></span><span class="EOP SCXW196231699 BCX7" data-ccp-props="{"134233279":true,"201341983":0,"335559738":12,"335559739":12,"335559740":259}" style="-webkit-tap-highlight-color: transparent; -webkit-user-drag: none; background-color: white; line-height: 17.2667px; margin: 0px; padding: 0px; user-select: text;"> </span></span><br />
<b>The setting must comply with the following rule:</b><br />
Set DisplayLicenseNotice Equals NO<br />
<b>Remediate noncompliant rules when supported</b><br />
____________________<br />
<br />
____________________<br />
<i>General</i><br />
<b>Name</b>: Set MetricsEnabled<br />
<b>Setting Type:</b> Registry value<br />
<b>Data Type:</b> String<br />
<b>Hive Name: </b>HKLM<br />
<b>Key Name: </b>SOFTWARE\Policies\Lenovo\System Update\UserSettings\General<br />
<b>Value Name: </b>MetricsEnabled<br />
<i><br />
</i> <i>Compliance Rules</i><br />
<b>Name: </b>Set MetricsEnabled<br />
<b>Description: </b>Disables metrics collection<br />
<b>The setting must comply with the following rule:</b><br />
Set MetricsEnabled Equals NO<br />
<b>Remediate noncompliant rules when supported</b><br />
____________________<br />
<br />
____________________<br />
<i>General</i><br />
<b>Name</b>: Set SchedulerAbility<br />
<b>Setting Type:</b> Registry value<br />
<b>Data Type:</b> String<br />
<b>Hive Name: </b>HKLM<br />
<b>Key Name: </b>SOFTWARE\Policies\Lenovo\System Update\Preferences\UserSettings\Scheduler<br />
<b>Value Name: </b>SchedulerAbility<br />
<i><br />
</i> <i>Compliance Rules</i><br />
<b>Name: </b>Set SchedulerAbility<br />
<b>The setting must comply with the following rule:</b><br />
Set SchedulerAbility Equals NO<br />
<b>Remediate noncompliant rules when supported</b><br />
____________________<br />
<br />
____________________<br />
<i>General</i><br />
<b>Name</b>: Set SchedulerLock<br />
<b>Setting Type:</b> Registry value<br />
<b>Data Type:</b> String<br />
<b>Hive Name: </b>HKLM<br />
<b>Key Name: </b>SOFTWARE\Policies\Lenovo\System Update\Preferences\UserSettings\Scheduler<br />
<b>Value Name: </b>SchedulerLock<br />
<i><br />
</i> <i>Compliance Rules</i><br />
<b>Name: </b>Set SchedulerLock<br />
<b>Description: </b>Hides the schedule updates option to end user<br />
<b>The setting must comply with the following rule:</b><br />
Set SchedulerLock Equals HIDE<br />
<b>Remediate noncompliant rules when supported</b><br />
____________________<br />
<br />
One more configuration to make on the client is to disable System Update's default scheduled task to check for updates. Since I want to control this behavior, a Discovery and Remediation script will be used. Add one last setting to the CI:<br />
<br />
<i>General</i><br />
<b>Name: </b>Create Scheduled Task<br />
<b>Description: </b>Checks if custom scheduled task is present. If not, create it and disable System Update's default scheduled task.<br />
<b>Setting Type: </b>Script<br />
<b>Data type: </b>String<br />
<b>Discovery script: </b><br />
<b><br />
</b> <br />
<div style="background: rgb(255, 255, 255); border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;">
<table><tbody>
<tr><td>
</td><td><pre style="line-height: 125%; margin: 0px;"><span style="color: #996633;">$cloudrepocheck</span> = <span style="color: #007020;">Get-ScheduledTask</span> | <span style="color: #007020;">Where-Object</span> {<span style="color: #996633;">$_</span>.TaskName <span style="color: #333333;">-match</span> <span style="background-color: #fff0f0;">"CloudRepository"</span>}
<span style="color: #008800; font-weight: bold;">if</span> (!(<span style="color: #996633;">$cloudrepocheck</span>)) {
<span style="color: #007020;">Write-Output</span> <span style="background-color: #fff0f0;">"Non-compliant"</span>
} <span style="color: #008800; font-weight: bold;">else</span> {
<span style="color: #007020;">Write-Output</span> <span style="background-color: #fff0f0;">"Compliant"</span>
}
</pre>
</td></tr>
</tbody></table>
</div>
<br />
<b>Remediation script:</b><br />
<b><br />
</b> <!--HTML generated using hilite.me--><br />
<div style="background: rgb(255, 255, 255); border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;">
<table><tbody>
<tr><td>
</td><td><pre style="line-height: 125%; margin: 0px;"><span style="color: #888888;"># Create the scheduled task for System Update to connect to Lenovo's servers to install whitelisted updates</span>
<span style="color: #996633;">$su</span> = <span style="color: #007020;">Join-Path</span> (<span style="color: #003366; font-weight: bold;">[System.Environment]</span><span style="background-color: #ffaaaa; color: red;">::</span>GetFolderPath(<span style="background-color: #ffaaaa; color: red;">“</span>ProgramFilesX86<span style="background-color: #ffaaaa; color: red;">”</span>)) <span style="background-color: #fff0f0;">"Lenovo\System Update\tvsu.exe"</span>
<span style="color: #996633;">$taskAction</span> = <span style="color: #007020;">New-ScheduledTaskAction</span> <span style="background-color: #ffaaaa; color: red;">–</span>Execute <span style="color: #996633;">$su</span> -Argument <span style="background-color: #fff0f0;">'/CM'</span>
<span style="color: #996633;">$taskTrigger</span> = <span style="color: #007020;">New-ScheduledTaskTrigger</span> -Weekly -DaysOfWeek Monday -At 9am
<span style="color: #996633;">$taskUserPrincipal</span> = <span style="color: #007020;">New-ScheduledTaskPrincipal</span> -UserId <span style="background-color: #fff0f0;">'SYSTEM'</span>
<span style="color: #996633;">$taskSettings</span> = <span style="color: #007020;">New-ScheduledTaskSettingsSet</span> -Compatibility Win8
<span style="color: #996633;">$task</span> = <span style="color: #007020;">New-ScheduledTask</span> -Action <span style="color: #996633;">$taskAction</span> -Principal <span style="color: #996633;">$taskUserPrincipal</span> -Trigger <span style="color: #996633;">$taskTrigger</span> -Settings <span style="color: #996633;">$taskSettings</span>
<span style="color: #007020;">Register-ScheduledTask</span> -TaskName <span style="background-color: #fff0f0;">'TVSU-CloudRepository'</span> -InputObject <span style="color: #996633;">$task</span> -Force
<span style="color: #888888;"># Disable the default System Update scheduled tasks</span>
<span style="color: #007020;">Get-ScheduledTask</span> -TaskPath <span style="background-color: #fff0f0;">"\TVT\"</span> | <span style="color: #007020;">Disable-ScheduledTask</span>
</pre>
</td></tr>
</tbody></table>
</div>
<br />
<i>Compliance Rules</i><br />
<b>Name: </b>Create Scheduled Task<br />
<b>The setting must comply with the following rule:</b><br />
The value entered by the specified script: Equals Compliant<br />
<b>Run the specified remediation script when this setting is noncompliant</b><br />
<br />
After all Setting Types have been added to the CI, the Settings and Compliance Rules tabs should look like this:<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjtAJlNH-_lYvejtf5MoieWdHHDsxXtRwltTzPgrplLnuo2YKABK6wxWvViElndsz4ZXWDGRJJEFJZDvQoIcZbJqepEkKG3lFMZLc3qv5LVED8WmZFKIRKVsFRb4d2ebwqqmhh0-4KE2iY/s1600/CI-SchTsk.PNG" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="893" data-original-width="1486" height="384" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjtAJlNH-_lYvejtf5MoieWdHHDsxXtRwltTzPgrplLnuo2YKABK6wxWvViElndsz4ZXWDGRJJEFJZDvQoIcZbJqepEkKG3lFMZLc3qv5LVED8WmZFKIRKVsFRb4d2ebwqqmhh0-4KE2iY/s640/CI-SchTsk.PNG" width="640" /></a></div>
<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgw9-Smv_qj32GbnSahGFRbDF6qTciCUJL3Kgts21-dPzlqubjjmP7tTy1SWvLmTMfPf_hKJxBFycCJrXil-DFukZTufHxqQ8PUWVGVXVZCKlj2w1CgyukNThGFrjMTUH3RuZnDULigK1w/s1600/CI-SchTsk2.PNG" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="789" data-original-width="1484" height="340" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgw9-Smv_qj32GbnSahGFRbDF6qTciCUJL3Kgts21-dPzlqubjjmP7tTy1SWvLmTMfPf_hKJxBFycCJrXil-DFukZTufHxqQ8PUWVGVXVZCKlj2w1CgyukNThGFrjMTUH3RuZnDULigK1w/s640/CI-SchTsk2.PNG" width="640" /></a></div>
<br />
<br />
Create a new Baseline, enter a name, click Add and select Configuration Items from the drop down. Choose the new CI from the list.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgDiboK8Ba3qi5E1yP5x76SmTgOAScJyWdcy_by5O7IKBG6u4q83VbzXnNGO56R8ZpfHUDEveQh8A7T9fT-3tVB-TG5OS17yCcZwg6aV-cJgRnsKs7TYPBtOYOtDSORfmlzHx45gzHCI9Y/s1600/CB-TVSU.PNG" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="426" data-original-width="616" height="442" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgDiboK8Ba3qi5E1yP5x76SmTgOAScJyWdcy_by5O7IKBG6u4q83VbzXnNGO56R8ZpfHUDEveQh8A7T9fT-3tVB-TG5OS17yCcZwg6aV-cJgRnsKs7TYPBtOYOtDSORfmlzHx45gzHCI9Y/s640/CB-TVSU.PNG" width="640" /></a></div>
<br />
<br />
<b><span style="font-size: large;">STEP 3</span></b><br />
Now we are ready for deployment. Choose <b>Deploy </b>from the ribbon bar and choose a Device Collection. Tick the boxes to <b>Remediate noncompliant rules when support </b>and <b>Allow remediation outside the maintenance window </b>and set the schedule<br />
<b><br />
</b> <br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgf8iKLhfnGDucZvcsLbkh2MI-GsXABIM7uebdTDNrL1AjuTyMXG35C1X1CqBeRK9jlainqg6xvuZM96-nnzXXJJVVlZhIEN93h-5RK9nehnpbCBdMlyWk-bSY51wN6uSe4hyYDXdpCagY/s1600/CB-Deploy2.PNG" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="601" data-original-width="633" height="606" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgf8iKLhfnGDucZvcsLbkh2MI-GsXABIM7uebdTDNrL1AjuTyMXG35C1X1CqBeRK9jlainqg6xvuZM96-nnzXXJJVVlZhIEN93h-5RK9nehnpbCBdMlyWk-bSY51wN6uSe4hyYDXdpCagY/s640/CB-Deploy2.PNG" width="640" /></a></div>
<b><br />
</b> <br />
<br />
Verify the status of the Baseline on a client to determine compliance. Once in a compliant state, you can now see in the Registry that the keys configured in the CI have been set.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgFiv3BxjjfXdAZI5cBll1PsnPVRJRFSWlVWY0pveG9NreDJM0rvHy80W8sEqAYUcl8-HOxEqrh1DE_bQrvx6F9SYg80pOAMtyWzHH7xaRC35rJvBpm9z-mYTIa68bEO2z56uRv-CTYprI/s1600/Reg.PNG" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="257" data-original-width="1600" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgFiv3BxjjfXdAZI5cBll1PsnPVRJRFSWlVWY0pveG9NreDJM0rvHy80W8sEqAYUcl8-HOxEqrh1DE_bQrvx6F9SYg80pOAMtyWzHH7xaRC35rJvBpm9z-mYTIa68bEO2z56uRv-CTYprI/s1600/Reg.PNG" /></a></div>
<br />
<br />
Task Scheduler also has the new custom task<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiR7PK0NMZRwP-fQfD9_R9EvjgLCMZGhES9hqbWoyVZCcAzuOYHLccSFEWZZwVDeTMp5UlqRDUHTIJPowyI5vFvbIJUkPQkX_AUgXccptyZuTe4cWUyoHZV3CS3sUZFPWrJ92sQ6iHEjqg/s1600/SchTsk.PNG" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="280" data-original-width="1600" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiR7PK0NMZRwP-fQfD9_R9EvjgLCMZGhES9hqbWoyVZCcAzuOYHLccSFEWZZwVDeTMp5UlqRDUHTIJPowyI5vFvbIJUkPQkX_AUgXccptyZuTe4cWUyoHZV3CS3sUZFPWrJ92sQ6iHEjqg/s1600/SchTsk.PNG" /></a></div>
<br />
<br />
Depending on the applicable updates based on which reboot type packages were specified to install in the command line, System Update may prompt the user to show which updates will be installed.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjpJ-L9vPltQXQpVdWX5DD4cM1LpwdgPp8gw7N54w9w7AOGEsQGXJ00UdXWawje2YMe1AowC856cE8-9vWE54ahZGv-g_sSc1yFJ42Qm7sTiFC0CoNTUofIP0D1K7Cqyuu7oP1sSDc_PqQ/s1600/SUDialog.PNG" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="776" data-original-width="1576" height="314" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjpJ-L9vPltQXQpVdWX5DD4cM1LpwdgPp8gw7N54w9w7AOGEsQGXJ00UdXWawje2YMe1AowC856cE8-9vWE54ahZGv-g_sSc1yFJ42Qm7sTiFC0CoNTUofIP0D1K7Cqyuu7oP1sSDc_PqQ/s640/SUDialog.PNG" width="640" /></a></div>
<br />
<br />
<br />
<u>Further Reading</u><br />
<u><br /></u>
Managing System Update With Intune - <a href="https://thinkdeploy.blogspot.com/2019/07/manage-lenovo-system-update-with-intune.html">https://thinkdeploy.blogspot.com/2019/07/manage-lenovo-system-update-with-intune.html</a><br />
<br />
<br />
<br />
<br />
<br />
<br />
<b><br />
</b> <b><br />
</b>Phil Jorgensenhttp://www.blogger.com/profile/11453108320856076366noreply@blogger.comtag:blogger.com,1999:blog-6670904646973955613.post-28080625744980006552020-03-12T12:07:00.001-04:002022-08-24T12:35:38.847-04:00Manage Lenovo System Update with Intune<div><i>This article has been moved to <a href="https://blog.lenovocdrt.com/#/2020/manage_su_intune">https://blog.lenovocdrt.com/#/2020/manage_su_intune</a></i></div><div><br /></div>This post will describe how you can manage Lenovo System Update on<br />
Windows 10 devices with Intune.<br />
<br />
Before you begin, you will need:<br />
<ul>
<li><a href="https://download.lenovo.com/pccbbs/thinkvantage_en/zb59_tvsu_win7_win8_admin59.exe" target="_blank" title="System Update Administrator Tools">System Update Administrator Tools</a> - This contains the System Update ADM/ADMX files. By default, the contents are extracted to <b>C:\SWTOOLS\TOOLS\Admin</b></li>
<li>A Windows 10 device connected to Azure Active Directory and managed by Intune</li>
<li><a href="https://support.lenovo.com/us/en/solutions/ht037099" target="_blank" title="System Update">System Update</a> installed on the device</li>
</ul>
<h2>
Ingest the TVSU ADMX file </h2>
<ul>
<li>Sign in to the <a href="https://devicemanagement.microsoft.com/" target="_blank" title="Azure Device Management">Azure Device Management</a> portal</li>
<li>Navigate to <b>Device Configuration > Profiles > Click Create Profile</b></li>
<li>Enter the required information for the new profile, for example:</li>
<ul>
<li><b>Name: </b>Lenovo System Update configuration</li>
<li><b>Description:</b> (Optional)</li>
<li><b>Platform: </b>Windows 10 and later</li>
<li><b>Profile Type:</b> Custom</li>
</ul>
<li>In the <b>Custom OMA-URI Settings</b> menu, click <b>Add </b>and enter the following</li>
<ul>
<li><b>Name</b>: TVSU ADMX Ingest</li>
<li><b>Description</b>: (Optional)</li>
<li><b>OMA-URI</b>: ./Device/Vendor/MSFT/Policy/ConfigOperations/ADMXInstall/Lenovo/Policy/TVSU</li>
<li><b>Data Type</b>: String</li>
<li><b>Value</b>: Copy the contents of the <b>tvsu.admx</b> into this field</li>
</ul>
<li>Click <b>OK </b>to complete adding the new OMA-URI row</li>
<li>Click <b>Create </b>to create the new profile</li>
<li>Assign the profile to a group. This group should only include devices that have System Update installed.</li>
</ul>
Verify the settings have pushed to a device by launching <b>Regedit</b> and navigating to <br />
<br />
<b>HKLM\SOFTWARE\Microsoft\PolicyManager\AdmxDefault</b><br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjo2dw_GLi9NbPjtHI36l03MBGtOc39jaRqfin_24XyNDrcO22bpNZP8uq_zY2GCgnKrhcnqgbP_IfXMHjo69zC0Ap9CRUunEoV1P28ciNip2-egaoEOX8RoQONmQSWfQHOwynkRL1-ais/s1600/Capture.PNG" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="561" data-original-width="1091" height="328" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjo2dw_GLi9NbPjtHI36l03MBGtOc39jaRqfin_24XyNDrcO22bpNZP8uq_zY2GCgnKrhcnqgbP_IfXMHjo69zC0Ap9CRUunEoV1P28ciNip2-egaoEOX8RoQONmQSWfQHOwynkRL1-ais/s640/Capture.PNG" width="640" /></a></div>
<br />
<h2>
Create a TVSU Policy </h2>
Example 1<br />
<ul>
<li>Sign in to the <a href="https://devicemanagement.microsoft.com/" target="_blank">Azure<br />
Device Management</a> portal</li>
<li>Navigate to <b>Device Configuration > Profiles ></b><br />
click the <b>Lenovo System Update Configuration</b> profile that was created earlier <b>> Properties > Settings</b></li>
<li>In the <b>Custom OMA-URI</b> Settings menu, click <b>Add</b>and enter the following</li>
<ul>
<li><b>Name</b>: Admin Command Line</li>
<li><b>Description</b>: Installs Critical and Recommended packages with a reboot type 3 (requires reboot)</li>
<li><b>OMA-URI</b>:<br />
./Device/Vendor/MSFT/Policy/Config/Lenovo~Policy~Cat_ThinkVantage_61~Cat_System_Update_63~Cat_UserSettings_74~Cat_General_78/Policy_Admin_CommandLine_154</li>
<li><b>Data Type</b>: String</li>
<li><b>Value</b>: </li>
</ul>
</ul>
<pre style="margin-left: 80px;"><enabled/></pre>
<pre style="margin-left: 80px;"><data id="Policy_TextBox_Element_Admin_CommandLine_155" value="/CM -search R -action INSTALL -includerebootpackages 3 -noicon -noreboot -nolicense"/></pre>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh5Cl3SLjn4TAxRpHIdridZmG2HZDbU98x0-P_dnJHtT2WVWkX2RxJ_OYw-huDGzrUdvhCTLMCtr_g2zsK72INXHXU03qOAejCqdPVcM8h6b7Fx4P54yMCWEhivT5bbPe7aExkGD8tWxFs/s1600/Capture2.PNG" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="401" data-original-width="574" height="446" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh5Cl3SLjn4TAxRpHIdridZmG2HZDbU98x0-P_dnJHtT2WVWkX2RxJ_OYw-huDGzrUdvhCTLMCtr_g2zsK72INXHXU03qOAejCqdPVcM8h6b7Fx4P54yMCWEhivT5bbPe7aExkGD8tWxFs/s640/Capture2.PNG" width="640" /></a></div>
<br />
<ul><ul>
<li>Click OK to complete adding the new OMA-URI row</li>
</ul>
</ul>
<h2>
Example 2</h2>
<ul>
<li>In the <b>Custom OMA-URI Settings</b> menu, click <b>Add</b>and enter the following</li>
<ul>
<li><b>Name</b>: Repository Path</li>
<li><b>Description</b>: (Optional)</li>
<li><b>OMA-URI</b>: ./Device/Vendor/MSFT/Policy/Config/Lenovo~Policy~Cat_ThinkVantage_61~Cat_System_Update_63~Cat_UserSettings_74~Cat_General_78/Policy_Repository_Location_116</li>
<li><b>Data Type</b>: String</li>
<li><b>Value</b>: </li>
</ul>
</ul>
<pre style="margin-left: 80px;"><enabled/></pre>
<pre style="margin-left: 80px;"><data id="Policy_TextBox_Element_Repository_Location_119" value="\\CustomRepoPath"/></pre>
<pre style="margin-left: 80px;"><data id="Policy_TextBox_Element_Repository_Location_120" value="\\CustomRepoPath2"/></pre>
<pre style="margin-left: 80px;"><data id="Policy_TextBox_Element_Repository_Location_121" value="\\CustomRepoPath3"/></pre>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEghXQID9fiHwmUfVrpVb0_me2m7LR7Zoj2mTrUOkjl6ax3TSviX5KAPcGMg06E5Gm7muBTvi08nbz_RlioFIo_y7IQIh35eKlGkno7_DlzWuCsAysqYHdGSYN91U_4au2CdYjurFqrqFn8/s1600/Capture5.PNG" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="398" data-original-width="559" height="454" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEghXQID9fiHwmUfVrpVb0_me2m7LR7Zoj2mTrUOkjl6ax3TSviX5KAPcGMg06E5Gm7muBTvi08nbz_RlioFIo_y7IQIh35eKlGkno7_DlzWuCsAysqYHdGSYN91U_4au2CdYjurFqrqFn8/s640/Capture5.PNG" width="640" /></a></div>
<ul>
<li>Click <b>OK </b>to complete adding the new OMA-URI row</li>
<li>Save the profile</li>
</ul>
Verify the policies have applied to the client by launching <b>Regedit </b>and navigate to <br />
<br />
<b>HKLM\SOFTWARE\Policies\Lenovo\System Update\UserSettings\General</b><br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgVSDvc4i4XH2IU4iAf6zVnDMRJIJ0cGz7-XjcVh3NXsvL2NeS427Xq9TH8FLM1lgveKd3Rqtji3-YPqZS4ZLdb9ZbQEIuTtT4PDiNC1HSJ0RkhDn_xLfPDnUW0rDnmbohNObHglYL7XWM/s1600/Capture4.PNG" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="860" data-original-width="1600" height="344" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgVSDvc4i4XH2IU4iAf6zVnDMRJIJ0cGz7-XjcVh3NXsvL2NeS427Xq9TH8FLM1lgveKd3Rqtji3-YPqZS4ZLdb9ZbQEIuTtT4PDiNC1HSJ0RkhDn_xLfPDnUW0rDnmbohNObHglYL7XWM/s640/Capture4.PNG" width="640" /></a></div>
<br />
<h4>
Further Reading:</h4>
<a href="https://docs.microsoft.com/en-us/windows/client-management/mdm/enable-admx-backed-policies-in-mdm" target="_blank">Enable ADMX-backed policies in MDM</a><br />
<br />
<a href="https://docs.microsoft.com/en-us/windows/client-management/mdm/win32-and-centennial-app-policy-configuration#enabling-an-app-policy" target="_blank">Win32 and Desktop Bridge app policy</a><br />
<br />Phil Jorgensenhttp://www.blogger.com/profile/11453108320856076366noreply@blogger.comtag:blogger.com,1999:blog-6670904646973955613.post-17560833598592761592020-02-21T15:14:00.000-05:002020-02-21T15:14:35.731-05:00Deploying Lenovo System Update with automatic updates disabledOne of the features of Lenovo System Update is to automatically install the following types of updates:<br />
<br />
<ul>
<li><b>Critical </b>updates (BIOS, firmware, drivers, software)</li>
<li><b>Recommended</b> <i>driver</i> updates (not BIOS, firmware, or software)</li>
</ul>
<div>
These updates are installed by scheduled tasks. Some customers may want to deploy Lenovo System Update without these scheduled tasks, and also prevent their end-users from re-enabling automatic updates. This can be accomplished in these steps:</div>
<div>
<ol>
<li>Install System Update</li>
<li>Delete the scheduled tasks</li>
<li>Import a .reg file that will hide the Scheduler option in the System Update GUI</li>
</ol>
</div>
<div>
I have prepared a sample package which does these 3 things. This is based on System Update 5.07.0092 which is the latest version at the time I'm writing this.</div>
<div>
<br /></div>
<div>
<a href="https://download.lenovo.com/pccbbs/thinkvantage_en/cdrt_resources/Deploy_SU_No_Scheduler_5.07.0092.zip">https://download.lenovo.com/pccbbs/thinkvantage_en/cdrt_resources/Deploy_SU_No_Scheduler_5.07.0092.zip</a></div>
<div>
<br /></div>
<div>
See <b>Deploy_SU_No_Scheduler.bat</b> - you can use this as-is, or use the same technique in your own scripts.</div>
someotherguyhttp://www.blogger.com/profile/06067222794763722625noreply@blogger.comtag:blogger.com,1999:blog-6670904646973955613.post-48585104688605966312020-01-30T15:03:00.002-05:002020-12-17T10:54:13.931-05:00Updating Thunderbolt Software and Firmware with Microsoft Endpoint ConfigMgr<blockquote class="tr_bq" style="font-size: medium; text-align: left;">
[Updated December 17, 2020: Updated repository to include latest updates. To get just the updated repository, download and unzip the zip file, then refresh your package content with the files from the <b>\TP_TBT_TS-20201217\TP_TBT_TS_files\Thunderbolt Updates\repository</b> folder. Remember to update your distribution points.]</blockquote>
This post provides an alternative solution for deploying Thunderbolt software (driver), firmware, and BIOS updates to affected ThinkPads as described in this <a href="https://support.lenovo.com/us/en/solutions/ht508988" target="_blank">bulletin</a>. What makes this process difficult is the installation order in which these updates have to be applied. The Thunderbolt driver and BIOS (not all models) are required to be installed first <b>before </b>the firmware can be updated, with a reboot in between.<br />
<br />
To accomplish this task, a ConfigMgr sample Task Sequence has been developed with all necessary updates and provided as a zip which can be imported into your console. The brains of the Task Sequence lies with the power of Thin Installer and two commands. The solution guide will describe how all of this is put together so it can be well understood.<br />
<br />
The files you will need can be found at the following links:<br />
<ul>
<li>Task sequence package: <a href="https://download.lenovo.com/cdrt/eval/TP_TBT_TS-20201217.zip" target="_blank">https://download.lenovo.com/cdrt/eval/TP_TBT_TS-202012417.zip</a></li>
<li>Solution Guide documentation: <a href="https://download.lenovo.com/cdrt/eval/SolutionGuide-ThunderboltUpdates-1.1.pdf" target="_blank">https://download.lenovo.com/cdrt/eval/SolutionGuide-ThunderboltUpdates-1.1.pdf</a></li>
<li>Systems List for UR: <a href="https://download.lenovo.com/cdrt/eval/tbt-systems.txt" target="_blank">https://download.lenovo.com/cdrt/eval/tbt-systems.txt</a></li>
</ul>
<br />
<br />
Below are screenshots of what the Task Sequence looks like<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiLZqkoZQVFtRIZD_l2jBBMP1gqLiux-H84-5m_zzgIjumSQc0-vy46DDa6GPprpVopZwzXQVT9f51ojOz86CJqqgb4K3X1bI5MAVvAKUZaHWKBUVEOPnnY3oQZMl3xyAC4F0ouGvvP3Dk/s1600/Capture2.PNG" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1284" data-original-width="1338" height="614" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiLZqkoZQVFtRIZD_l2jBBMP1gqLiux-H84-5m_zzgIjumSQc0-vy46DDa6GPprpVopZwzXQVT9f51ojOz86CJqqgb4K3X1bI5MAVvAKUZaHWKBUVEOPnnY3oQZMl3xyAC4F0ouGvvP3Dk/s640/Capture2.PNG" width="640" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgrl63TCrM_pUMiDnVYZ_HS9tqT2Z2d3XFdq5FvUoZl-9gG66og7iDxaHlH3Xq8lhfTqwXmX3GNtDt067zBl3RElPU9YmPEfYJNCuhkI6EgWSrDe3B8wnLmDvUb9VmKF0h01eUIP35iivc/s1600/Capture3.PNG" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1272" data-original-width="1334" height="610" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgrl63TCrM_pUMiDnVYZ_HS9tqT2Z2d3XFdq5FvUoZl-9gG66og7iDxaHlH3Xq8lhfTqwXmX3GNtDt067zBl3RElPU9YmPEfYJNCuhkI6EgWSrDe3B8wnLmDvUb9VmKF0h01eUIP35iivc/s640/Capture3.PNG" width="640" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhTpsbDKWYihhD1gtXfxC3ukRz_4ORBYQRuPksENDf14_vPBOXrUdvtUVTzpcIa6K-1hzCnDPPuTT83OvcpRHT1t_11mr9XjDLpobn078mQo5tx8wO_HrdkzGLUkbzeRwbqtsUCwfowLSw/s1600/Capture.PNG" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="877" data-original-width="1600" height="350" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhTpsbDKWYihhD1gtXfxC3ukRz_4ORBYQRuPksENDf14_vPBOXrUdvtUVTzpcIa6K-1hzCnDPPuTT83OvcpRHT1t_11mr9XjDLpobn078mQo5tx8wO_HrdkzGLUkbzeRwbqtsUCwfowLSw/s640/Capture.PNG" width="640" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgoyi74wHmcbAivzhhnpW8a2FhFmbFW_Kv80w2sTqgVaB5KdM8vQypsR9sMMWDmXrCOKQ3JqlV6B67J90nDly99Jww1darImZGmUFF6uxr3N_2QyiHMs7m5i9X_76dKQjaGA0HEBVb4dXA/s1600/Capture4.PNG" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="861" data-original-width="1600" height="344" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgoyi74wHmcbAivzhhnpW8a2FhFmbFW_Kv80w2sTqgVaB5KdM8vQypsR9sMMWDmXrCOKQ3JqlV6B67J90nDly99Jww1darImZGmUFF6uxr3N_2QyiHMs7m5i9X_76dKQjaGA0HEBVb4dXA/s640/Capture4.PNG" width="640" /></a></div>
<br />Phil Jorgensenhttp://www.blogger.com/profile/11453108320856076366noreply@blogger.comtag:blogger.com,1999:blog-6670904646973955613.post-33606820606029255482020-01-19T18:13:00.015-05:002021-07-08T10:27:06.629-04:00System Update Suite and MEM: Part 1 Creating the AppsThis blog post is part of a series of posts that will demonstrate ways of leveraging the System Update Suite of tools (Lenovo System Update, Thin Installer and Update Retriever) in a Microsoft Endpoint Manager - Configuration Manager environment. This series will show how to deploy the applications to clients, how to configure clients to update on a scheduled basis, how to maintain and deploy a repository, and how to report results from clients.<br />
<h3>
Part 1: Creating the Apps</h3>
The first step in deploying these tools to clients is creating an Application and Deployment Type in Configuration Manager which can be time consuming. If you're thinking about piloting Lenovo System Update and/or Thin Installer in your enterprise, the below script can save time when it comes to performing this task.<br />
<div>
<br /></div>
<div>
What it does:</div>
<div>
<ul>
<li>Downloads the current version of System Update or Thin Installer from Lenovo</li>
<li>Verifies the installer is signed by Lenovo (can't be too careful)</li>
<li>Creates a new Application in ConfigMgr</li>
<ul>
<li>Populates fields such as Localized App Name, Link to the tool landing page, Localized description, Version</li>
</ul>
<li>Creates a Script Installer Deployment Type with Install/Uninstall commands</li>
<ul>
<li>Registry detection method for System Update</li>
<li>File System detection method for Thin Installer</li>
</ul>
<li>Distributes the new app to a Distribution Point</li>
</ul>
<div>
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhLNlHcUc78z8kRBVUZ1PhV24y9YPVEyrmLwd673BaF6uD3H15dCGs-_putbnBKSu9VDZqLLEzYhPb6skVeB7gkipXVklW41U3Gnx2YDfkZx1pwUB7SINnbuMgT0N_bQlzzgc3U5mfhaWE/s1600/Capture.PNG" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="760" data-original-width="1600" height="304" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhLNlHcUc78z8kRBVUZ1PhV24y9YPVEyrmLwd673BaF6uD3H15dCGs-_putbnBKSu9VDZqLLEzYhPb6skVeB7gkipXVklW41U3Gnx2YDfkZx1pwUB7SINnbuMgT0N_bQlzzgc3U5mfhaWE/s640/Capture.PNG" width="640" /></a></div>
<div>
<br /></div>
<div>
Once you have the Application and Deployment defined, simply advertise to a collection of your Lenovo PCs.<br />
<br /></div>
<div>
Here is the script. It can also be downloaded from my <a href="https://github.com/philjorgensen/PowerShell/blob/master/Create-ConfigMgrSU_TIApplication.ps1" target="_blank">GitHub</a>. As new versions of the tools are released, the script will be updated if needed.<br />
<br />
(<b>Note: </b>Designed to be run on the Site Server)</div>
<div>
<br /></div>
<div style="background: rgb(248, 248, 248); border-color: gray; border-image: initial; border-style: solid; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;"><pre style="line-height: 125%; margin: 0px;"><span style="color: #408080; font-style: italic;"><#</span>
<span style="color: #408080; font-style: italic;">DISCLAIMER:</span>
<span style="color: #408080; font-style: italic;">These sample scripts are not supported under any Lenovo standard support</span>
<span style="color: #408080; font-style: italic;">program or service. The sample scripts are provided AS IS without warranty</span>
<span style="color: #408080; font-style: italic;">of any kind. Lenovo further disclaims all implied warranties including,</span>
<span style="color: #408080; font-style: italic;">without limitation, any implied warranties of merchantability or of fitness for</span>
<span style="color: #408080; font-style: italic;">a particular purpose. The entire risk arising out of the use or performance of</span>
<span style="color: #408080; font-style: italic;">the sample scripts and documentation remains with you. In no event shall</span>
<span style="color: #408080; font-style: italic;">Lenovo, its authors, or anyone else involved in the creation, production, or</span>
<span style="color: #408080; font-style: italic;">delivery of the scripts be liable for any damages whatsoever (including,</span>
<span style="color: #408080; font-style: italic;">without limitation, damages for loss of business profits, business interruption,</span>
<span style="color: #408080; font-style: italic;">loss of business information, or other pecuniary loss) arising out of the use</span>
<span style="color: #408080; font-style: italic;">of or inability to use the sample scripts or documentation, even if Lenovo</span>
<span style="color: #408080; font-style: italic;">has been advised of the possibility of such damages.</span>
<span style="color: #408080; font-style: italic;">#></span>
<span style="color: #408080; font-style: italic;"><#</span>
<span style="color: #408080; font-style: italic;"> </span><span style="color: #ba2121; font-style: italic;">.SYNOPSIS</span><span style="color: #408080; font-style: italic;"></span>
<span style="color: #408080; font-style: italic;"> Create a ConfigMgr Application for Lenovo System Update or Thin Installer</span>
<span style="color: #408080; font-style: italic;"> </span><span style="color: #ba2121; font-style: italic;">.DESCRIPTION</span><span style="color: #408080; font-style: italic;"></span>
<span style="color: #408080; font-style: italic;"> Script will download the latest version of System Update or Thin Installer from Lenovo's support site, creates a ConfigMgr Application/Deployment Type, and distributes to a Distribution Point</span>
<span style="color: #408080; font-style: italic;"> </span><span style="color: #ba2121; font-style: italic;">.PARAMETER</span><span style="color: #408080; font-style: italic;"> SystemUpdateSourcePath</span>
<span style="color: #408080; font-style: italic;"> Source location System Update executable will be downloaded to</span>
<span style="color: #408080; font-style: italic;"> </span><span style="color: #ba2121; font-style: italic;">.PARAMETER</span><span style="color: #408080; font-style: italic;"> ThinInstallerSourcePath</span>
<span style="color: #408080; font-style: italic;"> Source location Thin Installer executable will be downloaded to</span>
<span style="color: #408080; font-style: italic;"> </span><span style="color: #ba2121; font-style: italic;">.PARAMETER</span><span style="color: #408080; font-style: italic;"> DistributionPoint</span>
<span style="color: #408080; font-style: italic;"> FQDN Name of a ConfigMgr Distribution Point</span>
<span style="color: #408080; font-style: italic;"> </span><span style="color: #ba2121; font-style: italic;">.NOTES</span><span style="color: #408080; font-style: italic;"></span>
<span style="color: #408080; font-style: italic;"> Run script as Administrator on Site Server</span>
<span style="color: #408080; font-style: italic;"> Turn off Internet Explorer Enhanced Security Control for Administrators prior to running</span>
<span style="color: #408080; font-style: italic;"> </span><span style="color: #ba2121; font-style: italic;">.EXAMPLE</span><span style="color: #408080; font-style: italic;"></span>
<span style="color: #408080; font-style: italic;"> .\Create-ConfigMgrSU_TIApplication.ps1 -SystemUpdateSourcePath "\\Share\Software\Lenovo\SystemUpdate\5.07.88" -DistributionPoint "\\dp.local"</span>
<span style="color: #408080; font-style: italic;"> </span><span style="color: #ba2121; font-style: italic;">.EXAMPLE</span><span style="color: #408080; font-style: italic;"></span>
<span style="color: #408080; font-style: italic;"> .\Create-ConfigMgrSU_TIApplication.ps1 -ThinInstallerSourcePath "\\Share\Software\Lenovo\ThinInstaller\1.3.00018" -DistributionPoint "\\dp.local"</span>
<span style="color: #408080; font-style: italic;">#></span>
[<span style="color: green; font-weight: bold;">CmdletBinding</span>()]
<span style="color: green; font-weight: bold;">param</span>
(
[<span style="color: green; font-weight: bold;">Parameter</span>(<span style="color: green; font-weight: bold;">Mandatory</span>=<span style="color: #19177c;">$false</span>)]
[ValidateNotNull()]
<span style="color: #880000;">[String]</span><span style="color: #19177c;">$SystemUpdateSourcePath</span>,
[<span style="color: green; font-weight: bold;">Parameter</span>(<span style="color: green; font-weight: bold;">Mandatory</span>=<span style="color: #19177c;">$false</span>)]
[ValidateNotNullOrEmpty()]
<span style="color: #880000;">[String]</span><span style="color: #19177c;">$ThinInstallerSourcePath</span>,
[<span style="color: green; font-weight: bold;">Parameter</span>(<span style="color: green; font-weight: bold;">Mandatory</span>=<span style="color: #19177c;">$true</span>, <span style="color: green; font-weight: bold;">HelpMessage</span> = <span style="color: #ba2121;">"Specify FQDN of a Distribution Point"</span>)]
<span style="color: #880000;">[String]</span><span style="color: #19177c;">$DistributionPoint</span> = <span style="color: #ba2121;">'FQDN of Distribution Point'</span>
)
<span style="color: #408080; font-style: italic;"># Parse the TVT Admin Tools web page for the the current versions</span>
<span style="color: #19177c;">$path</span> = <span style="color: #ba2121;">"https://support.lenovo.com/solutions/ht037099"</span>
<span style="color: #19177c;">$ie</span> = <span style="color: green;">New-Object</span> -ComObject InternetExplorer.Application
<span style="color: #19177c;">$ie</span>.visible = <span style="color: #19177c;">$false</span>
<span style="color: #19177c;">$ie</span>.navigate(<span style="color: #19177c;">$path</span>)
<span style="color: green; font-weight: bold;">while</span> (<span style="color: #19177c;">$ie</span>.ReadyState <span style="color: #666666;">-ne</span> 4) { <span style="color: green;">Start-Sleep</span> -Milliseconds 100 }
<span style="color: #19177c;">$document</span> = <span style="color: #19177c;">$ie</span>.document
<span style="color: green; font-weight: bold;">If</span> (<span style="color: #19177c;">$SystemUpdateSourcePath</span>)
{
<span style="color: #19177c;">$suExeURL</span> = <span style="color: #19177c;">$document</span>.links | ? { <span style="color: #19177c;">$_</span>.href.Contains(<span style="color: #ba2121;">"system_update"</span>) <span style="color: #666666;">-and</span> <span style="color: #19177c;">$_</span>.href.EndsWith(<span style="color: #ba2121;">".exe"</span>) } | % { <span style="color: #19177c;">$_</span>.href }
<span style="color: #19177c;">$suExe</span> = <span style="color: #19177c;">$suExeURL</span>.Split(<span style="color: #ba2121;">'/'</span>)[5]
<span style="color: #19177c;">$suExeVer</span> = <span style="color: #19177c;">$suExe</span>.Split(<span style="color: #ba2121;">'_'</span>)[2].TrimEnd(<span style="color: #ba2121;">'.exe'</span>)
<span style="color: #408080; font-style: italic;"># Downloading System Update to source location</span>
<span style="color: green;">Invoke-WebRequest</span> -Uri <span style="color: #19177c;">$suExeURL</span> -OutFile <span style="color: #ba2121;">"$SystemUpdateSourcePath\$suExe"</span>
}
<span style="color: green; font-weight: bold;">If</span> (<span style="color: #19177c;">$ThinInstallerSourcePath</span>)
{
<span style="color: #19177c;">$tiExeURL</span> = <span style="color: #19177c;">$document</span>.links | ? { <span style="color: #19177c;">$_</span>.href.Contains(<span style="color: #ba2121;">"thin_installer"</span>) <span style="color: #666666;">-and</span> <span style="color: #19177c;">$_</span>.href.EndsWith(<span style="color: #ba2121;">".exe"</span>) } | % { <span style="color: #19177c;">$_</span>.href }
<span style="color: #19177c;">$tiExe</span> = <span style="color: #19177c;">$tiExeURL</span>.Split(<span style="color: #ba2121;">'/'</span>)[5]
<span style="color: #408080; font-style: italic;"># Downloading Thin Installer to source location</span>
<span style="color: green;">Invoke-WebRequest</span> -Uri <span style="color: #19177c;">$tiExeURL</span> -OutFile <span style="color: #ba2121;">"$ThinInstallerSourcePath\$tiExe"</span>
<span style="color: #19177c;">$tiExeVerRaw</span> = (<span style="color: green;">Get-ChildItem</span> -Path <span style="color: #ba2121;">"$ThinInstallerSourcePath\$tiExe"</span>).VersionInfo.FileVersionRaw
<span style="color: #19177c;">$tiExeVer</span> = <span style="color: #ba2121;">"</span><span style="color: #bb6688; font-weight: bold;">$(</span><span style="border: 1px solid rgb(255, 0, 0);">$</span><span style="color: #bb6688; font-weight: bold;">tiExeVerRaw.Major)</span><span style="color: #ba2121;">.</span><span style="color: #bb6688; font-weight: bold;">$(</span><span style="border: 1px solid rgb(255, 0, 0);">$</span><span style="color: #bb6688; font-weight: bold;">tiExeVerRaw.Minor)</span><span style="color: #ba2121;">.</span><span style="color: #bb6688; font-weight: bold;">$(</span><span style="border: 1px solid rgb(255, 0, 0);">$</span><span style="color: #bb6688; font-weight: bold;">tiExeVerRaw.Build)</span><span style="color: #ba2121;">"</span>
}
<span style="color: #19177c;">$ie</span>.Quit() > <span style="color: #19177c;">$null</span>
<span style="color: #408080; font-style: italic;"><#</span>
<span style="color: #408080; font-style: italic;">Saving the Thumbprint of the System Update and Thin Installer certificates as a variable</span>
<span style="color: #408080; font-style: italic;">These will eventually change once a new certificate has been issued for each</span>
<span style="color: #408080; font-style: italic;">#></span>
<span style="color: #19177c;">$Thumbprint</span> = <span style="color: #ba2121;">"CC5EE80524D43ACD5A32AB1F3A9D163CEE924443"</span>
<span style="color: #408080; font-style: italic;"># Compare Certificate Thumbprints to verify authenticity. Script errors out if thumbprints do not match.</span>
<span style="color: green; font-weight: bold;">If</span> (<span style="color: #19177c;">$SystemUpdateSourcePath</span>)
{
<span style="color: green; font-weight: bold;">If</span> ((<span style="color: green;">Get-AuthenticodeSignature</span> -FilePath <span style="color: #19177c;">$SystemUpdateSourcePath</span>\<span style="color: #19177c;">$suExe</span>).SignerCertificate.Thumbprint <span style="color: #666666;">-ne</span> <span style="color: #19177c;">$Thumbprint</span>)
{
<span style="color: green;">Write-Error</span> <span style="color: #ba2121;">"Certificate thumbprints do not match. Exiting out"</span> -ErrorAction Stop
}
}
<span style="color: green; font-weight: bold;">If</span> (<span style="color: #19177c;">$ThinInstallerSourcePath</span>)
{
<span style="color: green; font-weight: bold;">If</span> ((<span style="color: green;">Get-AuthenticodeSignature</span> -FilePath <span style="color: #19177c;">$ThinInstallerSourcePath</span>\<span style="color: #19177c;">$tiExe</span>).SignerCertificate.Thumbprint <span style="color: #666666;">-ne</span> <span style="color: #19177c;">$Thumbprint</span>)
{
<span style="color: green;">Write-Error</span> <span style="color: #ba2121;">"Certificate thumbprints do not match. Exiting out"</span> -ErrorAction Stop
}
}
<span style="color: #408080; font-style: italic;"># Import ConfigMgr PS Module</span>
<span style="color: green;">Import-Module</span> <span style="color: #19177c;">$env:SMS_ADMIN_UI_PATH</span>.Replace(<span style="color: #ba2121;">"bin\i386"</span>, <span style="color: #ba2121;">"bin\ConfigurationManager.psd1"</span>) -Force
<span style="color: #408080; font-style: italic;"># Connect to ConfigMgr Site</span>
<span style="color: #19177c;">$SiteCode</span> = $(<span style="color: green;">Get-WmiObject</span> -ComputerName <span style="color: #ba2121;">"$ENV:COMPUTERNAME"</span> -Namespace <span style="color: #ba2121;">"root\SMS"</span> -Class <span style="color: #ba2121;">"SMS_ProviderLocation"</span>).SiteCode
<span style="color: green; font-weight: bold;">If</span> (!(<span style="color: green;">Get-PSDrive</span> <span style="color: #19177c;">$SiteCode</span>)) { }
<span style="color: green;">New-PSDrive</span> -Name <span style="color: #19177c;">$SiteCode</span> -PSProvider <span style="color: #ba2121;">"AdminUI.PS.Provider\CMSite"</span> -Root <span style="color: #ba2121;">"$ENV:COMPUTERNAME"</span> -Description <span style="color: #ba2121;">"Primary Site Server"</span> -ErrorAction SilentlyContinue
<span style="color: green;">Set-Location</span> <span style="color: #ba2121;">"$SiteCode`:"</span>
<span style="color: #408080; font-style: italic;"># Create the System Update App</span>
<span style="color: green; font-weight: bold;">If</span> (<span style="color: #19177c;">$SystemUpdateSourcePath</span>)
{
<span style="color: green; font-weight: bold;">If</span> (!(<span style="color: green;">Get-CMApplication</span> -ApplicationName <span style="color: #ba2121;">"System Update-$suExeVer"</span>)) `
{
<span style="color: #19177c;">$suApp</span> = <span style="color: green;">New-CMApplication</span> -Name <span style="color: #ba2121;">"System Update-$suExeVer"</span> `
-Publisher <span style="color: #ba2121;">"Lenovo"</span> `
-SoftwareVersion <span style="color: #ba2121;">"$suExeVer"</span> `
-LocalizedName <span style="color: #ba2121;">"Lenovo System Update"</span> `
-LocalizedDescription <span style="color: #ba2121;">"System Update enables IT administrators to distribute updates for software, drivers, and BIOS in a managed environment from a local server."</span> `
-LinkText <span style="color: #ba2121;">"https://support.lenovo.com/downloads/ds012808"</span> `
-Verbose
<span style="color: #408080; font-style: italic;"># Create Registry detection clause</span>
<span style="color: #19177c;">$clause1</span> = <span style="color: green;">New-CMDetectionClauseRegistryKeyValue</span> -ExpressionOperator IsEquals `
-Hive LocalMachine `
-KeyName <span style="color: #ba2121;">"SOFTWARE\LENOVO\System Update"</span> `
-PropertyType String `
-ValueName <span style="color: #ba2121;">"Version"</span> `
-Value<span style="border: 1px solid rgb(255, 0, 0);">:</span><span style="color: #19177c;">$true</span> `
-ExpectedValue <span style="color: #ba2121;">"$suExeVer"</span> `
-Verbose
<span style="color: #408080; font-style: italic;"># Add Deployment Type</span>
<span style="color: #19177c;">$suApp</span> | <span style="color: green;">Add-CMScriptDeploymentType</span> -DeploymentTypeName <span style="color: #ba2121;">"System Update-$suExeVer"</span> `
-ContentLocation <span style="color: #19177c;">$SystemUpdateSourcePath</span> `
-InstallCommand <span style="color: #ba2121;">"$suExe /verysilent /norestart"</span> `
-UninstallCommand <span style="color: #ba2121;">"unins000.exe /verysilent /norestart"</span> `
-UninstallWorkingDirectory <span style="color: #ba2121;">"%PROGRAMFILES(X86)%\Lenovo\System Update"</span> `
-AddDetectionClause <span style="color: #19177c;">$clause1</span> `
-InstallationBehaviorType InstallForSystem `
-Verbose
}
}
<span style="color: #408080; font-style: italic;"># Create the Thin Installer App</span>
<span style="color: green; font-weight: bold;">If</span> (<span style="color: #19177c;">$ThinInstallerSourcePath</span>)
{
<span style="color: green; font-weight: bold;">If</span> (!(<span style="color: green;">Get-CMApplication</span> -ApplicationName <span style="color: #ba2121;">"Thin Installer-$tiExeVer"</span>))
{
<span style="color: #19177c;">$tiApp</span> = <span style="color: green;">New-CMApplication</span> -Name <span style="color: #ba2121;">"Thin Installer-$tiExeVer"</span> `
-Publisher <span style="color: #ba2121;">"Lenovo"</span> `
-SoftwareVersion <span style="color: #ba2121;">"$tiExeVer"</span> `
-LocalizedName <span style="color: #ba2121;">"Lenovo Thin Installer"</span> `
-LocalizedDescription <span style="color: #ba2121;">"Thin Installer is a smaller version of System Update."</span> `
-LinkText <span style="color: #ba2121;">"https://support.lenovo.com/solutions/ht037099#ti"</span> `
-Verbose
<span style="color: #408080; font-style: italic;"># Create Registry detection clause</span>
<span style="color: #19177c;">$clause2</span> = <span style="color: green;">New-CMDetectionClauseFile</span> -Path <span style="color: #ba2121;">"%PROGRAMFILES(x86)%\Lenovo\ThinInstaller"</span> `
-FileName <span style="color: #ba2121;">"ThinInstaller.exe"</span> `
-PropertyType Version `
-Value<span style="border: 1px solid rgb(255, 0, 0);">:</span><span style="color: #19177c;">$true</span> `
-ExpressionOperator IsEquals `
-ExpectedValue <span style="color: #19177c;">$tiExeVer</span> `
-Verbose
<span style="color: #408080; font-style: italic;"># Add Deployment Type</span>
<span style="color: #19177c;">$tiApp</span> | <span style="color: green;">Add-CMScriptDeploymentType</span> -DeploymentTypeName <span style="color: #ba2121;">"ThinInstaller-$tiExeVer"</span> `
-ContentLocation <span style="color: #19177c;">$ThinInstallerSourcePath</span> `
-InstallCommand <span style="color: #ba2121;">"$tiExe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART"</span> `
-UninstallCommand <span style="color: #ba2121;">'powershell.exe -Command Remove-Item -Path "${env:ProgramFiles(x86)}\Lenovo\ThinInstaller" -Recurse'</span> `
-AddDetectionClause <span style="color: #19177c;">$clause2</span> `
-InstallationBehaviorType InstallForSystem `
-Verbose
}
}
<span style="color: #408080; font-style: italic;"># Distribute app to Distribution Point</span>
<span style="color: green; font-weight: bold;">If</span> (<span style="color: #19177c;">$SystemUpdateSourcePath</span>)
{
<span style="color: #19177c;">$suApp</span> | <span style="color: green;">Start-CMContentDistribution</span> -DistributionPointName <span style="color: #19177c;">$DistributionPoint</span> -ErrorAction SilentlyContinue -Verbose
}
<span style="color: green; font-weight: bold;">If</span> (<span style="color: #19177c;">$ThinInstallerSourcePath</span>)
{
(<span style="color: #19177c;">$tiApp</span>) | <span style="color: green;">Start-CMContentDistribution</span> -DistributionPointName <span style="color: #19177c;">$DistributionPoint</span> -ErrorAction SilentlyContinue -Verbose
}
<span style="color: green;">Set-Location</span> -Path <span style="color: #19177c;">$env:HOMEDRIVE</span>
</pre></div>
<br />
<br />
</div>
Phil Jorgensenhttp://www.blogger.com/profile/11453108320856076366noreply@blogger.comtag:blogger.com,1999:blog-6670904646973955613.post-33292578076374268172019-11-26T10:57:00.002-05:002022-02-03T10:25:18.286-05:00System Deployment Boot Mode<div><i>This article has been moved to </i><a href="https://docs.lenovocdrt.com/#/bios/sdbm"><i>https://docs.lenovocdrt.com/#/bios/sdbm</i></a></div><div><br /></div>System Deployment Boot Mode (SDB) is a new feature added to the Whiskey Lake generation of ThinkPads. This introduces the ability to programmatically configure key security BIOS settings during your operating system deployments.<br />
<br />
Unlike previous generations, this boot mode will allow you to:<br />
<br />
<ul>
<li><b>Set an initial Supervisor Password</b></li>
<ul>
<li>In the past, a supervisor password had to be set manually or from the factory. Once a supervisor password was set, it could be changed in an automated way leveraging the Lenovo_SetBiosPassword WMI class</li>
</ul>
</ul>
<ul>
<li><b>Disable the TPM Physical Presence for Clear requirement</b></li>
<ul>
<li>No longer requires user interaction if a call to clear the TPM was performed. In other words, no more pressing <b>F9</b>!</li>
</ul>
</ul>
<span style="font-size: large;">Activating System Deployment Boot Mode</span><br />
<ul>
<li>Boot the system and press F12 until the boot menu appears</li>
<li>Press the Delete key. "<b>System Deployment Boot Mode</b>" will appear in the upper right side of the screen. The internal boot device(s) will be removed from the list. This is a security precaution.</li>
</ul>
<div>
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhUMsLbAgQDAi-juXpn1KSigidotdCj_ifHgzFpWeRoYAGkfnkGvO9LG5wvKNEpyVjvBB0AVnj93YoVZUjhESGWOmaKnNhyY02Q3vL6kECNkKauw4DntO6AcEE_nYaxCBe192-f_v_2hJo/s1600/IMG_20191121_115513.jpg" style="margin-left: 1em; margin-right: 1em; text-align: center;"><img border="0" data-original-height="892" data-original-width="1600" height="356" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhUMsLbAgQDAi-juXpn1KSigidotdCj_ifHgzFpWeRoYAGkfnkGvO9LG5wvKNEpyVjvBB0AVnj93YoVZUjhESGWOmaKnNhyY02Q3vL6kECNkKauw4DntO6AcEE_nYaxCBe192-f_v_2hJo/s640/IMG_20191121_115513.jpg" width="640" /></a></div>
<ul>
<li>Select a boot device.</li>
<li>SDB mode is now active.</li>
<li>System will exit SDB mode upon the next reboot.</li>
</ul>
<div>
<br /></div>
<div>
<span style="font-size: large;">WMI in SDB Mode</span></div>
<div>
PXE boot a system to WinPE, F8 to a command prompt, and start PowerShell. Verify there is no supervisor password set on the system by running the following command</div>
<!--HTML generated using hilite.me--><br />
<div style="background: rgb(255, 255, 255); border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;">
<pre style="line-height: 125%; margin: 0px;"><span style="color: #007020;">Get-CimInstance</span> -Namespace root/WMI -ClassName Lenovo_BiosPasswordSettings
</pre>
</div>
<br />
Look at <b>PasswordState </b>and confirm the value is 0<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgCQvSqiaA3Rx_llMUH04HQfGq2K8R5LWN5ox5QInx95xmVHeJ7We6U9Mi-8eKv9sai3pi_yxJlwilntm1d5CefgrBL7iLyG9esTExfKV4mzJEiA7wiQ_ornrMLTixtqVqogmnRtlxr5n4/s1600/IMG_20191121_120127.jpg" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="702" data-original-width="1600" height="280" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgCQvSqiaA3Rx_llMUH04HQfGq2K8R5LWN5ox5QInx95xmVHeJ7We6U9Mi-8eKv9sai3pi_yxJlwilntm1d5CefgrBL7iLyG9esTExfKV4mzJEiA7wiQ_ornrMLTixtqVqogmnRtlxr5n4/s640/IMG_20191121_120127.jpg" width="640" /></a></div>
<br />
<br />
<span style="font-size: large;">Set the Supervisor Password</span><br />
Run the following commands to set an initial Supervisor Password. Replace <b>secretpassword</b> with a Supervisor Password of your choice.<br />
<!--HTML generated using hilite.me--><br />
<div style="background: rgb(255, 255, 255); border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;">
<pre style="line-height: 125%; margin: 0px;"><span style="color: #996633;">$setPw</span> = <span style="color: #007020;">Get-WmiObject</span> -Namespace root/wmi -Class Lenovo_setBiosPassword
<span style="color: #996633;">$setPw</span>.SetBiosPassword(<span style="background-color: #fff0f0;">"pap,secretpassword,secretpassword,ascii,us"</span>)
</pre>
</div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh8f84Lq7UUQ6oMRNLfeUlAlk-noKf4KEGm9sPHkanlZVWmjdaBG_cvTjz2lLiYlrJOSAqgfKamn0k2H71zbdcVUQwjAlEYFZAqkpfdHaVgOggn3Kus_HeARdD1rt_AG35bplTuhDmezTM/s1600/IMG_20191121_120623.jpg" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="736" data-original-width="1600" height="294" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh8f84Lq7UUQ6oMRNLfeUlAlk-noKf4KEGm9sPHkanlZVWmjdaBG_cvTjz2lLiYlrJOSAqgfKamn0k2H71zbdcVUQwjAlEYFZAqkpfdHaVgOggn3Kus_HeARdD1rt_AG35bplTuhDmezTM/s640/IMG_20191121_120623.jpg" width="640" /></a></div>
<br />
<span style="font-size: large;">Check TPM Physical Presence for Clear Status</span><br />
By default, the TPM Physical Presence for Clear setting is always going to be enabled from the factory. You can verify by running these commands<br />
<!--HTML generated using hilite.me--><br />
<div style="background: rgb(255, 255, 255); border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;">
<pre style="line-height: 125%; margin: 0px;"><span style="color: #007020;">Get-CimInstance</span> -Namespace root/WMI -ClassName Lenovo_BiosSetting | <span style="color: #007020;">Where-Object</span> {<span style="color: #996633;">$_</span>.CurrentSetting <span style="color: #333333;">-match</span> <span style="background-color: #fff0f0;">"PhysicalPresence"</span>} | fl
</pre>
</div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj0MUxDDmCFv2Lbh0vraTg8dGMeICz3wU4ys_O2JXihf9XsOY0BTQ6d4WtW90KiHYianUUhaACeTGrd57h2MxZ4rNaW7ipjK3qKLhwuwrw-SZpeFZJc1BEr33l5CHyXqdtc-KBjbeBzq0I/s1600/IMG_20191121_121644.jpg" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="541" data-original-width="1600" height="216" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj0MUxDDmCFv2Lbh0vraTg8dGMeICz3wU4ys_O2JXihf9XsOY0BTQ6d4WtW90KiHYianUUhaACeTGrd57h2MxZ4rNaW7ipjK3qKLhwuwrw-SZpeFZJc1BEr33l5CHyXqdtc-KBjbeBzq0I/s640/IMG_20191121_121644.jpg" width="640" /></a></div>
<br />
<span style="font-size: large;">Disable TPM Physical Presence for Clear</span><br />
To disable Physical Presence, run the following commands<br />
<!--HTML generated using hilite.me--><br />
<div style="background: rgb(255, 255, 255); border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;">
<pre style="line-height: 125%; margin: 0px;"><span style="color: #996633;">$tpmClear</span> = <span style="color: #007020;">Get-WmiObject</span> -Namespace root\wmi -Class Lenovo_SetBiosSetting
<span style="color: #996633;">$tpmClear</span>.SetBiosSetting(<span style="background-color: #fff0f0;">"PhysicalPresenceForTpmClear,Disable"</span>)
</pre>
</div>
<br />
Save the settings using the new Supervisor Password
<br />
<!--HTML generated using hilite.me--><br />
<div style="background: rgb(255, 255, 255); border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;">
<pre style="line-height: 125%; margin: 0px;"><span style="color: #996633;">$saveBios</span> = <span style="color: #007020;">Get-WmiObject</span> -Namespace root\wmi -Class Lenovo_SaveBiosSettings
<span style="color: #996633;">$saveBios</span>.SaveBiosSettings(<span style="background-color: #fff0f0;">"secretpassword,ascii,us"</span>)
</pre>
</div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjOGq23j6NIoutS8wRQwFUCXy8PW6QA7O-I4z0MNnRKSRCcYDkF-ai2wOLrNAkowmnt8mBUGJbyY53RRsBP-jIxB4gczHRN5RBGpLJSb7-uDqlwKiZoG9Cws12qale3b7oRF7votf84hiI/s1600/IMG_20191121_125013.jpg" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="928" data-original-width="1600" height="370" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjOGq23j6NIoutS8wRQwFUCXy8PW6QA7O-I4z0MNnRKSRCcYDkF-ai2wOLrNAkowmnt8mBUGJbyY53RRsBP-jIxB4gczHRN5RBGpLJSb7-uDqlwKiZoG9Cws12qale3b7oRF7votf84hiI/s640/IMG_20191121_125013.jpg" width="640" /></a></div>
<br />
<span style="font-size: large;"><br /></span>
<span style="font-size: large;">Think BIOS Config Tool [TBCT] </span><span style="font-size: medium;">(</span><span style="font-size: medium;">Preparing the files)</span><br />
You can also use the <a href="https://thinkdeploy.blogspot.com/2016/08/the-think-bios-config-tool.html" target="_blank">TBCT version 1.28</a> or higher to apply these changes in your operating system deployment task sequence. On a test system, PXE boot (or USB boot) to WinPE and perform the following:<br />
<br />
<ul>
<li>Navigate to the directory containing the TBCT and launch it to present the GUI.</li>
<li>Scroll through the list of available BIOS settings and make any changes to be applied. In this example, we're going to set the <b>PhysicalPresenceForTpmClear </b>setting to <b>Disable</b> </li>
</ul>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgq2GTfNk6DUFTpE7Axku3Q3z9BpgkQxiSd-B5isHAiZqUs6djO0AEgSyIgZbfF62P5HdxsL-No_d05ZLNORWamDZ0DfhwPbYbgV8jJc8BgYoFKVvTMlsdZI4mvq4QnYeTwcPiFRmJpev8/s1600/IMG_20191122_132105.jpg" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1291" data-original-width="1600" height="516" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgq2GTfNk6DUFTpE7Axku3Q3z9BpgkQxiSd-B5isHAiZqUs6djO0AEgSyIgZbfF62P5HdxsL-No_d05ZLNORWamDZ0DfhwPbYbgV8jJc8BgYoFKVvTMlsdZI4mvq4QnYeTwcPiFRmJpev8/s640/IMG_20191122_132105.jpg" width="640" /></a></div>
<ul>
<li>Scroll back to the top and click the <b>Export Settings </b>button.</li>
<ul>
<li>This will output a text file containing the BIOS setting(s) to be changed.</li>
</ul>
<li>Tick the <b>Supervisor password set on the target machine </b>box</li>
<ul>
<li>Leave the password field blank since there's currently no Supervisor Password set</li>
<li>Enter an encrypting key (or generate one)</li>
</ul>
<li>Tick the <b>Change Supervisor password </b>box</li>
<ul>
<li>Enter a Supervisor Password. (This will be the initial Supervisor Password)</li>
<li>Confirm the same password</li>
</ul>
<li>A prompt will appear to create a password file for System Deploy Mode. This will only be presented if the Supervisor Password field (above the encrypting key field) is blank. Click <b>Yes</b>.</li>
<li>A new password file will be output</li>
</ul>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhp9sDr9HL7ueuYkdB15LqQa90qC1JitFuzWCjUqUHBl7ZLlrFEv4GBW3f6Sxu1Al6owkqaVV1g3ZEZkTMFHcPS-eRSV-8Rmn6hqNLoRsst9uAcsLHXSXBWHj0b6fmAi97qwyMxWM8ggrQ/s1600/IMG_20191122_134022.jpg" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="909" data-original-width="1600" height="362" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhp9sDr9HL7ueuYkdB15LqQa90qC1JitFuzWCjUqUHBl7ZLlrFEv4GBW3f6Sxu1Al6owkqaVV1g3ZEZkTMFHcPS-eRSV-8Rmn6hqNLoRsst9uAcsLHXSXBWHj0b6fmAi97qwyMxWM8ggrQ/s640/IMG_20191122_134022.jpg" width="640" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
<span style="font-size: large;">ThinkBIOS Config Tool </span>(Applying the BIOS Settings)</div>
<div class="separator" style="clear: both; text-align: left;">
To apply the new Supervisor Password and BIOS settings, perform the following</div>
<div class="separator" style="clear: both; text-align: left;">
</div>
<ul>
<li>Navigate to the directory containing the TBCT, password .INI, and config .INI.</li>
<li>Run the first command to set the Supervisor Password</li>
</ul>
<div style="background: rgb(255, 255, 255); border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;">
<pre style="line-height: 125%; margin: 0px;">ThinkBiosConfig.hta "file=yourpassword.ini" "key=yourencryptingkey"
</pre>
</div>
<ul>
<li>The second command will apply the BIOS settings using the new Supervisor Password</li>
</ul>
<!--HTML generated using hilite.me--><br />
<div style="background: rgb(255, 255, 255); border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;">
<pre style="line-height: 125%; margin: 0px;">ThinkBiosConfig.hta "file=config.ini"
</pre>
</div>
<div>
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg7VKQ88SUWxow_P5j2LjHdiYj6WBcw50QyPTSn_LAkj-mlwcZLPBqzsVGePZ-KGD6tT96i_mprTXlZZJ6RgXDJS5R5_vjM7T3p47_BU0cZnZJFvy5XQAnAt597jAbh2mEhWantqa0H3Sk/s1600/IMG_20191122_134234.jpg" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="792" data-original-width="1600" height="316" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg7VKQ88SUWxow_P5j2LjHdiYj6WBcw50QyPTSn_LAkj-mlwcZLPBqzsVGePZ-KGD6tT96i_mprTXlZZJ6RgXDJS5R5_vjM7T3p47_BU0cZnZJFvy5XQAnAt597jAbh2mEhWantqa0H3Sk/s640/IMG_20191122_134234.jpg" width="640" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: left;">
If you open the log you'll see the password change was successful, the config file has been validated using the new Supervisor Password, and the BIOS setting to disable <b>PhysicalPresenceForTpmClear</b> was successfully set.</div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
<span style="font-size: large;">Confirm the Updated BIOS Config</span></div>
Reboot the system and <b>F1 </b>to get to the BIOS. You should be prompted to enter your new Supervisor Password. Navigate to <b>Security > Password</b><br />
<b><br /></b>
The Supervisor Password should now show as Enabled<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiHPE4E6krTmMTNwn_7z7jbSLtlDWws7zOhi13lksmJy2bnaYAvqj7iP8BNfHcjqv0ncPUNBeLKy1wvirivHH9s_ByciVMXWrp3_fcPO-KpsNjI0mZedj3_cU6vULiepZirjHNYTdee22c/s1600/IMG_20191121_123702.jpg" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="947" data-original-width="1600" height="378" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiHPE4E6krTmMTNwn_7z7jbSLtlDWws7zOhi13lksmJy2bnaYAvqj7iP8BNfHcjqv0ncPUNBeLKy1wvirivHH9s_ByciVMXWrp3_fcPO-KpsNjI0mZedj3_cU6vULiepZirjHNYTdee22c/s640/IMG_20191121_123702.jpg" width="640" /></a></div>
<br />
Now navigate to <b>Security > Security Chip </b>and verify the Physical Presence for Clear setting has been toggled to Off.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjj81v7WVClZHhKW91rGeeDGcdQNLbMiOEfDUfOGHG4ALllKyscJuIS_C1ADhR8TDzckvkXHcguAlbzGo8oRzp4r6PlVXsAXl5-0UShTF1tsJzH7XpXDB_1PONhz4m4FZGYtuiMPmQX6fw/s1600/IMG_20191121_125142.jpg" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="927" data-original-width="1600" height="370" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjj81v7WVClZHhKW91rGeeDGcdQNLbMiOEfDUfOGHG4ALllKyscJuIS_C1ADhR8TDzckvkXHcguAlbzGo8oRzp4r6PlVXsAXl5-0UShTF1tsJzH7XpXDB_1PONhz4m4FZGYtuiMPmQX6fw/s640/IMG_20191121_125142.jpg" width="640" /></a></div>
<br /><span style="font-size: large;">Below is a list of systems that do/do not support SDBM</span><div><span style="font-size: large;"><br /></span></div><div><div><table border="1" cellpadding="0" cellspacing="0" class="MsoTableGrid" style="border-collapse: collapse; border: none; mso-border-alt: solid windowtext .5pt; mso-padding-alt: 0in 5.4pt 0in 5.4pt; mso-yfti-tbllook: 1184;">
<tbody><tr>
<td style="border: 1pt solid windowtext; mso-border-alt: solid windowtext .5pt; padding: 0in 5.4pt; width: 118.15pt;" valign="top" width="158">
<p class="MsoNormal" style="line-height: normal; margin-bottom: 0in;">E14/15 (Intel)<o:p></o:p></p>
</td>
<td style="border-left: none; border: 1pt solid windowtext; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; padding: 0in 5.4pt; width: 31.45pt;" valign="top" width="42">
<p class="MsoNormal" style="line-height: normal; margin-bottom: 0in;">No<o:p></o:p></p>
</td>
</tr>
<tr>
<td style="border-top: none; border: 1pt solid windowtext; mso-border-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0in 5.4pt; width: 118.15pt;" valign="top" width="158">
<p class="MsoNormal" style="line-height: normal; margin-bottom: 0in;">E14/15 (AMD)<o:p></o:p></p>
</td>
<td style="border-bottom: 1pt solid windowtext; border-left: none; border-right: 1pt solid windowtext; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0in 5.4pt; width: 31.45pt;" valign="top" width="42">
<p class="MsoNormal" style="line-height: normal; margin-bottom: 0in;">Yes<o:p></o:p></p>
</td>
</tr>
<tr>
<td style="border-top: none; border: 1pt solid windowtext; mso-border-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0in 5.4pt; width: 118.15pt;" valign="top" width="158">
<p class="MsoNormal" style="line-height: normal; margin-bottom: 0in;">E490<o:p></o:p></p>
</td>
<td style="border-bottom: 1pt solid windowtext; border-left: none; border-right: 1pt solid windowtext; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0in 5.4pt; width: 31.45pt;" valign="top" width="42">
<p class="MsoNormal" style="line-height: normal; margin-bottom: 0in;">No<o:p></o:p></p>
</td>
</tr>
<tr>
<td style="border-top: none; border: 1pt solid windowtext; mso-border-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0in 5.4pt; width: 118.15pt;" valign="top" width="158">
<p class="MsoNormal" style="line-height: normal; margin-bottom: 0in;">E495<o:p></o:p></p>
</td>
<td style="border-bottom: 1pt solid windowtext; border-left: none; border-right: 1pt solid windowtext; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0in 5.4pt; width: 31.45pt;" valign="top" width="42">
<p class="MsoNormal" style="line-height: normal; margin-bottom: 0in;">No<o:p></o:p></p>
</td>
</tr>
<tr>
<td style="border-top: none; border: 1pt solid windowtext; mso-border-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0in 5.4pt; width: 118.15pt;" valign="top" width="158">
<p class="MsoNormal" style="line-height: normal; margin-bottom: 0in;">L14/15 (AMD)<o:p></o:p></p>
</td>
<td style="border-bottom: 1pt solid windowtext; border-left: none; border-right: 1pt solid windowtext; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0in 5.4pt; width: 31.45pt;" valign="top" width="42">
<p class="MsoNormal" style="line-height: normal; margin-bottom: 0in;">No<o:p></o:p></p>
</td>
</tr>
<tr>
<td style="border-top: none; border: 1pt solid windowtext; mso-border-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0in 5.4pt; width: 118.15pt;" valign="top" width="158">
<p class="MsoNormal" style="line-height: normal; margin-bottom: 0in;">L14/15 (Intel)<o:p></o:p></p>
</td>
<td style="border-bottom: 1pt solid windowtext; border-left: none; border-right: 1pt solid windowtext; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0in 5.4pt; width: 31.45pt;" valign="top" width="42">
<p class="MsoNormal" style="line-height: normal; margin-bottom: 0in;">Yes<o:p></o:p></p>
</td>
</tr>
<tr>
<td style="border-top: none; border: 1pt solid windowtext; mso-border-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0in 5.4pt; width: 118.15pt;" valign="top" width="158">
<p class="MsoNormal" style="line-height: normal; margin-bottom: 0in;">L490<o:p></o:p></p>
</td>
<td style="border-bottom: 1pt solid windowtext; border-left: none; border-right: 1pt solid windowtext; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0in 5.4pt; width: 31.45pt;" valign="top" width="42">
<p class="MsoNormal" style="line-height: normal; margin-bottom: 0in;">No<o:p></o:p></p>
</td>
</tr>
<tr>
<td style="border-top: none; border: 1pt solid windowtext; mso-border-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0in 5.4pt; width: 118.15pt;" valign="top" width="158">
<p class="MsoNormal" style="line-height: normal; margin-bottom: 0in;">P15/17<o:p></o:p></p>
</td>
<td style="border-bottom: 1pt solid windowtext; border-left: none; border-right: 1pt solid windowtext; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0in 5.4pt; width: 31.45pt;" valign="top" width="42">
<p class="MsoNormal" style="line-height: normal; margin-bottom: 0in;">Yes<o:p></o:p></p>
</td>
</tr>
<tr>
<td style="border-top: none; border: 1pt solid windowtext; mso-border-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0in 5.4pt; width: 118.15pt;" valign="top" width="158">
<p class="MsoNormal" style="line-height: normal; margin-bottom: 0in;">P15v<o:p></o:p></p>
</td>
<td style="border-bottom: 1pt solid windowtext; border-left: none; border-right: 1pt solid windowtext; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0in 5.4pt; width: 31.45pt;" valign="top" width="42">
<p class="MsoNormal" style="line-height: normal; margin-bottom: 0in;">Yes<o:p></o:p></p>
</td>
</tr>
<tr>
<td style="border-top: none; border: 1pt solid windowtext; mso-border-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0in 5.4pt; width: 118.15pt;" valign="top" width="158">
<p class="MsoNormal" style="line-height: normal; margin-bottom: 0in;">T14 (AMD)<o:p></o:p></p>
</td>
<td style="border-bottom: 1pt solid windowtext; border-left: none; border-right: 1pt solid windowtext; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0in 5.4pt; width: 31.45pt;" valign="top" width="42">
<p class="MsoNormal" style="line-height: normal; margin-bottom: 0in;">Yes<o:p></o:p></p>
</td>
</tr>
<tr>
<td style="border-top: none; border: 1pt solid windowtext; mso-border-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0in 5.4pt; width: 118.15pt;" valign="top" width="158">
<p class="MsoNormal" style="line-height: normal; margin-bottom: 0in;">T14/15 (Intel)<o:p></o:p></p>
</td>
<td style="border-bottom: 1pt solid windowtext; border-left: none; border-right: 1pt solid windowtext; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0in 5.4pt; width: 31.45pt;" valign="top" width="42">
<p class="MsoNormal" style="line-height: normal; margin-bottom: 0in;">Yes<o:p></o:p></p>
</td>
</tr>
<tr>
<td style="border-top: none; border: 1pt solid windowtext; mso-border-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0in 5.4pt; width: 118.15pt;" valign="top" width="158">
<p class="MsoNormal" style="line-height: normal; margin-bottom: 0in;">P14s/15s<o:p></o:p></p>
</td>
<td style="border-bottom: 1pt solid windowtext; border-left: none; border-right: 1pt solid windowtext; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0in 5.4pt; width: 31.45pt;" valign="top" width="42">
<p class="MsoNormal" style="line-height: normal; margin-bottom: 0in;">Yes<o:p></o:p></p>
</td>
</tr>
<tr>
<td style="border-top: none; border: 1pt solid windowtext; mso-border-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0in 5.4pt; width: 118.15pt;" valign="top" width="158">
<p class="MsoNormal" style="line-height: normal; margin-bottom: 0in;">T14s/X13<o:p></o:p></p>
</td>
<td style="border-bottom: 1pt solid windowtext; border-left: none; border-right: 1pt solid windowtext; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0in 5.4pt; width: 31.45pt;" valign="top" width="42">
<p class="MsoNormal" style="line-height: normal; margin-bottom: 0in;">Yes<o:p></o:p></p>
</td>
</tr>
<tr>
<td style="border-top: none; border: 1pt solid windowtext; mso-border-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0in 5.4pt; width: 118.15pt;" valign="top" width="158">
<p class="MsoNormal" style="line-height: normal; margin-bottom: 0in;">T15p<o:p></o:p></p>
</td>
<td style="border-bottom: 1pt solid windowtext; border-left: none; border-right: 1pt solid windowtext; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0in 5.4pt; width: 31.45pt;" valign="top" width="42">
<p class="MsoNormal" style="line-height: normal; margin-bottom: 0in;">Yes<o:p></o:p></p>
</td>
</tr>
<tr>
<td style="border-top: none; border: 1pt solid windowtext; mso-border-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0in 5.4pt; width: 118.15pt;" valign="top" width="158">
<p class="MsoNormal" style="line-height: normal; margin-bottom: 0in;">T490 (CML)<o:p></o:p></p>
</td>
<td style="border-bottom: 1pt solid windowtext; border-left: none; border-right: 1pt solid windowtext; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0in 5.4pt; width: 31.45pt;" valign="top" width="42">
<p class="MsoNormal" style="line-height: normal; margin-bottom: 0in;">Yes<o:p></o:p></p>
</td>
</tr>
<tr>
<td style="border-top: none; border: 1pt solid windowtext; mso-border-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0in 5.4pt; width: 118.15pt;" valign="top" width="158">
<p class="MsoNormal" style="line-height: normal; margin-bottom: 0in;">T490/590<o:p></o:p></p>
</td>
<td style="border-bottom: 1pt solid windowtext; border-left: none; border-right: 1pt solid windowtext; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0in 5.4pt; width: 31.45pt;" valign="top" width="42">
<p class="MsoNormal" style="line-height: normal; margin-bottom: 0in;">Yes<o:p></o:p></p>
</td>
</tr>
<tr>
<td style="border-top: none; border: 1pt solid windowtext; mso-border-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0in 5.4pt; width: 118.15pt;" valign="top" width="158">
<p class="MsoNormal" style="line-height: normal; margin-bottom: 0in;">P43s/53s<o:p></o:p></p>
</td>
<td style="border-bottom: 1pt solid windowtext; border-left: none; border-right: 1pt solid windowtext; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0in 5.4pt; width: 31.45pt;" valign="top" width="42">
<p class="MsoNormal" style="line-height: normal; margin-bottom: 0in;">Yes<o:p></o:p></p>
</td>
</tr>
<tr>
<td style="border-top: none; border: 1pt solid windowtext; mso-border-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0in 5.4pt; width: 118.15pt;" valign="top" width="158">
<p class="MsoNormal" style="line-height: normal; margin-bottom: 0in;">T495<o:p></o:p></p>
</td>
<td style="border-bottom: 1pt solid windowtext; border-left: none; border-right: 1pt solid windowtext; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0in 5.4pt; width: 31.45pt;" valign="top" width="42">
<p class="MsoNormal" style="line-height: normal; margin-bottom: 0in;">No<o:p></o:p></p>
</td>
</tr>
<tr>
<td style="border-top: none; border: 1pt solid windowtext; mso-border-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0in 5.4pt; width: 118.15pt;" valign="top" width="158">
<p class="MsoNormal" style="line-height: normal; margin-bottom: 0in;">X1 Carbon 8/X1 Yoga 5<o:p></o:p></p>
</td>
<td style="border-bottom: 1pt solid windowtext; border-left: none; border-right: 1pt solid windowtext; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0in 5.4pt; width: 31.45pt;" valign="top" width="42">
<p class="MsoNormal" style="line-height: normal; margin-bottom: 0in;">Yes<o:p></o:p></p>
</td>
</tr>
<tr>
<td style="border-top: none; border: 1pt solid windowtext; mso-border-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0in 5.4pt; width: 118.15pt;" valign="top" width="158">
<p class="MsoNormal" style="line-height: normal; margin-bottom: 0in;">X13 NEC<o:p></o:p></p>
</td>
<td style="border-bottom: 1pt solid windowtext; border-left: none; border-right: 1pt solid windowtext; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0in 5.4pt; width: 31.45pt;" valign="top" width="42">
<p class="MsoNormal" style="line-height: normal; margin-bottom: 0in;">Yes<o:p></o:p></p>
</td>
</tr>
<tr>
<td style="border-top: none; border: 1pt solid windowtext; mso-border-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0in 5.4pt; width: 118.15pt;" valign="top" width="158">
<p class="MsoNormal" style="line-height: normal; margin-bottom: 0in;">X13/T14s (AMD)<o:p></o:p></p>
</td>
<td style="border-bottom: 1pt solid windowtext; border-left: none; border-right: 1pt solid windowtext; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0in 5.4pt; width: 31.45pt;" valign="top" width="42">
<p class="MsoNormal" style="line-height: normal; margin-bottom: 0in;">Yes<o:p></o:p></p>
</td>
</tr>
<tr>
<td style="border-top: none; border: 1pt solid windowtext; mso-border-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0in 5.4pt; width: 118.15pt;" valign="top" width="158">
<p class="MsoNormal" style="line-height: normal; margin-bottom: 0in;">X390 (CML)<o:p></o:p></p>
</td>
<td style="border-bottom: 1pt solid windowtext; border-left: none; border-right: 1pt solid windowtext; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0in 5.4pt; width: 31.45pt;" valign="top" width="42">
<p class="MsoNormal" style="line-height: normal; margin-bottom: 0in;">Yes<o:p></o:p></p>
</td>
</tr>
<tr>
<td style="border-top: none; border: 1pt solid windowtext; mso-border-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0in 5.4pt; width: 118.15pt;" valign="top" width="158">
<p class="MsoNormal" style="line-height: normal; margin-bottom: 0in;">X390 NEC<o:p></o:p></p>
</td>
<td style="border-bottom: 1pt solid windowtext; border-left: none; border-right: 1pt solid windowtext; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0in 5.4pt; width: 31.45pt;" valign="top" width="42">
<p class="MsoNormal" style="line-height: normal; margin-bottom: 0in;">Yes<o:p></o:p></p>
</td>
</tr>
<tr>
<td style="border-top: none; border: 1pt solid windowtext; mso-border-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0in 5.4pt; width: 118.15pt;" valign="top" width="158">
<p class="MsoNormal" style="line-height: normal; margin-bottom: 0in;">X390 (WHL)<o:p></o:p></p>
</td>
<td style="border-bottom: 1pt solid windowtext; border-left: none; border-right: 1pt solid windowtext; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0in 5.4pt; width: 31.45pt;" valign="top" width="42">
<p class="MsoNormal" style="line-height: normal; margin-bottom: 0in;">Yes<o:p></o:p></p>
</td>
</tr>
<tr>
<td style="border-top: none; border: 1pt solid windowtext; mso-border-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0in 5.4pt; width: 118.15pt;" valign="top" width="158">
<p class="MsoNormal" style="line-height: normal; margin-bottom: 0in;">X395/T495s<o:p></o:p></p>
</td>
<td style="border-bottom: 1pt solid windowtext; border-left: none; border-right: 1pt solid windowtext; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0in 5.4pt; width: 31.45pt;" valign="top" width="42">
<p class="MsoNormal" style="line-height: normal; margin-bottom: 0in;">No<o:p></o:p></p>
</td>
</tr>
</tbody></table></div><div><br /></div><div><span style="font-size: large;">Final Notes</span><br />
If you're configuring other BIOS settings via WMI on top of what's described above, you should be able to do so in the same WinPE session. There should be no need to set an initial Supervisor Password, reboot, activate SDB mode again, PXE boot back to WinPE and configure other settings.<br />
<br />
<br /></div></div>Phil Jorgensenhttp://www.blogger.com/profile/11453108320856076366noreply@blogger.comtag:blogger.com,1999:blog-6670904646973955613.post-55797166071753130802019-10-29T18:04:00.065-04:002022-03-23T13:47:42.263-04:00Deploying Commercial Vantage with ConfigMgr<div><i>This article has been moved to </i><a href="https://blog.lenovocdrt.com/#/2021/cv_configmgr_deploy">https://blog.lenovocdrt.com/#/2021/cv_configmgr_deploy</a></div><div><i><br /></i></div><div><i>Updated: 12/2021</i></div><div><br /></div>Previously, Lenovo provided two separate apps (Lenovo Settings and
Lenovo Companion) that allowed the user to change hardware settings, run
diagnostic scans, and check for software and driver updates. As of
December 2017, all of the features in those two apps (discontinued) were merged into a single app - <a href="https://support.lenovo.com/solutions/hf003321">Commercial Vantage</a> -<br />
<br />
This post will walk through deploying Commercial Vantage as a ConfigMgr application.<br />
<br />
All required components, as well as the Group Policy Admin Template, and sample registry files are included in the zip available for download on the Vantage landing page.<br />
<br />
<span style="font-size: small;">-----</span><br />
<br />
<span style="font-size: large;"><u><b>Create the App</b></u></span><br /><span style="font-size: small;">Download/extract the contents from the zip<b> </b>to a source location.</span><br />
<br />
<span style="font-size: small;">In the console, navigate to <b>Software Library > Application Management > Applications</b>. Click Create Application and set the following:</span><br />
<ul style="text-align: left;">
<li><span style="font-size: small;"><b>General: </b>Manually specify the application information</span><span style="font-size: small;"> </span></li>
<ul>
<li><span style="font-size: small;">General Information: Enter <b>Commercial Vantage</b> for the name and any other information you want to fill out.</span><span style="font-size: small;"> </span></li>
<li><span style="font-size: small;">Software Center: Fill out what should be displayed to the end user when they view this app in Software Center. </span><span style="font-size: small;"> </span></li>
</ul>
<li><span style="font-size: small;"><b>Deployment Types</b>: Add a<b> Script Installer </b>deployment type</span></li>
<ul>
<li><span style="font-size: small;">General Information: Enter a name<b> </b>for the deployment type. </span></li>
<li><span style="font-size: small;">Content: Point the content location to the<b> </b>directory where the Vantage source files reside.</span></li>
<ul>
<li><span style="font-size: small;">Installation Program: <b>setup-commercial-vantage.bat</b></span></li><li>Uninstall Program: <b>powershell.exe -ExecutionPolicy Bypass -File .\uninstall_vantage_v8\uninstall_all.ps1</b></li>
</ul>
<li><span style="font-size: small;">Detection Method: Select <b>Configure rules to detect the presence of this deployment type</b>. Click <b>Add Clause...</b></span></li>
<ul>
<li><span style="font-size: small;">Setting Type: <b>File System</b></span></li>
<li><span style="font-size: small;">Type:<b> Folder</b></span></li>
<li><span style="font-size: small;">Path:<b> </b><b>ProgramFiles\Lenovo</b> </span></li>
<li><span style="font-size: small;">File or folder name: <b>VantageService </b>(Note: This directory is what's created once the System Interface Foundation driver has been installed)</span></li><li><span style="font-size: small;">Tick the box <b>This file or folder is associated with a 32-bit application on 64-bit systems.</b></span></li>
<li><span style="font-size: small;">Ensure the radio button <b>The file system setting must exist on the target system to indicate presence of this application </b>is selected.</span></li><li>Add a second <b>File System </b>clause to check the presence of the .appx package</li><li>Type: <b>Folder</b></li><li>Path: <b>ProgramFiles\WindowsApps</b></li><li>File or folder name: <b>E046963F.LenovoSettingsforEnterprise_10.2110.11.0_x64__k1h2ywk1493x8</b></li><li><span style="font-size: small;">Tick the box <b>This file or folder is associated with a 32-bit application on 64-bit systems.</b></span></li>
</ul>
<li><span style="font-size: small;">User Experience: </span></li>
<ul>
<li><span style="font-size: small;">Installation Behavior: <b>Install for system</b></span></li>
<li><span style="font-size: small;">Logon requirement: <b>Whether or not a user is logged on</b></span></li>
<li><span style="font-size: small;">Installation program visibility: <b>Hidden </b> </span></li></ul></ul></ul><ul>
</ul>
<span style="font-size: small;"><br /></span><span style="font-size: small;"><span style="font-size: large;"><b><u>Distribute Content</u></b></span></span><br />
<span style="font-size: small;">Select the <b>Commercial Vantage </b>application and click <b>Distribute Content</b> from the ribbon bar. Both apps should be shown in the <b>Content to distribute </b>list. Click next and add the Distribution Points or Distribution Point Group to send the content to.</span><br />
<span style="font-size: small;"><br /></span>
<span style="font-size: small;"><u><span style="font-size: large;"><b>Deploy the Apps</b></span></u></span><br />
<span style="font-size: small;">Create a Device Collection to deploy the <b>Commercial Vantage</b> app. If you have a mixed environment of computer vendors, it's suggested to create a collection targeting only Lenovo Think branded products.</span><br />
<span style="font-size: small;"><br /></span>
<br />
<span style="font-size: small;"><i>Helpful Links: </i></span><br /><span style="font-size: small;"><i>Commercial Vantage KB - <a href="https://forums.lenovo.com/t5/Lenovo-Vantage-Knowledge-Base/tkb-p/lvtkb_en" target="_blank">https://forums.lenovo.com/t5/Lenovo-Vantage-Knowledge-Base/tkb-p/lvtkb_en </a></i></span><br />
<span style="font-size: small;"><i><br /></i></span>
<span style="font-size: small;"><i>Vantage vs System Update - <a href="https://thinkdeploy.blogspot.com/2018/11/lenovo-vantage-vs-system-update.html">https://thinkdeploy.blogspot.com/2018/11/lenovo-vantage-vs-system-update.html</a></i></span><br />
<span style="font-size: small;"><i><br /></i></span>
<span style="font-size: small;"><i><br /></i></span>
<span style="font-size: small;"> </span><b><span style="font-size: small;"> </span></b>Phil Jorgensenhttp://www.blogger.com/profile/11453108320856076366noreply@blogger.comtag:blogger.com,1999:blog-6670904646973955613.post-1241977425069338832019-10-29T18:04:00.005-04:002020-05-28T14:16:51.627-04:00Automatic device encryption not working on new ThinkPadsThis post will walk through how to resolve automatic device encryption issues on Whiskey Lake generation ('90 series) ThinkPads, caused by un-allowed DMA capable bus/device(s).<br />
<br />
On an affected system, open System Information (as admin) and find the Device Encryption Support item. The value should match what's shown below.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiOeIbGUdbg4XUAvKoeeGP8NCq8kjZtsH412LTirLAXwzEuTNheBf6v_pRqm0-EoRe987aBhm8kYPatvI8yF6KTH62y3zqfeSTygYBDGc6mWFYRkuGh7OW3-itc-W7TG7QFEKLQOKlH90Y/s1600/UnallowedDMA.jpg" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="280" data-original-width="1264" height="141" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiOeIbGUdbg4XUAvKoeeGP8NCq8kjZtsH412LTirLAXwzEuTNheBf6v_pRqm0-EoRe987aBhm8kYPatvI8yF6KTH62y3zqfeSTygYBDGc6mWFYRkuGh7OW3-itc-W7TG7QFEKLQOKlH90Y/s640/UnallowedDMA.jpg" width="640" /></a></div>
<br />
This status, as noted in this <a href="https://docs.microsoft.com/en-us/windows-hardware/design/device-experiences/oem-bitlocker#un-allowed-dma-capable-busdevices-detected" target="_blank">MS doc</a>, "<b>means Windows detected at least one potential external DMA capable bus or device that may expose a DMA threat.</b>"<br />
<br />
The doc will also walk you through how to add the affected component to the whitelist. The hard part is tracking down the component(s) to add. In the Whiskey Lake generation, fortunately only 1 component needs to be added.<br />
<br />
The following sample script can be used to accomplish this:<br />
<br />
<div style="background: rgb(39, 40, 34); border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;">
<pre style="line-height: 125%; margin: 0px;"><span style="color: #f8f8f2;">$regPath</span> <span style="color: #f8f8f2;">=</span> <span style="color: #e6db74;">"SYSTEM\CurrentControlSet\Control\DmaSecurity\AllowedBuses"</span>
<span style="color: #f8f8f2;">$keys</span> <span style="color: #f8f8f2;">=</span> <span style="background-color: #1e0010; color: #960050;">@</span><span style="color: #f8f8f2;">{</span>
<span style="color: #e6db74;">'PCI Express Upstream Switch Port'</span> <span style="color: #f8f8f2;">=</span> <span style="color: #e6db74;">'PCI\VEN_8086&DEV_15C0'</span>
<span style="color: #f8f8f2;">}</span>
<span style="color: #66d9ef;">if</span> <span style="color: #f8f8f2;">(!(Get-PSDrive</span> <span style="color: #f8f8f2;">HKLM</span> <span style="color: #f8f8f2;">-ErrorAction</span> <span style="color: #f8f8f2;">SilentlyContinue))</span> <span style="color: #f8f8f2;">{</span>
<span style="color: #f8f8f2;">New-PSDrive</span> <span style="color: #f8f8f2;">-Name</span> <span style="color: #f8f8f2;">HKLM</span> <span style="color: #f8f8f2;">-PSProvider</span> <span style="color: #f8f8f2;">Registry</span> <span style="color: #f8f8f2;">-Root</span> <span style="color: #f8f8f2;">Registry</span><span style="background-color: #1e0010; color: #960050;">::</span><span style="color: #f8f8f2;">HKEY_LOCAL_MACHINE|</span> <span style="color: #f8f8f2;">Out-Null</span>
<span style="color: #f8f8f2;">}</span>
<span style="color: #66d9ef;">foreach</span> <span style="color: #f8f8f2;">($key</span> <span style="color: #66d9ef;">in</span> <span style="color: #f8f8f2;">$keys.GetEnumerator())</span> <span style="color: #f8f8f2;">{</span>
<span style="color: #f8f8f2;">New-ItemProperty</span> <span style="color: #f8f8f2;">-Path</span> <span style="color: #f8f8f2;">HKLM</span><span style="background-color: #1e0010; color: #960050;">:</span><span style="color: #f8f8f2;">$regPath</span> <span style="color: #f8f8f2;">-Name</span> <span style="color: #f8f8f2;">$key.Key</span> <span style="color: #f8f8f2;">-Value</span> <span style="color: #f8f8f2;">$key.Value</span> <span style="color: #f8f8f2;">-PropertyType</span> <span style="color: #f8f8f2;">String</span> <span style="color: #f8f8f2;">-Force</span> <span style="color: #f8f8f2;">|</span> <span style="color: #f8f8f2;">Out-Null</span>
<span style="color: #f8f8f2;">}</span>
</pre>
</div>
<br />
This will need to be run in the SYSTEM context. Upon execution, you can check in the registry to confirm the component has been added.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiesrET5JXqLrvwGRBs-rquaO51xx0hLJTe3hyphenhyphenwZCV4Nlan3Nib4j7xxchoQrlvGIcQn7ECamnORAQzrOT1DYSedyT480xRcToFjEUGEom3kNwhQPHmt2f_EX6v0JGpmHAe8neKLyJVvHc/s1600/RegKey.jpg" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="238" data-original-width="1009" height="150" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiesrET5JXqLrvwGRBs-rquaO51xx0hLJTe3hyphenhyphenwZCV4Nlan3Nib4j7xxchoQrlvGIcQn7ECamnORAQzrOT1DYSedyT480xRcToFjEUGEom3kNwhQPHmt2f_EX6v0JGpmHAe8neKLyJVvHc/s640/RegKey.jpg" width="640" /></a></div>
<br />
<br />
Now, if you refresh System Information, the value should change to <b>Meets Prerequisites</b><br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhiHOh4zlCSWR3PbGRHSDuWjvxgqbbzcmk2agWj07YgoaTBYVP1Ofg9lBc98qpx-snCBOlbKOm50adL4BItBON3Oh2fZcC2KIxOBL9hZZWEw_zZV6dScEhkRE09pyAv1UfnT8EL7M81-IE/s1600/MeetsPrereqs.jpg" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="273" data-original-width="629" height="276" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhiHOh4zlCSWR3PbGRHSDuWjvxgqbbzcmk2agWj07YgoaTBYVP1Ofg9lBc98qpx-snCBOlbKOm50adL4BItBON3Oh2fZcC2KIxOBL9hZZWEw_zZV6dScEhkRE09pyAv1UfnT8EL7M81-IE/s640/MeetsPrereqs.jpg" width="640" /></a></div>
<br />
<b> </b>Once the system restarts, device encryption should automatically trigger as long as the signed in user is connected to a Microsoft account or Azure Active Directory account.<div><br /></div><div><b>UPDATE 5/28/20</b></div><div>A customer asked how to get this working on X1 Extreme 2nd Gen. Here's the registry values needed:</div><div><br /></div><div><div style="color: #d4d4d4; font-family: consolas, "courier new", monospace; line-height: 18px; white-space: pre;"><div><div style="background-color: #1e1e1e; color: #d4d4d4; font-family: Consolas, "Courier New", monospace; font-size: 13px; line-height: 18px;"><div> <span style="color: #ce9178;">'PCI Express Upstream Switch Port'</span> = <span style="color: #ce9178;">'PCI\VEN_8086&DEV_15C0'</span></div><div> <span style="color: #ce9178;">'C240 Series Chipset Family LPC Controller (CM246) - A30E'</span> = <span style="color: #ce9178;">'PCI\VEN_8086&DEV_A30E'</span></div><div> <span style="color: #ce9178;">'PCI Express DownStream Switch Port (Thunderbolt)'</span> = <span style="color: #ce9178;">'PCI\VEN_8086&DEV_15EA'</span></div><div> <span style="color: #ce9178;">'Intel PCI Express Root Port #1 - A338'</span> = <span style="color: #ce9178;">'PCI\VEN_8086&DEV_A338'</span></div><div> <span style="color: #ce9178;">'Intel PCI Express Root Port #9 - A330'</span> = <span style="color: #ce9178;">'PCI\VEN_8086&DEV_A330'</span></div><div> <span style="color: #ce9178;">'Intel PCI Express Root Port #15 - A336'</span> = <span style="color: #ce9178;">'PCI\VEN_8086&DEV_A336'</span></div><div> <span style="color: #ce9178;">'Intel PCI Express Root Port #17 - A340'</span> = <span style="color: #ce9178;">'PCI\VEN_8086&DEV_A340'</span></div><div> <span style="color: #ce9178;">'Intel PCI Express Root Port #21 - A32C'</span> = <span style="color: #ce9178;">'PCI\VEN_8086&DEV_A32C'</span></div></div></div></div></div><div><br /></div><div><br /></div><div><br /></div><div><br /></div><div><br />
<br />
<br /></div>Phil Jorgensenhttp://www.blogger.com/profile/11453108320856076366noreply@blogger.comtag:blogger.com,1999:blog-6670904646973955613.post-29044257148411301402019-07-03T13:43:00.000-04:002019-07-03T13:43:26.096-04:00Lenovo Updates Catalog V2 for SCCM<h3>
New Catalog Format</h3>
The <b>Third-Party Software Update Catalogs</b> node was a new addition for System Center Configuration Manager version 1806. This introduced a new version of the well known "SCUP" catalog format that we refer to as "V2".<br />
<br />
A V2 catalog contains individual update XML files for improved performance as well as the public portion of the signing certificates used to sign the updates in the catalog for increased security. Lenovo offers a V2 version of our Lenovo Updates Catalog and, as of version 1902 of SCCM, it is presented as a partner catalog in the SCCM console making it easier to subscribe. Prior to 1902 the catalog could be added manually using the following URL:<br />
<br />
<div style="text-align: center;">
https://download.lenovo.com/luc/v2/LenovoUpdatesCatalog2v2.cab</div>
<div style="text-align: center;">
<br /></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj5qvMrNlQmOKWevw_uJ4AUM7tdoE7VSyGs-4dpgMVS2jJrrydiBEIxoXZU_UfoCQxFFSCT2OBDZ9AcBXE19c9_6ZicfQhqj4AN_eReTPDomGtyjESZKpziHg9KvyqgYZO3RBBia838hyphenhyphen7P/s1600/sccm1902LenovoUpdates.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="799" data-original-width="1500" height="339" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj5qvMrNlQmOKWevw_uJ4AUM7tdoE7VSyGs-4dpgMVS2jJrrydiBEIxoXZU_UfoCQxFFSCT2OBDZ9AcBXE19c9_6ZicfQhqj4AN_eReTPDomGtyjESZKpziHg9KvyqgYZO3RBBia838hyphenhyphen7P/s640/sccm1902LenovoUpdates.png" width="640" /></a></div>
<div style="text-align: center;">
<b><i>Lenovo Updates in SCCM 1902 </i></b></div>
<div style="text-align: left;">
<b><i><br />
</i></b></div>
<div style="text-align: left;">
<b><i><br />
</i></b></div>
<h3 style="text-align: left;">
Deploy the Lenovo Updates Catalog Agent First!</h3>
As part of the initial configuration steps, you will want to make sure you have the Lenovo Updates Products selected to be synchronized in your Software Update Point configuration. This is configured by opening the Administration blade in the console and selecting the site server under Site Configuration -> Sites. Click Configure Site Components in the ribbon bar and select Software Update Point. Go to the Products tab and make sure Lenovo Updates and LUCAgent are both selected.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgfUyr56W-o9mXL27O-_jLyXBdjdaZ1bu3ixhFozEWDNfe8a-cdGcjwCW0MRI34Uj6SD6q2tnGd9_aWgnaKMWqKxgM8ptuy0wop4v0BjrZuREqRYKiLw86MTi6UkTV0UrU8FIsA_XyXU0zk/s1600/syncProduct-LenovoUpdates.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1255" data-original-width="1234" height="400" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgfUyr56W-o9mXL27O-_jLyXBdjdaZ1bu3ixhFozEWDNfe8a-cdGcjwCW0MRI34Uj6SD6q2tnGd9_aWgnaKMWqKxgM8ptuy0wop4v0BjrZuREqRYKiLw86MTi6UkTV0UrU8FIsA_XyXU0zk/s400/syncProduct-LenovoUpdates.png" width="391" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<b><i>Select Lenovo Products to sync</i></b></div>
<br />
<div>
One of the updates you will find in the Lenovo Updates Catalog is the LUC Agent and this should be deployed before any other Lenovo updates. This is a simple WMI Provider that enables the queries used to identify applicable driver updates. Without the LUC Agent updates may not appear to be applicable on clients that need the update. The LUC Agent does not consume much in the way of resources nor does it affect client performance since it is only active during a scan cycle. The recommended approach would be to have a collection of Lenovo models in your environment and deploy this update to them all.</div>
<div>
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjbPmtNrUI_VnbG3gN-DVzDUqMDwBVpQMeGcbZiVk6Vw6coM9hl3rY_trhAt48RISYpLMuCBhJvvz4U8XKoBORWvlH4n5JKr_46GVrwMKVFa6X9PtmTr94rg6LGP0rMjihOKV1eT4_ga1xk/s1600/luc.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="152" data-original-width="737" height="65" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjbPmtNrUI_VnbG3gN-DVzDUqMDwBVpQMeGcbZiVk6Vw6coM9hl3rY_trhAt48RISYpLMuCBhJvvz4U8XKoBORWvlH4n5JKr_46GVrwMKVFa6X9PtmTr94rg6LGP0rMjihOKV1eT4_ga1xk/s320/luc.png" width="320" /></a></div>
<div style="text-align: center;">
<b><i>LUC Agent v1005 supersedes v1003.1</i></b></div>
<br />
<br />
<h3>
Comparison with Lenovo Patch for SCCM</h3>
<div>
Lenovo offers a very similar solution for managing updates using WSUS and SCCM called <a href="https://www.lenovo.com/lenovopatch" target="_blank">Lenovo Patch</a> which is available for an annual subscription per device managed. This is a plug-in to the SCCM console and uses the exact same content as the Lenovo Updates Catalog V2. The additional features you get with Lenovo Patch are:</div>
<div>
<ul>
<li>Includes an extensive catalog of additional third-party applications so you can leverage the same process to keep more of your software footprint up to date and secure</li>
<li>Provides enhanced capabilities to filter (Smart Filters) and search the extremely large amount of content so it is easier to focus on the updates you care about</li>
<li>Provides enhanced capabilities perform more automation around publishing updates, such as publishing on a schedule based on a Smart Filter and publishing directly to a Software Update Group</li>
</ul>
</div>
<h3>
Future of Third-Party Software Updates</h3>
<div>
Some have noticed that there is something new in the current Technical Preview of the System Center Updates Publisher (SCUP) application: Categories. SCUP can be used to create your own catalog of updates and it allows us to see the direction third-party catalogs are heading. The Categories feature allows for updates to be organized in the catalog under two levels of categories. We are currently studying how we might take advantage of this feature to organize a future version of the Lenovo Updates Catalog (perhaps referred to as "V3"). Keep an eye on this space.</div>
<h3>
Resources</h3>
<div>
You can learn more about how to enable and publish third-party updates here:</div>
<div>
<a href="https://docs.microsoft.com/en-us/sccm/sum/deploy-use/third-party-software-updates" target="_blank">https://docs.microsoft.com/en-us/sccm/sum/deploy-use/third-party-software-updates</a></div>
<div>
<br /></div>
<div>
Here is a very in-depth video covering the setup and use of third-party updates in SCCM:</div>
<div>
<a href="https://www.youtube.com/watch?v=ai8rLCLtuTI" target="_blank">https://www.youtube.com/watch?v=ai8rLCLtuTI</a></div>
Unknownnoreply@blogger.com