The solution
There is a lot of sources to download and install drivers from. Ex. the hardware vendor, Microsoft Update and the PC vender. I dont know witch one that is best, but this solution is using drivers provided by Lenovo.
Based on that, I have decided that I use Lenovo ThinInstaller to keep the drivers and Bios up-to-date in my environment. Hopefully this will give the best and most secure performace on a Lenovo device.
In this solution, you are able to schedule a scan via remediation, start it manually in the Company Portal or run the remediation manually on a device in Intune. It is not the prettiest way in the Company Portal, as the “install” comes back as failed even thougth the scan ran as success. Then you can click “Reinstall” to trigger the scan again. It is like that, bacause I want to be able to trigger it again and again. You can’t do that if it “install” as success. I currently looking for at better solution, but this is how it is for now.
Run remediation on a specific device example:
You need two or three applications if you want to be able to just show what updates that is applicable, “Lenovo ThinInstaller x.x.x.x Installer”, “Lenovo Driver Updates – Manual Install Updates”, Lenovo Driver Updates – Manual List Updates” (Can be optional) and one remediation.
Lenovo ThinInstaller – Installer:
I made the version like this: The first tree numbers is the PSADT version (4.1.7.1) and the last number is the internal release. So in this case, internal release number 2 (4.1.7.1).
The installere application cotains a PSAppDeployToolkit with ThinInstaller files, install.cmd and uninstall.cmd.
Dialog boxes:
Balloon dialog box when ThinInstaller is running. This can be changed in the script.
When a reboot is requered. The countdown can be changed in the script.
Installation path:
%programdata%/ThinInstaller
Log files:
“C:\Programdata\Lenovo\ThinInstaller\Files\ThinInstaller\Logs\ti-auto-repo.log” – Show log of downloaded installations files to repo.
”C:\Programdata\Thininstaller\Files\Thininstaller\logs\%COMPUTERNAVN%Installation” – Show drivers that is installed.
”C:\Windows\Logs\Software\Lenovo_DriverInstallation_%VERSION%_EN_01_PSAppDeployToolkit_Install.log” – Show the result of the app that starts Lenovo driver update automatic.
”C:\Windows\Logs\Software\Lenovo_DriverInstallation_%VERSION%_EN_01_PSAppDeployToolkit_Repair.log” – Show the result of the app that starts Lenovo driver update manually.
Files need: (Click to download)
- Lenovo ThinInstaller 4.1.7.1 Installer.intunewin (Ready for Intune)
- OR
- Lenovo ThinInstaller 4.1.7.1 Installer.zip (You can see the code, but you need to create a win32 file for Intune)
- ThinInstaller-Detection.ps1 (For detection)
- ThinInstaller-Remediation-List.ps1 (For remediation – List)
- ThinInstaller-Remediation-AutoInstall.ps1 (For remediation – Auto Install)
Deployment Group
First you need to create a dynamic group that automatically add Lenovo device into the group. Later we will use this group to deploy the solution.
| Login to Intune | |
| Click Groups |  |
| Click New group |  |
| Enter a Group name Select Dynamic Device |  |
| Click Edit |  |
| Paste the following query: (device.deviceManufacturer -eq “Lenovo”) You might need to adjust it to your needs. Click OK |  |
| Click Save |  |
| Click Create |  |
Intune application (Lenovo ThinInstaller 4.1.7.1 Installer)
This is the application the install the solution to %programdata%/ThinInstaller
| Login to Intune if you are not logged in. | |
| Click Apps |  |
| Click Windows |  |
| Click Create |  |
| Choose Windows app (Win32) Click Select |  |
| Click Select app package file |  |
| Choose your intunewin file Click OK |  |
| App information Enter a Name Enter a Description Enter a Publisher Enter a Version Enter Developer Choose a logo Click Next |  |
| Program Install command: install.cmd Uninstall command: uninstall.cmd Change “Installation time required (mins)” to 10 Allow avaliable uninstall: No Device restart behavior: No specific action Click Next |  |
| Requirements Choose a Windows Version Click Next |  |
| Detection rules Choose Manually configured detection rules Click Add |  |
| Detection rules Rule type: File Path: %programdata%/ThinInstaller File or folder: 4.1.7.1.txt Detection methode: File or folder exits Click OK |  |
| Detection rules Click Next |  |
| Dependencies Click Next |  |
| Supersedence Click Next |  |
| Assignments Click Add group |  |
| Assignments Search for pc_ Choose PC_Devices_Lenovo Click Select |  |
| Assignments Click Next |  |
| Review + Create Click Create |  |
Intune Application (Lenovo Driver Updates – Manual Check)
This application will be avaliable in the company portal to trigger the driver check/install manually.
| Login to Intune if you are not logged in. | |
| Click Apps |  |
| Click Windows |  |
| Click Create |  |
| Select Windows app (Win32) Click Select |  |
| Click Select app package file |  |
| Create a “Dummy” .intune file. It could be a cmd with no content. It dosent matter as we are not going to use the intune file. Select the intune file Click OK |  |
| App information Enter name Enter Description Enter Publisher Enter Version Click Next |  |
| Program Install command: To list updates %SystemRoot%\System32\WindowsPowerShell\v1.0\PowerShell.exe -ExecutionPolicy Bypass -NoProfile -File %programdata%\ThinInstaller\Invoke-ServiceUI.ps1 -DeploymentType Repair To install updates %SystemRoot%\System32\WindowsPowerShell\v1.0\PowerShell.exe -ExecutionPolicy Bypass -NoProfile -File %programdata%\ThinInstaller\Invoke-ServiceUI.ps1 -DeploymentType Install Uninstall command: none Remove all return code except 0 Click Next |  |
| Requirements Choose a Windows Version Click Next |  |
| Detection rules Choose Manually configured detection rules Click Add |  |
| Detection rules Create a detection rulle that fails. In this example the folder dosen’t exsists. Click OK |  |
| Detection rules Click Next |  |
| Dependencies Click Add |  |
| Detection rules Search for thin Select Lenovo ThinInstaller 4.1.7.1 Installer Click Select |  |
| Dependencies Click Next |  |
| Supersedence Click Next |  |
| Assignments Click Add group |  |
| Assignments Serach for pc_ Select PC_Devices_Lenovo Click Select |  |
| Assignments Click Next |  |
| Review + create Click Create |  |
Remediation – Start Manuel installation
To be able to run the driver installation on a schedule, we need to create a remediation.
| Login to Intune if you are not logged in. | |
| Click Devices |  |
| Click Scripts and remediations Click Create |  |
| Basics Enter Name Enter Description Enter Publisher Click Next |  |
| Settings Detection script file: Browse for the ps file that you have downloaded Remediation script file: Browse for the ps file that you have downloaded Run script in 64-bit PowerShell: Yes Click Next |  |
| Scope tags Click Next |  |
| Assignments Click Select group to include |  |
| Assignments Search for pc_ Select PC_Devices_Lenovo Click Select |  |
| Assignments Click Daily |  |
| Assignments Choose how often to run the drive check. Click Apply |  |
| Assignments Click Next |  |
| Review + create Click Create |  |
Remediation – List applicable updates
To be able to list applicable updates on a remote computer, we need to create a remediation.
| Login to Intune if you are not logged in. | |
| Click Devices | |
| Click Scripts and remediations Click Create | |
| Basics Enter Name Enter Description Enter Publisher Click Next |  |
| Settings Detection script file: Browse for the ps file that you have downloaded Remediation script file: Browse for the ps file that you have downloaded Run script in 64-bit PowerShell: Yes Click Next |  |
| Scope tags Click Next | |
| Assignments Click Select group to include | |
| Assignments Search for pc_ Select PC_Devices_Lenovo Click Select | |
| Assignments Click Daily | |
| Assignments Frequency: Once Run on: 2030 Click Apply |  |
| Assignments Click Next |  |
| Review + create Click Create |  |
That’s it. Your Lenovo devices will now check, every week, if there is any new updates and install them automatically.
