Welcome to our peer-to-peer forums, where owners help owners. Need help now? Visit eSupport here.

English Community

Software and Operating SystemEnterprise Client Management
All Forum Topics
Options

31 Posts

09-05-2018

United States of America

36 Signins

246 Page Views

  • Posts: 31
  • Registered: ‎09-05-2018
  • Location: United States of America
  • Views: 246
  • Message 1 of 7

Any Plans to Add More GPO Options for Commercial Vantage?

2021-06-08, 19:52 PM

We are starting initial research for deploying Commercial Vantage via domain GPO's. We are not Intune managed or co-managed with MECM yet. We are only MECM managed at the moment. We are testing co-management with Intune and MECM.

 

After importing Commercial Vantage ADMX files, we are wondering if there are plans to add more GPO's for possibly monthly updates versus weekly. We would ultimately like to deploy BIOS/driver updates on a patch Tuesday schedule along with Microsoft updates. The GPO options for Commercial Vantage seem a little lacking for controlling when updates can be scheduled and also user interaction. We may just not see them as this is our first time testing Commercial Vantage.

 

By the way, we've tested Lenovo LUC in MECM and had quite a few issues with it wanting to install drivers that were older than currently installed versions or install the same driver versions already installed. We gave up on it.

 

I've perused the CDRT team website for additional information and best practices in setting up Commercial Vantage via GPO's, but didn't find any. My apologies if I missed duplicate questions in previous posts on the Enterprise Client Management forum.

 

Thanks in advance for any help.

Reply
Options

6926 Posts

10-29-2009

United States of America

17808 Signins

166030 Page Views

  • Posts: 6926
  • Registered: ‎10-29-2009
  • Location: United States of America
  • Views: 166030
  • Message 2 of 7

Re:Any Plans to Add More GPO Options for Commercial Vantage?

2021-06-09, 14:26 PM

I'm not aware of any plan like this, but I'll forward this request to the Commercial Vantage product owner.  I understand that you would like the capability to schedule BIOS/FW updates on "patch Tuesday" (e.g. 2nd Tuesday or each month).

Reply
Options

6926 Posts

10-29-2009

United States of America

17808 Signins

166030 Page Views

  • Posts: 6926
  • Registered: ‎10-29-2009
  • Location: United States of America
  • Views: 166030
  • Message 3 of 7

Re:Any Plans to Add More GPO Options for Commercial Vantage?

2021-06-09, 14:57 PM

Just to clarify, we already have the capability to set what kinds of updates are installed, using the "Configure System Update" policy setting.  You're looking for the capability to set a monthly (instead of weekly) schedule.  Is that right?  Are there other policies that you think are missing?

Reply
Options

31 Posts

09-05-2018

United States of America

36 Signins

246 Page Views

  • Posts: 31
  • Registered: ‎09-05-2018
  • Location: United States of America
  • Views: 246
  • Message 4 of 7

Re:Any Plans to Add More GPO Options for Commercial Vantage?

2021-06-10, 13:19 PM

That's correct. A monthly patch cycle would be beneficial for our team. We think weekly is a little too much to manage as far as testing with alpha and beta teams first before we release the driver updates to mass production. That's how we do it for MS security and cumulative updates via MECM. We have alpha and beta groups that test patch Tuesday week and then we generally roll them out the next Friday minus any issues with the patches.

 

I will discuss with my coworker anything else we may see that would be beneficial. 

 

Thank you very much for your quick reply!

Reply
Options

31 Posts

09-05-2018

United States of America

36 Signins

246 Page Views

  • Posts: 31
  • Registered: ‎09-05-2018
  • Location: United States of America
  • Views: 246
  • Message 5 of 7

Re:Any Plans to Add More GPO Options for Commercial Vantage?

2021-06-10, 19:56 PM

We are also gathering information as far as how to schedule reboots after driver updates via GPO method. I'm not sure if it's possible similar how MECM can notify users that their machine will reboot after 10 hours and then if they have not rebooted it will perform a mandatory reboot to perform the updates.

 

Another question is how the BIOS updates are handled with a set BIOS supervisor password and/or Bitlocker. I don't believe current Lenovo models have an issue with a a BIOS supervisor password, but our older HP models did require the suspension of the BIOS password to perform the update. Manual BIOS updates do not seem to have an issue with Bitlocker as well.

 

Thanks again for your assistance.

Reply
Options

6926 Posts

10-29-2009

United States of America

17808 Signins

166030 Page Views

  • Posts: 6926
  • Registered: ‎10-29-2009
  • Location: United States of America
  • Views: 166030
  • Message 6 of 7

Re:Any Plans to Add More GPO Options for Commercial Vantage?

2021-06-10, 21:22 PM

We don't currently have that kind of reboot control but it is something we have talked about for a future release.

 

If you have a BIOS supervisor password, you don't need the password in order to update the BIOS, unless you set "Flash BIOS Updating by End-Users" to "Disabled" (this option is in BIOS Setup -> Security -> UEFI BIOS Update Option.  This is disabled by default from the factory, so the only way it would be enabled is if you set it that way.  If it has been enabled, then you will need to enter the supervisor password as part of the BIOS update process.

 

As for BitLocker, it will be automatically suspended for 1 reboot whenever you do BIOS or Firmware Updates using the Lenovo tools (such as Vantage).

Reply
Options

31 Posts

09-05-2018

United States of America

36 Signins

246 Page Views

  • Posts: 31
  • Registered: ‎09-05-2018
  • Location: United States of America
  • Views: 246
  • Message 7 of 7

Re:Any Plans to Add More GPO Options for Commercial Vantage?

2021-06-11, 18:05 PM

Thanks for the info. I checked a test machine and it's definitely set to allow for BIOS updates even with a supervisor password. Not a setting we've touched before so we're good there. Thanks again for all the info.

Reply
Forum Home

Community Guidelines

Please review our Guidelines before posting.

Learn More

Check out current deals!

Go Shop
X

Save

X

Delete

X

No, I don’t want to share ideas Yes, I agree to these terms