This is a follow up post continuing from the Modern BIOS Management post in June ( which focused on Dell hardware.

Following the post we had numerous requests to apply the same logic for other manufacturers. So here is the first of which, the update being for Lenovo systems:

As my current environment is virtually all Dell, I had to reach out to come members of the ConfigMgr community to perform tests of modified scripts so I would like to thank Zeng Yinghua (aka Sandy – @sandy_tsang), Eugeny Korneev (@eugeny_korneev) and Lauri Kurvinen (@etsmii) for putting in long hours of testing on their Lenovo devices.

Note that I am not going to step through the entire process in this post, so please refer to the original post for set up instructions.

How Does It Work

The same process used in the original post linked at the top of this post is used, the process uses a web service and WMI queries in PowerShell to match available packages. To cater for Lenovo systems we have updated our BIOS Package Detection script so if you are already using this, please update the script.

BIOS Package Detection Script (At least version 1.0.4):

In order to cater for Lenovo systems we have created an update script which looks at the content of the downloaded package and determines the update method to apply. This was required as Lenovo have two different methods using either their WinUPTP or FlashCMD utilities. The script also takes into account whether the process is to be run in WinPE as this process is only supported by the 64 bit version of the WinUPTP utility.

BIOS Update Script (Lenovo):

Update In Action

In the below screenshot you can see the process of matching an available download to the model currently running the task sequence:

In this next screenshot you can see an output of the bios update log:

Lenovo Model Matching

Having had a lot of feedback recently from community members with Lenovo based client deployments it became clear that matching Lenovo models based on the Get-WmiObject -Class Win32_ComputerSystemProduct | Select-Object -ExpandProperty Version method was somewhat hit and miss for some Lenovo models.

To help cater for this the script has been updated to work in conjunction with an update for the Download Automation Tool (version 4.0.9) which now writes all product types associated with a model name into the package comments in ConfigMgr.

Below is an example of a BIOS package for a Lenovo ThinkPad T460

As you can see there are 10 distinct product type values which should provide a match for this package, so during the Invoke-CMDownloadBIOSPackage.ps1 stage we obtain a full list of packages which contain a match based on the first four digits of the Get-WmiObject -Class Win32_ComputerSystem | Select-Object -ExpandProperty Model value, which should coincide with the model types.

If multiple packages are found, we then try to match on the name of the package against the product name (obtained from Get-WmiObject -Class Win32_ComputerSystemProduct | Select-Object -ExpandProperty Version value). The reason for this is clear if we take the example of the ThinkPad T460 and the T460S, both similar but separately named models so you would imagine that the machines would distinct in their model type codes, however this is not the case;

T460 Model Types – 20FN 20FM 20FN 20FM 20FX 20FW 20FX 20FW 20FA 20F9

T460S Model Types – 20FA 20F9

You might ask then if that is the case then surely a single package would work for both, and where as you might be correct we found that the T460s BIOS download in this instance contained a subtle difference in the sub version relating to the embedded controller was different. In the case of the T460, the download included 09 of the embedded controller software, where as the T460S contained version 11.

Version Checking

Version checking for Lenovo models has also been overhauled as the value obtained from Get-WmiObject -Class Win32_BIOS | Select-Object -ExpandProperty SMBIOSBIOSVersion does not always fall into a sequence that can be easily compared. So for Lenovo hardware we are now comparing the BIOS release date, which again works in conjunction with details contained within the package contents.

Once a match has been found, the script sets a TS environment variable called “NewBIOSAvailable” with a value of “True“. This then enables you to filter your Download BIOS Package and Run BIOS Update Script actions based on a query to see if the value is equal to True. This saves you attempting to flash the bios with the same version during your task sequence.

Things To Note:

In order for the BIOS to apply the system will require a shutdown. For this purpose Lenovo recommend either using a command-line shutdown or setting the SMSTSPostAction variable set to use the “SMSTSPostAction” variable and the value set to “shutdown /s /t 0 /f”. More info at –

Nicke Källén also has a blog post with an alternative method for getting past the shutdown requirement –

BIOS Packages – Note that due to changes in the way in which the packages are named and the comments included, you will need to remove and replace your existing Lenovo BIOS packages created with this tool.


If you have any feedback on this please ping me an email at

Nickolaj Andersen
Principal Consultant and Enterprise Mobility MVP. Nickolaj has been in the IT industry for the past 10 years specializing in Enterprise Mobility and Security, Windows deployments and Automation. In 2015 Nickolaj was awarded as PowerShell Hero by the community for his script and tools contributions. Author of ConfigMgr Prerequisites Tool, ConfigMgr OSD FrontEnd, ConfigMgr WebService and a frequent speaker at user groups.
Maurice Daly
Maurice has been working in the IT industry since 1999 and was awarded his first MVP Enterprise Mobility award in 2017. Technology focus includes Active Directory, Group Policy, Hyper-V, Windows Deployment (SCCM & MDT) and Office 365.


There are no comments.

Leave a Reply