7.5 C
New York
Saturday, January 13, 2024

Half 2 Configuring and Deploying the Apps


Half 1 of the System Replace Suite and MEM information, we stroll by way of creating an Software for System Replace and Skinny Installer.

This put up will information you thru a method of configuring the completely different settings for System Replace and Skinny Installer utilizing Configuration Gadgets and Baselines.

STEP 1
We’ll begin out by making a CI to detect if the present model of System Replace is put in on shoppers.

Launch the Create Configuration Merchandise wizard, set a reputation, and tick the field This configuration merchandise accommodates utility settings



Tick the Detect a particular utility and deployment kind radio button and choose the present model of System Replace from the appliance listing

Click on Subsequent by way of the wizard to finish the creation of the CI.

Begin the Create Configuration Baseline wizard, specify a reputation, and add the newly created CI

Deploy the Baseline to a Gadget Assortment.  Ideally, the gathering ought to comprise Suppose branded gadgets solely.  Proper click on on the deployment, Create New Assortment, select Non-compliant

On a shopper the place System Replace is just not put in, open the ConfigMgr applet, click on on the Configurations, choose the Baseline and click on Consider.  The Compliance State ought to return Non-compliant, which can be famous within the report:

As soon as a full replace on the Non-compliant Gadget Assortment runs, the shopper can be populated right here.
To make sure System Replace is put in on this shopper, deploy the System Replace Software as a required Software.  Trying on the Deployment Standing, I see a rely of two programs that do not have the present model of System Replace put in

Again on the shopper, for those who open the ConfigMgr applet, set off a Machine Coverage Retrieval & Eval Cycle and App Deployment Eval Cycle, System Replace can be pushed down.  You may then test the standing of the Baseline and confirm the Compliance State ought to now present as Compliant

This technique will now drop out of the Non-compliant Gadget Assortment as soon as the scheduled membership eval hits.

STEP 2
Now that System Replace is put in, there is a handful of settings I need to configure.  To do that, I will create one other Configuration Merchandise.  On the Specify settings for this working system display screen, add the next setting/compliance guidelines:

____________________
Normal
Identify: Set AdminCommandLine
Setting Sort: Registry worth
Information Sort: String
Hive Identify: HKLM
Key Identify: SOFTWAREPoliciesLenovoSystem UpdateUserSettingsGeneral
Worth Identify: AdminCommandLine

Compliance Guidelines
Identify: Set AdminCommandLine
Description: This directs System Replace to a particular repository
The setting should adjust to the next rule:
Set AdminCommandLine Equals /CM -search A -action INSTALL -repository dp01.cdrt.comUR-CLOUDREPO -includerebootpackages 1,3,5 -noicon -noreboot -nolicense -exporttowmi
Remediate noncompliant guidelines when supported
____________________

____________________
Normal
Identify: Set AskBeforeClosing
Setting Sort: Registry worth
Information Sort: String
Hive Identify: HKLM
Key Identify: SOFTWAREPoliciesLenovoSystem UpdateUserSettingsGeneral
Worth Identify: AskBeforeClosing

Compliance Guidelines
Identify: Set AskBeforeClosing
Description: Removes the immediate to shut System Replace
The setting should adjust to the next rule:
Set AskBeforeClosing Equals NO
Remediate noncompliant guidelines when supported
____________________

____________________
Normal
Identify: Set DebugEnable
Setting Sort: Registry worth
Information Sort: String
Hive Identify: HKLM
Key Identify: SOFTWAREPoliciesLenovoSystem UpdateUserSettingsGeneral
Worth Identify: DebugEnable

Compliance Guidelines
Identify: Set DebugEnable
Description: Lets you log course of outcomes to the file named ApplicabilityRulesTrace.txt. 
The setting should adjust to the next rule:
Set AskBeforeClosing Equals YES
Remediate noncompliant guidelines when supported
____________________

____________________
Normal
Identify: Set DisplayLicenseNotice
Setting Sort: Registry worth
Information Sort: String
Hive Identify: HKLM
Key Identify: SOFTWAREPoliciesLenovoSystem UpdateUserSettingsGeneral
Worth Identify: DisplayLicenseNotice

Compliance Guidelines
Identify: Set DisplayLicenseNotice
Description: Lets you skip the license settlement that can be displayed earlier than the replace packages decide listing is populated. 
The setting should adjust to the next rule:
Set DisplayLicenseNotice Equals NO
Remediate noncompliant guidelines when supported
____________________

____________________
Normal
Identify: Set MetricsEnabled
Setting Sort: Registry worth
Information Sort: String
Hive Identify: HKLM
Key Identify: SOFTWAREPoliciesLenovoSystem UpdateUserSettingsGeneral
Worth Identify: MetricsEnabled

Compliance Guidelines
Identify: Set MetricsEnabled
Description: Disables metrics assortment
The setting should adjust to the next rule:
Set MetricsEnabled Equals NO
Remediate noncompliant guidelines when supported
____________________

____________________
Normal
Identify: Set SchedulerAbility
Setting Sort: Registry worth
Information Sort: String
Hive Identify: HKLM
Key Identify: SOFTWAREPoliciesLenovoSystem UpdatePreferencesUserSettingsScheduler
Worth Identify: SchedulerAbility

Compliance Guidelines
Identify: Set SchedulerAbility
The setting should adjust to the next rule:
Set SchedulerAbility Equals NO
Remediate noncompliant guidelines when supported
____________________

____________________
Normal
Identify: Set SchedulerLock
Setting Sort: Registry worth
Information Sort: String
Hive Identify: HKLM
Key Identify: SOFTWAREPoliciesLenovoSystem UpdatePreferencesUserSettingsScheduler
Worth Identify: SchedulerLock

Compliance Guidelines
Identify: Set SchedulerLock
Description: Hides the schedule updates possibility to finish person
The setting should adjust to the next rule:
Set SchedulerLock Equals HIDE
Remediate noncompliant guidelines when supported
____________________

Yet another configuration to make on the shopper is to disable System Replace’s default scheduled process to test for updates.  Since I need to management this conduct, a Discovery and Remediation script can be used.  Add one final setting to the CI:

Normal
Identify: Create Scheduled Activity
Description: Checks if customized scheduled process is current.  If not, create it and disable System Replace’s default scheduled process.
Setting Sort: Script
Information kind: String
Discovery script: 

$cloudrepocheck = Get-ScheduledTask | The place-Object {$_.TaskName -match "CloudRepository"}
if (!($cloudrepocheck)) {
Write-Output "Non-compliant"
} else {
Write-Output "Compliant"
}

Remediation script:

# Create the scheduled process for System Replace to hook up with Lenovo's servers to put in whitelisted updates
$su = Be a part of-Path ([System.Environment]::GetFolderPath(ProgramFilesX86)) "LenovoSystem Updatetvsu.exe"
$taskAction = New-ScheduledTaskAction Execute $su -Argument '/CM'
$taskTrigger = New-ScheduledTaskTrigger -Weekly -DaysOfWeek Monday -At 9am
$taskUserPrincipal = New-ScheduledTaskPrincipal -UserId 'SYSTEM'
$taskSettings = New-ScheduledTaskSettingsSet -Compatibility Win8
$process = New-ScheduledTask -Motion $taskAction -Principal $taskUserPrincipal -Set off $taskTrigger -Settings $taskSettings
Register-ScheduledTask -TaskName 'TVSU-CloudRepository' -InputObject $process -Drive

# Disable the default System Replace scheduled duties
Get-ScheduledTask -TaskPath "TVT" | Disable-ScheduledTask

Compliance Guidelines
Identify: Create Scheduled Activity
The setting should adjust to the next rule:
The worth entered by the required script: Equals Compliant
Run the required remediation script when this setting is noncompliant

In any case Setting Varieties have been added to the CI, the Settings and Compliance Guidelines tabs ought to appear like this:

Create a brand new Baseline, enter a reputation, click on Add and choose Configuration Gadgets from the drop down.  Select the brand new CI from the listing.

STEP 3
Now we’re prepared for deployment.  Select Deploy from the ribbon bar and select a Gadget Assortment.  Tick the bins to Remediate noncompliant guidelines when assist and Permit remediation exterior the upkeep window and set the schedule


Confirm the standing of the Baseline on a shopper to find out compliance.  As soon as in a compliant state, now you can see within the Registry that the keys configured within the CI have been set.

Activity Scheduler additionally has the brand new customized process

Relying on the relevant updates primarily based on which reboot kind packages had been specified to put in within the command line, System Replace might immediate the person to point out which updates can be put in.

Additional Studying


Managing System Replace With Intune – https://thinkdeploy.blogspot.com/2019/07/manage-lenovo-system-update-with-intune.html



Supply hyperlink

Related Articles

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest Articles