Using System Update

Using System Update

This feature allows Org Admins, IT Admins and MSP Admins to centrally manage Windows BIOS, drivers and firmware updates on any Lenovo Windows device. Updates are checked in two scenarios:
  1. When new devices are claimed and licensed.
  2. On-demand from the System Update page by clicking on the Check for updates link. 
Key Features
  1. Remote Deployment: Available updates can be deployed remotely at any time to one or more devices, as well as to groups of devices.
  2. User Control: End users can accept or deny updates requiring a reboot based on the deferral configuration set in LDM.
  3. Tracking: All System Update installations are tracked through the System Update Status Report.
Notes
This feature requires either a Pro or a Premium license and a special add-in service on the device to check for updates from the Lenovo repository. Most Lenovo devices are automatically preloaded with this service but if it was removed or your custom preload does not include it, LDM can automatically install it during provisioning. To enable automatic validation for the service, go to Policy Management/Organization Settings/Features/System Update Preferences

Troubleshooting

To enable System Update to seamlessly push BIOS updates to devices without requiring a Supervisor Password, the following BIOS settings are required on the device. These settings are pre-configured by default in the correct state for remote updates. However, if these values have not been manually modified on the target device, they will need to be adjusted back to the following:

MODEL            BIOS SETTING
ThinkPad          Flash BIOS Updating by End-Users = Enable
ThinkCentre     Require SVP when Flashing = No
ThinkStation    Require Admin. Pass. when Flashing = No

Using System Update

Navigate to App Management > System Update. 

Schedule all Available Updates button

The Schedule all Available Updates button is located at the top-left corner of the page. Clicking this button allows you to schedule all available updates for all devices at once.

To Deploy or Schedule All Available Updates
Click the Schedule All Available Updates button. A pop-up window appears, offering two options: Deploy Now and Schedule Deployment. Choose an option and follow the steps below:
  1. Deploy Now
    1. Select this option to deploy the updates immediately.
    2. Click Next.
      1. A notification window will appear, displaying a list of updates affected by the operation.
      2. Detailed information for each update is presented as it appears on the System Update page.
      3. Expanding the accordions reveals the list of devices to which each update will be applied.
    3. Click Submit. This operation will take some minutes.
  2. Schedule Deployment
    1. Select a specific Date and Time for deploying the update. 
      1. Note: If devices are in different time zones, ensure the selected date and time is in the future for all devices. For example, if you have a device in India and another in Brazil, the India time zone is ahead of Brazil by several hours. To accommodate this, you must select a date and time that is several hours ahead of Brazil's local time, as this will be the earliest allowable time for deployment across all devices.
      2. However, to prevent users from being blocked by a long-running operation, a minimum limit of 24 hours ahead has been set to ensure compatibility across all time zones
    2. Click Next
      1. An information window appears showing the selected date and time, and information about the updates programmed to be deployed.
    3. Click Submit.
Notes
The Schedule All Available Updates will remain disabled for 5 minutes to avoid overlapping operations.
Check for updates button
The Check for updates button is located at the top-right corner of the page. Clicking this button triggers a scan for all Pro and Premium licensed devices in the organization.
Once the scan starts, each device searches for updates and sends any newly found updates to LDM. This process typically takes a few minutes.
Notes
If the option Automatically Scan only for New Updates under Policy Management > LDM Organization Settings > Feature is enabled, the Check for updates link will be disabled for 30 minutes immediately after the last automatic scan is initiated.

Updates Tab


  1. Each update listed in the following subtabs has a small downward arrow to its left. Click the arrow to expand the accordion and view the corresponding list of devices
  2. Click the Eye icon to access detailed information about the update.
  3. For updates categorized as Critical or Recommended, a downloadable ReadMe file is available with additional details.
  4. You can further refine the displayed list of updates by filtering based on Severity, Update Type, or Reboot Status.

Not Tested Subtab

This tab displays a list of updates filtered by their Test State. Each time you access this page, it defaults to showing updates marked as Not Tested. Newly received updates are automatically assigned the Not Tested status, indicating they have not yet been validated. 
You can choose to deploy the update immediately or test it beforehand. For details on deploying an update, refer to Deploying or Scheduling Updates below.

To test an update: 
  1. Click the downward arrow to expand the accordion
  2. Select the device(s) you want to include in the test. 
  3. Click Test.
  4. A pop-up window appears with the options Test Now or Schedule Test.
    1. Test Now. Starts the test immediately on the selected device(s).
    2. Schedule Test. Schedules the test to start at a specified date and time. 
      1. Select a date and a time.
      2. Click Next. A confirmation window will appear, displaying details about the scheduled update and the associated devices. 
      3. Click Submit.
When the scheduled time is reached, the test will start in the selected device, the update will be moved to the Testing subtab, its state will change to Running Test, and the selected device(s) will be marked as In Test.

Testing Subtab

This tab displays updates in the following states: Running Test, Scheduled for Testing or Test Completed. 
To track the installation status of an update during validation, click the downward arrow next to the update. The Tested Devices button displays the installation status of this update across all devices selected for testing.
Once the installation process is complete and the test is finished, LDM updates the test state to Test Completed and sends a notification email to the user. The user can then choose one of the following actions:
  1. Allow to Deploy: Selecting this option enables the update to be deployed to all types of devices. The update is removed from this tab and  moved to the Allow to Deploy subtab.
  2. Block the Update: Selecting this option removes the update from this tab and moves it to the Blocked subtab. Blocked updates cannot be deployed to any device.
Other actions you can perform:
  1. Add devices / Remove devices: Modify the list of devices involved in the test. You can add and remove devices; however, there is one restriction: if there is only one device scheduled for the test you cannot delete it. 
  2. Edit Schedule: Change the date and time for the scheduled test.
  3. Cancel Schedule: Cancel a scheduled test. The update will be returned to the Not Tested subtab.
Note: While the package is being tested, LDM will prevent other users from deploying this package on other devices that where not selected to be part of this test.

Allowed to Deploy subtab

This subtab displays packages that were validated by the Org Admin and are secure to be deployed on all types of devices.
To deploy an update, click the accordion, click the Update button and follow the steps explained below on section Deploying or Scheduling Updates.
If for any reason you wish to block the update, click the accordion to expand it, select the Block Update button and click Yes, block. The package will be moved to the Blocked subtab and will not be able to be deployed to any device.
It is also possible to Retest the package. For instructions, refer to section Non Tested tab, step 4.

Blocked Subtab

This subtab displays displays the packages that were blocked by the users. These updates cannot be deployed an any device. 
  1. Unblock Update: You can unblock updates by selecting the checkboxes of the updates you want to unblock.
All subtab
This tabs displays all packages in all possible Test states.

Updates by Devices Tab 

Displays all available system updates for each device. To deploy a system update:
  1. Expand the device accordion to view all packages available for that specific device.
  2. Select the checkboxes next to the system updates you want to deploy.
  3. Click Update. Repeat this process for other devices, if applicable.
  4. A pop-up window will appear with the options Deploy Now and Schedule Deployment.
  5. Choose one of these options and follow the steps explained below on section Deploying or Scheduling Updates.
Notes
The information window includes details specific to each update: Update Name, Update Type, Severity, and Reboot Type. All columns are sortable.

Updates by Groups Tab 

Displays all available system updates for each device group. To deploy a system update:
  1. Select a device group to view all available system updates for that group.
  2. Expand the system update accordion to view the list of devices associated with that update in the selected group.
  3. Select the checkboxes next to the devices you want to update.
  4. Click Update to begin the installation.
  5. A pop-up window will appear with the options Deploy Now and Schedule Deployment, and follow the steps explained below on section Deploying or Scheduling Updates.
Notes
  1. Only devices within a group that require the update will be listed.
  2. If a device is not shown in the list, be sure it is assigned a Pro or a Premium license.

Scheduled Updates Tab

This page displays all created schedules, which can be filtered, deleted, and edited. 

Filtering updates
Updates can be filtered by:  
  1. Severity
  2. Update Type 
  3. Reboot Status
Deleting a Schedule
To permanently remove a specific schedule:
  1. Select the checkbox next to the schedule you want to delete.
  2. Click Delete.
  3. Click Confirm Delete.
A confirmation message will appear, and the page will reload.

Editing Schedules
To edit a scheduled system update:
  1. Select the checkbox next to the system update(s) you want to edit.
  2. Click Edit.
  3. A pop-up window will appear, where you can modify the schedule for the selected update(s). If the update includes multiple devices in different time zones, the new schedule will follow the same rules as those applied when creating a new schedule: the system ensures that the deployment time is scheduled in the future for all devices.
  4. Click Edit.

Deploying or Scheduling Updates

To deploy a system update, you may choose to deploy it immediately or schedule it for a later time. In either case, follow these steps:
  1. Select a system update.
  2. Select a device.
  3. Click Update
A pop-up window appears with the options Deploy Now and Schedule Deployment. Select one of the options and follow the steps as explained below:
  1. Deploy Now
    1. Select this option to deploy the update immediately.
    2. Click Next. An information window appears showing information about the devices chosen for the update. You can review details such as the devices' current status and network status information.
    3. Click Submit. This operation will take some minutes.
  2. Schedule Deployment
    1. Select a specific date and time for deploying the update.This feature uses the same time range validation as App deployment. If multiple devices in different time zones are selected, the system ensures that the scheduled deployment time is set in the future for all devices.
    2. Click NextAn information window appears showing information about the selected devices, including the selected deployment time.
    3. Click Submit.
Info
If the Status of a system update displays Reboot Required, it indicates that the device has deferred the reboot the maximum number of times allowed (for more information, refer to Using Policy Management). In this case, the checkboxes for all updates will be disabled.

 

    • Related Articles

    • Viewing System Update Status Report

      This report provides information on system updates for devices across the entire organization. System Update information will be available only if the System Update feature is enabled. To generate a report, click Reports > System Update Status. The ...

    • Using Lenovo Device Manager Dashboard

      Dashboard is the home page for Lenovo Device Manager and offers an at-a-glance overview of the devices in your organization. The Dashboard consists of several widgets, where each widget represents different device management categories. Clicking on ...

    • Securely Scan and Update Device Software

      Lenovo Device Manager (LDM) allows Organization Admins and IT Admins to automatically scan Windows devices for available Microsoft and 3rd party software updates. This feature allows IT Admins to securely scan the Windows devices for available ...

    • Using System Inventory Management

      System Inventory Management provides IT Admins with a clear and comprehensive view of the BIOS versions currently deployed across their organization's devices. If an upgrade is necessary, a quick report can be generated to facilitate scheduling the ...

    • Viewing Device Information – Windows Operating System

      Once a Windows device is added to LDM, admins can view the device information and perform basic actions through the Device Tray. You can navigate to the Device Tray by following this path: Device Management > Device List > (Select the device) > ...