1. File Version is 2.5.1298.0
   
2. Checksum:
   
1. MD5: 5C00D8558FC3F8008455772C304E85CF
   
2. SHA1: ED8396CE07ACADCF1E5BCAB2E8C7C567CB10A8F4
   
3. SHA256: 8DEE041721AED0055CB5D1A865FD147C1FBF6298D7143A20922D3C9BA3585492
   
   

1. 2012 R2 SP1 through Current Branch
   

1. The Configuration Manager console must be installed on a 64-bit version of one of the following Windows operating systems (excluding Server Core or Nano):
   
1. Windows Server 2022
   
2. Windows Server 2019
   
3. Windows Server 2016
   
4. Windows Server 2012 R2
   
5. Windows 11, Pro or Enterprise Edition
6. Windows 10, Pro or Enterprise Edition
   

1. If the console computer or server is missing either of these requirements, they will be installed on to the console computer or server during installation of Lenovo Patch.
   

1. If the console computer or server is missing the .NET requirement, .NET Framework 4.8 will be installed on the computer or server during the installation of Lenovo Patch. .NET 4.8 requires a reboot prior to installing Lenovo Patch.
   

1. If Lenovo Patch is installed on the primary Configuration Manager server and the server operating system is either Windows Server 2019, Windows Server 2016, Windows Server 2012 R2, then the WSUS API and the PowerShell cmdlets features must be enabled.
   
2. If Lenovo Patch is installed on a remote Windows 10 the RSAT: Windows Server Update Services Tools Feature on Demand must be installed on the computer.
   

1. Every user requires access to a SQL Server database and must have read/write permissions to the database. Any version of Microsoft SQL Server supported by the currently installed Microsoft Endpoint Configuration Manager version is valid.
   
2. The user installing the database must have db_create permissions on the SQL Server instance.
   

1. If there is intention to automatically publish updates using a recurring scheduled tasks through the Automation Scheduler, then the Microsoft Task Scheduler service must be enabled.
   
2. The user executing the scheduled task must be granted Log on as a batch job rights.
   

1. If users intend to receive alert notifications via email, then Configuration Manager must be configured to allow email notifications. For more information, refer to the Managing Alerts section of the Lenovo Patch 2.5 User Guide at the beginning of this article.
   

1. The user running Lenovo Patch must:
   
1. Must not be a member of the Protected Users security group in Active Directory.
   
2. Must have Read Access to Active Directory.
   
3. Be a member of the WSUS Administrators group on the WSUS server.
   
4. Must be assigned to one of the following Configuration Manager Security Roles:
   
1. 3rd Party Patch Administrator *
   
2. 3rd Party Patch Read Only User *
   
3. Full Administrator
   

* The security role is created by the Data Migration Tool. For more information and the expanded list of permissions, refer to Appendix D: Permissions Assigned to Imported Security Roles in the Lenovo Patch 2.5 User Guide.

1. Be assigned to the All instances of the objects that are related to the assigned security roles security scope in the Configuration Manager application.
   
2. In addition, if the WSUS Server is remote, the user must be a member of the Administrators group local to the WSUS Server.
   

Note: If utilizing a service account when publishing updates, either manually or using the Automated Scheduler, that service account must meet the above requirements. To verify an account meets these requirements, use the Configuration Checker found on the General tab of the Lenovo Settings dialog.

1. The firewall, proxy (if used), and web filter lists must contain a number of URLs. The URLs are used by Lenovo Patch to download updates from third-party vendors.
   
2. For the complete list of URLs to add, refer to the Lenovo Patch: URL Exception List.
   

1. When operating in a FIPS environment, the console must be configured as a FIPS-compliant machine before Lenovo Patch is installed. If FIPS is enabled after the installation, Lenovo Patch must be reinstalled.
   

1. Each client computer must meet the following requirements to deploy non-Microsoft updates distributed by a WSUS server:Must contain a copy of the code signing certificate in the appropriate certificate stores.
   
1. Must have enabled the Allow signed updates from an intranet Microsoft update service location policy setting.
   
2. To deploy updates from the Lenovo Updates Catalog, the Lenovo devices must meet the 2 previous requirements, must also have the LUC Agent installed, and must be one of the supported Think branded product lines.
   
1. For more information about the LUC Agent, refer to the Lenovo Patch: LUC Agent - Deploy Me First Knowledge Base Article.
   
2. For more information about the supported Think branded product lines, refer to the Lenovo Patch: Supported Hardware Products List Knowledge Base Article.
   
3. For more information about the supported 3rd Party Software Update content and Application Installers, refer to the Lenovo Patch: Supported Software Products Lists Knowledge Base Article.
   

1. The following languages are supported for use with the Lenovo Patch interface:
   
1. Chinese (Simplified and Traditional)
   
2. English
   
3. French
   
4. German
   
5. Italian
   
6. Japanese
   
7. Portuguese (Brazil)
   
8. Russian
   
9. Spanish
   

1. Lenovo Patch can be activated using the following methods.
   
1. Purchased Activation code
   
2. Trial Activation code - Limited time frame and number of products