1. Lenovo Patch User Guide, Upgrade Guide, and Release Notes
2. Installation Requirements
A. Configuration Manager Requirements
- 2012 R2 SP1 through Current Branch
B. Operating System Requirements
- The Configuration Manager console must be installed on a 64-bit version of one of the following Windows operating systems (excluding Server Core or Nano):
- Windows Server 2022
- Windows Server 2019
- Windows Server 2016
- Windows Server 2012 R2
- Windows 10, Pro or Enterprise Edition
C. Microsoft Visual C++ 2015-2022Redistributable (x86 and x64) - Version 14.36.32532.0 or later
- If the console computer or server is missing either of these requirements, they will be installed on to the console computer or server during installation of Lenovo Patch.
D. .NET Framework 4.8 or later
- If the console computer or server is missing the .NET requirement, .NET Framework 4.8 will be installed on the computer or server during the installation of Lenovo Patch. .NET 4.8 requires a reboot prior to installing Lenovo Patch.
E. The device where the Configuration Manager console is installed must contain at least 4 GB of RAM.
3. Configuration Requirements
A. Windows Server Update Services (WSUS) Requirements:
- If Lenovo Patch is installed on the primary Configuration Manager server and the server operating system is either Windows Server 2019, Windows Server 2016, Windows Server 2012 R2, then the WSUS API and the PowerShell cmdlets features must be enabled.
- If Lenovo Patch is installed on a remote Windows 10 the RSAT: Windows Server Update Services Tools Feature on Demand must be installed on the computer.
B. SQL Server Requirements
- Every user requires access to a SQL Server database and must have read/write permissions to the database. Any version of Microsoft SQL Server supported by the currently installed Microsoft Endpoint Configuration Manager version is valid.
- The user installing the database must have db_create permissions on the SQL Server instance.
C. Automation Scheduler Requirements
- If there is intention to automatically publish updates using a recurring scheduled tasks through the Automation Scheduler, then the Microsoft Task Scheduler service must be enabled.
- The user executing the scheduled task must be granted Log on as a batch job rights.
D. Alerts Requirements
- If users intend to receive alert notifications via email, then Configuration Manager must be configured to allow email notifications. For more information, refer to the Managing Alerts section of the Lenovo Patch 2.5 User Guide at the beginning of this article.
E. User Rights Requirements
- The user running Lenovo Patch must:
- Must not be a member of the Protected Users security group in Active Directory.
- Must have Read Access to Active Directory.
- Be a member of the WSUS Administrators group on the WSUS server.
- Must be assigned to one of the following Configuration Manager Security Roles:
- 3rd Party Patch Administrator *
- 3rd Party Patch Read Only User *
- Full Administrator
* The security role is created by the Data Migration Tool. For more information and the expanded list of permissions, refer to Appendix D: Permissions Assigned to Imported Security Roles in the Lenovo Patch 2.5 User Guide.
- Be assigned to the All instances of the objects that are related to the assigned security roles security scope in the Configuration Manager application.
- In addition, if the WSUS Server is remote, the user must be a member of the Administrators group local to the WSUS Server.
Note: If utilizing a service account when publishing updates, either manually or using the Automated Scheduler, that service account must meet the above requirements. To verify an account meets these requirements, use the Configuration Checker found on the General tab of the Lenovo Settings dialog.
F. Firewall Requirements
- The firewall, proxy (if used), and web filter lists must contain a number of URLs. The URLs are used by Lenovo Patch to download updates from third-party vendors.
- For the complete list of URLs to add, refer to the Lenovo Patch: URL Exception List.
G. Federal Information Processing Standard (FIPS) Requirements
- When operating in a FIPS environment, the console must be configured as a FIPS-compliant machine before Lenovo Patch is installed. If FIPS is enabled after the installation, Lenovo Patch must be reinstalled.
H. Client Machine Requirements
- Each client computer must meet the following requirements to deploy non-Microsoft updates distributed by a WSUS server:
- Must contain a copy of the code signing certificate in the appropriate certificate stores.
- Must have enabled the Allow signed updates from an intranet Microsoft update service location policy setting.
- To deploy updates from the Lenovo Updates Catalog, the Lenovo devices must meet the 2 previous requirements, must also have the LUC Agent installed, and must be one of the supported Think branded product lines.
I. Supported Languages
- The following languages are supported for use with the Lenovo Patch interface:
- Chinese (Simplified and Traditional)
- English
- French
- German
- Italian
- Japanese
- Portuguese (Brazil)
- Russian
- Spanish
J. Licensing Requirements
- Lenovo Patch can be activated using the following methods.
- Purchased Activation code
- Trial Activation code - Limited time frame and number of products