Lenovo Thinkbook 14 Review

Lenovo’s Thinkbook brand is aimed at the SMB market – it’s as close to being a ThinkPad without being an actual ThinkPad, and the price reflects it.

The Thinkbook 14 follows up from the Thinkbook 14s (compare on Lenovo’s site here) which I saw while I was at Lenovo Tech World and was the first time I’d even heard of the Thinkbook brand. A few months later, I managed to get my hands on one as a trial unit from Lenovo to have a play with the hardware, as it was at a price point that I was looking at, and above the minimum specifications I needed.

Let’s start with the hardware, and then I’ll dive into what I liked/disliked about the laptop:

ProcessorUp to 10th Generation Intel® Core™ i7-1065G7 Processor (1.30GHz, up to 3.90GHz with Turbo Boost, 4 Cores, 8MB Cache)
Operating systemWindows 10 Pro
Display14″ FHD (1920 x 1080) IPS, anti-glare, 250 nits
GraphicsIntegrated Intel® UHD GraphicsIntegrated Intel® Iris Plus Graphics
MemoryUp to 16GB DDR4 2666MHz
StorageUp to 512GB SSD PCIe-NVMe M.2
BatteryUp to 9 hours* with 45Wh battery* Based on testing with MobileMark 2014. Battery life varies significantly with settings, usage, and other factors.
AudioStereo speakers with Dolby® Audio™Dual-array mic, Skype for Business certified
PortsUSB 3.1 (Gen 2, USB-C + DisplayPort + Power Delivery)USB 3.1 (Gen 1, USB-C)USB 3.1** (Gen 1, Type-A, always-on)USB 3.1** (Gen 1, Type-A)Hidden USB 2.0 (Type-A)HDMI4-in-1 card reader (SD, SDHC, SDXC, MMC)Headphone / mic comboRJ45Power DC
Connectivity 802.11AC (2 x 2)Bluetooth® 5.0
Camera720p HD
Dimensions326mm x 230mm x 17.9mm / 12.83″ x 9.06″ x 0.7″
WeightStarting at 3.3 lbs (1.5 kg)
KeyboardFull-sized keyboard with backlightOne-piece touchpadHot Keys for Skype for Business****Requires Skype for Business account, not pre-installed by Lenovo
SecurityThinkShutter Camera CoverSmart Power Button with Fingerprint ReaderActive Protection System (APS)Trusted Platform Module 2.0 (firmware)
ColorMineral Grey
What’s in the boxThinkBook 1465W AC adapter3 Cell Li-Cylinder 45Wh internal batteryQuick start guide

Tech Specs Source: Lenovo

As you can see from above, this isn’t a low end laptop. Processor wise, I only need an i5 CPU rather than an i7 which is fine for my requirements (I went with the i5-10210U), and it’s running the latest 10th GEN Intel CPU.

Display again I only need a 1080p screen, this isn’t a laptop designed for 4K video editing (although possible with a 4K screen attached) and for business requirements, most people want a 1920 x 1080 screen.

The older Thinkbook 14s only supported up to 8GB of RAM, but this supports 16GB which is what I promote as the standard you should aim for these days, which Chrome/New Edge using a lot of the RAM in our web driven world.

Storage, battery, webcam etc are all standard good specs and nothing notable there.

The keyboard is backlit which I always like. The inclusion of Skype for Business keys is a little strange with Skype for Business Online ending in July 2021, leaving only on-premises users; and if you’re running Skype for Business yourself as a phone system you’re probably a medium sized company or bigger, and this is a SMB laptop. Regardless, I personally am a fan and still use Skype for Business so it’s great for my use case, and I expect future models will instead have Microsoft Teams buttons. Maybe these buttons work with Teams anyway – I haven’t tested that yet. The buttons are secondary functions on the ‘print screen’ and ‘insert’ buttons, so worst case you can easily ignore them as they aren’t intrusive in any way, and there’s no dedicated buttons to Skype for Business.

Here’s some side shots of the Lenovo Thinkbook 14:

Front: Looks nice, not much else to see here!

Lenovo Thinkbook 14 Front

Back: No ports here either!

Lenovo Thinkbook 14 Back

Left Side: From left to right we have an RJ45 ethernet port which opens up when needed – seemed solid enough that it wouldn’t snap off easily, full sized HDMI, USB 3.1 with always on, USB-C, USB-C + DisplayPort + Power in, audio jack.

The one complaint I have is that the power in USB-C is the more front of the two ports, where every other Lenovo laptop I’ve had it’s been the one closer to the back. I initially plugged in the wrong one for power and wondered why it wasn’t charging! A minor issue though.

Lenovo Thinkbook 14 Left Side

Right Side: USB 2.0, card reader, USB 3.1, Power.

Yes, behind that little panel is a hidden USB 2.0 port, more on that below. You can also use the older rectangle shaped charger on this laptop, and it’s in it’s rightful place at the back.

Lenovo Thinkbook 14 Right Side

Base: nice long rubber stoppers to stop the laptop sliding around on a desk.

Lenovo Thinkbook 14 Base

Hidden USB 2.0 Port:

This seems like such a simple idea, yet I’ve never seen it before: a port that’s great for your wireless keyboard/mouse dongle, which is recessed into the laptop and has a cover. You’ll no longer have that awkward dongle sticking out of the laptop, asking to be knocked and bent out of shape. All laptops should have this!

Other notable features are the camera shutter so you can avoid feeling like someone’s watching you, and the ‘Smart Power Button’ which has a fingerprint reader, but also briefly ‘saves’ your fingerprint when turning the laptop on, to use when logging in. This means you can turn on and login to the laptop at the same time, getting to your desktop quicker. Another feature that seems simple and hopefully we see more of in other models.

There’s also two Dolby Audio speakers and dual array microphones, as one of the use cases for this is to be a reliable audio/video calling device without needing a headset.

The laptop feels solid and sturdy enough, but not as nice as a high end ThinkPad. You can feel the join where the top and bottom halves of the laptop were joined together, as one layer is on top of the other – but how often are you gently caressing the case of your laptop? Only every few days if you’re me.

Overall I’m very impressed with the ThinkBook 14 for the price point I can see at the time of writing with promotions applied. You won’t get military-spec testing, but you’ll still get a decent laptop fit for SMB.

Lenovo claim that “ThinkBook undergoes stringent tests to withstand spills, bumps, drops, dust, and extreme temperatures.” but I have yet to test the hardyness myself – maybe I will inadvertently.

Although Lenovo provided a demo unit, this was a trial only and the unit returned.

HEIC and HEIF Files Can’t Be Viewed on Windows 10

If you haven’t come across these file formats already, you probably will soon. Created by the Moving Picture Experts Group (MPEG) and adopted by Apple amongst others, it’s looking like a replacement for the old JPEG image format.

The format was added in iOS11 and created when doing things like taking a photo. Early on the files were being converted back to JPEG in many situations, including OneDrive Photo Roll syncs.

I expect something else has changed recently, as I’m seeing the files turn up over email from other parties where I’d never seen them before. If I find out more I’ll update this post.

.HEIC and .HEIF files ‘appear’ to be the same thing, but at this stage I can’t clearly find information explaining if there’s a difference, and if so what that is.

These files can’t be natively opened on Windows 10 or earlier, but there’s a few options you have to view them.

OneDrive

If you have access to OneDrive or OneDrive for Business (which doesn’t take much, a free Microsoft account will do), you can copy these files into OneDrive, right click and ‘View Online’. Via your browser, you can then view the image in OneDrive without any extra software required. However, Microsoft documentation currently does not list the formats as being supported, and I’m also asking questions about this in a few areas.

Windows 10

The native Photos app was supposed to have support for this as per these Insider Build notes. I’ve tested on a few different PCs including a fully patched standard Microsoft build laptop, and Photos doesn’t recognise the files. I’ve been told the support of the files needs the two Windows Store apps, and that matches my testing:

HEIF Image Extensions

HEVC Video Extensions from the Device Manufacturer

Both are created by ‘Microsoft Corporation’ so they’re not third party, and both are free. Once installed, HEIC and HEIF files work everywhere I’ve tried, including in the native Photos app.

There is also a paid HEVC Video Extensions version from Microsoft that costs $1.45AU, I’m not sure why you’d need this one over the one ‘from the Device Manufacturer’.

Frustratingly, the ‘HEVC Video Extensions from the Device Manufacturer’ app doesn’t seem to be available to add in Windows Store for Business, but the HEIF Image Extensions is. I’m asking around to try and have that resolved, if I can find someone to listen to me :)

Converting

One final option is to convert a HEIC to JPEG. Here’s a quick guide using Linux via a Debian WSL image, installed from the Microsoft Store (thanks Purana for the tip!)

I’ve got a lot of unanswered questions in the above, but hoping this at least helps others that might get stuck in finding a working solution in the meantime.

Passwordless Sign-In with FIDO2 Security Key and Microsoft

We all know passwords are bad. Microsoft’s leading answer to this is Windows Hello – or Windows Hello for Business. Using a PIN or biometrics (fingerprint reader or facial recognition) is trying to move towards a passwordless world. We’ve still got a long way to go, but we’re off to a solid start with viable alternatives.

Source: Microsoft

FIDO2 Security Keys support true passwordless login, and supported devices can be used for both consumer Office 365, and Azure AD. eWBM makes these keys, and by the claim on their website are “world’s first and currently only FIDO2 Level 2 certified security keys”. They offered to send these out to Microsoft MVPs free of charge, so I took the opportunity to accept one, test it and write about my experience.

The eWBM key isn’t very large – on the smaller side of your standard USB flash drive. It’s designed to be plugged in (and comes in both USB-C and USB type A flavours) and then verified with a touch on the fingerprint reader.

To set up a key on Azure AD, it’s a matter of adding it as a sign in method, just like you would with other methods such as SMS or the Authenticator app. eWBM have a quick video on how to do this:

Once set up, using the key is pretty simple too. If you’re logging onto a site using your Azure AD account, instead of entering a password, you choose the ‘Sign in with a security key’ option, plug in and scan your fingerprint on the key, and you’re on.

If you’re wondering why you don’t even need to type the password, where you would with an SMS code – that’s because you’ve got two different authentication methods already built into the USB. Your unique fingerprint, and the unique USB key. Your fingerprint is tied to just that key, it won’t work anywhere else unless you configure another device separately. Combine that with needing to know which username those are tied to makes it a secure combination.

Source: Microsoft

The example above and what I’ve also tested, is a web login. There’s also a PC login option, but that’s currently in beta and you’ll need to be running a insider’s build of Windows 10 to try it.

I can see this working as an actual ‘password replacement’ solution because it provides less of an inconvenience than first logging in with a password, then using something else (SMS/Email/Code/Authenticator App). Instead it’s a single thing to do – plug in your USB key and put your fingerprint on it. The process of doing this is very quick, with the added benefit of being able to do it from any computer – web based sign ins will work from any PC.

A USB-C variant is also available and on it’s way to me, so you can pick from those two standards as to which is more fitting for your requirements.

eWBM sell the keys on their website and there should be more key makers on the way.

Google Nest Mini Won’t Connect to 5Ghz Network

Update 21st February 2020:
I’ve now had Google Nest support confirm that 5ghz Channel 149 and higher isn’t supported – which to me is baffling that a device can be released in this state.

Original Post:
I received a Google Nest Mini as part of Google’s promotion to subscribers of YouTube Premium. A nice gesture, and I hadn’t actually jumpted into having a smart speaker at home myself. Beyond wondering what use I could actually get from it – it was free, so I ordered.

A few weeks later it arrived, and setup should have been simple. Power it on, get the Google Home app on a mobile device, and follow the bouncing ball to set up. I’d done this before for a Chromecast I have, which I could see in the Home setup and have connected to the home 5Ghz network – no issues there at all.

However, when going through the same setup for the Google Nest Mini, I couldn’t even see my 5Ghz home Wi-Fi network listed on my phone. Weird, I tried several things including adding the details of the network in manually. Nothing I tried would work. I also couldn’t get it connected to my 2.4Ghz home network, unless I picked my guest network. I’d had the same issue on a printer that wouldn’t connect and only supported 2.4Ghz; the cuplrit was the AiMesh ASUS setup I had (side note – I personally would recommend to avoid ASUS AiMesh as there’s multiple problems I experienced, it’s not user friendly and solutions that are half done in it such as menu options that display but aren’t supported, as I eventually had confirmed by ASUS support. That’s not to say you should avoid all ASUS solutions.).

That really wasn’t where I wanted to end up though – the Nest Mini streaming data from my 2.4Ghz non-meshed guest network. After a bunch of Googling on the issue, I saw a comment somewhere that said to try band 36. As a refresher on this – 2.4Ghz Wi-Fi has bands or channels from 1 to 11 – but there’s overlap between the bands and they interfere with each other, so you really only wan to use 1, 6 or 11. 5Ghz however, has many more. My 5Ghz network at home was set to ‘Auto’ – which should pick the least noisiest band. That resulted in band 149.

I changed my band from 149 to 36 – the lowest option available, and went through the Google Nest Mini setup yet again. This time, I could see my network! It went through the entire setup process seamlessly. For my own sanity, I tried jumping up to a band 165, higher than 149, reset the Mini, and tried setting it up again but without success. Jumped to band 44 this time, and again it worked perfectly.

5Ghz Wi-Fi Band Options

It seemed the lower channels were fine – from 36 to 48, but the higher bands the device just couldn’t see. Again, weirdly the Chromecast would successfully set up on any of these and was a much older device than my brand new Nest Mini.

I also know it’s not just me that has this problem, as @AjTechs also confirmed he had the same experience – no 5Ghz network visible on band 149, but was visible when he used band 44.

I tweeted about it of course because that’s what I do. The first fail was the frustrating plug design, that wouldn’t fit with any other standard plug I had next to it. It’s also not a USB charger, but a round connector of some sort.

@GoogleNest swooped in to attempt to save the day. They couldn’t answer that question, and after 1 1/2 hours of back and forth over DM, they really didn’t know what was going on still. They still couldn’t answer my original question, and didn’t get me any closer to proving the problem was any different to what I’d found myself.

If I get any more details I’ll update this post – but otherwise, if you’re having the same problem as me, then try a different band, and when that works, have fun reconnecting everything in your house back to Wi-Fi again :)

OneDrive PC Folder Backup and Desktop Shortcut Duplicates

PC Folder Backup (which was previously known as Known Folder Redirect) is a rather useful feature that’s been added into OneDrive. It allows the redirection of users Desktop, Documents and Pictures folder for a user to live in a folder in OneDrive under the user’s profile (e.g. C:\Users\bgates\OneDrive – Contoso\Desktop ). This in turn causes OneDrive to automatically sync the data to the user’s OneDrive cloud based storage, and works a bit like having a roaming profile, without the many issues that plague actual roaming profiles.

Stephen Rose wrote a great post on how it all works with screenshots, check that out if you’re still looking at testing this solution.

An issue that I’ve come across while rolling out, was the duplication of desktop shortcuts. The problem is that OneDrive won’t match files that are ‘identical’ unless they’re Office documents; a local file called test.lnk on your desktop, and another file in OneDrive in the Desktop folder called test.lnk from a previous sync on a different computer will result in the new one being called test – Copy.lnk, and the older one synced back – you now have a test.lnk and test – Copy.lnk file on your desktop.

This wouldn’t normally happen when you log onto a computer for the first time, but many companies deploy shortcuts (usually through Group Policy). What happens is, you log onto a PC for the first time, Group Policy deploys the shortcuts to the desktop you need, then OneDrive kicks in and starts its PC Folder Backup process. I had 4 copies of each shortcut we were deploying before I noticed the mess that my desktop had become!

I’m definitely not alone in this problem. People on answers.microsoft.com were complaining about it, and there’s a user voice idea with 212 votes at the time of posting on this same problem.

I asked around and was determined to work out a reasonable solution:

You can’t just block .lnk files from OneDrive without causing end user errors for everyone trying to automatically sync those.

You can run a script at startup to delete any “* – Copy*.lnk” file on the user’s desktop after logon, but that’s really a hack solution and an absolute last resort.

You can use Group Policy Preferences to delete any “* – Copy*.lnk” from the user’s desktop which is slightly better than a script, but it won’t run at the right time – the user will see duplicates for ~90 minutes after logging in before they get cleaned up, each time they log onto a new PC (which shouldn’t happen THAT often).

You can’t deploy shortcuts once through Group Policy, because the setting to ‘Run once and don’t reapply’ is a per user/per PC setting (unless you have roaming profiles, but you can’t do roaming profiles and PC Folder Backup at the same time unless the folders are excluded from one or the other) – so each time a user logs onto a PC for the first time, it’ll still trigger the shortcut deploys.

The best solution I came up with (and by that, I mean I asked in the Windows Admins Discord and someone said ‘just do it this way’), was to use the Public desktop rather than the user’s desktop.

The Public desktop (located by default in C:\Users\Public\Desktop) are files that everyone who logs onto a PC gets, and because they’re not part of the actual user’s desktop, they’re untouched by PC Folder Backup.

Because I had live shortcuts to clean up too, I first created and tested deleting copies as mentioned above through Group Policy Preferences. I then:

  • Replaced any global shortcut a user needed to %CommonDesktopDir%\file.lnk – not in logged-on user’s context
  • Deleted any existing shortcut deployed from %DesktopDir%\file.lnk in the logged-on user’s context
  • Replaced any shortcut a specific user group needed to %CommonDesktopDir%\file.lnk – not in logged-on user’s context, with item level targeting
  • Deleted any shortcut that was only being deployed to a specific user group, but out of the scope of the above item level targeting from %CommonDesktopDir%\file.lnk

This slightly messy but workable method means the shortcuts will get juggled around if only certain users should see them, and they’ll all live in the Public folder.

I’ll update this if things change with PC Folder Backup, but for the time being this lets the project continue, and users won’t be impacted with shortcut duplicates.