BLUF

• If your machine came with Windows, try and do all the BIOS/firmware updates to latest versions from official website before removing Windows, otherwise you'll have to do extra work later!
  • For some (newer) models, you may be able to perform updates from Linux
• Enable Intel AMT if your machine has it before you put it in a dark closet!
  • Some models require a physical monitor connected for VNC to work (check BIOS settings for "virtual monitor" option). However, you should still be able to make it work without a real monitor, if you get a display emulator device

Intel vPro + Intel AMT

One of the more exciting features this mini computer comes with is Intel vPro and Intel AMT (Active Management Technology). What that translates to for HomeLabbers is: fully remote management; so that you don't have to go plug in a monitor and keyboard to troubleshoot issues or perform certain low level system operations (e.g. BIOS setup, Installing new OS, etc).

Enabling Intel AMT

Once the computer arrived I went straight to the BIOS settings and enabled said management features after resetting all settings just in case the previous owner changed anything that I didn't want. I was too excited to enable this so I didn't end up taking screenshots, you can look at this blog post shows you how to enable AMT. Note that options may vary slightly among vendors and BIOS version, but you should be able to find similar settings.

Now with AMT enabled, I went on another computer in the same network and tried to connect! Intel lists the management ports here, basically port 16992 for HTTP access and 5900 for VNC.

The HTTP access worked right away and I was greeted with the Login screen, and after logging in the menu of management options:

Login screen

Management menu options

I figured all was good since I could perform some actions like restart and such, so I installed Proxmox and moved the computer to the server closet away from my desk.

Well, I couldn't get VNC to work no matter how hard I tried, and then confirmed VNC port was closed — all after I had done cable management and put everything away 🤦‍♂️.

Remote Desktop/VNC + MeshCentral

Some of the Intel tools for AMT are windows only which was a bit disappointing, but looking around I found MeshCentral which is an open source project that lets you manage more features than the one that show up on the default HTTP interface. You just have to install it from npm, which I initially setup on my laptop to play with.

That's when I learned more about the VNC feature: 1) VNC port 5900 was not already enabled and didn't see an option in the BIOS, but MeshCentral had an option to let me do that...

At this point I gave up and awkwardly put a monitor in the server closet, and luckily I was able to actually use VNC from this point.

After looking around for mini monitors to help future me, I also learned that devices that emulate a display being connected exist so I ordered one to try out soon and "bypass" the requirement of having a physical monitor connected for VNC to work.

Outdated BIOS + Management Engine firmware (updates fix vulnerabilities)

I wouldn't have gone out of my way to check, but MeshCentral brought to my attention the fact that my management engine firmware version was outdated by showing a yellow warning once connected, linking to an Intel page outlining the privilege escalation vulnerability in some AMT versions. Couldn't help it, at that point needed to update the firmware.

Looking around the Lenovo website, I realized that many of those updates were only available for Windows, but I have already gotten rid of Windows the PC came with :(

I was able to get the BIOS update and run it from a Flash drive, however I couldn't find a way to update the management engine easily without Windows for my older machine (*though if you have a newer machine there may be options, check fwupd here).

Older models require Windows for updates

There are some ways to avoid running Windows on the host you want to update ... but they're too much work, essentially requiring the use of another Windows "host" (could be VM) to prepare WinPE with the firmware updates you want to install. Among others, this guide seemed promising, but it again, it looked like a lot more work than I would have liked!

Fine, Windows it is, let's get it over with

I decided to just try installing Windows on a flash drive and go through the "official" installation process - and that worked great! This was both less work than setting up all the WinPE stuff and also potentially useful in the future since I can reuse the flash drive for any further updates every now and then.

I used WinToUsb to install Windows on a flash drive, (unfortunately had to do from another Windows host) and then boot up from that and download all the Lenovo updates — through VNC!

(* I installed a Windows VM on Proxmox and mounted the Flash Drive on the ThinkCentre since I don't have any other Windows hosts home, but you can use any Windows machine you may have!)

Once running Windows, I installed "Lenovo Vantage" hoping it would do all the updates, but sadly it didn't show any of the firmware or BIOS updates for me (I had already done the BIOS using official ISO), but you may want to try it first since it may be a bit easier to get updates that way.

Since the only remaining update I had at the time was the AMT firmware, I downloaded the installer from the website and ran it — it worked right away! You'll have to look around the downloads section and since this is a process, try to get all the available updates to perform in one go.

Firmware update tool download page

Screenshot of updater tool

And now, finally, done with Windows until the next update! Rebooted to Proxmox and happily playing with VMs!

It comes with nice bells and whistles, like face recognition and folder & timeline views, to name a few.

However, at the time of writing this, there are only two official locations Synology Photos indexes from:

• Personal Space: /home/Photos/
• Shared Space: /photos/

What if you already have your own organization scheme, with say, custom Cloud Sync setup and you want to preserve that?

I've been in that exact position, and it turns out you can get it to work.

🚨 **This is not officially supported by Synology so it may stop working in future updates.

What didn't work

I initially tried a symlink, thinking it would work fine. That did not work, particularly no thumbnails were generated. (e.g. ln -s /volume1/home/onlyservers/custom/photofolder /volume1/photo/customfolder).

What does work

Bind mounts. A few google searches can lead to this reddit thread which was a good starting point.

• This blog post walks you through setting up a bind mount for the "Shared Space", however updating the paths to "Personal Space" equivalent paths should still work.*

Step 0: Backup

Just in case anything goes wrong, you should backup the folders in question at the very least. Double check the commands you're running as they need to be running as root and accidents happen. Make sure you understand what is going on. If not familiar, you should understand what bind mounts are.

Step 1: Decide mount point and source

You will need to figure out the absolute path to your "source" directory. That should look somewhat like /volume1/homes/onlyservers/custom/photofolder.

To find it, browse to that directory in File Station -> Right Click -> Properties: it's the Location field.

If you only have one volume, chances are that the photo directory it's the same as shown here, if you have multiple volumes or want to confirm, check the Location field in the properties of your photo share in DSM to confirm.

You will then want to create your "target" directory (e.g. /volume1/photo/customfolder) and make sure it's empty. You can, again, grab the absolute path by looking at the "Location" on the properties page.

This guide assumes:

• Source directory: /volume1/home/onlyservers/custom/photofolder
• Target directory: /volume1/photo/customfolder. Make sure to update those to whatever your directories are in all of the following commands.

Step 2: Mount

What we're doing here is setting up a bind mount from "source" to "target" directories. (similar to cp syntax).

Since you will want this to be always mounted, you can set it up to be run at start-up.

You can do so by going to Control Panel -> Task Scheduler -> Create -> Scheduled Task -> Triggered Task -> User-defined script: Then you'll want to give it a human readable name, run it as root and choose the Boot-up event:

The command to mount looks like: (remember to update paths to your own values!)

sudo mount --bind "/volume1/home/onlyservers/custom/photofolder" "/volume1/photo/customfolder"

Step 3: Re-index periodically

Unfortunately, using this method causes the automatic indexing to not be triggered, thus your new pictures won't show up unless a re-index is triggered.

Not to worry! We can just create another scheduled task to re-index.

Similar to Step 2, go to Control Panel -> Task Scheduler -> Scheduled Task -> User Defined Script:

Give this a reasonable name again, run it as root and pick your preferred schedule - how long are you willing to wait until pictures show up? (I figured once a day is fast enough for my needs).

The command to re-index is: (again, update paths as necessary)

sudo /var/packages/SynologyPhotos/target/usr/bin/synofoto-bin-index-tool -t basic -i /volume1/photo/

Step 4: Verify

Now reboot the Synology, and browse to the photo share in File Station to confirm that the mount worked and that you see the contents of your original directory.

Once you confirm everything is good, you can trigger the indexing via running the task created in step 3, or if you're patient, just wait until it gets invoked on the schedule you chose!

Note that it takes a while to index and create thumbnails. If you don't see anything in Synology Photos, give it a few hours and check back. Once indexing is done, photos do show up but without thumbnails and functionality is limited until thumbnails are produced.

When indexing is done, you should also be able to see this on the toolbar of DSM, saying it's processing images/videos (creating thumbnails) until it's done with thumbnails too:

Congrats! You should now be able to use Synology Photos AND keep your original organization scheme — once indexing and thumbnail generation completes!