Lenovo ThinkVantage (Hardware Password Manager Deployment- Manuals

Preparing the core server The HPM core server will use the ThinkManagement Console 9.0 that is based on LANDesk ManagementSuite 9.0. For more information about LANDesk Management Suite system requirements, go to the followingWeb site:http://community.landesk.com/support/docs/DOC-7478 For details on ...

When using the Windows Server 2008 R2 (64-bit) operating system, the Monitoring/Alerts (SNMP) additionalfeature must be installed as well. 1. Click Start ➙ Server Manager . 2. In the Server Manager console, click Features and then click Add Features in the right pane of the window. 3. Select SNMP Se...

Chapter 3. Managing Hardware Password Manager deviceswith ThinkManagement Console The available Hardware Password Manager functions in the console are described in the following sections: • “Viewing Hardware Password Manager devices and their properties” on page 9 • “Managing enrolled users on Hardw...

You can migrate from one LDAP server to another without losing data. If you find that you need to use adifferent server for LDAP authentication, enter the configuration data for the new server. To configure an LDAP server connection: 1. Click HPM Enrolled Users in the toolbox (or click Tools ➙ Think...

• Remove User: removes a user from the list of users authorized to access a Hardware Password Manager device. • Update Client Policy: saves an updated client policy to the Hardware Password Manager BIOS of the device, replacing the previous policy. • Update Common Hardware Passwords: saves new commo...

• Allow multiple users to enroll on a single device: more than one user can be enrolled on a device. If this checkbox is cleared, only the first user to be enrolled on a device can be an enrolled user (althoughadministrator and service technician users can still access the device if needed). The fol...

1. Click Remote Actions and Policy Settings in the toolbox or click Tools ➙ ThinkVantage Hardware Password Manager ➙ Remote Actions and Policy Settings . 2. In the Remote Actions tree view, expand Remote Actions by Type . 3. Expand Update Common Hardware Passwords . 4. Click either the All Devices f...

Changing server policy settings Server policy settings include various ways to manage user enrollment, credentials, and client portal andBIOS settings for the Lenovo Hardware Password Manager devices you manage. The settings are changedfrom the ThinkManagement console; items that affect individual d...

Hardware Password Manager groups” on page 12 for a description of roles.) So, for example, a usermight see all options on the Hardware Password Manager BIOS menu but a Service Technician mighthave a limited set of options available. Note: When the client policy is set to Hardware Account equals Wind...

Chapter 4. Hardware Password Manager Client Lenovo devices that support Hardware Password Manager need to be registered with a management server(referred to as the Hardware Password Manager server). The process of registering a device begins with theinstallation of an agent on the device. After the ...

• You should drag the devices under Hardware Password Manager Devices to the Active Directory or eDirectory group listed in the HPM Groups tool. If your administrator has enabled multiple users on a device, complete the following steps to enroll morethan one user. To enroll an additional user on a H...

Updating credentials on a Hardware Password Manager device After Hardware Password Management is enabled on a device, you can access the Hardware PasswordManager Login Menu to make changes to password management. You can also access the Client Portal toperform enrollment and registration tasks. Thes...

Chapter 5. Deployment This chapter contains additional deployment information for using Hardware Password Manager devices withHardware Password Manager. It is written for the administrator who will manage devices with the HardwarePassword Manager server and configure these devices with other. This g...

– enrolled - returns whether the current Windows system user is enrolled in the utility – enabled - returns whether the utility is enabled in the BIOS program – show - displays results to the console for all of the above commands • Return codes: – 0 - false – 1 - true – 2 - error • Example: cmp_util...

This process is initiated automatically on the client system based on policy, and administrator corporatecredentials are obtained from the Hardware Password Manager server to allow the registration to proceedunattended. Note: One-touch refers to the one manual step required by the administrator to r...

Chapter 6. Scenarios This chapter describes scenarios associated with hardware and user configuration changes. For the purposeof these scenarios, all systems are considered to be registered in Hardware Password Manager. Service scenarios (configuration changes) This section describes hardware scenar...

• Enter the hardware account credentials with Hardware Password Manager Administrator privileges to release the SVP/PAP, such as the Emergency Admin account. If hardware account credentials withHardware Password Manager User privileges are entered, the BIOS will prompt for the PAP/SVP. • Enter corpo...

Hardware Password Manager, the BIOS will clear the hardware passwords and delete the local hardwareaccount and SST. Scenario 6 - Replace the system board When the system board is replaced, the POP, SVP, hardware account, and server credentials no longer existon the system. Only the HDPs remain set. ...

structures are stored in flash, the flash utilities have been updated to not overwrite Hardware PasswordManager related structures. • Forward Flashing - When flashing to a newer version of BIOS on a Hardware Password Manager registered system, the hardware account should not be disrupted (for exampl...

Note: The hard drive should not be connected when the system is registered in Hardware Password Manager or else the hard disk will be assigned an HDP. User Scenarios This section describes scenarios that may be encountered by the user: Scenario 1 - Forgot Hardware Account credentials, network connec...

a completely different set of scan codes on another keyboard type. For example, consider the password azw . On an English keyboard, the scan code representation is 0x1E, 0x2C, 0x11. However, on a German keyboard, the scan code representation is 0x1E, 0x15, 0x11. There are 3 keyboard types used to su...

Appendix A. Security and convenience Computer security is often considered much more important more convenience. The following tableillustrates how Hardware Password Manager policy settings can be configured to optimize security andconvenience. Note: Default values are highlighted in italics. Table ...

Appendix B. Disaster recovery Backing up the 9.0 core server Before upgrading or otherwise modifying the current Hardware Password Manager core server, it is importantto back up all the critical files as well as any other customized files. This step can be skipped if this is a newinstallation in whi...

Appendix C. Hints and tips The following is a list of tips associated with Hardware Password Manager Version 1.0: • Symptom: Bitlocker recovery mode is triggered if you register a system in Hardware Password Manager that has Bitlocker encryption in use. Problem description: If the user first enables...

Trademarks The following terms are trademarks of Lenovo in the United States, other countries, or both: Access ConnectionsLenovoThinkVantageThinkPad The following terms are trademarks of International Business Machines Corporation in the United States,other countries, or both: IBMLotusLotus Notes In...