HP Dc5700 HP ProtectTools Security Manager Guide - Page 27
HP Client Manager for Remote Deployment, Background, Initialization, Maintenance
UPC - 882780819535
View all HP Dc5700 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 27 highlights
7 HP Client Manager for Remote Deployment Background HP Trustworthy platforms equipped with a Trusted Platform Module (TPM) ship with the TPM deactivated (default state). Enabling the TPM is an administrative option protected by HP BIOS-enforced policies. The administrator must be present to enter BIOS configuration options (F10 options) to enable the TPM. Furthermore, the Trusted Computing Group (TCG) specifications mandate that explicit human (physical) presence must be established in order to activate a TPM. This mandate ensures that a user's privacy rights are respected (by providing an opt-in model for use) and that a rogue application, virus, or Trojan horse does not enable the TPM for malicious use. The establishment of physical presence and the requirement for an administrator's local presence pose an interesting challenge for IT managers trying to deploy this technology across a large enterprise. Initialization HP Client Manager (HPCM) provides a method of remotely enabling the TPM and taking ownership of the TPM in the enterprise environment. This method does not require the physical presence of the IT administrator, yet it still meets the TCG requirement. HPCM allows the IT administrator to set certain BIOS options and then reboot the system to enable the TPM on the remote system. During this reboot, the BIOS, by default, displays a prompt; in response, the end user must press a key to prove physical presence, as specified by the TCG. The remote system then continues to boot, and the script completes by taking ownership of the TPM on the system. During this procedure, an emergency recovery archive and an emergency recovery token are created on a location designated by the IT administrator. HPCM does not execute the TPM user initialization on the remote system, since the user must be allowed to choose the password. TPM user initialization must be performed by the end user of that system. Maintenance HP Client Manager can be used to reset the user password remotely without the IT Administrator being made aware of the user password. HPCM can also remotely recover the user credentials. Proper administrator passwords must be supplied for both of these functions. ENWW Background 21