Lenovo ThinkPad T400 (English) Hardware Password Manager Deployment Guide - Page 21

Managing remote actions and policy settings for Hardware Password Manager devices - memory

Get Lenovo ThinkPad T400 PDF manuals and user guides View all Lenovo ThinkPad T400 manuals
Add to My Manuals
Save this manual to your list of manuals

Page 21 highlights

5. If you selected With expiration, select Duration, and then select the beginning and end time for the access to Hardware Password Manager devices; or select Login count remaining, and then select the number of logins; or select Number of days allowed per machine, and then specify the number of days. 6. Click OK. To associate devices with a group: 1. Click HPM Groups in the toolbox (or click Tools ➙ ThinkVantage Hardware Password Manager ➙ HPM Groups). 2. Drag the device from the network view (either from All devices or from Hardware Password Manager devices - Computers) to the group name in the LDAP tree view. 3. To view the devices associated with a group, click the group name and click View computers on the toolbar. To view users associated with a group, click the group name and click View LDAP Users on the toolbar. The dialog box displays the LDAP distinguished name of the group and lists the devices or users associated with the group. Members of the group can log in to all devices listed here, unless you have defined the group as a Service Tech group with an expiration on group access, and the association has expired. Managing remote actions and policy settings for Hardware Password Manager devices Remote actions are changes to a Hardware Password Manager device's settings that are applied to one or more devices by the administrator. Actions include credential management, registering or deregistering devices, and enrolling or removing users. Remote actions are not applied immediately to Hardware Password Manager devices. After the administrator applies one or more remote actions to a device, the actions are pending until the next time the device is powered on. The device then connects to the Hardware Password Manager server and requests any pending actions. The actions are completed by the client and the new settings are in effect. One remote action is to change policy settings on the Hardware Password Manager device. There are two types of policies: those applied at the operating system level (Windows policies) and those applied at the BIOS level (BIOS policies). Policies determine how the device manages credentials, and determine whether registration and user enrollment are automatically started when the device is powered on. They also determine whether multiple users can be enrolled on a Hardware Password Manager device and how user login is handled for the BIOS menu. When you manage remote actions, you can apply actions individually or globally. When the Remote Actions and Policy Settings tool is open, you can drag Hardware Password Manager devices from the network view and drop them onto specific remote actions. Or you can use buttons on the toolbar to apply actions globally. Remote actions include the following: • Renew Hardware Account: replaces the BIOS hardware passwords with a new set of credentials that are generated by the Hardware Password Manager server. The new credentials are stored in the hardware account, a secure area of non-volatile memory that can only be accessed by the computer's BIOS. • Restore Hardware Account: restores the BIOS hardware passwords in the hardware account with the backup credentials stored in the Hardware Password Manager server. This includes system and user password backups. • Deregister PC: clears the hardware passwords and changes the status in the BIOS of the client device from Registered to Enabled and removes the device from the list of registered Hardware Password Manager devices in the console. Chapter 3. Managing Hardware Password Manager devices with ThinkManagement Console 13

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
5. If you selected
With expiration
, select
Duration
, and then select the beginning and end time for the
access to Hardware Password Manager devices; or select
Login count remaining
, and then select the
number of logins; or select
Number of days allowed per machine
, and then specify the number of days.
6. Click
OK
.
To associate devices with a group:
1. Click
HPM Groups
in the toolbox (or click
Tools
ThinkVantage Hardware Password Manager
HPM Groups
).
2. Drag the device from the network view (either from
All devices
or from
Hardware Password Manager
devices - Computers
) to the group name in the LDAP tree view.
3. To view the devices associated with a group, click the group name and click
View computers
on the
toolbar. To view users associated with a group, click the group name and click
View LDAP Users
on
the toolbar.
The dialog box displays the LDAP distinguished name of the group and lists the devices or users associated
with the group. Members of the group can log in to all devices listed here, unless you have defined the group
as a Service Tech group with an expiration on group access, and the association has expired.
Managing remote actions and policy settings for Hardware Password
Manager devices
Remote actions are changes to a Hardware Password Manager device’s settings that are applied to one
or more devices by the administrator. Actions include credential management, registering or deregistering
devices, and enrolling or removing users.
Remote actions are not applied immediately to Hardware Password Manager devices. After the administrator
applies one or more remote actions to a device, the actions are pending until the next time the device is
powered on. The device then connects to the Hardware Password Manager server and requests any
pending actions. The actions are completed by the client and the new settings are in effect.
One remote action is to change policy settings on the Hardware Password Manager device. There are
two types of policies: those applied at the operating system level (Windows policies) and those applied
at the BIOS level (BIOS policies). Policies determine how the device manages credentials, and determine
whether registration and user enrollment are automatically started when the device is powered on. They
also determine whether multiple users can be enrolled on a Hardware Password Manager device and how
user login is handled for the BIOS menu.
When you manage remote actions, you can apply actions individually or globally. When the
Remote Actions
and Policy Settings
tool is open, you can drag Hardware Password Manager devices from the network view
and drop them onto specific remote actions. Or you can use buttons on the toolbar to apply actions globally.
Remote actions include the following:
Renew Hardware Account:
replaces the BIOS hardware passwords with a new set of credentials that
are generated by the Hardware Password Manager server. The new credentials are stored in the hardware
account, a secure area of non-volatile memory that can only be accessed by the computer’s BIOS.
Restore Hardware Account:
restores the BIOS hardware passwords in the hardware account with the
backup credentials stored in the Hardware Password Manager server. This includes system and user
password backups.
Deregister PC:
clears the hardware passwords and changes the status in the BIOS of the client device
from
Registered
to
Enabled
and removes the device from the list of registered Hardware Password
Manager devices in the console.
Chapter 3
.
Managing Hardware Password Manager devices with ThinkManagement Console
13