Lenovo ThinkPad T400 (English) Hardware Password Manager Deployment Guide - Page 25

Changing server policy settings, user roles: User, Service Tech - won t boot

Get Lenovo ThinkPad T400 PDF manuals and user guides View all Lenovo ThinkPad T400 manuals
Add to My Manuals
Save this manual to your list of manuals

Page 25 highlights

Changing server policy settings Server policy settings include various ways to manage user enrollment, credentials, and client portal and BIOS settings for the Lenovo Hardware Password Manager devices you manage. The settings are changed from the ThinkManagement console; items that affect individual devices are then held in a pending queue until the next time each device is booted and requests an updated policy. To change server policy settings: 1. Click Remote Actions and Policy Settings in the toolbox or click Tools ➙ ThinkVantage Hardware Password Manager ➙ Remote Actions and Policy Settings. 2. Click Update Server Policy Settings on the toolbar. 3. Make changes on the four tabs in the dialog box, and then click OK when you have finished. The tabs in the Server Policy Settings dialog box are described as below. • General - This tab lists the name, IP address, and UDP port of the Hardware Password Manager server used to authenticate Hardware Password Manager users. The Status of Portal Service section shows whether the portal service on the Hardware Password Manager server is running. The portal service is a UDP server, one of the components on the Hardware Password Manager server. It is used for communication with the Hardware Password Manager device BIOS when the user logs on using the intranet account login. You can start, stop, or restart the service as needed from this dialog box. Select Allow users to enroll on multiple devices if you want to allow each intranet account to enroll on multiple Hardware Password Manager devices. If this checkbox is cleared, one intranet account can only be enrolled on one device. Select Enable "one-touch"registration if you want to pre-register new Hardware Password Manager devices with one-touch features from Lenovo. One-touch registration automatically registers the device and creates the emergency admin account when the user logs in to Windows. See also Chapter 5 "Deployment" on page 25. Select Enable first user logged on a machine as administrator if you want the first enrolled user to have administrator privileges in the BIOS. • Credentials - This tab determines the length of auto-generated passwords and the number of password backups to keep. Backups are encrypted and stored in the Hardware Password Manager database. By default, auto-generated hardware passwords, as well as emergency admin account passwords, are between 15 and 20 characters long. You can change the minimum and maximum numbers for both types of passwords. You can also specify how many backups to save for hardware passwords. The maximum password length is 64. • Client Portal - This tab specifies which menu items are enabled for display on the Client Portal menu on managed Hardware Password Manager devices. The user accesses the portal from the Windows Start menu (Start ➙ All Programs ➙ ThinkVantage ➙ Hardware Password Manager). The Client Portal menu items are always selected. When you perform tasks such as Remove User after you enter the intranet credentials that correlate to the User, Service Tech, and Administrator roles, you will get an error message if you do not have the client portal rights. Users log in to Hardware Password Manager devices with an assigned role, which correlates to the user group that the user belongs to. (See "Managing Hardware Password Manager groups" on page 12 for a description of roles.) So, for example, a user might see all options on the Client Portal but a Service Tech might have a limited set of options available. If a user tries an option that is not selected for that role, an error message will be displayed. • BIOS - This tab specifies which menu items are enabled for display on the BIOS menu of managed Hardware Password Manager devices, and allows you to specify which BIOS versions are excluded from Hardware Password Manager device management. BIOS menu items are selected separately for the three user roles: User, Service Tech, and Administrator. Users log in to Hardware Password Manager devices with an assigned role, which correlates to the user group that the user belongs to. (See "Managing Chapter 3. Managing Hardware Password Manager devices with ThinkManagement Console 17

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
Changing server policy settings
Server policy settings include various ways to manage user enrollment, credentials, and client portal and
BIOS settings for the Lenovo Hardware Password Manager devices you manage. The settings are changed
from the ThinkManagement console; items that affect individual devices are then held in a pending queue
until the next time each device is booted and requests an updated policy.
To change server policy settings:
1. Click
Remote Actions and Policy Settings
in the toolbox or click
Tools
ThinkVantage Hardware
Password Manager
Remote Actions and Policy Settings
.
2. Click
Update Server Policy Settings
on the toolbar.
3. Make changes on the four tabs in the dialog box, and then click
OK
when you have finished.
The tabs in the
Server Policy Settings
dialog box are described as below.
General
- This tab lists the name, IP address, and UDP port of the Hardware Password Manager server
used to authenticate Hardware Password Manager users. The
Status of Portal Service
section shows
whether the portal service on the Hardware Password Manager server is running. The portal service
is a UDP server, one of the components on the Hardware Password Manager server. It is used for
communication with the Hardware Password Manager device BIOS when the user logs on using the
intranet account login. You can start, stop, or restart the service as needed from this dialog box.
Select
Allow users to enroll on multiple devices
if you want to allow each intranet account to enroll
on multiple Hardware Password Manager devices. If this checkbox is cleared, one intranet account
can only be enrolled on one device.
Select
Enable “one-touch”registration
if you want to pre-register new Hardware Password Manager
devices with one-touch features from Lenovo. One-touch registration automatically registers the device
and creates the emergency admin account when the user logs in to Windows. See also Chapter 5
“Deployment” on page 25.
Select
Enable first user logged on a machine as administrator
if you want the first enrolled user to
have administrator privileges in the BIOS.
Credentials
- This tab determines the length of auto-generated passwords and the number of password
backups to keep. Backups are encrypted and stored in the Hardware Password Manager database.
By default, auto-generated hardware passwords, as well as emergency admin account passwords,
are between 15 and 20 characters long. You can change the minimum and maximum numbers for
both types of passwords. You can also specify how many backups to save for hardware passwords.
The maximum password length is 64.
Client Portal
- This tab specifies which menu items are enabled for display on the Client Portal menu on
managed Hardware Password Manager devices. The user accesses the portal from the Windows Start
menu (
Start
All Programs
ThinkVantage
Hardware Password Manager
). The Client Portal
menu items are always selected. When you perform tasks such as Remove User after you enter the
intranet credentials that correlate to the User, Service Tech, and Administrator roles, you will get an error
message if you do not have the client portal rights. Users log in to Hardware Password Manager devices
with an assigned role, which correlates to the user group that the user belongs to. (See “Managing
Hardware Password Manager groups” on page 12 for a description of roles.) So, for example, a user
might see all options on the Client Portal but a Service Tech might have a limited set of options available.
If a user tries an option that is not selected for that role, an error message will be displayed.
BIOS
- This tab specifies which menu items are enabled for display on the BIOS menu of managed
Hardware Password Manager devices, and allows you to specify which BIOS versions are excluded from
Hardware Password Manager device management. BIOS menu items are selected separately for the three
user roles: User, Service Tech, and Administrator. Users log in to Hardware Password Manager devices
with an assigned role, which correlates to the user group that the user belongs to. (See “Managing
Chapter 3
.
Managing Hardware Password Manager devices with ThinkManagement Console
17