Lenovo ThinkPad T400 (English) Hardware Password Manager Deployment Guide - Page 26
Defining scopes and roles for console users, the ThinkManagement Console. - value
 |
View all Lenovo ThinkPad T400 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 26 highlights
Hardware Password Manager groups" on page 12 for a description of roles.) So, for example, a user might see all options on the Hardware Password Manager BIOS menu but a Service Technician might have a limited set of options available. Note: When the client policy is set to Hardware Account equals Windows credentials, the Change Hardware Account password option will not be displayed whether or not it is selected for the role. The BIOS version exclude list section enables you to list BIOS versions that you want to exclude from Hardware Password Manager management. If you attempt to perform any remote actions on a device with a listed BIOS, the remote action will fail. Likewise, if you attempt to register a Hardware Password Manager device that has a listed BIOS, the registration will not be performed. Defining scopes and roles for console users Scopes and roles can be defined to control the access to various features of Hardware Password Manager in the ThinkManagement Console. Scopes are used to define which devices a console user has access to. To create a new scope, do the following: 1. Select Administration in the toolbox of the console. 2. Double-click Users to open the Users tool. 3. Click + on the toolbar or right-click Scopes, and then click New scope. 4. Enter a name for the scope. 5. Select LDMS Query as the scope type and then click New. 6. Select an element from the list of inventoried items (for example: Computer Name, Computer Location, Domain Name, and so on). 7. Select a comparison operator (for example: =, , Like, Exists, and so on). 8. Either select an existing value from the displayed scanned values or enter a value under Edit values. 9. Click Insert. 10. Click OK. 11. Click OK. After you have defined the necessary scopes, you can create various roles to be associated with the scopes. To create a new role, do the following: 1. In the Users tool, click + on the toolbar or right-click Roles, and then click New role. 2. Enter a name for this role. 3. Select the permission levels for the various Hardware Password Manager features you want this role to have access to. The permission levels are categorized into View, Edit, and Deploy. Some permissions only allow one of three levels, but others might allow two. 4. Select the scopes to assign this role to. 5. Click Save. In order to get the users access to the console, the users should be members of groups that have been authorized the proper access. This access is controlled by creating a new authentication and defining group permissions as the following: 1. In the User's tool, click + on the toolbar or right-click Authentications, and then click New authentication. 2. Enter a name for the authentication. 3. Enter the full domain name. 4. Enter the user name and password of a service account that can be used to query the directory. 18 Hardware Password Manager Deployment Guide
-
1 -
2
-
3
-
4
-
5
-
6
-
7
-
8
-
9
-
10
-
11
-
12
-
13
-
14
-
15
-
16
-
17
-
18
-
19
-
20
-
21 -
22 -
23 -
24 -
25 -
26 -
27 -
28 -
29 -
30 -
31 -
32
-
33
-
34
-
35
-
36
-
37
-
38
-
39
-
40
-
41
-
42
-
43
-
44
-
45
-
46
-
47
-
48
-
49
-
50
-
51
-
52
-
53
-
54
-
55
-
56
-
57
-
58
-
59
-
60
 |
 |
