Lenovo ThinkPad T400 (English) Hardware Password Manager Deployment Guide - Page 31

Removing a user from a Hardware Password Manager device

Get Lenovo ThinkPad T400 PDF manuals and user guides View all Lenovo ThinkPad T400 manuals
Add to My Manuals
Save this manual to your list of manuals

Page 31 highlights

• You should drag the devices under Hardware Password Manager Devices to the Active Directory or eDirectory group listed in the HPM Groups tool. If your administrator has enabled multiple users on a device, complete the following steps to enroll more than one user. To enroll an additional user on a Hardware Password Manager device: 1. Log in to Windows. 2. Click Start ➙ All Programs ➙ ThinkVantage ➙ Hardware Password Manager to open the Client Portal. (If your administrator has set up auto-start, the portal will open automatically.) 3. Click Enroll additional user. 4. Enter the user's intranet credentials, Windows credentials, or hardware account credentials according to the policy on the server. 5. The suspend countdown window will pop-up and either wait 30 seconds or click OK to suspend. 6. After logging on to the desktop, it will prompt you to restart. 7. At the BIOS login prompt, log in using the Windows credentials for the additional user on this device. Note: If the policy is set such that vault credentials do not equal Windows credentials, log in using the hardware account credentials for the additional user. The enrolled additional user will have user or administrator right in the BIOS, according to the role of the group, user, administrator, or service tech. Removing a user from a Hardware Password Manager device When a user should no longer have access to a Hardware Password Manager device, you can remove the user to terminate access. When a user is removed, only that user's credentials are removed from the hardware account. Hardware credentials remain on the device, and other users' credentials are not affected. To remove a user from a Hardware Password Manager device: 1. Log in to Windows. 2. Click Start ➙ All Programs ➙ ThinkVantage ➙ Hardware Password Manager to open the Client Portal. 3. Click Remove user. 4. Enter your intranet account credentials when prompted. 5. Click OK to confirm that the system will suspend. The system will resume automatically after it has completed removing the user. Unregistering a device from the Hardware Password Manager server A device can be unregistered from the Hardware Password Manager server in two ways: • The user can open the Hardware Password Manager Login Menu in the BIOS and unregister the device. (See To open the Hardware Password Manager Login Menu.) • The administrator can unregister the device using the Hardware Password Manager administration tools in the ThinkManagement Console. After the device is unregistered, the Hardware Password Manager functionality is no longer in effect unless the device is registered again with the Hardware Password Manager server. Chapter 4. Hardware Password Manager Client 23

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
You should drag the devices under Hardware Password Manager Devices to the Active Directory or
eDirectory group listed in the HPM Groups tool.
If your administrator has enabled multiple users on a device, complete the following steps to enroll more
than one user.
To enroll an additional user on a Hardware Password Manager device:
1. Log in to Windows.
2. Click
Start
All Programs
ThinkVantage
Hardware Password Manager
to open the Client
Portal. (If your administrator has set up auto-start, the portal will open automatically.)
3. Click
Enroll additional user
.
4. Enter the user's intranet credentials, Windows credentials, or hardware account credentials according
to the policy on the server.
5. The suspend countdown window will pop-up and either wait 30 seconds or click
OK
to suspend.
6. After logging on to the desktop, it will prompt you to restart.
7. At the BIOS login prompt, log in using the Windows credentials for the additional user on this device.
Note:
If the policy is set such that vault credentials do not equal Windows credentials, log in using the
hardware account credentials for the additional user.
The enrolled additional user will have user or administrator right in the BIOS, according to the role of the
group, user, administrator, or service tech.
Removing a user from a Hardware Password Manager device
When a user should no longer have access to a Hardware Password Manager device, you can remove the
user to terminate access. When a user is removed, only that user’s credentials are removed from the
hardware account. Hardware credentials remain on the device, and other users’ credentials are not affected.
To remove a user from a Hardware Password Manager device:
1.
Log in to Windows.
2. Click
Start
All Programs
ThinkVantage
Hardware Password Manager
to open the Client
Portal.
3. Click
Remove user
.
4. Enter your intranet account credentials when prompted.
5. Click
OK
to confirm that the system will suspend. The system will resume automatically after it has
completed removing the user.
Unregistering a device from the Hardware Password Manager server
A device can be unregistered from the Hardware Password Manager server in two ways:
The user can open the Hardware Password Manager Login Menu in the BIOS and unregister the device.
(See To open the Hardware Password Manager Login Menu.)
The administrator can unregister the device using the Hardware Password Manager administration tools in
the ThinkManagement Console.
After the device is unregistered, the Hardware Password Manager functionality is no longer in effect unless
the device is registered again with the Hardware Password Manager server.
Chapter 4
.
Hardware Password Manager Client
23