Lenovo ThinkPad T400 (English) Hardware Password Manager Deployment Guide - Page 35
Pre-registration, User enrollment on a pre-registered system - user manual
View all Lenovo ThinkPad T400 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 35 highlights
This process is initiated automatically on the client system based on policy, and administrator corporate credentials are obtained from the Hardware Password Manager server to allow the registration to proceed unattended. Note: One-touch refers to the one manual step required by the administrator to register the system in Hardware Password Manager. When the system is registered and delivered to users, enrollment can automatically be initiated (based on policy) for any user successfully logging in to Windows on the system, either a local or domain login. The one-touch registration process is ignored if the system is already registered. Pre-registration This process is the same as the normal registration process, except for the following differences: 1. Based on policy, the client portal (which is automatically launched when logging into Windows) initiates the one-touch Hardware Password Manager registration function based on the one-touch policy setting. 2. The client portal does not prompt for confirmation to proceed with the registration and enrollment. 3. After restarting, press Enter at Confirm Registration. 4. The client portal does not prompt for corporate, Windows, or hardware account credentials. The corporate credentials used to authenticate the registration request are the administrator-level credentials provided by the administrator when configuring LDAP in the Admin Console. The Windows and hardware account credentials are not required since no user account is created; only the common Administrator account is enrolled. 5. The client portal proceeds with the suspend and resume operation without notifying the user. 6. The client portal returns a success or failure code to the calling process and restarts automatically. When the one-touch registration process completes, the system is password-protected and a single local hardware account is created. The hardware account is set to the common administrator hardware account credentials. These systems can be safely distributed by the administrator to end users knowing that they are protected with hardware passwords. User enrollment on a pre-registered system When the system is delivered to the user, the user should perform a Hardware Password Manager login (wired network connection is required) in order to gain access to the system. If no network connection is available or the Hardware Password Manager server is behind a VPN, the administrator has the option to provide the common administrator hardware account credentials to allow access to the system. This flow is the same as the normal Enroll Additional Users flow. Chapter 5. Deployment 27