Lenovo ThinkPad T400 (English) Hardware Password Manager Deployment Guide - Page 35

Pre-registration, User enrollment on a pre-registered system - user manual

Get Lenovo ThinkPad T400 PDF manuals and user guides View all Lenovo ThinkPad T400 manuals
Add to My Manuals
Save this manual to your list of manuals

Page 35 highlights

This process is initiated automatically on the client system based on policy, and administrator corporate credentials are obtained from the Hardware Password Manager server to allow the registration to proceed unattended. Note: One-touch refers to the one manual step required by the administrator to register the system in Hardware Password Manager. When the system is registered and delivered to users, enrollment can automatically be initiated (based on policy) for any user successfully logging in to Windows on the system, either a local or domain login. The one-touch registration process is ignored if the system is already registered. Pre-registration This process is the same as the normal registration process, except for the following differences: 1. Based on policy, the client portal (which is automatically launched when logging into Windows) initiates the one-touch Hardware Password Manager registration function based on the one-touch policy setting. 2. The client portal does not prompt for confirmation to proceed with the registration and enrollment. 3. After restarting, press Enter at Confirm Registration. 4. The client portal does not prompt for corporate, Windows, or hardware account credentials. The corporate credentials used to authenticate the registration request are the administrator-level credentials provided by the administrator when configuring LDAP in the Admin Console. The Windows and hardware account credentials are not required since no user account is created; only the common Administrator account is enrolled. 5. The client portal proceeds with the suspend and resume operation without notifying the user. 6. The client portal returns a success or failure code to the calling process and restarts automatically. When the one-touch registration process completes, the system is password-protected and a single local hardware account is created. The hardware account is set to the common administrator hardware account credentials. These systems can be safely distributed by the administrator to end users knowing that they are protected with hardware passwords. User enrollment on a pre-registered system When the system is delivered to the user, the user should perform a Hardware Password Manager login (wired network connection is required) in order to gain access to the system. If no network connection is available or the Hardware Password Manager server is behind a VPN, the administrator has the option to provide the common administrator hardware account credentials to allow access to the system. This flow is the same as the normal Enroll Additional Users flow. Chapter 5. Deployment 27

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
This process is initiated automatically on the client system based on policy, and administrator corporate
credentials are obtained from the Hardware Password Manager server to allow the registration to proceed
unattended.
Note:
One-touch refers to the one manual step required by the administrator to register the system in
Hardware Password Manager. When the system is registered and delivered to users, enrollment can
automatically be initiated (based on policy) for any user successfully logging in to Windows on the system,
either a local or domain login. The one-touch registration process is ignored if the system is already
registered.
Pre-registration
This process is the same as the normal registration process, except for the following differences:
1. Based on policy, the client portal (which is automatically launched when logging into Windows) initiates
the one-touch Hardware Password Manager registration function based on the one-touch policy setting.
2. The client portal does not prompt for confirmation to proceed with the registration and enrollment.
3. After restarting, press Enter at
Confirm Registration
.
4. The client portal does not prompt for corporate, Windows, or hardware account credentials. The
corporate credentials used to authenticate the registration request are the administrator-level credentials
provided by the administrator when configuring LDAP in the Admin Console. The Windows and
hardware account credentials are not required since no user account is created; only the common
Administrator account is enrolled.
5. The client portal proceeds with the suspend and resume operation without notifying the user.
6. The client portal returns a success or failure code to the calling process and restarts automatically.
When the one-touch registration process completes, the system is password-protected and a single local
hardware account is created. The hardware account is set to the common administrator hardware account
credentials. These systems can be safely distributed by the administrator to end users knowing that they
are protected with hardware passwords.
User enrollment on a pre-registered system
When the system is delivered to the user, the user should perform a Hardware Password Manager login
(wired network connection is required) in order to gain access to the system. If no network connection is
available or the Hardware Password Manager server is behind a VPN, the administrator has the option to
provide the common administrator hardware account credentials to allow access to the system. This flow is
the same as the normal Enroll Additional Users flow.
Chapter 5
.
Deployment
27