Lenovo ThinkPad T400 (English) Hardware Password Manager Deployment Guide - Page 38

• Enter the hardware account credentials with Hardware Password Manager Administrator privileges to release the SVP/PAP, such as the Emergency Admin account. If hardware account credentials with Hardware Password Manager User privileges are entered, the BIOS will prompt for the PAP/SVP. • Enter corporate credentials by: 1. Press Esc key to open Login Menu window. 2. Select Intranet account login to open the Internet Account Login window . 3. Enter the user name and password at the Internet Account Login window. • At the User Login window, press Esc to open the User Login window and select Manually Enter Passwords. At the manual login, enter the PAP/SVP. You can obtain this information from the Hardware Password Manager Admin Console. Note: For desktop systems, you can skip the CMOS error by pressing F2 and starting the system. The next start will give you the same error until you enter the BIOS setup and load the default settings by pressing F9. Scenario 3 - Replace the fingerprint device Users can enroll their fingerprints for single sign-on capability using Hardware Password Manager. When a fingerprint is enrolled for pre-start access, hardware passwords are associated with the swiped fingerprint and are stored within the fingerprint device. When the user swipes an enrolled fingerprint at the prompt, the BIOS will release the actual hardware passwords from the hardware account. The BIOS displays the fingerprint swipe prompt first when starting the system. To open the User Login window, the user must press Esc. If the fingerprint device is removed, the fingerprint swipe prompt will no longer be displayed, and the User Login window is displayed first. When a defective fingerprint device is replaced, the registered fingerprints and associated hardware passwords go away. Hardware Password Manager is not affected except that the user can no longer using their fingerprint. The fingerprint swipe prompt will not be displayed and the User Login window is displayed first. To regain fingerprint access, the user must register their fingerprint for Windows and pre-start credentials using the Fingerprint Setup Utility. If a fingerprint device is replaced with another fingerprint device that already has registered fingerprints and passwords, the BIOS will overwrite those passwords as long as the user provides correct passwords using either manual, User Login or Hardware Password Manager Login. If hardware account credentials without Hardware Password Manager Administrator privileges are provided, only the Power On Password and Hard Drive Passwords are updated in the fingerprint device (PAP/SVP is not added to the fingerprint device until a user logs in with Hardware Password Manager Administrator credentials or manually enters the correct PAP/SVP.) Scenario 4 - Hardware passwords already set When hardware passwords are already set prior to registering, the user cannot register in Hardware Password Manager. When starting the registration process, the Client Portal will inform the user that they must manually clear hardware passwords before registering. After the hardware passwords are cleared by the user, registration will proceed normally. Scenario 5 - Setup under the operating system (remote BIOS settings) This scenario can occur when you receive new machines and want to roll out default BIOS settings, such as disable serial port or set admin password. When a machine is registered in Hardware Password Manager, hardware passwords cannot be changed by Setup under the OS (since they are managed by the HPM server) unless the current password is provided which you can obtain using the ThinkManagement Console. If a user disables Hardware Password Manager either manually through the BIOS setup or by Setup under the OS on a machine that is registered in 30 Hardware Password Manager Deployment Guide