Lenovo ThinkPad T400 (English) Hardware Password Manager Deployment Guide - Page 41

Scenario 12 - Registered system can no longer access the Hardware Password Manager server - docking station

Get Lenovo ThinkPad T400 PDF manuals and user guides View all Lenovo ThinkPad T400 manuals
Add to My Manuals
Save this manual to your list of manuals

Page 41 highlights

structures are stored in flash, the flash utilities have been updated to not overwrite Hardware Password Manager related structures. • Forward Flashing - When flashing to a newer version of BIOS on a Hardware Password Manager registered system, the hardware account should not be disrupted (for example, the user's Hardware Password Manager registration status and hardware account credentials should not change). • Back flashing - When flashing back to a previous version of BIOS that supports Hardware Password Manager, the hardware account should not be disrupted (for example, the User's Hardware Password Manager registration status and hardware account credentials should not change). BIOS flash utilities that support Hardware Password Manager should not be flashed back to a previous BIOS version that does not include Hardware Password Manager support. The system must be deregistered before back flashing. Scenario 12 - Registered system can no longer access the Hardware Password Manager server If a Hardware Password Manager registered system is reassigned or moved to a location that does not have network connectivity to the Hardware Password Manager server, you should clear the hardware accounts and passwords from the system. This can be accomplished by de-registering the system using the BIOS Setup Utility. In order to do this, you must login to the emergency account to gain access to the SVP and all HDPs, and disable Hardware Password Manager. When Hardware Password Manager is disabled, the BIOS will clear the hardware account structures and all hardware passwords. If the emergency account is unknown, you must obtain the SVP and HDPs using the ThinkManagement Console in order to disable Hardware Password Manager. In this case, the Hardware Password Manager server will be left with an orphaned entry (such as machine instance and hardware account backup). You can use the ThinkManagement Console to identify these orphaned entries and clean them up if you desire. Scenario 13 - Enter the BIOS setup Users can enter the BIOS setup in one of these ways: • User Login - User must have a local account that is a member of the Hardware Password Manager Administrator group. • Hardware Password Manager Login - User must have a corporate account that is a member of the Service Tech or Hardware Password Manager Administrator group. • Manual Login - User must obtain the SVP from the administrator using the ThinkManagement Console. Scenario 14 - Load default settings in the BIOS setup This scenario describes the implications of loading default BIOS settings on a system that uses Hardware Password Manager. Users may load default BIOS settings if CMOS is cleared or corrupted. When default settings are loaded, the POP, SVP remain set and all Hardware Password Manager structures remain intact. Scenario 15 - Do not protect all hard drives This scenario describes a scenario where a user registers their system in Hardware Password Manager, but then wants to use an additional hard drive that is NOT protected. The hard drive most likely will be an external hard drive or one installed in a docking station. Chapter 6. Scenarios 33

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
structures are stored in flash, the flash utilities have been updated to not overwrite Hardware Password
Manager related structures.
Forward Flashing
- When flashing to a newer version of BIOS on a Hardware Password Manager
registered system, the hardware account should not be disrupted (for example, the user’s Hardware
Password Manager registration status and hardware account credentials should not change).
Back flashing
- When flashing back to a previous version of BIOS that supports Hardware Password
Manager, the hardware account should not be disrupted (for example, the User’s Hardware Password
Manager registration status and hardware account credentials should not change). BIOS flash utilities that
support Hardware Password Manager should not be flashed back to a previous BIOS version that does
not include Hardware Password Manager support. The system must be deregistered before back flashing.
Scenario 12 - Registered system can no longer access the Hardware
Password Manager server
If a Hardware Password Manager registered system is reassigned or moved to a location that does not
have network connectivity to the Hardware Password Manager server, you should clear the hardware
accounts and passwords from the system. This can be accomplished by de-registering the system using
the BIOS Setup Utility.
In order to do this, you must login to the emergency account to gain access to the SVP and all HDPs, and
disable Hardware Password Manager. When Hardware Password Manager is disabled, the BIOS will clear
the hardware account structures and all hardware passwords.
If the emergency account is unknown, you must obtain the SVP and HDPs using the ThinkManagement
Console in order to disable Hardware Password Manager.
In this case, the Hardware Password Manager server will be left with an orphaned entry (such as machine
instance and hardware account backup). You can use the ThinkManagement Console to identify these
orphaned entries and clean them up if you desire.
Scenario 13 - Enter the BIOS setup
Users can enter the BIOS setup in one of these ways:
User Login
– User must have a local account that is a member of the Hardware Password Manager
Administrator group.
Hardware Password Manager Login
– User must have a corporate account that is a member of the
Service Tech or Hardware Password Manager Administrator group.
Manual Login
– User must obtain the SVP from the administrator using the ThinkManagement Console.
Scenario 14 - Load default settings in the BIOS setup
This scenario describes the implications of loading default BIOS settings on a system that uses Hardware
Password Manager. Users may load default BIOS settings if CMOS is cleared or corrupted.
When default settings are loaded, the POP, SVP remain set and all Hardware Password Manager structures
remain intact.
Scenario 15 - Do not protect all hard drives
This scenario describes a scenario where a user registers their system in Hardware Password Manager,
but then wants to use an additional hard drive that is NOT protected. The hard drive most likely will be an
external hard drive or one installed in a docking station.
Chapter 6
.
Scenarios
33