Lenovo ThinkPad T400 (English) Hardware Password Manager Deployment Guide - Page 43
Scenario 5 - Handling enrollment from multiple boot partitions, Scenario 6 - BitLocker, German, Swiss - bios password
 |
View all Lenovo ThinkPad T400 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 43 highlights
a completely different set of scan codes on another keyboard type. For example, consider the password azw. On an English keyboard, the scan code representation is 0x1E, 0x2C, 0x11. However, on a German keyboard, the scan code representation is 0x1E, 0x15, 0x11. There are 3 keyboard types used to support different languages: • French, Belgian • German, Swiss, Hungary, Poland, Czechoslovakia, Slovenia, Slovakia • All other languages When deploying hardware passwords from the server, such as POP, SVP and HDP, the server converts the ASCII text to scan codes based on the keyboard type of the target system. These passwords (represented by scan codes) are sent to the client to be set in the hardware. Changing keyboard types is not supported for manual entry of passwords. If a user wants to change keyboard types, the best practice is to do this: 1. Deregister from Hardware Password Manager. 2. Change the keyboard. 3. Reregister in Hardware Password Manager. Scenario 5 - Handling enrollment from multiple boot partitions This scenario can occur when a user registers and enrolls on one boot partition (such as Vista), and wants to enroll in Hardware Password Manager on a second boot partition (such as XP). In this case, the Hardware Password Manager Client code should be installed in each boot partition. The user should register and enroll in Hardware Password Manager from one boot partition. After being enrolled, Hardware Password Manager functions normally in all boot partitions where the Hardware Password Manager Client code is installed assuming the Windows login credentials are the same in all boot partitions. If the Windows login credentials are different, the user will have to manually enter their Windows credentials in the Windows Gina/CP when using boot partitions other than the one used to register in Hardware Password Manager. Scenario 6 - BitLocker BitLocker and Hardware Password Manager are compatible, which means a client enrolled in Hardware Password Manager (for BIOS password protection - POP, SVP, HDPs) can further protect their data using BitLocker (logical volume encryption). BitLocker enrollment and key retrieval is handled the same way as is done today by customers (outside the scope of Hardware Password Manager). The best practice when using both technologies is to enroll in Hardware Password Manager prior to enabling BitLocker. If the user first enables BitLocker, then registers in Hardware Password Manager, the fact that BIOS passwords are set will cause BitLocker to fail its integrity check (BIOS passwords are validated within PCR1) and cause the BitLocker Recovery Mode to start. Hardware Password Manager will warn the user of this issue during the registration flow if BitLocker is enabled. The user can choose to continue with the registration or cancel at this point. If the user continues, then BitLocker Recovery Mode will be executed on the next start since the integrity check on BIOS passwords (PCR1) will have failed. Chapter 6. Scenarios 35
-
1 -
2
-
3
-
4
-
5
-
6
-
7
-
8
-
9
-
10
-
11
-
12
-
13
-
14
-
15
-
16
-
17
-
18
-
19
-
20
-
21
-
22
-
23
-
24
-
25
-
26
-
27
-
28
-
29
-
30
-
31
-
32
-
33
-
34
-
35
-
36
-
37
-
38 -
39 -
40 -
41 -
42 -
43 -
44 -
45 -
46 -
47 -
48 -
49
-
50
-
51
-
52
-
53
-
54
-
55
-
56
-
57
-
58
-
59
-
60
 |
 |
