Lenovo ThinkPad T400 (English) Hardware Password Manager Deployment Guide - Page 5

Contents Preface v Chapter 1. Overview 1 Chapter 2. Installing Hardware Password Manager on ThinkManagement Console 3 Prerequisites 3 Preparing the core server 4 ThinkManagement Console with HPM server setup 5 Migrating to a new LDAP server 6 Installing Hardware Password Manager on a Lenovo device 6 Chapter 3. Managing Hardware Password Manager devices with ThinkManagement Console 9 Viewing Hardware Password Manager devices and their properties 9 Managing enrolled users on Hardware Password Manager devices 10 Configuring an LDAP server connection . . . 10 Viewing Hardware Password Manager users and their properties 11 Removing a user's access to a Hardware Password Manager device 12 Managing Hardware Password Manager groups 12 Managing remote actions and policy settings for Hardware Password Manager devices . . . . . 13 Updating client policies globally 14 Updating hardware passwords globally . . . . . 15 Updating the emergency account 16 Changing server policy settings 17 Defining scopes and roles for console users . . . 18 Chapter 4. Hardware Password Manager Client 21 Hardware Password Manager device setup . . . 21 Registering a device with the Hardware Password Manager server and enrolling the first user. . . . 21 Enrolling additional users on a Hardware Password Manager device 22 Removing a user from a Hardware Password Manager device 23 Unregistering a device from the Hardware Password Manager server 23 Updating credentials on a Hardware Password Manager device 24 Chapter 5. Deployment 25 Fingerprint integration 25 Safe Guard Easy/Safe Guard Enterprise compatibility 26 One-touch registration 26 Pre-registration 27 User enrollment on a pre-registered system . 27 Chapter 6. Scenarios 29 Service scenarios (configuration changes) . . . . 29 Scenario 1 - Hardware configuration changes 29 Scenario 2 - CMOS error 29 Scenario 3 - Replace the fingerprint device. . 30 Scenario 4 - Hardware passwords already set 30 Scenario 5 - Setup under the operating system (remote BIOS settings 30 Scenario 6 - Replace the system board . . . 31 Scenario 7 - Add a hard disk drive . . . . . 31 Scenario 8 - Replace or move a hard disk drive 31 Scenario 9 - Change the hard disk location within a system 32 Scenario 10 - Remove a hard disk drive . . . 32 Scenario 11 - Flashing the BIOS 32 Scenario 12 - Registered system can no longer access the Hardware Password Manager server 33 Scenario 13 - Enter the BIOS setup. . . . . 33 Scenario 14 - Load default settings in the BIOS setup 33 Scenario 15 - Do not protect all hard drives . 33 User Scenarios 34 Scenario 1 - Forgot Hardware Account credentials, network connected 34 Scenario 2 - Forgot Hardware Account credentials, NOT network connected . . . . 34 Scenario 3 - Forgot the corporate password . 34 Scenario 4 - Manual login using different keyboard types 34 Scenario 5 - Handling enrollment from multiple boot partitions 35 Scenario 6 - BitLocker 35 Appendix A. Security and convenience 37 Appendix B. Disaster recovery . . . . 39 © Copyright Lenovo 2010 iii