Lenovo ThinkPad X200s (English) Hardware Password Manager Deployment Guide - Page 25
Changing server policy settings, user roles: User, Service Tech
View all Lenovo ThinkPad X200s manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 25 highlights
Changing server policy settings Server policy settings include various ways to manage user enrollment, credentials, and client portal and BIOS settings for the Lenovo Hardware Password Manager devices you manage. The settings are changed from the ThinkManagement console; items that affect individual devices are then held in a pending queue until the next time each device is booted and requests an updated policy. To change server policy settings: 1. Click Remote Actions and Policy Settings in the toolbox or click Tools ➙ ThinkVantage Hardware Password Manager ➙ Remote Actions and Policy Settings. 2. Click Update Server Policy Settings on the toolbar. 3. Make changes on the four tabs in the dialog box, and then click OK when you have finished. The tabs in the Server Policy Settings dialog box are described as below. • General - This tab lists the name, IP address, and UDP port of the Hardware Password Manager server used to authenticate Hardware Password Manager users. The Status of Portal Service section shows whether the portal service on the Hardware Password Manager server is running. The portal service is a UDP server, one of the components on the Hardware Password Manager server. It is used for communication with the Hardware Password Manager device BIOS when the user logs on using the intranet account login. You can start, stop, or restart the service as needed from this dialog box. Select Allow users to enroll on multiple devices if you want to allow each intranet account to enroll on multiple Hardware Password Manager devices. If this checkbox is cleared, one intranet account can only be enrolled on one device. Select Enable "one-touch"registration if you want to pre-register new Hardware Password Manager devices with one-touch features from Lenovo. One-touch registration automatically registers the device and creates the emergency admin account when the user logs in to Windows. See also Chapter 5 "Deployment" on page 25. Select Enable first user logged on a machine as administrator if you want the first enrolled user to have administrator privileges in the BIOS. • Credentials - This tab determines the length of auto-generated passwords and the number of password backups to keep. Backups are encrypted and stored in the Hardware Password Manager database. By default, auto-generated hardware passwords, as well as emergency admin account passwords, are between 15 and 20 characters long. You can change the minimum and maximum numbers for both types of passwords. You can also specify how many backups to save for hardware passwords. The maximum password length is 64. • Client Portal - This tab specifies which menu items are enabled for display on the Client Portal menu on managed Hardware Password Manager devices. The user accesses the portal from the Windows Start menu (Start ➙ All Programs ➙ ThinkVantage ➙ Hardware Password Manager). The Client Portal menu items are always selected. When you perform tasks such as Remove User after you enter the intranet credentials that correlate to the User, Service Tech, and Administrator roles, you will get an error message if you do not have the client portal rights. Users log in to Hardware Password Manager devices with an assigned role, which correlates to the user group that the user belongs to. (See "Managing Hardware Password Manager groups" on page 12 for a description of roles.) So, for example, a user might see all options on the Client Portal but a Service Tech might have a limited set of options available. If a user tries an option that is not selected for that role, an error message will be displayed. • BIOS - This tab specifies which menu items are enabled for display on the BIOS menu of managed Hardware Password Manager devices, and allows you to specify which BIOS versions are excluded from Hardware Password Manager device management. BIOS menu items are selected separately for the three user roles: User, Service Tech, and Administrator. Users log in to Hardware Password Manager devices with an assigned role, which correlates to the user group that the user belongs to. (See "Managing Chapter 3. Managing Hardware Password Manager devices with ThinkManagement Console 17