Lenovo ThinkVantage (Client Security Solution 8.21) Bedienungsanleitung Seite 1

Stöbern Sie online oder laden Sie Bedienungsanleitung nach Software Lenovo ThinkVantage (Client Security Solution 8.21) herunter. Lenovo ThinkVantage (Client Security Solution 8.21) User Manual Benutzerhandbuch

  • Herunterladen
  • Zu meinen Handbüchern hinzufügen
  • Drucken
  • Seite
    / 86
  • Inhaltsverzeichnis
  • LESEZEICHEN
  • Bewertet. / 5. Basierend auf Kundenbewertungen
Seitenansicht 0
ClientSecuritySolution8.21
DeploymentGuide
Updated:February,2012
Seitenansicht 0
1 2 3 4 5 6 ... 85 86

Inhaltsverzeichnis

Seite 1 - DeploymentGuide

ClientSecuritySolution8.21DeploymentGuideUpdated:February,2012

Seite 2 - “Notices”onpage75

youcreate.Createthissecureenvironmentassoonaspossible,beforeapasswordisforgotten.Youcannotresetaforgottenhardwarepassworduntilthissecureenvironmentisc

Seite 3 - Contents

Chapter2.InstallationThischaptercontainsinstructionsforinstallingClientSecuritySolution,andFingerprintSoftware.BeforeinstallingClientSecuritySolutiono

Seite 4

CustompublicpropertiesTheinstallationpackagefortheClientSecuritySoftwareprogramcontainsasetofcustompublicpropertiesthatcanbesetonthecommandlinewhenrun

Seite 5 - ©CopyrightLenovo2008,2012

Afterownershipofthesystemiscongured,eachadditionalWindowsuserthatlogsintothesystemisautomaticallypromptedwiththeClientSecuritysSetupwizardinordertoen

Seite 6

customizationsaremade,theusercallsmsiexec.exefromthecommandline,passingthenameoftheunpackedMSIle.Thefollowingparametersanddescriptionsaredocumentedin

Seite 7 - Chapter1.Overview

Table3.CommandlineparametersParameterDescription/IpackageorproductcodeUsethisformattoinstalltheproduct:Othello:msiexec/i"C:\WindowsFolder\Proles

Seite 8 - ClientSecurityPasswordManager

Table3.Commandlineparameters(continued)ParameterDescriptionYoucanseparatemultipletransformswithasemicolon.Donotusesemicolonsinthenameofyourtransform,a

Seite 9 - Hardwarepasswordreset

Table4.WindowsInstallerproperties(continued)PropertyDescriptionARPSYSTEMCOMPONENTPreventsdisplayofapplicationintheAddorRemoveProgramslist.ARPURLINFOAB

Seite 10 - FingerprintSoftware

Table6.InstallationexamplesusingClientSecurity-PasswordManager.msiDescriptionExampleInstallationmsiexec/i“C:\CSS82\ClientSecuritySolution-PasswordMana

Seite 11 - Chapter2.Installation

Table7.OptionssupportedbytheFingerprintSoftwareParameterDescriptionCTRLONCEDisplaystheControlCenteronlyonce.Thedefaultvalueis0.CTLCNTRRunstheControlCe

Seite 12 - TrustedPlatformModulesupport

Note:Beforeusingthisinformationandtheproductitsupports,readthegeneralinformationinAppendixD“Notices”onpage75.ThirdEdition(February2012)©CopyrightLenov

Seite 13 - Chapter2.Installation7

Table8.OptionssupportedbytheLenovoFingerprintSoftwareParameterDescriptionSWAUTOSTART•0=willnotstartngerprintsoftwareonWindowsstartup.•1=willstartnge

Seite 14 - Usingmsiexec.exe

Table8.OptionssupportedbytheLenovoFingerprintSoftware(continued)ParameterDescriptionSWANTIHAMMERRETRIESSpeciesthemaximumretries.Thedefaultvalueis5.No

Seite 15 - .Installation9

16ClientSecuritySolution8.21DeploymentGuide

Seite 16

Chapter3.WorkingwithClientSecuritySolutionBeforeyouinstallClientSecuritySolution,youshouldunderstandthecustomizationavailableforClientSecuritySolution

Seite 17 - Installationlogles

enrolledasanactiveuser.EveryotheruserthatlogsintothesystemwillbeautomaticallyrequestedtoenrollintoClientSecuritySolution.•TakeOwnershipAsingleWindowsa

Seite 18 - Silentinstallation

ThefollowingdiagramprovidesthestructurefortheSystemLevelKey:System Level Key Structure - Take OwnershipTrusted Platform ModuleEncrypted via derived AE

Seite 19

Thefollowingdiagramprovidesthestructurefortheuserlevelkey:User Level Key Structure - Enroll UserTrusted Platform ModuleEncrypted via derived AES KeySt

Seite 20

TheTPMemulationmodecannotbeusedasasecuresubstitutefortheTPM.TheTPMprovidesthefollowingtwokeyprotectionmethodsthataremoresecurethantheTPMemulationmode.

Seite 21 - SystemsManagementServer

Thefollowingdiagramprovidesthestructureforthemotherboardswap-takeownership:Motherboard Swap - Take OwnershipTrusted Platform ModuleDecrypted via deriv

Seite 22

EFSprotectionutilityClientSecuritySolutionprovidesacommandlineutilitythatenablesTPM-basedprotectionofencryptioncerticatesusedbytheEncryptingFileSyste

Seite 23 - UsingtheTrustedPlatformModule

ContentsPreface...iiiChapter1.Overview...1ClientSecuritySolution...1ClientSecuritySolutionpassphrase...2ClientSecurity

Seite 24 - TakeOwnership

UsingtheXMLSchemaThepurposeoftheXMLscriptingistoenableITadministratorstocreatecustomscriptsthatcanbeusedtodeployandcongureClientSecuritySolution.Thes

Seite 25 - EnrollUser

<SYSTEM_PAP>password</SYSTEM_PAP></FUNCTION></CSSFile>Note:Thiscommandisnotsupportedintheemulationmode.ENABLE_PWMGR_FUNCTIONTh

Seite 26 - Softwareemulation

ThefollowingcommandenablesthelogonwiththefastuserswitchingsupportanddisablestheClientSecuritySolutionWindowslogon.Thefastuserswitchingmightnotbeenable

Seite 27 - Systemboardswap

ENABLE_NONE_GINA_FUNCTIONIfoneofGINArelatedTVTcomponentssuchasThinkVantageFingerprintSoftware,ClientSecuritySolution,orAccessConnectionlogonisenabled,

Seite 28

Note:Thiscommandisnotsupportedintheemulationmode.INITIALIZE_SYSTEM_FUNCTIONThiscommandinitializestheClientSecuritySolutionsystemfunction.Thesystem-wid

Seite 29 - EFSprotectionutility

Note:Thiscommandisnotsupportedintheemulationmode.ENROLL_USER_FUNCTIONThiscommandenrollsaparticularusertouseClientSecuritySolution.Thisfunctioncreatesa

Seite 30 - Examples

<DOMAIN_NAME_PARAMETER>IBM-2AA92582C79<DOMAIN_NAME_PARAMETER><USER_PW_REC_ANSWER_DATA_PARAMETER>Test1</USER_PW_REC_ANSWER_DATA_PA

Seite 31 - ENABLE_UPEK_GINA_FUNCTION

UsingRSASecurIDtokensLeveringtheencryptionalgorithmmethodofencryptingdata,usingRSASecurIDtokensinadditiontoClientSecuritySolutionwillprovideyourenterp

Seite 32

ToleveragethePKCS#11moduleofClientSecuritySolution,thefollowingpoliciesmustbesetforActiveDirectory:1.PKCS#11Signature2.PKCS#11DecryptionThefollowingta

Seite 33 - SET_ADMIN_USER_FUNCTION

•“SecurityAdvisor”onpage33•“ClientSecuritySolutionsetupwizard”onpage34•“Deploymentleencryptordecrypttool”onpage34•“Deploymentleprocessingtool”onpage

Seite 34 - INITIALIZE_SYSTEM_FUNCTION

DeploymentexamplesforinstallingClientSecuritySolution...55Scenario1...55Scenario2...57SwitchingClientSecuritySolut

Seite 35 - USER_PW_RECOVERY_FUNCTION

Table11.Parameters(continued)ParametersDescriptionFileSharingSetsthevalueforthelesharing.1willshowthissection,0willhide.Ifnotpresentthenitisshownbyde

Seite 36 - SET_USER_AUTH_FUNCTION

Table13.ParametersforencryptingordecryptingClientSecurityXMLdeploymentlesParametersResults/hor/?DisplaysthehelpmessageFILENAMEDisplayspathnameandlen

Seite 37

Table16.css_cert_transfer_tool.exe<cert_store_type><lter_type>:<name|size>|all_access|usageParameterDescription<cert_store_type&

Seite 38 - Command-linetools

Table17.ParametersforactivatingordeactivatingtheTPMontheLenovosystem(continued)ParameterDescription/deactivateDeactivatestheTPM.Note:Ifyouruntpm_activ

Seite 39 - SecurityAdvisor

•DefaultuserpreferencesAsdescribedpreviously,computeranduserpoliciesaredenedbytheadministrator.ThesesettingscanbeinitializedthroughtheXMLconguration

Seite 40

Table19.ComputerConguration➙Administrativetemplates➙ThinkVantage➙ClientSecuritySolution➙Authenticationpolicies➙SecuremodePolicyEnabledsettingsDescrip

Seite 41 - CerticateTransfertool

Table21.ComputerConguration➙Administrativetemplates➙ThinkVantage➙ClientSecuritySolution➙AuthenticationpoliciesPolicyEnabledsettingsDescriptionPasswor

Seite 42 - TPMactivatetool

Table23.ComputerConguration➙ThinkVantage➙ClientSecuritySolution➙UserinterfacePolicysettingDescriptionFingerprintsoftwareoptionShow,grayorhidetheFinge

Seite 43 - ActiveDirectorySupport

Table24.ComputerConguration➙ThinkVantage➙ClientSecuritySolution➙Workstationsecuritytool(continued)PolicySettingDescriptionWindowsUsersPasswordsPasswo

Seite 44 - GroupPolicysettings

ActiveUpdateParameterFileTheActiveUpdateparameterlecontainsthesettingstobepassedtoActiveUpdate.TheTargetAppparameterispassedasshowninthisexample:<

Seite 45 - AuthenticationPolicies

PrefaceThisguideisintendedforITadministrators,orthoseresponsiblefordeployingThinkVantage®ClientSecuritySolutionandThinkVantageFingerprintSoftwaretocom

Seite 46 - UserInterface

44ClientSecuritySolution8.21DeploymentGuide

Seite 47 - Workstationsecuritytool

Chapter4.WorkingwithThinkVantageFingerprintSoftwareThengerprintconsolemustberunfromtheFingerprintSoftwareinstallationfolder.ThebasicsyntaxisFPRCONSOL

Seite 48 - ActiveUpdate

Table25.User-speciccommands(continued)CommandSyntaxDescriptionExportenrolledusertoaleSyntax:EXPORTusername[|domain\username]leThiscommandwillexport

Seite 49 - ActiveUpdateParameterFile

SecuremodeandconvenientmodeFingerprintSoftwarecanberunintwosecuritymodes,asecuremodeandaconvenientmode.Thesecuremodeisintendedforsituationswhenyouwant

Seite 50

Table28.Optionsforlimitedusersinthesecuremode(continued)SettingDescriptionDeletePassportLimitedusercandeleteonlytheirownpassport.Power-onSecurityLimit

Seite 51 - User-speciccommands

Table30.Optionsforlimitedusersintheconvenientmode(continued)SettingsDescriptionSecuritymodeLimiteduserscannotmodifysecuritymodes.ProServersLimiteduser

Seite 52 - Globalsettingscommands

Thengerprintsoftwarewillcontinuetovalidatethepasswordatsystemlogon.Note:Whentheaboveregistrykeyissetto1,ifthedomainadministratorchangestheuser's

Seite 53 - Securemode-limiteduser

9.Reboot.Note:YourauthenticationIDandpasswordforWindowsandNovellmustbeidentical.ThinkVantageFingerprintSoftwareserviceTheupeksvr.exeserviceisaddedtoth

Seite 54 - Convenientmode-limiteduser

52ClientSecuritySolution8.21DeploymentGuide

Seite 55 - Congurablesettings

Chapter5.WorkingwithLenovoFingerprintSoftwareThengerprintconsolemustberunfromtheLenovoFingerprintSoftwareinstallationfolder.ThebasicsyntaxisFPRCONSOL

Seite 56 - Authenticating

ivClientSecuritySolution8.21DeploymentGuide

Seite 57

Table31.Policysettings(continued)SettingDescriptionAlwaysshowpower-onsecurityoptionsIfyouenablethissetting,userswillbeabletoselectusingtheFingerprintR

Seite 58

Chapter6.BestPracticesThischapterpresentsscenariostoillustratethebestpracticesofClientSecuritySolutionandFingerprintSoftware.Thisscenariostartswiththe

Seite 59

•TypetheClientSecuritypassphrase(forexample,CSPP4Admin)fortheadministratoraccount,checktheUsetheClientSecuritypassphrasetoprotectaccesstotheRescueandR

Seite 60

*******************************************************Readytotakesysprepbackup.********PLEASERUNSYSPREPNOWANDSHUTDOWN.********Nexttimethemachineboots

Seite 61 - Chapter6.BestPractices

4.InstallThinkVantageFingerprinttutorialbyrunningthef001zpz7001us00.exetoextractthetutess.exelefromtheWebpackage.Thiswillautomaticallyextractthesetup

Seite 62 - “NOCSSWIZARD=1””

5.Afterrebootingthesystem,congurethesystemwiththeXMLscriptlethroughthefollowingprocedure:•CopytheThinkPad.xml.enclepreparedearlytotheC:\directory.•

Seite 63 - Scenario2

2.Overinstallallthreedifferentversionsofoldersoftware(RescueandRecovery1.0/2.0/3.0,Fingerprint,ClientSecuritySolution5.4–6,FFE).Settingsshouldbekeptwh

Seite 64

1.OpenCerticationAuthority.2.Intheconsoletree,clickCerticateT emplates.3.FromtheActionmenu,clickNew➙CerticatetoIssue.4.ClickTPMandclickOK.Applyingc

Seite 65 - SystemUpdate

4.UsetheThinkVantagengerprintsoftwaretoenrollyourngerprintswiththeexternalngerprintsensor.Ifitdoesnotautomaticallystart,clickStart➙Programs➙ThinkVa

Seite 66 - Requirements:

11.ClickStart➙Programs➙ThinkVantage➙ThinkVantageFingerprintSoftwaretostarttheenrollment.12.ClickFingerprints➙EnrollorEditFingerprints,andthenclickNext

Seite 67 - WindowsVistalogon

Chapter1.OverviewThischapterprovidesanoverviewofClientSecuritySolutionandFingerprintSoftware.Thetechnologiespresentedinthisdeploymentguidecandirectlya

Seite 68 - WindowsXPlogon

ClientSecuritySolutionandPasswordManagerDifferentfromWindowslogon,authenticationrequestsfromClientSecuritySolutionandPasswordManageronlyworkontheprefe

Seite 69 - Chapter6.BestPractices63

Note:IfthesettingPower-onSecurityisnotavailable,createaregistryentryasfollowstodisplaythissetting:[HKEY_LOCAL_MACHINE\SOFTWARE\ProtectorSuiteQL\1.0]RE

Seite 70

66ClientSecuritySolution8.21DeploymentGuide

Seite 71 - Chapter6.BestPractices65

AppendixA.ConsiderationswhenusingOmniPassOmniPassfromSoftex©isaprogramthatcanbeusedtosecurelylogintoWebsitesandapplications,aswellasprotectdataonacomp

Seite 72

Table33.Omnipassfeatureoverlap(continued)FunctionFeatureoverlapConsiderationsUserauthenticationBothClientSecuritySolutionandOmniPassmaypromptforuserau

Seite 73

AppendixB.SpecialconsiderationsforusingtheLenovoFingerprintKeyboardwithsomeThinkPadnotebookmodelsThengerprintdeviceusedinsomeThinkPadnotebookmodelsis

Seite 74

WindowsXP-WelcomeScreenTosupportloggingonwitheithertheLenovoFingerprintKeyboardorthebuilt-inThinkPadngerprintsensorwiththeWindowsXPWelcomeScreen,thel

Seite 75 - Windowslogon

2.TheWindowsVistalogonscreenmayonlyshowone“tile,orbutton,forngerprintlogon,althougheitherngerprintsensorcanbeusedtologon.Alternatively,tosupportlogo

Seite 76 - WindowsVista

72ClientSecuritySolution8.21DeploymentGuide

Seite 77

AppendixC.SynchronizingpasswordinCSSaftertheWindowspasswordisresetAftertheWindowspasswordisreset,ClientSecuritySolutioncontinuallypromptsyouforanewWin

Seite 78

ClientSecuritySolutionpassphraseTheClientSecuritySolutionpassphraseisanoptionalfeatureofuserauthenticationthatwillprovideenhancedsecuritytoClientSecur

Seite 79 - Windowspasswordisreset

74ClientSecuritySolution8.21DeploymentGuide

Seite 80

AppendixD.NoticesLenovomaynotoffertheproducts,services,orfeaturesdiscussedinthisdocumentinallcountries.ConsultyourlocalLenovorepresentativeforinformat

Seite 81 - AppendixD.Notices

TrademarksThefollowingtermsaretrademarksofLenovointheUnitedStates,othercountries,orboth:LenovoRescueandRecoveryThinkCentreThinkPadThinkVantageMicrosof

Seite 82 - Trademarks

GlossaryAdministrator(ThinkCentre)/Supervisor(ThinkPad)BIOSPasswordTheadministratororsupervisorpasswordisusedtocontroltheabilitytochangeBIOSsettings.T

Seite 83 - Glossary

Symmetric-keyencryptionSymmetrickeyencryptionciphersusethesamekeyforencryptionanddecryptionofdata.Symmetrickeyciphersaresimplerandfaster,buttheirmaind

Seite 86

•AutolluserIDsandpasswords:Automatesyourloginprocesswhenyouaccessanapplicationorwebsite.IfyourlogoninformationhasbeenenteredintoClientSecurityPasswor

Kommentare zu diesen Handbüchern

Keine Kommentare