Lenovo ThinkVantage (Client Security Solution 8.21) Bedienungsanleitung Seite 23

  • Herunterladen
  • Zu meinen Handbüchern hinzufügen
  • Drucken
  • Seite
    / 86
  • Inhaltsverzeichnis
  • LESEZEICHEN
  • Bewertet. / 5. Basierend auf Kundenbewertungen
Seitenansicht 22
Chapter3.WorkingwithClientSecuritySolution
BeforeyouinstallClientSecuritySolution,youshouldunderstandthecustomizationavailableforClient
SecuritySolution.ThischapterprovidescustomizationinformationaboutClientSecuritySolution,aswellas
informationregardingtheTrustedPlatformModule.ThetermsusedinthischapterreferencingtheTrusted
PlatformModulearedenedbytheTrustedComputingGroup(TCG).FormoreinformationabouttheTrusted
PlatformModulerefertothefollowingWebsite:
http://www.trustedcomputinggroup.org/
UsingtheTrustedPlatformModule
TheTrustedPlatformModuleisanembeddedsecuritychipdesignedtoprovidesecurity-relatedfunctions
forthesoftwareutilizingit.Theembeddedsecuritychipisinstalledonthemotherboardofasystemand
communicatesthroughahardwarebus.SystemsthatincorporateaTrustedPlatformModulecancreate
cryptographickeysandencryptthemsothattheycanonlybedecryptedbythesameTrustedPlatform
Module.Thisprocessisoftencalledwrappingakey,andhelpsprotectthekeyfromdisclosure.Onasystem
withaTrustedPlatformModule,themasterwrappingkey,calledtheStorageRootKey(SRK),isstoredwithin
theTrustedPlatformModuleitself,sotheprivateportionofthekeyisneverexposed.Theembeddedsecurity
chipcanalsostoreotherstoragekeys,signingkeys,passwords,andothersmallunitsofdata.Becauseof
thelimitedstoragecapacityintheTrustedPlatformModule,theSRKisusedtoencryptotherkeysforoff-chip
storage.TheSRKneverleavestheembeddedsecuritychip,andformsthebasisforprotectedstorage.
UsingtheembeddedsecuritychipisoptionalandrequiresaClientSecuritySolutionadministrator.Whether
forindividualuseroracorporateITdepartment,theTrustedPlatformModulemustbeinitialized.Subsequent
operations,suchastheabilitytorecoverfromaharddrivefailureorreplacedsystemboard,arealso
restrictedtotheClientSecuritySolutionadministrator.
Note:Ifyouarechangingtheauthenticationmodeandattempttounlockthesecuritychip,youmustlog
outandthenlogbackinasthemasteradministrator.Thiswillenableyoutounlockthechip.Youcanalso
logonasasecondaryuserandcontinuetoconverttheauthenticationmode.Thisisdoneautomatically
whenthesecondaryuserlogson.ClientSecuritySolutionwillpromptforthesecondaryuserpassword
orpassphrase.OnceClientSecuritySolutionisdoneprocessingthechange,thesecondaryusercan
proceedwithunlockingthechip.
UsingtheTrustedPlatformModulewithWindowsVista
IftheWindowsVistalogonisenabledandtheTrustedPlatformModuleisdisabled,youmustdisablethe
WindowslogonfeaturebeforedisablingtheTrustedPlatformModuleinF1BIOS.Doingthiswillprevent
asecuritymessagethatstates:Securitychiphasbeendeactivated,thelogonprocesscannotbe
protected.
Inaddition,ifyouareupgradingtheoperatingsystemofaclientsystem,youmustclearthesecuritychipto
avoidenrollmentfailureofClientSecurity.ToclearthechipinF1BIOS,thesystemmustbestartedfroma
coldboot.Youwillnotbeabletoclearthechipifyouattemptthisprocessafterawarmreboot.
ManagingClientSecuritySolutionwithcryptographickeys
ClientSecuritySolutionisdescribedbythetwomaindeploymentactivities;TakeOwnershipandEnroll
User.WhilerunningtheClientSecuritySolutionSetupWizardforthersttime,theTakeOwnershipand
EnrollUserprocessesarebothperformedduringtheinitialization.TheparticularWindowsuserIDthat
completedtheClientSecuritySolutionSetupWizardistheClientSecuritySolutionAdministratorandis
©CopyrightLenovo2008,2012
17
Seitenansicht 22
1 2 ... 18 19 20 21 22 23 24 25 26 27 28 ... 85 86

Kommentare zu diesen Handbüchern

Keine Kommentare