Lenovo ThinkVantage Client Security Solution 8.3 Bedienungsanleitung

Stöbern Sie online oder laden Sie Bedienungsanleitung nach Software Lenovo ThinkVantage Client Security Solution 8.3 herunter. Lenovo ThinkVantage Client Security Solution 8.3 User Manual Benutzerhandbuch

  • Herunterladen
  • Zu meinen Handbüchern hinzufügen
  • Drucken
  • Seite
    / 86
  • Inhaltsverzeichnis
  • LESEZEICHEN
  • Bewertet. / 5. Basierend auf Kundenbewertungen
Seitenansicht 0
ClientSecuritySolution8.3
DeploymentGuide
Updated:December,2011
Seitenansicht 0
1 2 3 4 5 6 ... 85 86

Inhaltsverzeichnis

Seite 1 - DeploymentGuide

ClientSecuritySolution8.3DeploymentGuideUpdated:December,2011

Seite 2 - “Notices”onpage75

consistentandsecureenvironment.Thesystemsthathavetheembeddedsecuritychiparemorerobustagainstanattack;however,forthesystemswithouttheembeddedsecuritych

Seite 3 - Contents

Chapter2.InstallationThischaptercontainsinstructionsforinstallingClientSecuritySolution,andFingerprintSoftware.BeforeinstallingClientSecuritySolutiono

Seite 4

Table1.PublicpropertiesPropertyDescriptionEMULATIONMODESpecifytoforcetheinstallationinEmulationmodeevenifaTPMexists.SetEMULATIONMODE=1onthecommandline

Seite 5 - ©CopyrightLenovo2008,2011

SoftwareemulationoftheTrustedPlatformModuleClientSecuritySolutionhastheoptiontorunwithoutaTrustedPlatformModuleonqualiedsystems.Thefunctionalitywillb

Seite 6

ThefollowingparametersanddescriptionsaredocumentedintheInstallShielddeveloperhelpdocumentation.ParametersthatdonotapplytoBasicMSIprojectswereremoved.T

Seite 7 - Chapter1.Overview

Table3.CommandlineparametersParameterDescription/IpackageorproductcodeUsethisformattoinstalltheproduct:Othello:msiexec/i"C:\WindowsFolder\Proles

Seite 8 - ClientSecurityPasswordManager

Table3.Commandlineparameters(continued)ParameterDescriptionYoucanseparatemultipletransformswithasemicolon.Donotusesemicolonsinthenameofyourtransform,a

Seite 9 - Hardwarepasswordreset

Table4.WindowsInstallerproperties(continued)PropertyDescriptionARPSYSTEMCOMPONENTPreventsdisplayofapplicationintheAddorRemoveProgramslist.ARPURLINFOAB

Seite 10 - FingerprintSoftware

InstallingThinkVantageFingerprintSoftwareThesetup.exeleoftheThinkVantageFingerprintSoftwareprogramcanbeinstalledthroughthefollowingmethods:Silentinst

Seite 11 - Chapter2.Installation

Table7.OptionssupportedbytheThinkVantageFingerprintSoftware(continued)ParameterDescriptionPASSPORTSetthedefaultpassporttype.•1=Localpassport•2=Serverp

Seite 12 - TrustedPlatformModulesupport

Note:Beforeusingthisinformationandtheproductitsupports,readthegeneralinformationinAppendixE“Notices”onpage75.FourthEdition(December2011)©CopyrightLeno

Seite 13 - Chapter2.Installation7

Table7.OptionssupportedbytheThinkVantageFingerprintSoftware(continued)ParameterDescriptionLOCKOUT•1=Enabletheanti-hammeringprotection.•0=Disabletheant

Seite 14 - Usingmsiexec.exe

SilentinstallationTosilentlyinstalltheFingerprintSoftware,runthesetup32.exelelocatedintheinstallationdirectoryonyourCD-ROMdrive.Usethefollowingsyntax

Seite 15 - .Installation9

Table8.OptionssupportedbytheLenovoFingerprintSoftware(continued)ParameterDescriptionSWALLOWIMEXPORT•0=Disablethengerprintimport/exportfornon-administ

Seite 16

SystemsManagementServerSystemsmanagementserver(SMS)installationsarealsosupported.OpentheSMSadministratorconsole.Createanewpackageandsetpackageproperti

Seite 17 - Installationlogle

18ClientSecuritySolution8.3DeploymentGuide

Seite 18 - Silentinstallation

Chapter3.WorkingwithClientSecuritySolutionBeforeyouinstallClientSecuritySolution,youshouldunderstandthecustomizationavailableforClientSecuritySolution

Seite 19 - .Installation13

enrolledasanactiveuser.EveryotheruserthatlogsintothesystemwillbeautomaticallyrequestedtoenrollintoClientSecuritySolution.•TakeOwnershipAsingleWindowsa

Seite 20

ThefollowingdiagramprovidesthestructurefortheSystemLevelKey:System Level Key Structure - Take OwnershipTrusted Platform ModuleEncrypted via derived AE

Seite 21

Thefollowingdiagramprovidesthestructurefortheuserlevelkey:User Level Key Structure - Enroll UserTrusted Platform ModuleEncrypted via derived AES KeySt

Seite 22

TheTPMemulationmodecannotbeusedasasecuresubstitutefortheTPM.TheTPMprovidesthefollowingtwokeyprotectionmethodsthataremoresecurethantheTPMemulationmode.

Seite 23 - SystemsManagementServer

ContentsPreface...iiiChapter1.Overview...1ClientSecuritySolution...1ClientSecuritySolutionpassphrase...2ClientSecurity

Seite 24

Thefollowingdiagramprovidesthestructureforthemotherboardswap-takeownership:Motherboard Swap - Take OwnershipTrusted Platform ModuleDecrypted via deriv

Seite 25 - UsingtheTrustedPlatformModule

EFSprotectionutilityClientSecuritySolutionprovidesacommandlineutilitythatenablesTPM-basedprotectionofencryptioncerticatesusedbytheEncryptingFileSyste

Seite 26 - TakeOwnership

Whenruninsilentmode,theoutputoftheprogramwillbeanerrorlevelcorrespondingtotheerrorsnumbersshownabove.UsingtheXMLSchemaThepurposeoftheXMLscriptingistoe

Seite 27 - EnrollUser

<ORDER>0001</ORDER><COMMAND>DISABLE_TPM_FUNCTION</COMMAND><VERSION>1.0</VERSION><SYSTEM_PAP>password</SYS

Seite 28 - Softwareemulation

2.Thiscommandisnotsupportedintheemulationmode.ThefollowingcommandenablesthelogonwithfastuserswitchingsupportanddisablestheClientSecuritySolutionWindow

Seite 29 - Systemboardswap

ENABLE_NONE_GINA_FUNCTIONIftheGINAorCP(CredentialProvider)ofoneoftherelatedThinkVantageTechnologiescomponents,suchasThinkVantageFingerprintSoftware,Cl

Seite 30

Note:Thiscommandisnotsupportedintheemulationmode.INITIALIZE_SYSTEM_FUNCTIONThiscommandinitializestheClientSecuritySolutionsystemfunction.Thesystem-wid

Seite 31 - EFSprotectionutility

Note:Thiscommandisnotsupportedintheemulationmode.ENROLL_USER_FUNCTIONThiscommandenrollsaparticularusertouseClientSecuritySolution.Thisfunctioncreatesa

Seite 32 - Examples

<DOMAIN_NAME_PARAMETER>IBM-2AA92582C79<DOMAIN_NAME_PARAMETER><USER_PW_REC_ANSWER_DATA_PARAMETER>Test1</USER_PW_REC_ANSWER_DATA_PA

Seite 33 - ENABLE_UPEK_GINA_FUNCTION

1.GotothefollowingWebsite:http://www.rsasecurity.com/node.asp?id=11562.Completetheregistrationprocess.3.DownloadandinstalltheRSASecurIDSoftware.Requir

Seite 34

Scenario2...59SwitchingClientSecuritySolutionmodes...61CorporateActiveDirectoryrollout...61StandaloneInstallforCDorscriptles...62Sy

Seite 35 - SET_ADMIN_USER_FUNCTION

Table10.ThinkVantage\ClientSecuritySolution\AuthenticationPolicies\PKCS#11Signature\CustomModeFieldsCSS.ADMModiableeldRequiredFieldDescriptionContro

Seite 36 - INITIALIZE_SYSTEM_FUNCTION

•“CerticateTransfertool”onpage37•“ActivatingordeactivatingtheTPM”onpage38SecurityAdvisorTousetheSecurityAdvisorfunction,launchtheClientSecuritySoluti

Seite 37 - USER_PW_RECOVERY_FUNCTION

Table11.Parameters(continued)ParametersDescriptionEmbeddedSecurityChipSetsvaluethatsecuritychipshouldbeenabled,orsettingwillbeagged.ClientSecuritySol

Seite 38 - UsingRSASecurIDtokens

Table13.ParametersforencryptingordecryptingClientSecurityXMLdeploymentles(continued)ParametersResults/encryptor/decryptSelects/encryptforXMLlesand/d

Seite 39 - ActiveDirectorySupport

Table16.css_cert_transfer_tool.exe<cert_store_type><lter_type>:<name|size>|all_access|usageParameterDescription<cert_store_type&

Seite 40 - Command-linetools

Fordesktopcomputers,dothefollowingtoactivatetheTPM:1.GototheWebsiteathttp://support.lenovo.com/en_US/detail.page?LegacyDocID=MIGR-75407.2.ClickVisualB

Seite 41 - SecurityAdvisor

•Disabled•Activated•Deactivated•Owned•Notowned/setstate:<state>setstheTPMstatustypeyouprefer.0representsdisabledanddeactivated.1representsenable

Seite 42

ThefollowingexamplesaresettingsthatActiveDirectorycanmanageforClientSecuritySolution:•Securitypolicies.•Customsecuritypolicies;suchaswhethertouseaWind

Seite 43 - CerticateTransfertool

HKLM\Software\Lenovo\ClientSecuritySolution\Userpreferences:HKCU\Software\Lenovo\ClientSecuritySolution\Defaultuserpreferences:HKLM\Software\Lenovo\Cl

Seite 44

Table20.ComputerConguration➙Administrativetemplates➙ThinkVantage➙ClientSecuritySolution➙Authenticationpolicies➙Defaultmode(continued)PolicyEnabledset

Seite 45

PrefaceInformationpresentedinthisguideistosupportLenovo®computersinstalledwiththeThinkVantage®ClientSecuritySolutionprogramandtheFingerprintSoftwarepr

Seite 46

Table22.ComputerConguration➙ThinkVantage➙ClientSecuritySolution➙Passwordmanager(continued)PolicysettingDescriptionDisableAuto-llControlswhetherPassw

Seite 47 - Deningmanageablesettings

Table23.ComputerConguration➙ThinkVantage➙ClientSecuritySolution➙Userinterface(continued)PolicysettingDescriptionEnable/disableWindowspasswordrecovery

Seite 48 - GroupPolicysettings

Table24.ComputerConguration➙ThinkVantage➙ClientSecuritySolution➙Workstationsecuritytool(continued)PolicySettingDescriptionClientSecurityEmbeddedSecur

Seite 49 - Passwordmanager

Chapter4.WorkingwithThinkVantageFingerprintSoftwareThengerprintconsolemustberunfromtheThinkVantageFingerprintSoftwareinstallationfolder.Thebasicsynta

Seite 50 - UserInterface

Table25.User-speciccommands(continued)CommandSyntaxDescriptionEnumerateenrolledusersListListstheenrolledusers.ExportenrolledusertoaleSyntax:EXPORTus

Seite 51 - Workstationsecuritytool

SecuremodeandconvenientmodeFingerprintSoftwarecanberunintwosecuritymodes,asecuremodeandaconvenientmode.Thesecuremodeisintendedforsituationswhenyouwant

Seite 52

Table28.Optionsforlimitedusersinthesecuremode(continued)SettingDescriptionDeletePassportLimitedusercandeleteonlytheirownpassport.Power-onSecurityLimit

Seite 53 - User-speciccommands

Table30.Optionsforlimitedusersintheconvenientmode(continued)SettingsDescriptionSecuritymodeLimiteduserscannotmodifysecuritymodes.ProServersLimiteduser

Seite 54 - Globalsettingscommands

Thengerprintsoftwarewillcontinuetovalidatethepasswordatsystemlogon.Note:Whentheaboveregistrykeyissetto1,ifthedomainadministratorchangestheuser's

Seite 55 - Securemode-limiteduser

8.LogontoWindows.9.Reboot.Note:YourauthenticationIDandpasswordforWindowsandNovellmustbeidentical.ThinkVantageFingerprintSoftwareserviceTheupeksvr.exes

Seite 56 - Convenientmode-limiteduser

ivClientSecuritySolution8.3DeploymentGuide

Seite 57 - Congurablesettings

54ClientSecuritySolution8.3DeploymentGuide

Seite 58 - Authenticating

Chapter5.WorkingwithLenovoFingerprintSoftwareThengerprintconsolemustberunfromtheLenovoFingerprintSoftwareinstallationfolder.ThebasicsyntaxisFPRCONSOL

Seite 59

Table31.Policysettings(continued)SettingDescriptionadministratorswillonlybeabletologinusingngerprints.Allowusertoretrievepasswordthroughngerprintaut

Seite 60

Chapter6.BestPracticesThischapterpresentsscenariostoillustratethebestpracticesofClientSecuritySolutionandFingerprintSoftware.Thisscenariostartswiththe

Seite 61

3)TypetheClientSecuritypassphrase(forexample,CSPP4Admin)fortheadministratoraccount,selecttheUsetheClientSecuritypassphrasetoprotectaccesstotheRescuean

Seite 62

*******************************************************Readytotakesysprepbackup.********PLEASERUNSYSPREPNOWANDSHUTDOWN.********Nexttimethemachineboots

Seite 63 - Chapter6.BestPractices

b.Double-clicktheextractedsetup.exeleandfollowtheinstructionsonthescreentoinstalltheThinkVantageFingerprintSoftware.4.InstalltheThinkVantageFingerpri

Seite 64

3.InstalltheThinkVantageFingerprintconsoleonthedeploymentmachinebydoingthefollowing:a.Deploythefprconsole.exelethathasbeenextractedfromthepreparation

Seite 65 - Scenario2

c.ThroughActiveDirectory,enableAntidoteDeliveryManager.Placepackagestoberunandmakesurereportingiscaptured.StandaloneInstallforCDorscriptlesForastanda

Seite 66

3.FromtheFilemenu,clickAdd/RemoveSnap-in,andthenclickAdd.TheAddStandalonesnap-inwindowdisplays.4.Double-clickCerticationAuthorityinthesnap-inlist,and

Seite 67 - Chapter6.BestPractices61

Chapter1.OverviewThischapterprovidesanoverviewofClientSecuritySolutionandFingerprintSoftware.Thetechnologiespresentedinthisdeploymentguidecandirectlya

Seite 68 - CreatingtemplateforTPMuser

ThissectiondescribesthecommonusagescenariosanddeploymentstrategiesforngerprintsoftwarethatisinstalledonthelatestThinkPadnotebookcomputermodels.Note:•

Seite 69 - Chapter6.BestPractices63

Table32.RegistrykeysNameValueDescription0(default)Speciesthattheexternalngerprintsensorispreferredwheneverthengerprintkeyboardisconnected.PreferInt

Seite 70 - Windows7logon

66ClientSecuritySolution8.3DeploymentGuide

Seite 71 - Chapter6.BestPractices65

AppendixA.SpecialconsiderationsforusingtheLenovoFingerprintKeyboardwithsomeThinkPadnotebookmodelsThengerprintdeviceusedinsomeThinkPadnotebookmodelsis

Seite 72

•UsingtheFingerprintSoftwarelogoninterfaceThelogoninterfacesofbothLenovoFingerprintSoftwareandThinkVantageFingerprintSoftwaremustbeenabled.Whenbothng

Seite 73 - Windowslogon

AppendixB.SynchronizingpasswordinClientSecuritySolutionaftertheWindowspasswordisresetAftertheWindowspasswordisreset,ClientSecuritySolutioncontinuallyp

Seite 74

70ClientSecuritySolution8.3DeploymentGuide

Seite 75

AppendixC.UsingClientSecuritySolutiononareinstalledWindowsoperatingsystemIfyourWindowsoperatingsysteminstalledwithClientSecuritySolutionhasbeenreinsta

Seite 76

72ClientSecuritySolution8.3DeploymentGuide

Seite 77 - Windowsoperatingsystem

AppendixD.UsingtheTPMonThinkPadnotebookcomputersThemainusecasefortheTPMistheBitLockerfeaturethatisincludedwithcertainversionsoftheMicrosoftWindowsVist

Seite 78

ClientSecuritySolutionpassphraseTheClientSecuritySolutionpassphraseisanoptionalfeatureofuserauthenticationthatwillprovideenhancedsecuritytoClientSecur

Seite 79 - HowdoesTPMlockoutwork?

•Atmel-ThinkPadT60/R60/X60/X300,ThinkCentreM57•Intel-ThinkPadT500/R500/X200/X301•STMicro-ThinkPadT410/T510/X201/T420/T520/X220,ThinkCentreM90•Winbond-

Seite 80

AppendixE.NoticesLenovomaynotoffertheproducts,services,orfeaturesdiscussedinthisdocumentinallcountries.ConsultyourlocalLenovorepresentativeforinformat

Seite 81 - AppendixE.Notices

TrademarksThefollowingtermsaretrademarksofLenovointheUnitedStates,othercountries,orboth:LenovoThinkCentreThinkPadThinkVantageMicrosoft,InternetExplore

Seite 82 - Trademarks

GlossaryAdministrator(ThinkCentre)/Supervisor(ThinkPad)BIOSPasswordTheadministratororsupervisorpasswordisusedtocontroltheabilitytochangeBIOSsettings.T

Seite 83 - Glossary

Symmetric-keyencryptionSymmetrickeyencryptionciphersusethesamekeyforencryptionanddecryptionofdata.Symmetrickeyciphersaresimplerandfaster,buttheirmaind

Seite 85

PartNumber:PrintedinUSA(1P)P/N:**

Seite 86 - (1P)P/N:

entryrelatedchangescanbedetectedautomaticallybyClientSecurityPasswordManagerandallowstheusertoupdatetheirentrieswithevenlesswork.•Saveyourinformationw

Kommentare zu diesen Handbüchern

Keine Kommentare