Lenovo ThinkVantage Client Security Solution 8.3 Bedienungsanleitung Seite 29
- Seite / 86
- Inhaltsverzeichnis
- LESEZEICHEN
Bewertet. / 5. Basierend auf Kundenbewertungen
TheTPMemulationmodecannotbeusedasasecuresubstitutefortheTPM.TheTPMprovidesthe
followingtwokeyprotectionmethodsthataremoresecurethantheTPMemulationmode.
•AllkeysusedbytheTPMareprotectedbyauniqueroot-levelkey.Theuniqueroot-levelkeyiscreated
insidetheTPMandcannotbeseenorusedoutsideoftheTPM.IntheTPMemulationmode,the
root-levelkeyisasoftware-basedkeystoredontheharddiskdrive.
•AllprivatekeyoperationsareperformedwithintheTPM,sothattheprivatekeymaterialforanykeyis
neverexposedoutsideoftheTPM.IntheTPMemulationmode,allprivatekeyoperationsareperformed
inthesoftware,sothereisnoprotectionoftheprivatekeymaterial.
TheTPMemulationmodeisprimarilyfortheuserwhoislessconcernedaboutthesecurityandmore
concernedaboutthesystemlogonspeed.
Systemboardswap
AsystemboardswapinfersthattheoldSRKtowhichkeyswereboundtoisnolongervalid,andanother
SRKisneeded.ThiscanalsohappeniftheTrustedPlatformModuleisclearedthroughtheBIOS.
TheClientSecuritySolutionAdministratorisrequiredtobindthesystemcredentialstoanewSRK.The
SystemBaseKeywillneedtobedecryptedthroughtheSystemBaseAESProtectionKeyderivedfrom
theClientSecuritySolutionAdministrator’sauthorizationcredentials.
IfaClientSecuritySolutionAdministratorisadomainuserIDandthepasswordforthatuserIDwaschanged
onadifferentmachine;thepasswordthatwaslastusedwhenloggedontothesystemneedingrecovery
willneedtobeknowninordertodecryptSystemBaseKeyforrecovery.Forexample,duringdeployment
aClientSecuritySolutionAdministratoruserIDandpasswordwillbecongured,ifthepasswordforthis
userchangesonadifferentmachine,thentheoriginalpasswordsetduringdeploymentwillbetherequired
authorizationinordertorecoverythesystem.
Followthesestepstoperformthesystemboardswap:
1.ClientSecuritySolutionAdministratorlogsontooperatingsystem.
2.Logon-executedcode(cssplanarswap.exe)recognizesthesecuritychipisdisabledandrequiresreboot
toenable.(ThisstepcanbeavoidedbyenablingthesecuritychipthroughtheBIOS.)
3.Systemisrebootedandsecuritychipisenabled.
4.TheClientSecuritySolutionAdministratorlogson;thenewTakeOwnershipprocessiscompleted.
5.SystemBaseKeyisdecryptedusingsystembaseAESProtectionKeythatisderivedbytheClient
SecuritySolutionAdministrator’sauthentication.SystemBaseKeyisimportedtothenewSRKand
re-establishestheSystemLeafKeyandallcredentialsprotectedbyit.
6.Thesystemisnowrecovered.
Note:SystemboardswapisnotneededwhenusingEmulationMode.
Chapter3.WorkingwithClientSecuritySolution23
- ClientSecuritySolution8.3 1
- DeploymentGuide 1
- “Notices”onpage75 2
- Contents 3
- ©CopyrightLenovo2008,2011 5
- Chapter1.Overview 7
- ClientSecurityPasswordManager 8
- CerticateTransferwizard 9
- Hardwarepasswordreset 9
- FingerprintSoftware 10
- Chapter2.Installation 11
- TrustedPlatformModulesupport 12
- Chapter2.Installation7 13
- Usingmsiexec.exe 14
- .Installation9 15
- Installationlogle 17
- Silentinstallation 18
- .Installation13 19
- SystemsManagementServer 23
- UsingtheTrustedPlatformModule 25
- TakeOwnership 26
- EnrollUser 27
- Softwareemulation 28
- Systemboardswap 29
- EFSprotectionutility 31
- UsingtheXMLSchema 32
- Examples 32
- ENABLE_PWMGR_FUNCTION 33
- ENABLE_CSS_GINA_FUNCTION 33
- ENABLE_UPEK_GINA_FUNCTION 33
- ENABLE_NONE_GINA_FUNCTION 35
- SET_PP_FLAG_FUNCTION 35
- SET_ADMIN_USER_FUNCTION 35
- INITIALIZE_SYSTEM_FUNCTION 36
- ENROLL_USER_FUNCTION 37
- USER_PW_RECOVERY_FUNCTION 37
- UsingRSASecurIDtokens 38
- Requirements 39
- ActiveDirectorySupport 39
- Fingerprintswiperesult 40
- Command-linetools 40
- SecurityAdvisor 41
- Deploymentleprocessingtool 43
- TPMENABLE.EXE 43
- CerticateTransfertool 43
- Deningmanageablesettings 47
- GroupPolicysettings 48
- AuthenticationPolicies 49
- Passwordmanager 49
- UserInterface 50
- Workstationsecuritytool 51
- Managementconsoletool 53
- User-speciccommands 53
- Globalsettingscommands 54
- Securemodeandconvenientmode 55
- Securemode-administrator 55
- Securemode-limiteduser 55
- Convenientmode-administrator 56
- Convenientmode-limiteduser 56
- Congurablesettings 57
- Authenticating 58
- Chapter6.BestPractices 63
- Scenario2 65
- Chapter6.BestPractices61 67
- CreatingtemplateforTPMuser 68
- Chapter6.BestPractices63 69
- Windows7logon 70
- Chapter6.BestPractices65 71
- Congurationandsetup 73
- Pre-desktopauthentication 73
- Windowslogon 73
- Windowsoperatingsystem 77
- HowtodeployBitLockerremotely? 79
- HowdoesTPMlockoutwork? 79
- AppendixE.Notices 81
- Trademarks 82
- Glossary 83
- PartNumber: 86
- PrintedinUSA 86
- (1P)P/N: 86
Verwandte Produkte und Handbücher für Software Lenovo ThinkVantage Client Security Solution 8.3
(42 Seiten)© 2020, manymanuals.de. Alle Rechte vorbehalten. | 0.633 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Kommentare zu diesen Handbüchern