Lenovo ThinkVantage Client Security Solution 8.3 Bedienungsanleitung Seite 79
- Seite / 86
- Inhaltsverzeichnis
- LESEZEICHEN
Bewertet. / 5. Basierend auf Kundenbewertungen
AppendixD.UsingtheTPMonThinkPadnotebookcomputers
ThemainusecasefortheTPMistheBitLockerfeaturethatisincludedwithcertainversionsoftheMicrosoft
WindowsVistaandWindows7operatingsystems.Thisappendixprovidesanswerstothefollowing
frequentlyaskedquestionswhendeployingBitLockerinWindowsenvironments.
•“HowtodeployBitLockerremotely?”onpage73
•“HowdoesTPMlockoutwork?”onpage73
HowtodeployBitLockerremotely?
UsingthestandardWindowstoolstoactivatetheTPM,suchasthemanage-bde.exeleortheTPMcontrol
panel,requiresacompleteshutdownofthecomputer.Then,whenyouturnonthecomputeragain,you
mustpressakeytoconrmtheaction.ThistypeofinteractionmakesitimpossibletodeployBitLockerina
remoteandunattendedway.
TherearetwodistinctstatustypesrelatedtotheTPM:EnabledandActivated.AnenabledTPMisnot
necessarilyactivated,justlikeanactivatedTPMisnotnecessarilyenabled.TheTPMmustbeenabledand
activatedbeforeusingBitLocker.ThinkPadnotebookcomputersarealwaysshippedwiththeTPMinthe
enabledanddeactivatedstatus.Therefore,youshouldsettheTPMstatustoactivatedtodeployBitLocker
successfully.
Since2008,ThinkPadnotebookcomputershaveprovidedWindowsManagementInstrumentation(WMI)to
changeanyBIOSsetting(includingtheactivatedstatusoftheTPM).WMIcanbescriptedandexecuted
remotely,anddoesnotrequireanyphysicalinteractionwiththecomputer.
TochangetheBIOSsetting,dothefollowing:
1.GototheWebsiteathttp://support.lenovo.com/en_US/detail.page?LegacyDocID=MIGR-68488.
2.ClickSampleScriptsforBIOSDeploymentGuidetodownloadthescript.ziple.Thenextractthe
ziple.
3.Typecscript.exeSetCong.vbsSecurityChipActiveintheCommandPromptwindowtoexecute
theSetCong.vbsle.IfyouareusingtheBIOSsupervisorpassword,typecscript.exe
SetCongPassword.vbsSecurityChipActiveintheCommandPromptwindowtoexecutethe
SetCongPassword.vbsleinstead.
4.Restartthecomputertwice.TherstrestartchangestheBIOSsetting,andthesecondrestartmakes
thenewBIOSsettingtakeeffect.
Note:TheaboveprocedureactivatesonlytheTPMoncomputerswheretheTPMalreadyisenabled(for
example,modelsinthefactorydefaultstatus).IfyouhavedisabledtheTPMbyusingWindowstools,
suchasthemanage-bde.exeleortheTPMcontrolpanel,youmustre-enabletheTPMrstbyusingthe
samemethodthatwasusedtodisableit.
HowdoesTPMlockoutwork?
OneofthecoresecurityfeaturesoftheTPMistoprevent“hammering,”thatis,theattempttoguess
TPMpasswordsinanautomatedway.EachTPMimplementsananti-hammeringmethod,andwhenan
attackisdetected,theTPMenterslockoutmodewhichmeansthatfurtherpasswordguessesareignored
untilthelockoutmodeends.However,theTrustedComputingGroup(theorganizationthatdenesTPM
behavior)failedtodeneastandardforTPMlockout,soeachTPMmanufacturerhasdevelopeditsown
implementationforlockout.LenovohasusedTPMsfromthefollowingfourdifferentvendors:
©CopyrightLenovo2008,2011
73
- ClientSecuritySolution8.3 1
- DeploymentGuide 1
- “Notices”onpage75 2
- Contents 3
- ©CopyrightLenovo2008,2011 5
- Chapter1.Overview 7
- ClientSecurityPasswordManager 8
- CerticateTransferwizard 9
- Hardwarepasswordreset 9
- FingerprintSoftware 10
- Chapter2.Installation 11
- TrustedPlatformModulesupport 12
- Chapter2.Installation7 13
- Usingmsiexec.exe 14
- .Installation9 15
- Installationlogle 17
- Silentinstallation 18
- .Installation13 19
- SystemsManagementServer 23
- UsingtheTrustedPlatformModule 25
- TakeOwnership 26
- EnrollUser 27
- Softwareemulation 28
- Systemboardswap 29
- EFSprotectionutility 31
- UsingtheXMLSchema 32
- Examples 32
- ENABLE_PWMGR_FUNCTION 33
- ENABLE_CSS_GINA_FUNCTION 33
- ENABLE_UPEK_GINA_FUNCTION 33
- ENABLE_NONE_GINA_FUNCTION 35
- SET_PP_FLAG_FUNCTION 35
- SET_ADMIN_USER_FUNCTION 35
- INITIALIZE_SYSTEM_FUNCTION 36
- ENROLL_USER_FUNCTION 37
- USER_PW_RECOVERY_FUNCTION 37
- UsingRSASecurIDtokens 38
- Requirements 39
- ActiveDirectorySupport 39
- Fingerprintswiperesult 40
- Command-linetools 40
- SecurityAdvisor 41
- Deploymentleprocessingtool 43
- TPMENABLE.EXE 43
- CerticateTransfertool 43
- Deningmanageablesettings 47
- GroupPolicysettings 48
- AuthenticationPolicies 49
- Passwordmanager 49
- UserInterface 50
- Workstationsecuritytool 51
- Managementconsoletool 53
- User-speciccommands 53
- Globalsettingscommands 54
- Securemodeandconvenientmode 55
- Securemode-administrator 55
- Securemode-limiteduser 55
- Convenientmode-administrator 56
- Convenientmode-limiteduser 56
- Congurablesettings 57
- Authenticating 58
- Chapter6.BestPractices 63
- Scenario2 65
- Chapter6.BestPractices61 67
- CreatingtemplateforTPMuser 68
- Chapter6.BestPractices63 69
- Windows7logon 70
- Chapter6.BestPractices65 71
- Congurationandsetup 73
- Pre-desktopauthentication 73
- Windowslogon 73
- Windowsoperatingsystem 77
- HowtodeployBitLockerremotely? 79
- HowdoesTPMlockoutwork? 79
- AppendixE.Notices 81
- Trademarks 82
- Glossary 83
- PartNumber: 86
- PrintedinUSA 86
- (1P)P/N: 86
Verwandte Produkte und Handbücher für Software Lenovo ThinkVantage Client Security Solution 8.3
(42 Seiten)© 2020, manymanuals.de. Alle Rechte vorbehalten. | 0.888 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Kommentare zu diesen Handbüchern