Lenovo ThinkVantage (Hardware Password Manager Deployment Instrukcja Użytkownika Pobierz pdf (Strona 34)

–enrolled-returnswhetherthecurrentWindowssystemuserisenrolledintheutility

–enabled-returnswhethertheutilityisenabledintheBIOSprogram

–show-displaysresultstotheconsoleforalloftheabovecommands

•Returncodes:

–0-false

–1-true

–2-error

•Example:

cmp_util.exe-supported

ThebehaviorofthengerprintenrollmentdiffersslightlybetweenaHardwarePasswordManagerregistered

systemandanon-registeredsystem.Forregisteredsystems,theBIOSprogrampromptsforHardware

PasswordManagerUserLogincredentials(HardwareaccountIDandpassword)insteadofactualhardware

passwords.Afterverifyingthespecieduserlogincredentials,theBIOSprogramobtainstheactual

hardwarepasswordsfromthehardwareaccountandsavestheminthengerprintdevice.

Otherngerprintscenariostoconsider:

1.UserenrollsinHardwarePasswordManagerafterenrollingngerprintsforpre-boot

authentication(hardwarepasswordsareset)Inthisscenario,theuserhasalreadysetaPOPandhas

enrolledforpre-bootngerprintauthentication.TheClientPortaltreatsthescenariothesameaswhen

anypre-bootpasswordsaresetpriortoregisteringinHardwarePasswordManager.Inthiscase,the

ClientPortalinstructstheusertoremoveallhardwarepasswords.

2.UserenrollsinHardwarePasswordManagerafterenrollingngerprintsforpre-boot

authentication(hardwarepasswordsarecleared)Inthisscenario,theuserhasalreadyenrolledfor

pre-bootngerprintauthenticationbuthasmanuallyclearedthePOPandHDP(asrequestedinthe

previousscenario).ThesystemstartsandtheusercanenrollwithHardwarePasswordManager.

However,thenexttimetheuserstartsthesystemandswipestheirnger,theBIOSprogramretrieves

theoldpasswordorpasswordsfromthengerprintdeviceanddeterminesthattheyarenotvalid.The

BIOSprogramthenpromptsforuserlogincredentials.Iftheuserisvalidatedwiththeirhardware

account,thehardwarepasswordsareretrievedfromthesystemhardwareaccountbytheBIOSprogram

andthepasswordsarevalidated.Iftheyareconrmed,thenewpasswordsarestoredinthengerprint

deviceautomatically.

SafeGuardEasy/SafeGuardEnterprisecompatibility

InenvironmentswheretheSafeGuardEasy/SafeGuardEnterpriseutilityisused,theHardwarePassword

ManagerclientmustbeinstalledaftertheSafeGuardEasy/SafeGuardEnterpriseutility.

ThereisalsoalimitationwheretheHardwarePasswordManagersinglesign-onfeaturedoesnotworkwhen

theSafeGuardEasy/SafeGuardEnterpriseutilityisinstalled.Thus,theuserisnotautomaticallyloggedinto

theWindowsoperatingsystemwhentheuserperformsanormalHardwarePasswordManageruserlogin.

One-touchregistration

Asanadministrator,youcanregisteryoursystemswithHardwarePasswordManagertoprotectthemfrom

unauthorizedusersduringthedeploymentanddistributionprocess.Thisisaccomplishedbyallowingan

administratortopre-registeralloftheirsystemsintheHardwarePasswordManagerserverwithacommon

localadministratoraccount.Thisprocessrequiresasinglemanualstep(one-touch)tocomplete,whichis

requiredtopreventdenialofserviceattacks.

26HardwarePasswordManagerDeploymentGuide

1 2 ... 29 30 31 32 33 34 35 36 37 38 39 ... 59 60

Komentarze do niniejszej Instrukcji

Brak uwag

Lenovo ThinkVantage (Hardware Password Manager Deployment Instrukcja Użytkownika Strona 34

Komentarze do niniejszej Instrukcji

Powiązane produkty i podręczniki dla Notatniki Lenovo ThinkVantage (Hardware Password Manager Deployment