Lenovo ThinkVantage (Hardware Password Manager Deployment Instrukcja Użytkownika Pobierz pdf (Strona 43)

acompletelydifferentsetofscancodesonanotherkeyboardtype.Forexample,considerthepassword

azw.OnanEnglishkeyboard,thescancoderepresentationis0x1E,0x2C,0x11.However,onaGerman

keyboard,thescancoderepresentationis0x1E,0x15,0x11.

Thereare3keyboardtypesusedtosupportdifferentlanguages:

•French,Belgian

•German,Swiss,Hungary,Poland,Czechoslovakia,Slovenia,Slovakia

•Allotherlanguages

Whendeployinghardwarepasswordsfromtheserver,suchasPOP ,SVPandHDP,theserverconvertsthe

ASCIItexttoscancodesbasedonthekeyboardtypeofthetargetsystem.Thesepasswords(represented

byscancodes)aresenttotheclienttobesetinthehardware.

Changingkeyboardtypesisnotsupportedformanualentryofpasswords.Ifauserwantstochange

keyboardtypes,thebestpracticeistodothis:

1.DeregisterfromHardwarePasswordManager.

2.Changethekeyboard.

3.ReregisterinHardwarePasswordManager.

Scenario5-Handlingenrollmentfrommultiplebootpartitions

Thisscenariocanoccurwhenauserregistersandenrollsononebootpartition(suchasVista),andwantsto

enrollinHardwarePasswordManageronasecondbootpartition(suchasXP).Inthiscase,theHardware

PasswordManagerClientcodeshouldbeinstalledineachbootpartition.Theusershouldregisterandenroll

inHardwarePasswordManagerfromonebootpartition.Afterbeingenrolled,HardwarePasswordManager

functionsnormallyinallbootpartitionswheretheHardwarePasswordManagerClientcodeisinstalled

assumingtheWindowslogincredentialsarethesameinallbootpartitions.IftheWindowslogincredentials

aredifferent,theuserwillhavetomanuallyentertheirWindowscredentialsintheWindowsGina/CPwhen

usingbootpartitionsotherthantheoneusedtoregisterinHardwarePasswordManager.

Scenario6-BitLocker

BitLockerandHardwarePasswordManagerarecompatible,whichmeansaclientenrolledinHardware

PasswordManager(forBIOSpasswordprotection-POP ,SVP,HDPs)canfurtherprotecttheirdatausing

BitLocker(logicalvolumeencryption).BitLockerenrollmentandkeyretrievalishandledthesamewayasis

donetodaybycustomers(outsidethescopeofHardwarePasswordManager).

ThebestpracticewhenusingbothtechnologiesistoenrollinHardwarePasswordManagerpriortoenabling

BitLocker.IftheuserrstenablesBitLocker,thenregistersinHardwarePasswordManager,thefactthat

BIOSpasswordsaresetwillcauseBitLockertofailitsintegritycheck(BIOSpasswordsarevalidatedwithin

PCR1)andcausetheBitLockerRecoveryModetostart.HardwarePasswordManagerwillwarntheuser

ofthisissueduringtheregistrationowifBitLockerisenabled.Theusercanchoosetocontinuewiththe

registrationorcancelatthispoint.Iftheusercontinues,thenBitLockerRecoveryModewillbeexecutedon

thenextstartsincetheintegritycheckonBIOSpasswords(PCR1)willhavefailed.

Chapter6.Scenarios35

1 2 ... 38 39 40 41 42 43 44 45 46 47 48 ... 59 60

Brak uwag

Lenovo ThinkVantage (Hardware Password Manager Deployment Instrukcja Użytkownika Strona 43