Lenovo ThinkVantage (Client Security Solution 8.21) Instrukcja Użytkownika Strona 24
- Strona / 86
- Spis treści
- BOOKMARKI
Oceniono. / 5. Na podstawie oceny klientów
enrolledasanactiveuser.Everyotheruserthatlogsintothesystemwillbeautomaticallyrequestedtoenroll
intoClientSecuritySolution.
•TakeOwnership
AsingleWindowsadministratoruserIDisassignedasthesoleClientSecuritySolutionAdministrator
forthesystem.ClientSecuritySolutionadministrativefunctionsmustbeperformedthroughthisuser
ID.TheTrustedPlatformModuleauthorizationiseitherthisuser’sWindowspasswordorClientSecurity
passphrase.
Note:TheonlywaytorecoverfromaforgottenClientSecuritySolutionAdministratorspasswordor
passphraseistoeitheruninstallthesoftwarewithvalidWindowspermissionsortoclearthesecuritychip
inBIOS.Eitherway,thedataprotectedthroughthekeysassociatedwiththeTrustedPlatformModule
willbelost.ClientSecuritySolutionalsoprovidesanoptionalmechanismthatallowsself-recoveryof
aforgottenpasswordorpassphrasebasedonaquestionandanswerchallengeresponse.TheClient
SecuritySolutionAdministratormakesthedecisionwhethertousethefeatureornot.
•EnrollUser
OncetheTakeOwnershipprocessiscompletedandaClientSecuritySolutionAdministratoriscreated,
aUserBaseKeycanbecreatedtosecurelystorecredentialsforthecurrentlyloggedonWindows
user.ThisdesignallowsformultipleuserstoenrollintoClientSecuritySolutionandleveragethesingle
TrustedPlatformModule.Userkeysareprotectedthroughthesecuritychip,butactuallystoredoff
thechipontheharddrive.Thisdesigncreatesharddrivespaceasthelimitingstoragefactorinstead
ofactualmemorybuiltintothesecuritychip.Thenumberofusersthatcanleveragethesamesecure
hardwareisvastlyincreased.
TakeOwnership
TherootoftrustforClientSecuritySolutionistheSystemRootKey(SRK).Thisnon-migratableasymmetric
keyisgeneratedwithinthesecureenvironmentoftheTrustedPlatformModuleandneverisexposedto
thesystem.TheauthorizationtoleveragethekeyisderivedthroughtheWindowsAdministratoraccount
duringtheTPM_TakeOwnershipcommand.IfthesystemisleveragingaClientSecuritypassphrase,thenthe
ClientSecuritypassphrasefortheClientSecuritySolutionAdministratorwillbetheTrustedPlatformModule
authorization,otherwiseitwillbetheClientSecuritySolutionAdministrator’sWindowspassword.
WiththeSRKcreatedforthesystem,otherkeypairscanbecreatedandstoredoutsideoftheTrusted
PlatformModule,butwrappedorprotectedbythehardware-basedkeys.SincetheTrustedPlatform
Module,whichincludestheSRKishardwareandhardwarecanbedamaged,arecoverymechanismis
neededtomakesuredamagetothesystemdoesnotpreventdatarecovery.
Inordertorecoverasystem,aSystemBaseKeyiscreated.ThisasymmetricstoragekeyenablestheClient
SecuritySolutionAdministratortorecoverfromasystemboardswaporplannedmigrationtoanother
system.InordertoprotecttheSystemBaseKey,butallowittobeaccessibleduringnormaloperationor
recovery,twoinstancesofthekeyiscreatedandprotectedbytwodifferentmethods.First,theSystem
BaseKeyisencryptedwithanAESSymmetricKeythatisderivedfromknowingtheClientSecuritySolution
Administrator'spasswordorClientSecuritypassphrase.ThiscopyoftheClientSecuritySolutionRecovery
KeyissolelyforthepurposeofrecoveringfromaclearedTrustedPlatformModuleorreplacedsystemboard
becauseofhardwarefailure.
ThesecondinstanceoftheClientSecuritySolutionRecoveryKeyiswrappedbytheSRKtoimportittothe
keyhierarchy.ThisdoubleinstanceoftheSystemBaseKeyallowstheTrustedPlatformModuletoprotect
secretsboundtoitbelowinnormalusageandallowsforarecoveryofafailedsystemboardthroughthe
SystemBaseKeythatisencryptedwithanAESKeyunlockedbytheClientSecuritySolutionAdministrator
passwordorClientSecuritypassphrase.Next,aSystemLeafKeyiscreated.Thiskeyiscreatedtoprotect
systemlevelsecretssuchastheAESKey.
18ClientSecuritySolution8.21DeploymentGuide
- ClientSecuritySolution8.21 1
- DeploymentGuide 1
- “Notices”onpage75 2
- Contents 3
- ©CopyrightLenovo2008,2012 5
- Chapter1.Overview 7
- ClientSecurityPasswordManager 8
- CerticateTransferwizard 9
- Hardwarepasswordreset 9
- FingerprintSoftware 10
- Chapter2.Installation 11
- Custompublicproperties 12
- TrustedPlatformModulesupport 12
- Chapter2.Installation7 13
- Usingmsiexec.exe 14
- .Installation9 15
- Installationlogles 17
- Silentinstallation 18
- SystemsManagementServer 21
- UsingtheTrustedPlatformModule 23
- TakeOwnership 24
- EnrollUser 25
- Softwareemulation 26
- Systemboardswap 27
- EFSprotectionutility 29
- UsingtheXMLSchema 30
- Examples 30
- ENABLE_PWMGR_FUNCTION 31
- ENABLE_CSS_GINA_FUNCTION 31
- ENABLE_UPEK_GINA_FUNCTION 31
- ENABLE_NONE_GINA_FUNCTION 33
- SET_PP_FLAG_FUNCTION 33
- SET_ADMIN_USER_FUNCTION 33
- INITIALIZE_SYSTEM_FUNCTION 34
- ENROLL_USER_FUNCTION 35
- USER_PW_RECOVERY_FUNCTION 35
- SETUP_PDA_FUNCTION 36
- SET_USER_AUTH_FUNCTION 36
- Fingerprintswiperesult 38
- Command-linetools 38
- SecurityAdvisor 39
- Deploymentleprocessingtool 41
- TPMENABLE.EXE 41
- CerticateTransfertool 41
- TPMactivatetool 42
- ActiveDirectorySupport 43
- GroupPolicysettings 44
- Defaultmode 45
- AuthenticationPolicies 45
- Passwordmanager 46
- UserInterface 46
- Workstationsecuritytool 47
- ActiveUpdate 48
- ActiveUpdateParameterFile 49
- Managementconsoletool 51
- User-speciccommands 51
- Globalsettingscommands 52
- Securemodeandconvenientmode 53
- Securemode-administrator 53
- Securemode-limiteduser 53
- Convenientmode-administrator 54
- Convenientmode-limiteduser 54
- Congurablesettings 55
- Authenticating 56
- Chapter6.BestPractices 61
- “NOCSSWIZARD=1”” 62
- Scenario2 63
- SystemUpdate 65
- SystemMigrationAssistant 66
- Requirements: 66
- WindowsVistalogon 67
- WindowsXPlogon 68
- Chapter6.BestPractices63 69
- Chapter6.BestPractices65 71
- Congurationandsetup 75
- Pre-desktopauthentication 75
- Windowslogon 75
- WindowsXP-WelcomeScreen 76
- WindowsXP-Classiclogonprompt 76
- WindowsVista 76
- Windowspasswordisreset 79
- AppendixD.Notices 81
- Trademarks 82
- Glossary 83
Powiązane produkty i podręczniki dla Oprogramowanie Lenovo ThinkVantage (Client Security Solution 8.21)
(86 strony)© 2020, manymanuals.pl. Wszelkie prawa zastrzeżone. | 0.030 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Komentarze do niniejszej Instrukcji