Lenovo ThinkVantage Client Security Solution 8.3 Manual de usuario Pagina 25
- Pagina / 86
- Tabla de contenidos
- MARCADORES
Valorado. / 5. Basado en revisión del cliente
Chapter3.WorkingwithClientSecuritySolution
BeforeyouinstallClientSecuritySolution,youshouldunderstandthecustomizationavailableforClient
SecuritySolution.ThischapterprovidescustomizationinformationaboutClientSecuritySolution,aswellas
informationregardingtheTrustedPlatformModule.ThetermsusedinthischapterreferencingtheTrusted
PlatformModulearedenedbytheTrustedComputingGroup(TCG).FormoreinformationabouttheTrusted
PlatformModulerefertothefollowingWebsite:
http://www.trustedcomputinggroup.org/
UsingtheTrustedPlatformModule
TheTrustedPlatformModuleisanembeddedsecuritychipdesignedtoprovidesecurity-relatedfunctions
forthesoftwareutilizingit.Theembeddedsecuritychipisinstalledonthemotherboardofasystemand
communicatesthroughahardwarebus.SystemsthatincorporateaTrustedPlatformModulecancreate
cryptographickeysandencryptthemsothattheycanonlybedecryptedbythesameTrustedPlatform
Module.Thisprocessisoftencalledwrappingakey,andhelpsprotectthekeyfromdisclosure.Onasystem
withaTrustedPlatformModule,themasterwrappingkey,calledtheStorageRootKey(SRK),isstoredwithin
theTrustedPlatformModuleitself,sotheprivateportionofthekeyisneverexposed.Theembeddedsecurity
chipcanalsostoreotherstoragekeys,signingkeys,passwords,andothersmallunitsofdata.Becauseof
thelimitedstoragecapacityintheTrustedPlatformModule,theSRKisusedtoencryptotherkeysforoff-chip
storage.TheSRKneverleavestheembeddedsecuritychip,andformsthebasisforprotectedstorage.
UsingtheembeddedsecuritychipisoptionalandrequiresaClientSecuritySolutionadministrator.Whether
forindividualuseroracorporateITdepartment,theTrustedPlatformModulemustbeinitialized.Subsequent
operations,suchastheabilitytorecoverfromaharddrivefailureorreplacedsystemboard,arealso
restrictedtotheClientSecuritySolutionadministrator.
Note:Ifyouarechangingtheauthenticationmodeandattempttounlockthesecuritychip,youmustlog
outandthenlogbackinasthemasteradministrator.Thiswillenableyoutounlockthechip.Youcanalso
logonasasecondaryuserandcontinuetoconverttheauthenticationmode.Thisisdoneautomatically
whenthesecondaryuserlogson.ClientSecuritySolutionwillpromptforthesecondaryuserpassword
orpassphrase.OnceClientSecuritySolutionisdoneprocessingthechange,thesecondaryusercan
proceedwithunlockingthechip.
UsingtheTrustedPlatformModulewithWindows7
IftheWindows7logonisenabledandtheTrustedPlatformModuleisdisabled,youmustdisablethe
WindowslogonfeaturebeforedisablingtheTrustedPlatformModuleinF1BIOS.Doingthiswillprevent
asecuritymessagethatstates:Securitychiphasbeendeactivated,thelogonprocesscannotbe
protected.
Inaddition,ifyouareupgradingtheoperatingsystemofaclientsystem,youmustclearthesecuritychipto
avoidenrollmentfailureofClientSecurity.ToclearthechipinF1BIOS,thesystemmustbestartedfroma
coldboot.Youwillnotbeabletoclearthechipifyouattemptthisprocessafterawarmreboot.
ManagingClientSecuritySolutionwithcryptographickeys
ClientSecuritySolutionisdescribedbythetwomaindeploymentactivities;TakeOwnershipandEnroll
User.WhilerunningtheClientSecuritySolutionSetupWizardforthersttime,theTakeOwnershipand
EnrollUserprocessesarebothperformedduringtheinitialization.TheparticularWindowsuserIDthat
completedtheClientSecuritySolutionSetupWizardistheClientSecuritySolutionAdministratorandis
©CopyrightLenovo2008,2011
19
- ClientSecuritySolution8.3 1
- DeploymentGuide 1
- “Notices”onpage75 2
- Contents 3
- ©CopyrightLenovo2008,2011 5
- Chapter1.Overview 7
- ClientSecurityPasswordManager 8
- CerticateTransferwizard 9
- Hardwarepasswordreset 9
- FingerprintSoftware 10
- Chapter2.Installation 11
- TrustedPlatformModulesupport 12
- Chapter2.Installation7 13
- Usingmsiexec.exe 14
- .Installation9 15
- Installationlogle 17
- Silentinstallation 18
- .Installation13 19
- SystemsManagementServer 23
- UsingtheTrustedPlatformModule 25
- TakeOwnership 26
- EnrollUser 27
- Softwareemulation 28
- Systemboardswap 29
- EFSprotectionutility 31
- UsingtheXMLSchema 32
- Examples 32
- ENABLE_PWMGR_FUNCTION 33
- ENABLE_CSS_GINA_FUNCTION 33
- ENABLE_UPEK_GINA_FUNCTION 33
- ENABLE_NONE_GINA_FUNCTION 35
- SET_PP_FLAG_FUNCTION 35
- SET_ADMIN_USER_FUNCTION 35
- INITIALIZE_SYSTEM_FUNCTION 36
- ENROLL_USER_FUNCTION 37
- USER_PW_RECOVERY_FUNCTION 37
- UsingRSASecurIDtokens 38
- Requirements 39
- ActiveDirectorySupport 39
- Fingerprintswiperesult 40
- Command-linetools 40
- SecurityAdvisor 41
- Deploymentleprocessingtool 43
- TPMENABLE.EXE 43
- CerticateTransfertool 43
- Deningmanageablesettings 47
- GroupPolicysettings 48
- AuthenticationPolicies 49
- Passwordmanager 49
- UserInterface 50
- Workstationsecuritytool 51
- Managementconsoletool 53
- User-speciccommands 53
- Globalsettingscommands 54
- Securemodeandconvenientmode 55
- Securemode-administrator 55
- Securemode-limiteduser 55
- Convenientmode-administrator 56
- Convenientmode-limiteduser 56
- Congurablesettings 57
- Authenticating 58
- Chapter6.BestPractices 63
- Scenario2 65
- Chapter6.BestPractices61 67
- CreatingtemplateforTPMuser 68
- Chapter6.BestPractices63 69
- Windows7logon 70
- Chapter6.BestPractices65 71
- Congurationandsetup 73
- Pre-desktopauthentication 73
- Windowslogon 73
- Windowsoperatingsystem 77
- HowtodeployBitLockerremotely? 79
- HowdoesTPMlockoutwork? 79
- AppendixE.Notices 81
- Trademarks 82
- Glossary 83
- PartNumber: 86
- PrintedinUSA 86
- (1P)P/N: 86
Relacionado con productos y manuales para Software Lenovo ThinkVantage Client Security Solution 8.3
(42 paginas)© 2020, manymanuals.es. Todos los derechos reservados | 0.037 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Comentarios a estos manuales