Lenovo ThinkVantage (Client Security Solution 8.21) Manuel d'utilisateur Page 23
- Page / 86
- Table des matières
- MARQUE LIVRES
Noté. / 5. Basé sur avis des utilisateurs
Chapter3.WorkingwithClientSecuritySolution
BeforeyouinstallClientSecuritySolution,youshouldunderstandthecustomizationavailableforClient
SecuritySolution.ThischapterprovidescustomizationinformationaboutClientSecuritySolution,aswellas
informationregardingtheTrustedPlatformModule.ThetermsusedinthischapterreferencingtheTrusted
PlatformModulearedenedbytheTrustedComputingGroup(TCG).FormoreinformationabouttheTrusted
PlatformModulerefertothefollowingWebsite:
http://www.trustedcomputinggroup.org/
UsingtheTrustedPlatformModule
TheTrustedPlatformModuleisanembeddedsecuritychipdesignedtoprovidesecurity-relatedfunctions
forthesoftwareutilizingit.Theembeddedsecuritychipisinstalledonthemotherboardofasystemand
communicatesthroughahardwarebus.SystemsthatincorporateaTrustedPlatformModulecancreate
cryptographickeysandencryptthemsothattheycanonlybedecryptedbythesameTrustedPlatform
Module.Thisprocessisoftencalledwrappingakey,andhelpsprotectthekeyfromdisclosure.Onasystem
withaTrustedPlatformModule,themasterwrappingkey,calledtheStorageRootKey(SRK),isstoredwithin
theTrustedPlatformModuleitself,sotheprivateportionofthekeyisneverexposed.Theembeddedsecurity
chipcanalsostoreotherstoragekeys,signingkeys,passwords,andothersmallunitsofdata.Becauseof
thelimitedstoragecapacityintheTrustedPlatformModule,theSRKisusedtoencryptotherkeysforoff-chip
storage.TheSRKneverleavestheembeddedsecuritychip,andformsthebasisforprotectedstorage.
UsingtheembeddedsecuritychipisoptionalandrequiresaClientSecuritySolutionadministrator.Whether
forindividualuseroracorporateITdepartment,theTrustedPlatformModulemustbeinitialized.Subsequent
operations,suchastheabilitytorecoverfromaharddrivefailureorreplacedsystemboard,arealso
restrictedtotheClientSecuritySolutionadministrator.
Note:Ifyouarechangingtheauthenticationmodeandattempttounlockthesecuritychip,youmustlog
outandthenlogbackinasthemasteradministrator.Thiswillenableyoutounlockthechip.Youcanalso
logonasasecondaryuserandcontinuetoconverttheauthenticationmode.Thisisdoneautomatically
whenthesecondaryuserlogson.ClientSecuritySolutionwillpromptforthesecondaryuserpassword
orpassphrase.OnceClientSecuritySolutionisdoneprocessingthechange,thesecondaryusercan
proceedwithunlockingthechip.
UsingtheTrustedPlatformModulewithWindowsVista
IftheWindowsVistalogonisenabledandtheTrustedPlatformModuleisdisabled,youmustdisablethe
WindowslogonfeaturebeforedisablingtheTrustedPlatformModuleinF1BIOS.Doingthiswillprevent
asecuritymessagethatstates:Securitychiphasbeendeactivated,thelogonprocesscannotbe
protected.
Inaddition,ifyouareupgradingtheoperatingsystemofaclientsystem,youmustclearthesecuritychipto
avoidenrollmentfailureofClientSecurity.ToclearthechipinF1BIOS,thesystemmustbestartedfroma
coldboot.Youwillnotbeabletoclearthechipifyouattemptthisprocessafterawarmreboot.
ManagingClientSecuritySolutionwithcryptographickeys
ClientSecuritySolutionisdescribedbythetwomaindeploymentactivities;TakeOwnershipandEnroll
User.WhilerunningtheClientSecuritySolutionSetupWizardforthersttime,theTakeOwnershipand
EnrollUserprocessesarebothperformedduringtheinitialization.TheparticularWindowsuserIDthat
completedtheClientSecuritySolutionSetupWizardistheClientSecuritySolutionAdministratorandis
©CopyrightLenovo2008,2012
17
- ClientSecuritySolution8.21 1
- DeploymentGuide 1
- “Notices”onpage75 2
- Contents 3
- ©CopyrightLenovo2008,2012 5
- Chapter1.Overview 7
- ClientSecurityPasswordManager 8
- CerticateTransferwizard 9
- Hardwarepasswordreset 9
- FingerprintSoftware 10
- Chapter2.Installation 11
- Custompublicproperties 12
- TrustedPlatformModulesupport 12
- Chapter2.Installation7 13
- Usingmsiexec.exe 14
- .Installation9 15
- Installationlogles 17
- Silentinstallation 18
- SystemsManagementServer 21
- UsingtheTrustedPlatformModule 23
- TakeOwnership 24
- EnrollUser 25
- Softwareemulation 26
- Systemboardswap 27
- EFSprotectionutility 29
- UsingtheXMLSchema 30
- Examples 30
- ENABLE_PWMGR_FUNCTION 31
- ENABLE_CSS_GINA_FUNCTION 31
- ENABLE_UPEK_GINA_FUNCTION 31
- ENABLE_NONE_GINA_FUNCTION 33
- SET_PP_FLAG_FUNCTION 33
- SET_ADMIN_USER_FUNCTION 33
- INITIALIZE_SYSTEM_FUNCTION 34
- ENROLL_USER_FUNCTION 35
- USER_PW_RECOVERY_FUNCTION 35
- SETUP_PDA_FUNCTION 36
- SET_USER_AUTH_FUNCTION 36
- Fingerprintswiperesult 38
- Command-linetools 38
- SecurityAdvisor 39
- Deploymentleprocessingtool 41
- TPMENABLE.EXE 41
- CerticateTransfertool 41
- TPMactivatetool 42
- ActiveDirectorySupport 43
- GroupPolicysettings 44
- Defaultmode 45
- AuthenticationPolicies 45
- Passwordmanager 46
- UserInterface 46
- Workstationsecuritytool 47
- ActiveUpdate 48
- ActiveUpdateParameterFile 49
- Managementconsoletool 51
- User-speciccommands 51
- Globalsettingscommands 52
- Securemodeandconvenientmode 53
- Securemode-administrator 53
- Securemode-limiteduser 53
- Convenientmode-administrator 54
- Convenientmode-limiteduser 54
- Congurablesettings 55
- Authenticating 56
- Chapter6.BestPractices 61
- “NOCSSWIZARD=1”” 62
- Scenario2 63
- SystemUpdate 65
- SystemMigrationAssistant 66
- Requirements: 66
- WindowsVistalogon 67
- WindowsXPlogon 68
- Chapter6.BestPractices63 69
- Chapter6.BestPractices65 71
- Congurationandsetup 75
- Pre-desktopauthentication 75
- Windowslogon 75
- WindowsXP-WelcomeScreen 76
- WindowsXP-Classiclogonprompt 76
- WindowsVista 76
- Windowspasswordisreset 79
- AppendixD.Notices 81
- Trademarks 82
- Glossary 83
Produits connexes et manuels pour Logiciel Lenovo ThinkVantage (Client Security Solution 8.21)
(86 pages)© 2020, manymanuals.fr. Tous droits réservés | 0.033 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Commentaires sur ces manuels