Lenovo ThinkVantage Client Security Solution 8.3 User Manual Page 26
- Page / 86
- Table of contents
- BOOKMARKS
Rated. / 5. Based on customer reviews
enrolledasanactiveuser.Everyotheruserthatlogsintothesystemwillbeautomaticallyrequestedtoenroll
intoClientSecuritySolution.
•TakeOwnership
AsingleWindowsadministratoruserIDisassignedasthesoleClientSecuritySolutionAdministrator
forthesystem.ClientSecuritySolutionadministrativefunctionsmustbeperformedthroughthisuser
ID.TheTrustedPlatformModuleauthorizationiseitherthisuser’sWindowspasswordorClientSecurity
passphrase.
Note:TheonlywaytorecoverfromaforgottenClientSecuritySolutionAdministratorspasswordor
passphraseistoeitheruninstallthesoftwarewithvalidWindowspermissionsortoclearthesecuritychip
inBIOS.Eitherway,thedataprotectedthroughthekeysassociatedwiththeTrustedPlatformModule
willbelost.ClientSecuritySolutionalsoprovidesanoptionalmechanismthatallowsself-recoveryof
aforgottenpasswordorpassphrasebasedonaquestionandanswerchallengeresponse.TheClient
SecuritySolutionAdministratormakesthedecisionwhethertousethefeatureornot.
•EnrollUser
OncetheTakeOwnershipprocessiscompletedandaClientSecuritySolutionAdministratoriscreated,
aUserBaseKeycanbecreatedtosecurelystorecredentialsforthecurrentlyloggedonWindows
user.ThisdesignallowsformultipleuserstoenrollintoClientSecuritySolutionandleveragethesingle
TrustedPlatformModule.Userkeysareprotectedthroughthesecuritychip,butactuallystoredoff
thechipontheharddrive.Thisdesigncreatesharddrivespaceasthelimitingstoragefactorinstead
ofactualmemorybuiltintothesecuritychip.Thenumberofusersthatcanleveragethesamesecure
hardwareisvastlyincreased.
TakeOwnership
TherootoftrustforClientSecuritySolutionistheSystemRootKey(SRK).Thisnon-migratableasymmetric
keyisgeneratedwithinthesecureenvironmentoftheTrustedPlatformModuleandneverisexposedto
thesystem.TheauthorizationtoleveragethekeyisderivedthroughtheWindowsAdministratoraccount
duringtheTPM_TakeOwnershipcommand.IfthesystemisleveragingaClientSecuritypassphrase,thenthe
ClientSecuritypassphrasefortheClientSecuritySolutionAdministratorwillbetheTrustedPlatformModule
authorization,otherwiseitwillbetheClientSecuritySolutionAdministrator’sWindowspassword.
WiththeSRKcreatedforthesystem,otherkeypairscanbecreatedandstoredoutsideoftheTrusted
PlatformModule,butwrappedorprotectedbythehardware-basedkeys.SincetheTrustedPlatform
Module,whichincludestheSRKishardwareandhardwarecanbedamaged,arecoverymechanismis
neededtomakesuredamagetothesystemdoesnotpreventdatarecovery.
Inordertorecoverasystem,aSystemBaseKeyiscreated.ThisasymmetricstoragekeyenablestheClient
SecuritySolutionAdministratortorecoverfromasystemboardswaporplannedmigrationtoanother
system.InordertoprotecttheSystemBaseKey,butallowittobeaccessibleduringnormaloperationor
recovery,twoinstancesofthekeyiscreatedandprotectedbytwodifferentmethods.First,theSystem
BaseKeyisencryptedwithanAESSymmetricKeythatisderivedfromknowingtheClientSecuritySolution
Administrator'spasswordorClientSecuritypassphrase.ThiscopyoftheClientSecuritySolutionRecovery
KeyissolelyforthepurposeofrecoveringfromaclearedTrustedPlatformModuleorreplacedsystemboard
becauseofhardwarefailure.
ThesecondinstanceoftheClientSecuritySolutionRecoveryKeyiswrappedbytheSRKtoimportittothe
keyhierarchy.ThisdoubleinstanceoftheSystemBaseKeyallowstheTrustedPlatformModuletoprotect
secretsboundtoitbelowinnormalusageandallowsforarecoveryofafailedsystemboardthroughthe
SystemBaseKeythatisencryptedwithanAESKeyunlockedbytheClientSecuritySolutionAdministrator
passwordorClientSecuritypassphrase.Next,aSystemLeafKeyiscreated.Thiskeyiscreatedtoprotect
systemlevelsecretssuchastheAESKey.
20ClientSecuritySolution8.3DeploymentGuide
- ClientSecuritySolution8.3 1
- DeploymentGuide 1
- “Notices”onpage75 2
- Contents 3
- ©CopyrightLenovo2008,2011 5
- Chapter1.Overview 7
- ClientSecurityPasswordManager 8
- CerticateTransferwizard 9
- Hardwarepasswordreset 9
- FingerprintSoftware 10
- Chapter2.Installation 11
- TrustedPlatformModulesupport 12
- Chapter2.Installation7 13
- Usingmsiexec.exe 14
- .Installation9 15
- Installationlogle 17
- Silentinstallation 18
- .Installation13 19
- SystemsManagementServer 23
- UsingtheTrustedPlatformModule 25
- TakeOwnership 26
- EnrollUser 27
- Softwareemulation 28
- Systemboardswap 29
- EFSprotectionutility 31
- UsingtheXMLSchema 32
- Examples 32
- ENABLE_PWMGR_FUNCTION 33
- ENABLE_CSS_GINA_FUNCTION 33
- ENABLE_UPEK_GINA_FUNCTION 33
- ENABLE_NONE_GINA_FUNCTION 35
- SET_PP_FLAG_FUNCTION 35
- SET_ADMIN_USER_FUNCTION 35
- INITIALIZE_SYSTEM_FUNCTION 36
- ENROLL_USER_FUNCTION 37
- USER_PW_RECOVERY_FUNCTION 37
- UsingRSASecurIDtokens 38
- Requirements 39
- ActiveDirectorySupport 39
- Fingerprintswiperesult 40
- Command-linetools 40
- SecurityAdvisor 41
- Deploymentleprocessingtool 43
- TPMENABLE.EXE 43
- CerticateTransfertool 43
- Deningmanageablesettings 47
- GroupPolicysettings 48
- AuthenticationPolicies 49
- Passwordmanager 49
- UserInterface 50
- Workstationsecuritytool 51
- Managementconsoletool 53
- User-speciccommands 53
- Globalsettingscommands 54
- Securemodeandconvenientmode 55
- Securemode-administrator 55
- Securemode-limiteduser 55
- Convenientmode-administrator 56
- Convenientmode-limiteduser 56
- Congurablesettings 57
- Authenticating 58
- Chapter6.BestPractices 63
- Scenario2 65
- Chapter6.BestPractices61 67
- CreatingtemplateforTPMuser 68
- Chapter6.BestPractices63 69
- Windows7logon 70
- Chapter6.BestPractices65 71
- Congurationandsetup 73
- Pre-desktopauthentication 73
- Windowslogon 73
- Windowsoperatingsystem 77
- HowtodeployBitLockerremotely? 79
- HowdoesTPMlockoutwork? 79
- AppendixE.Notices 81
- Trademarks 82
- Glossary 83
- PartNumber: 86
- PrintedinUSA 86
- (1P)P/N: 86
Related products and manuals for Software Lenovo ThinkVantage Client Security Solution 8.3
(42 pages)© 2020, manymanuals.com. All rights reserved. | 1.684 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Comments to this Manuals