Updating client policies globally – Lenovo ThinkVantage (Hardware Password Manager Deployment Guide) User Manual
Page 22
• Remove User: removes a user from the list of users authorized to access a Hardware Password Manager
device.
• Update Client Policy: saves an updated client policy to the Hardware Password Manager BIOS of the
device, replacing the previous policy.
• Update Common Hardware Passwords: saves new common hardware passwords to the Hardware
Password Manager device; common hardware passwords are valid for all Hardware Password Manager
devices managed by the Hardware Password Manager server (see “Updating hardware passwords
globally” on page 15).
• Update Emergency Account: saves the emergency account credentials to the Hardware Password
Manager device; the emergency user name and password can be used to restore the access to a device if
the user is unable to log in (see “Updating the emergency account” on page 16).
To apply remote actions to Hardware Password Manager devices:
1. Click Remote Actions and Policy Settings in the toolbox (or click Tools ➙ ThinkVantage Hardware
Password Manager ➙ Remote Actions and Policy Settings).
2. To apply a remote action to an individual device, drag the device object from the network view to
one of these actions: Renew Hardware Account, Restore Hardware Account, Deregister PC, or
Update Client Policy.
3. To remove a user, drag the target user onto the Remove User action in the Remote Actions tree. (You
can also remove users in the HPM Enrolled Users tool.)
4. To apply an updated client policy to all Hardware Password Manager devices, click the Update Client
Policy Globally on the toolbar. Select the policy items you want to change from the Windows Policy
and BIOS Policy tabs, and then click OK. See “Updating client policies globally” on page 14 for more
information.
5. To apply common passwords to all Hardware Password Manager devices, click Update Common
Passwords on the toolbar. Select the checkbox next to each type of password that you want to apply
to all Hardware Password Manager devices. To use the same password for all devices, type the
password in the text box for the password type you select. If you leave the text box blank, a unique
password will be generated for each device.
6. To change the emergency (administrative) account on all Hardware Password Manager devices, click
Update Emergency Account on the toolbar. Type a new user name in the text box. To use the same
password for all devices, type the password in the text box. If you leave the text box blank, a unique
password will be generated for each device.
Updating client policies globally
You can determine which client policies are applied to all managed Lenovo Hardware Password Manager
devices by selecting policies in the Update Client Policy dialog box. The policies you can select include
the following OS-level items:
• Hardware account equals Windows credentials: the login credentials stored in the hardware account
of the Hardware Password Manager BIOS are the same as the user’s Windows credentials.
• Auto-start registration at Windows logon: when the user logs in to Windows for the first time after
the Hardware Password Manager device is managed by the Hardware Password Manager server, the
Hardware Password Manager registration will open automatically. When the user logs in to Windows the
first time after the Hardware Password Manager device is managed by the Hardware Password Manager
server, the Hardware Password Manager registration will open automatically. Logons allowed before
forcing registration allows the HPM client portal to be closed the specified number of times at logon
time. This supports various deployment scenarios where a technician needs to log on to the machine a
number of times prior to delivering to the final end user.
• Auto-start user enrollment at Windows logon: Hardware Password Manager enrollment will open
automatically when the device is registered and a user that has not been enrolled logs in.
14
Hardware Password Manager Deployment Guide