Updating hardware passwords globally – Lenovo ThinkVantage (Hardware Password Manager Deployment Guide) User Manual
Page 23
• Allow multiple users to enroll on a single device: more than one user can be enrolled on a device. If
this checkbox is cleared, only the first user to be enrolled on a device can be an enrolled user (although
administrator and service technician users can still access the device if needed).
The following BIOS-level policies can be selected:
• Show last logon account for hardware account: at the BIOS user logon screen, the last user account
to have logged on to the BIOS is displayed bydefault.
• Prompt for hardware account on warm boot: if the device is restarted, the BIOS will require a user login
to ensure that the same user is accessing the device after the restart.
In the Update Client Policy dialog box, a list of devices shows which devices will have the new policy
applied on their next startup. The dialog box has a default selection of policy settings; if you have changed
the settings but want to return to the original default settings, click Reset to default.
The Update Option can be found in the Update Client Policy dialog box. This has three options:
1. Apply to Server Setting only - This option will cause only the policy on the server to be updated. Only
newly registered Hardware Password Manager devices will be affected.
2. Generate Remote Actions only - This option will generate remote actions to apply the policy changes
to the selected computers. The default client policy will not change. So newly registered Hardware
Password Manager devices will not be affected.
3. Both (Default) - This option will affect the selected computers as well as any newly registered Hardware
Password Manager devices.
Updating hardware passwords globally
Lenovo Hardware Password Manager provides global management of different hardware passwords for
Hardware Password Manager devices. You can specify the same password to be used by all Hardware
Password Manager devices, or you can auto-generate a different password for each device. This feature
manages the following kinds of passwords:
• SVP - The supervisor password gives a user full administrator access to a device, including configuration
of BIOS settings. It is a superset of the power-on password.
• POP - The power-on password enables the user to power on the device and access it with normal user
privileges.
• MHDP - The master hard disk password enables the user to access the hard disk and reset the user
hard disk password. It is a superset of the UHDP.
• UHDP - The user hard disk password enables the user to access the hard disk.
You can select any of these four types of passwords to be applied to managed Hardware Password Manager
devices. If you select a password type and want all devices to use the same password, type that password
in the text box. If you want each device to have a unique password, select the checkbox for that password
type but leave the text box blank.
If you have made changes and want to return to the default, click Reset to default. By default, all four
passwords are set with a uniquely generated password for each device.
After you change these settings and click OK, a remote action task is created in the remote actions tree list
(in the Update Common Hardware Passwords folder). You can click that task to view the status of the task as
it is applied to the Hardware Password Manager devices. Under that task in the tree, the devices are listed by
status: Active, Suspending, Failed, or Successful. You can also view all devices in the All Devices folder.
To view the current hardware passwords for a Hardware Password Manager device that has been targeted
by this remote action:
Chapter 3
.
Managing Hardware Password Manager devices with ThinkManagement Console
15