Changing server policy settings – Lenovo ThinkVantage (Hardware Password Manager Deployment Guide) User Manual
Page 25
Changing server policy settings
Server policy settings include various ways to manage user enrollment, credentials, and client portal and
BIOS settings for the Lenovo Hardware Password Manager devices you manage. The settings are changed
from the ThinkManagement console; items that affect individual devices are then held in a pending queue
until the next time each device is booted and requests an updated policy.
To change server policy settings:
1. Click Remote Actions and Policy Settings in the toolbox or click Tools ➙ ThinkVantage Hardware
Password Manager ➙ Remote Actions and Policy Settings.
2. Click Update Server Policy Settings on the toolbar.
3. Make changes on the four tabs in the dialog box, and then click OK when you have finished.
The tabs in the Server Policy Settings dialog box are described as below.
• General - This tab lists the name, IP address, and UDP port of the Hardware Password Manager server
used to authenticate Hardware Password Manager users. The Status of Portal Service section shows
whether the portal service on the Hardware Password Manager server is running. The portal service
is a UDP server, one of the components on the Hardware Password Manager server. It is used for
communication with the Hardware Password Manager device BIOS when the user logs on using the
intranet account login. You can start, stop, or restart the service as needed from this dialog box.
Select Allow users to enroll on multiple devices if you want to allow each intranet account to enroll
on multiple Hardware Password Manager devices. If this checkbox is cleared, one intranet account
can only be enrolled on one device.
Select Enable “one-touch”registration if you want to pre-register new Hardware Password Manager
devices with one-touch features from Lenovo. One-touch registration automatically registers the device
and creates the emergency admin account when the user logs in to Windows. See also Chapter 5
“Deployment” on page 25.
Select Enable first user logged on a machine as administrator if you want the first enrolled user to
have administrator privileges in the BIOS.
• Credentials - This tab determines the length of auto-generated passwords and the number of password
backups to keep. Backups are encrypted and stored in the Hardware Password Manager database.
By default, auto-generated hardware passwords, as well as emergency admin account passwords,
are between 15 and 20 characters long. You can change the minimum and maximum numbers for
both types of passwords. You can also specify how many backups to save for hardware passwords.
The maximum password length is 64.
• Client Portal - This tab specifies which menu items are enabled for display on the Client Portal menu on
managed Hardware Password Manager devices. The user accesses the portal from the Windows Start
menu (Start ➙ All Programs ➙ ThinkVantage ➙ Hardware Password Manager). The Client Portal
menu items are always selected. When you perform tasks such as Remove User after you enter the
intranet credentials that correlate to the User, Service Tech, and Administrator roles, you will get an error
message if you do not have the client portal rights. Users log in to Hardware Password Manager devices
with an assigned role, which correlates to the user group that the user belongs to. (See “Managing
Hardware Password Manager groups” on page 12 for a description of roles.) So, for example, a user
might see all options on the Client Portal but a Service Tech might have a limited set of options available.
If a user tries an option that is not selected for that role, an error message will be displayed.
• BIOS - This tab specifies which menu items are enabled for display on the BIOS menu of managed
Hardware Password Manager devices, and allows you to specify which BIOS versions are excluded from
Hardware Password Manager device management. BIOS menu items are selected separately for the three
user roles: User, Service Tech, and Administrator. Users log in to Hardware Password Manager devices
with an assigned role, which correlates to the user group that the user belongs to. (See “Managing
Chapter 3
.
Managing Hardware Password Manager devices with ThinkManagement Console
17