beautypg.com

Scenario 13 - enter the bios setup, Scenario 15 - do not protect all hard drives – Lenovo ThinkVantage (Hardware Password Manager Deployment Guide) User Manual

Page 41

background image

structures are stored in flash, the flash utilities have been updated to not overwrite Hardware Password
Manager related structures.

Forward Flashing - When flashing to a newer version of BIOS on a Hardware Password Manager

registered system, the hardware account should not be disrupted (for example, the user’s Hardware
Password Manager registration status and hardware account credentials should not change).

Back flashing - When flashing back to a previous version of BIOS that supports Hardware Password

Manager, the hardware account should not be disrupted (for example, the User’s Hardware Password
Manager registration status and hardware account credentials should not change). BIOS flash utilities that
support Hardware Password Manager should not be flashed back to a previous BIOS version that does
not include Hardware Password Manager support. The system must be deregistered before back flashing.

Scenario 12 - Registered system can no longer access the Hardware
Password Manager server

If a Hardware Password Manager registered system is reassigned or moved to a location that does not
have network connectivity to the Hardware Password Manager server, you should clear the hardware
accounts and passwords from the system. This can be accomplished by de-registering the system using
the BIOS Setup Utility.

In order to do this, you must login to the emergency account to gain access to the SVP and all HDPs, and
disable Hardware Password Manager. When Hardware Password Manager is disabled, the BIOS will clear
the hardware account structures and all hardware passwords.

If the emergency account is unknown, you must obtain the SVP and HDPs using the ThinkManagement
Console in order to disable Hardware Password Manager.

In this case, the Hardware Password Manager server will be left with an orphaned entry (such as machine
instance and hardware account backup). You can use the ThinkManagement Console to identify these
orphaned entries and clean them up if you desire.

Scenario 13 - Enter the BIOS setup

Users can enter the BIOS setup in one of these ways:

User Login – User must have a local account that is a member of the Hardware Password Manager

Administrator group.

Hardware Password Manager Login – User must have a corporate account that is a member of the

Service Tech or Hardware Password Manager Administrator group.

Manual Login – User must obtain the SVP from the administrator using the ThinkManagement Console.

Scenario 14 - Load default settings in the BIOS setup

This scenario describes the implications of loading default BIOS settings on a system that uses Hardware
Password Manager. Users may load default BIOS settings if CMOS is cleared or corrupted.

When default settings are loaded, the POP, SVP remain set and all Hardware Password Manager structures
remain intact.

Scenario 15 - Do not protect all hard drives

This scenario describes a scenario where a user registers their system in Hardware Password Manager,
but then wants to use an additional hard drive that is NOT protected. The hard drive most likely will be an
external hard drive or one installed in a docking station.

Chapter 6

.

Scenarios

33