Managing Enrolled Users On Hardware Password Manager Devices; Configuring An Ldap Server Connection - Lenovo ThinkCentre M58 Deployment Manual

Enrolled users:
All users that are enrolled to access the Hardware Password Manager device are listed on this tab. The
intranet account user name is the name used for LDAP user account login. The hardware account user name
is the name used to save data to the hardware account (a secure area of non-volatile memory that can only
be accessed by the computer's BIOS). The LDAP path shows the user's location in the LDAP server tree (for
example, CN=ADMINISTRATOR,CN=USERS,DC=TESTLAB).
Member of:
This tab lists the intranet account groups that the device is a member of. The LDAP path shows the group's
location in the LDAP server tree.
Remote actions:
The Remote actions section lists all previous remote actions that have been applied to this Hardware
Password Manager device. The Remove user remote actions section lists users that were enrolled on
the device but whose access has been removed.
Client policy:
The Windows policy list shows the status of operating system related policy settings currently applied on
the device. The BIOS policy list shows the status of BIOS-related policy settings currently applied on the
device. These settings are selected in the Update Client Policy dialog; see "Updating hardware passwords
globally" on page 15 for more information.

Managing enrolled users on Hardware Password Manager devices

When a Lenovo Hardware Password Manager device is registered with the Hardware Password Manager
server, the main user of that device is enrolled as an authorized user of that Hardware Password Manager
device. You can enroll additional users on each Hardware Password Manager device, by using the Client
Portal on the device or by including the user in a Hardware Password Manager group that has rights to
that device.
To manage users for Hardware Password Manager devices, use the HPM Enrolled Users option in the
ThinkManagement Console toolbox (or click Tools ➙ ThinkVantage Hardware Password Manager ➙
HPM Enrolled Users).
Using the HPM Enrolled Users tool, you can
• Configure the LDAP server connection
• View a list of Hardware Password Manager users
• View the properties of a Hardware Password Manager user
• Revoke a user's access to a Hardware Password Manager device

Configuring an LDAP server connection

In the Manage Enrolled Users view, users and groups are listed in a tree structure that displays the users
and groups on the LDAP server you use for Hardware Password Manager authentication. To view that tree
structure, you must first configure the LDAP server connection.
The information you enter in this dialog enables the Hardware Password Manager server to connect to the
LDAP server, which can be either a Microsoft Active Directory server or a Novell eDirectory server.
10
Hardware Password Manager Deployment Guide