Lenovo ThinkCentre M58 Deployment Manual page 51

(english) hardware password manager deployment guide
Hide thumbs Also See for ThinkCentre M58:
Table of Contents

Advertisement

Appendix C. Hints and tips
The following is a list of tips associated with Hardware Password Manager Version 1.0:
• Symptom: Bitlocker recovery mode is triggered if you register a system in Hardware Password Manager
that has Bitlocker encryption in use.
Problem description: If the user first enables BitLocker encryption, then registers in Hardware Password
Manager, the fact that BIOS passwords are set will cause BitLocker to fail its integrity check (BIOS
passwords are validated within PCR1) and cause the BitLocker Recovery Mode to start on the next boot.
Solution: Enroll in Hardware Password Manager prior to enabling Bitlocker encryption.
• Symptom: Systems that are deregistered offline still show up as registered in the ThinkManagement
Console.
Problem description: When a system is deregistered by disabling Hardware Password Manager in BIOS
setup, the Hardware Password Manager server is not informed that the system was deregistered. Thus,
the Hardware Password Manager server continues to show the system as registered. If the Administrator
updates a policy setting or targets a remote action to the deregistered system, the status of the action will
be left in a pending state until the system is re-registered in Hardware Password Manager. Then remote
actions for systems are left in a pending state for long periods of time, an indication that the system may
not be registered anymore or has not been connected to the intranet for a long time.
Note: Users cannot deregister in BIOS setup unless they are a member of the Service Tech or
Administrator group (because the SVP is required and it is only released for Service Tech and Administrator
users).
Solution: If the user re-registers the system after deregistering in BIOS setup, the server will sync back up
with the client and will show the correct registration status. If the Administrator has retired that system
and no longer expects it to be registered, they can delete the system out of the Hardware Password
Manager server.
• Symptom: If user moves a hard disk from one Hardware Password Manager registered system to another,
User Login will not work since the new system does not know the password for the hard disk.
Problem description: Hard disks with passwords set cannot be shared between registered systems. Hard
disk passwords are handled as follows:
1. To allow for consistency between desktop and mobile, all HDPs are the same within a given system
(even though mobile BIOS could support different HDPs within a system).
2. HDPs are different for each system (unless a common HDP is set via policy).
3. Assuming steps 1 and 2 are true, it is impossible to share a HDD on different registered systems
(since the assumption is the HDP is common between all drives on system A and when moving it to
system B, the HDP stored in the vault differs).
Solution: Only systems can be shared between users through the Admin Console (not HDDs). Thus, if
the user wants to share a drive between 2 or more systems, the recommendation is to remove the HDP
on that drive (manually through BIOS setup) or remove the drive when initially registering so that an
HDP is not set for that drive.
• Symptom: HPM client installation fails.
Problem description: When installing the HPM client, the installation fails with LTAPI.DLL not found when
the firewall software is active.
Solution: As documented in the LANDesk Installation guide, disable the antivirus and firewall protection
during client agent installation.
• Symptom: When the Do not require Ctrl+Alt+Del Windows policy is disabled, Hardware Password
Manager single sign-on to Windows will not occur; the user is required to enter their Windows credentials.
© Copyright Lenovo 2010
43

Advertisement

Table of Contents
loading

Table of Contents