    Chapter 1. Overview The Lenovo ThinkPad Tablet gives you the ability to configure and manage the tablet using regular tools such as you use within your enterprise. You can control tablet functions, enable corporate security, passwords, encryption and digital signatures.
  • Page 8: Lenovo Device Policy Manager Service

    Microsoft Exchange is used as the corporate email communication method. You can create or modify an XML file using either a text editor or an XML editor to push down to the ThinkPad tablet through the Lenovo Configuration File Handler APK . Or you can use Lenovo Mobility Manager Suite to manage your user’s ThinkPad tablets using the supplied Lenovo Mobility Manager APK.
  • Page 9 This interface allows you to push the following configurations to the ThinkPad Tablet: • WiFi profiles • WiFi access point filters • WiFi radio power settings • Microsoft Exchange E-mail server configuration • VPN configuration • ActiveSync server configuration • Device feature disable, including: –...
  • Page 10 ThinkPad Tablet Deployment Guide...
  • Page 11: Chapter 2. Configuration

    The ThinkPad Tablet allows you to configure corporate services for users by specifying configuration settings in the XML file. When these XML files are delivered to users and loaded on the ThinkPad Tablet, the settings are automatically applied by the tablet. Configuring the ThinkPad Tablet with XML files makes it easier for the user to connect to corporate networks and accounts.
  • Page 12 UUID of the existing applied policy, and it will overwrite the existing file. Since multiple XML files (with different UUIDs)can be resident on the ThinkPad Tablet, the file with the strongest policies will be applied. For example, if you have an XML file that requires only a numeric password and another file with a different UUID that requires a longer, alphanumeric password, the file with the alphanumeric password will be applied.
  • Page 13 Table 1. LenovoConfigSettings (continued) Setting Parameter Values Notes – Server – Server IP address – OverwriteIfExists – Yes/No – DNSSearchDomain – IP Address – Encryption – Yes/No • L2TPIPSecPSK • Android PSK – Name – PSK name – Server – Server URL –...
  • Page 14 For more information on Android Policy Settings, see http://www.google.com/support/a/bin/answer.py?answer=1056433&topic=14576 Here is a sample XML file: <?xml version="1.0" encoding="utf-8"?> <lenovoconfig xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="lenovoconfig.xsd" uuid="2237f15e-1ce5-4e55-9fe6-767118c370c8"> <Header> <DisplayName>Sample policy</DisplayName> <Author>David Rivera</Author> <Source>Manual</Source> <AllowUserRemove>yes</AllowUserRemove> <RebootOnApply>no</RebootOnApply> </Header> <LenovoConfigSettings> <Email Type="Exchange" SSL="yes" AcceptAllCerts="yes"> <ServerAddress>gmail.com</ServerAddress> <UserID>t.cloud09@gmail.com</UserID> </Email> <DomainServer> <ServerAddress>dc.lenovo.com</ServerAddress> ThinkPad Tablet Deployment Guide...
  • Page 15 <UserID>drivera</UserID> </DomainServer> <Certificate type="Root"> <name>Corporate CA Cert</name> <encoded> MIIDEzCCAnygAwIBAgIBATANBgkqhkiG9w0BAQQFADCBxDELMAkGA1UEBhMCWkEx FTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3duMR0wGwYD VQQKExRUaGF3dGUgQ29uc3VsdGluZyBjYzEoMCYGA1UECxMfQ2VydGlmaWNhdGlv biBTZXJ2aWNlcyBEaXZpc2lvbjEZMBcGA1UEAxMQVGhhd3RlIFNlcnZlciBDQTEm MCQGCSqGSIb3DQEJARYXc2VydmVyLWNlcnRzQHRoYXd0ZS5jb20wHhcNOTYwODAx MDAwMDAwWhcNMjAxMjMxMjM1OTU5WjCBxDELMAkGA1UEBhMCWkExFTATBgNVBAgT DFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3duMR0wGwYDVQQKExRUaGF3 dGUgQ29uc3VsdGluZyBjYzEoMCYGA1UECxMfQ2VydGlmaWNhdGlvbiBTZXJ2aWNl cyBEaXZpc2lvbjEZMBcGA1UEAxMQVGhhd3RlIFNlcnZlciBDQTEmMCQGCSqGSIb3 DQEJARYXc2VydmVyLWNlcnRzQHRoYXd0ZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQAD gY0AMIGJAoGBANOkUG7I/1Zr5s9dtuoMaHVHoqrC2oQl/Kj0R1HahbUgdJSGHg91 yekIYfUGbTBuFRkC6VLAYttNmZ7iagxEOM3+vuNkCXDF/rFrKbYvScg71CcEJRCX L+eQbcAoQpnXTEPew/UhbVSfXcNY4cDk2VuwuNy0e982OsK1ZiIS1ocNAgMBAAGj EzARMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAB/pMaVz7lcxG 7oWDTSEwjsrZqG9JGubaUeNgcGyEYRGhGshIPllDfU+VPaGLtwtimHp1it2ITk6e QNuozDJ0uW8NxuOzRAvZim+aKZuZGCg70eNAKJpaPNW15yAbi8qkq43pUdniTCxZ qdq5snUb9kLy78fyGPmJvKP/iiMucEc= </encoded> </Certificate> <VPN> <PPTP> <Name>MyPPTPVPN</Name> <Server>pptp.server.com</Server> <OverwriteIfExists>yes</OverwriteIfExists> <DNSSearchDomain></DNSSearchDomain> <DNSSearchDomain></DNSSearchDomain> <Encryption>no</Encryption> </PPTP> <L2TP> <Name>MyL2TPVPN</Name> <Server>l2tp.server.com</Server> <OverwriteIfExists>no</OverwriteIfExists> <DNSSearchDomain></DNSSearchDomain>...
  • Page 16 <proxy type="HTTP" requiresauth="no"> <address></address> <port>8080</port> </proxy> </WirelessProfile> <AccessPointFilter> <allow> <SSID>MyOffice</SSID> </allow> <allow> <SSID>MyHome</SSID> <Security>WEP</Security> </allow> <deny> <SSID>CoffeeShop</SSID> </deny> </AccessPointFilter> </LenovoConfigSettings> <LenovoPolicySettings> <DeviceControl> <Camera>Allow</Camera> <SDCardSlot>Allow</SDCardSlot> <Mic>Allow</Mic> <Bluetooth>Allow</Bluetooth> <DataRoaming>Block</DataRoaming> <USBPort>Allow</USBPort> <MicroUSBPort>Allow</MicroUSBPort> <SDCardSlot>Allow</SDCardSlot> <UnknownSources>Block</UnknownSources> <USBDebugging>Allow</USBDebugging> <Wifi>Allow</Wifi> <HDMI>Allow</HDMI> <Tethering>Block</Tethering> <Hotspot>Block</Hotspot> </DeviceControl> ThinkPad Tablet Deployment Guide...
  • Page 17: Active Directory Domain Server

    Active Directory domain server An exclusive feature of the Lenovo ThinkPad tablet is that you can use Microsoft Active Directory to allow the user to unlock the ThinkPad Tablet using corporate credentials. You set the XML file to require an Active directory logon, and the user touches Settings->Location &...
  • Page 18 The profile display also allows the user to remove selected profiles. Only configuration profiles that were installed by the Lenovo Profile Manager can be removed by the user, as long as you did not set the property indicating that the policy cannot be removed. Configuration settings that were not set by the Lenovo Profile Manager will be displayed, but cannot be removed by the user.
    • Removable storage • SD card encryption Once a ThinkPad Tablet is configured to connect to the Exchange server, policy settings pushed to the device from the Exchange server are automatically applied, ensuring that the device maintains the security settings that your IT department requires.
  • Page 21: Chapter 4. Lenovo Mobility Manager

    The Lenovo Mobility Manager requires the user to log in to the configuration server using a PIN, which the user retrieves by logging in to a PIN server from a PC. The user authenticates to the PIN server using corporate credentials, and supplies that PIN when logging on to the Lenovo Mobility Manager configuration server from his ThinkPad Tablet.
