Lenovo A51 User Manual

FingerprintSoftwareDeploymentGuide

Updated:September,2010

FingerprintSoftwareDeploymentGuide

Updated:September,2010

Note:Beforeusingthisinformationandtheproductitsupports,readthegeneralinformationinAppendixB

“Notices”onpage33.

FirstEdition(September2010)

©CopyrightLenovo2010.

LENOVOproducts,data,computersoftware,andserviceshavebeendevelopedexclusivelyatprivateexpenseandare soldtogovernmentalentitiesascommercialitemsasdenedby48C.F .R.2.101withlimitedandrestrictedrightsto use,reproductionanddisclosure.

LIMITEDANDRESTRICTEDRIGHTSNOTICE:Ifproducts,data,computersoftware,orservicesaredeliveredpursuant aGeneralServicesAdministration“GSA”contract,use,reproduction,ordisclosureissubjecttorestrictionssetforth inContractNo.GS-35F-05925.

Contents

Preface.................v

Chapter1.Overview..........1

Chapter2.Installation.........3

Installationproceduresandcommand-line

parameters.................3

Usingmsiexec.exe..............4

StandardWindowsInstallerpublicproperties...7

Installationexamples.............7

InstallingThinkVantageFingerprintSoftware....8

Silentinstallation.............8

Options.................9

InstallingLenovoFingerprintSoftware.....11

Silentinstallation............11

Options................11

Chapter3.WorkingwithFingerprint

Software................15

Managementconsoletool..........15

User-speciccommands.........15

Globalsettingscommands........16

Securemodeandconvenientmode......17

Securemode-administrator.......17

Securemode-limiteduser........18

Convenientmode-administrator.....18

Convenientmode-limiteduser......19

Chapter4.Workingwith ThinkVantageFingerprintSoftware.21

UsingtheRSASecurIDsoftwaretoken.....21

ProvisioningtheThinkVantageFingerprint SoftwarefortheRSASecurIDsoftware

token................21

GeneratinganRSASecurIDtokencode...22 AuthenticatingtheRSASecurID-protected

applications..............22

UsingtheThinkVantageFingerprintSoftware

withRSASecurIDReadyVPNclients....22

Considerationsforusingtheexternal ngerprintreaderwiththeRSASecurID

softwaretoken.............23

UsingThinkVantageFingerprintSoftwarewith

NovellNetwareClient............23

Authenticating.............24

Congurablesettings............24

ThinkVantageFingerprintSoftwareservice....26

Chapter5.WorkingwithLenovo

FingerprintSoftware.........27

ActiveDirectorysupportforLenovoFingerprint

Software.................27

ConsiderationsforusingLenovoFingerprint

Software.................28

DeployingtheghostimagewithLenovo

FingerprintSoftware...........28

Erasingngerprintdata.........28

LenovoFingerprintSoftwareservice......28

AppendixA.Considerationsforthe

LenovoFingerprintKeyboard.....31

Congurationandsetup...........31

Pre-desktopauthentication..........31

Windowslogon..............31

AuthenticationwithClientSecuritySolution...32

AppendixB.Notices.........33

Trademarks................34

©CopyrightLenovo2010

iii

ivFingerprintSoftwareDeploymentGuide

Preface

InformationpresentedinthisguideistosupportLenovo

computersinstalledwitheithertheThinkVantage

orLenovoFingerprintSoftwareprogram.

Note:Inthisdeploymentguide,FingerprintSoftwarereferstobothThinkVantageFingerprintSoftwareand LenovoFingerprintSoftware.

ThegoalofFingerprintSoftwareistohelpcustomersaddresscorporateITregulatorycompliance,reduce thecostsassociatedwithmanagingpasswords,andenhancecomputingsecurity.

TheFingerprintSoftwareDeploymentGuideprovidestheinformationrequiredforinstallingFingerprint Softwareononeormorecomputers,andalsoprovidesinstructionsandscenariosontheadministrative toolsthatcanbecustomizedtosupportITandcorporatepolicies.

ThisguideisintendedforITadministrators,orthoseresponsiblefordeployingFingerprintSoftwareto computersthroughouttheirorganizations.Ifyouhavesuggestionsorcomments,communicatewith yourLenovoauthorizedrepresentative.Thisguideisupdatedperiodically,andyoucancheckthelatest publicationontheLenovoWebsiteathttp://www-307.ibm.com/pc/support/site.wss/TVAN-ADMIN.html.

ForquestionsandinformationaboutusingthevariouscomponentsinFingerprintSoftwareworkspaces, refertotheonlinehelpsystemanduserguidesthatcomewithFingerprintSoftware.

©CopyrightLenovo2010

viFingerprintSoftwareDeploymentGuide

Chapter1.Overview

TheobjectiveofbiometricngerprinttechnologiesofferedbyLenovoistohelpcustomersaddress corporateITregulatorycompliance,reducethecostsassociatedwithmanagingpasswords,and enhancecomputingsecurity.FingerprintSoftwareenablesngerprintauthenticationonindividual computersandnetworksbyworkingwiththeLenovongerprintreaders.Itcanbeintegratedwith ClientSecuritySolution8.3orPasswordManager.Formoreinformationabouttheintegrationwith thetwoprograms,refertotheClientSecuritySolution8.3DeploymentGuide.Y oucanndoutmore aboutLenovongerprinttechnologiesanddownloadFingerprintSoftwarefromtheLenovoWebsiteat: http://www-307.ibm.com/pc/support/site.wss/document.do?lndocid=MIGR-73583.

FingerprintSoftwareoffersthesefunctions:

•Clientsoftwarecapabilities

–Microsoft

Windows

easy,fast,andsecuresystemaccess.

–BIOSpassword(alsoknownaspower-onpassword)andharddiskdrivepasswordsreplacement:

Replacepasswordswithyourngerprinttoenhancelogonsecurityandconvenience.

–Pre-bootngerprintauthenticationforSafeGuardEnterprisefull-driveencryption:Utilize

ngerprintauthenticationtodecryptyourharddiskdrivebeforestartingtheWindowsoperatingsystem.

–SingleswipetoaccesstheBIOSandtheWindowsoperatingsystem:Swipeyourngerprintat

startuptogainaccesstotheBIOSandtheWindowsoperatingsystem.

–Singleswipetoturnonthecomputer:Swipeyourngerprinttoturnonthecomputer.

passwordreplacement:Replaceyourpasswordwithyourngerprintfor

Note:Thisfeaturehasthedependencyonthehardware;therefore,itissupportedbycertaincomputer

models.

–FingerprintSoftwaresensorindicator:Indicatetheworkingstateofthesensor,andthesuccessin

swipingyourngerprintornot.

Note:Thisfeaturehasthedependencyonthehardware;therefore,itissupportedbycertaincomputer models.

–IntegrationwithClientSecuritySolution:UsewiththeClientSecuritySolutionPasswordManager

andleveragetheTrustedPlatformModule.UserscanswipetheirngertoaccessWebsitesand selectapplications.

•Administratorfeatures

–Securitymodetoggle:Allowanadministratortotogglebetweensecureandconvenientmodesto

modifyaccessrightsoflimitedusers.

•Securitycapabilities

–Softwaresecurity:Protectusertemplatesthroughstrongencryptionwhenstoredonasystemand

whentransferredfromthereadertothesoftware.

–Hardwaresecurity:Provideasecurityreaderwithaco-processorthatstoresandprotectsngerprint

templates,BIOSpasswords,andencryptionkeys.

©CopyrightLenovo2010

2FingerprintSoftwareDeploymentGuide

Chapter2.Installation

ThischaptercontainsinstructionsoninstallingFingerprintSoftware.

Installationproceduresandcommand-lineparameters

TheMicrosoftWindowsInstallerprovidesseveraladministrativefunctionsthroughcommand-line parameters.TheWindowsInstallercanperformanadministrativeinstallationofanapplicationorproductto anetworkforusebyaworkgrouporforcustomization.Command-lineoptionsthatrequireaparametermust bespeciedwithnospacebetweentheoptionanditsparameter.Forexample:

setup.exe/s/v"/qnREBOOT="R""

isvalid,while

setup.exe/s/v"/qnREBOOT="R""

isnot.

Note:Thedefaultbehavioroftheinstallationwhenexecutedalone(runningsetup.exewithoutany parameters)istoprompttheusertorebootattheendoftheinstallation.Arebootisrequiredfortheprogram tofunctionproperly.Therebootcanbedelayedthroughacommandlineparameterforasilentinstallation asdocumentedintheprecedingsectionandintheexamplesection.

FortheFingerprintSoftwareinstallationpackage,anadministrativeinstallationunpackstheinstallation sourcelestoaspeciedlocation.

Torunanadministrativeinstallation,runthesetuppackagefromthecommandlineusingthe/aparameter:

setup.exe/a

Anadministrativeinstallationpresentsawizardthatpromptstheadministrativeusertospecifythelocations forunpackingthesetuples.ThedefaultextractlocationisC:\.Youcanchooseanewlocationthatmay includedrivesotherthanC:\(forexample,otherlocaldrivesormappednetworkdrives).Youcanalso createnewdirectoriesduringthisstep.

Torunanadministrativeinstallationsilently,youcansetthepublicpropertyTARGETDIRonthecommand linetospecifytheextractlocation:

setup.exe/s/v"/qnTARGETDIR=F:\TVTRR"

msiexec.exe/i"setup.msi"/qnTARGERDIR=F:\FPR

Note:IfyouarenotusingthelatestversionofWindowsInstaller,thesetup.exelewillbeconguredto updatetheWindowsInstallerenginetothelatestversion.TheupdateoftheWindowsInstallerenginewill promptyoutorebootthesystemeveninanadministrativeextractinstallation.T opreventarebootinthis situation,youcanusetheREBOOTpropertyoftheWindowsInstaller.IftheWindowsInstalleristhelatest version,thesetup.exelewillnotattempttoupdatetheWindowsInstallerengine.

©CopyrightLenovo2010

Onceandadministrativeinstallationhasbeencompleted,theadministrativeusercanmakecustomizations tothesourceles,suchasaddingsettingstotheregistry.

ThefollowingparametersanddescriptionsaredocumentedintheInstallShielddeveloperhelp documentation.ParametersthatdonotapplytoBasicMSIprojectswereremoved.

Table1.Parameters

ParameterDescription

/a:administrativeinstallationThe/aswitchcausessetup.exetoperforman

administrativeinstallation.Anadministrativeinstallation copies(anduncompresses)yourdatalestoadirectory speciedbytheuser,butdoesnotcreateshortcuts, registerCOMservers,orcreateanuninstallationlog.

/x:uninstallingmodeThe/xswitchcausessetup.exetouninstallapreviously

installedproduct.

/s:silentmodeThecommandsetup.exe/ssuppressesthesetup.exe

initializationwindowforaBasicMSIinstallationprogram, butdoesnotreadaresponsele.BasicMSIprojectsdo notcreateorusearesponseleforsilentinstallations. TorunaBasicMSIproductsilently,runthecommand linesetup.exe/s/v/qn.(T ospecifythevaluesof publicpropertiesforasilentBasicMSIinstallation, youcanuseacommandsuchassetup.exe/s/v"/qn INSTALLDIR=D:\Destination".)

/v:passargumentstoMsiexecThe/vargumentisusedtopasscommandlineswitches

andvaluesofpublicpropertiesthroughtoMsiexec.

/L:setuplanguageUserscanusethe/Lswitchwiththedecimallanguage

IDtospecifythelanguageusedbyamulti-language installationprogram.Forexample,thecommandto specifyGermanissetup.exe/L1031.

/w:waitForaBasicMSIproject,the/wargumentforcessetup.exe

towaituntiltheinstallationiscompletebeforeexiting.If youareusingthe/woptioninabatchle,youmaywant toprecedetheentiresetup.execommandlineargument withstart/WAIT.Aproperlyformattedexampleofthis usageisasfollows:

start/WAITsetup.exe/w

Usingmsiexec.exe

Toinstallfromtheunpackedsourceaftermakingcustomizations,theusercallsmsiexec.exefromthe commandline,passingthenameoftheunpacked*.MSIle.msiexec.exeistheexecutableprogramofthe WindowsInstallerusedtointerpretinstallationpackagesandinstallproductsontargetsystems.

msiexec/i"C:\WindowsFolder\Proles\UserName\ Personal\MySetups\projectname\productconguration\releasename\ DiskImages\Disk1\productname.msi"

Note:Entertheprecedingcommandasasinglelinewithnospacesfollowingtheslashes.

Thefollowingtabledescribestheavailablecommandlineparametersthatcanbeusedwithmsiexec.exe andexamplesofhowtouseit.

4FingerprintSoftwareDeploymentGuide

Table2.Commandlineparameters

ParameterDescription

/Ipackageorproductcode

Usethisformattoinstalltheproduct:

Othello:msiexec/i"C:\WindowsFolder\Proles\

UserName\Personal\MySetups

\Othello\TrialVersion\

Release\DiskImages\Disk1\

OthelloBeta.msi"

ProductcodereferstotheGloballyUniqueIdentier(GUID)thatis automaticallygeneratedintheproductcodepropertyofyourproduct's projectview.

/apackageThe/aoptionallowsuserswithadministratorprivilegestoinstallaproduct

ontothenetwork.

/xpackageorproductcodeThe/xoptionuninstallsaproduct.

/L[i|w|e|a|r|u|c|m|p|v|+]logle

Buildingwiththe/Loptionspeciesthepathtothelogle;theseagsindicate whichinformationtorecordinthelogle:

•ilogsstatusmessages

•wlogsnon-fatalwarningmessages

•elogsanyerrormessages

•alogsthecommencementofactionsequences

•rlogsaction-specicrecords

•ulogsuserrequests

•clogsinitialuserinterfaceparameters

•mlogsout-of-memorymessages

•plogsterminalsettings

•vlogstheverboseoutputsetting

•+appendstoanexistingle

•*isawildcardcharacterthatallowsyoutologallinformation(excluding theverboseoutputsetting)

/q[n|b|r|f]

The/qoptionisusedtosettheuserinterfacelevelinconjunctionwiththe followingags:

•qorqncreatesnouserinterface

•qbcreatesabasicuserinterface

/?or/h

Theuserinterfacesettingsbelowdisplayamodaldialogboxattheendof installation:

•qrdisplaysareduceduserinterface

•qfdisplaysafulluserinterface

•qn+displaysnouserinterface

•qb+displaysabasicuserinterface

EithercommanddisplaysWindowsInstallercopyrightinformation

Chapter2.Installation5

Table2.Commandlineparameters(continued)

ParameterDescription

TRANSFORMSTheTRANSFORMScommandlineparameterspeciesanytransformsthat

youwouldlikeappliedtoyourbasepackage.

msiexec/i"C:\WindowsFolder\

Proles\UserName\Personal \MySetups\

YourProjectName\TrialVersion\

MyRelease-1 \DiskImages\Disk1\

ProductName.msi"TRANSFORMS="NewTransf orm1.mst"

Youcanseparatemultipletransformswithasemicolon.Donotusesemicolons inthenameofyourtransform,astheWindowsInstallerservicewillinterpret thoseincorrectly.

Properties

Allpublicpropertiescanbesetormodiedfromthecommandline.Public propertiesaredistinguishedfromprivatepropertiesandareallcapitalletters. Forexample,COMPANYNAMEisapublicproperty.

Tosetapropertyfromthecommandline,usethefollowingsyntax:

PROPERTY=VALUE

IfyouwantedtochangethevalueofCOMPANYNAME,youwouldenterthe following:

msiexec/i"C:\WindowsFolder\

Proles\UserName\Personal\

MySetups\YourProjectName\

TrialVersion\MyRelease-1\

DiskImages\Disk1\ProductName.msi"

COMPANYNAME="InstallShield"

6FingerprintSoftwareDeploymentGuide

+ 30 hidden pages