Administrative (adm) template files – Lenovo ThinkVantage Client Security Solution 8.3 User Manual

The following examples are settings that Active Directory can manage for Client Security Solution:

• Security policies.

• Custom security policies; such as whether to use a Windows password or Client Security Solution

passphrase.

Administrative (ADM) template files

The ADM (Administrative) template file defines policy settings used by applications on the client computers.
Policies are specific settings that govern the application behavior. Policy settings also define whether the
user will be allowed to set specific settings through the application.

Settings defined by an administrator on the server are defined as policies. Settings defined by a user on the
client computer for an application are defined as preferences. As defined by Microsoft, policy settings take
precedence over preferences.

For example, a user may put a background image on his desktop. This is the user's preference setting. An
administrator may define a setting on the server that dictates that a user must use a specific background
image. The administrators policy setting will override the preference set by the user.

When a ThinkVantage Technology product checks for a setting, it will look for the setting in the following
order:

• Computer policies

• User policies

• Default user policies

• Computer preferences

• User preferences

• Default user preferences

As described previously, computer and user policies are defined by the administrator. These settings can be
initialized through the XML configuration file or through a Group Policy in the Active Directory. Computer and
user preferences are set by the user on the client computer through options in the applications interface.
Default user preferences are initialized by the XML configuration script. Users do not change the values
directly. Changes made to these settings by a user will be updated in the user preferences.

Customers not using Active Directory can create a default set of policy settings to be deployed to client
systems. Administrators can modify XML configuration scripts and specify that they be processed during
the installation of the product.

Defining manageable settings

The following example shows settings in the Group Policy editor using the following hierarchy:

Computer Configuration>Administrative Templates>ThinkVantage Technologies>
Client Security Solution>Authentication Policies>Max Retries>
Password number of retries

The ADM files indicate where in the registry the settings will be reflected. These settings will be in the
following registry locations:

Computer policies:
HKLM\Software\Policies\Lenovo\Client Security Solution\
User policies:
HKCU\Software\Policies\Lenovo\Client Security Solution\
Default user policies:
HKLM\Software\Policies\Lenovo\Client Security Solution\User defaults
Computer preferences:

Chapter 3

.

Working with Client Security Solution

41