Lenovo ThinkVantage (Hardware Password Manager Deployment Guide) User Manual

When the client is installed, it communicates with the Hardware Password Manager server to authenticate
the device. The client can then request Hardware Password Manager policy settings from the Hardware
Password Manager server. The registration process is then completed when the user enters credentials
for logging on to the device.

For registration to occur, the device must be connected to the network on which the Hardware Password
Manager server is located.

The administrator has two options for initiating registration of Hardware Password Manager devices:

• Registration is automatically started when the user logs on to Windows. For this option, the administrator

selects the Auto-start registration at Windows logon option in the client policy that is applied to
Hardware Password Manager devices.

• The user opens the Client Portal to begin registration.

To register a device with the Hardware Password Manager server and enroll a user:

1. Click Start ➙ All Programs ➙ ThinkVantage ➙ Hardware Password Manager to open the Client

Portal. (If your administrator has set up auto-start, the portal will open automatically when you log in.)

2. Click Restart to restart the device.

3. After the BIOS loads, the HPM initialization process verifies that you want to continue with the

registration. Press Enter to continue. After Windows starts and you log in, the Client Portal dialog box
opens automatically.

4. Under Enter your Windows account, enter your user name and password for logging in to Windows.

The user name you currently used to log in with should already be filled in for you.

5. Under Enter your Intranet Account, enter your user name, password, and domain for logging in to

the domain on this device.

Note: If the policy is set for the intranet account equals the Windows account, you will only be
prompted for one set of credentials.

6. The Enter your Hardware Account window may pop up according to the server policy. Click Finish.

7. The system will automatically suspend and then resume.

8. After logging on to the desktop, it will prompt you to restart.

9. Click OK to restart the device.

10. At the BIOS login prompt, log in using your Windows credentials or hardware account credentials for

the device.

If you clear Enable First User enrolled on a machine as Administrator, the first enrolled user has user
privilege in BIOS. If you select Enable First User enrolled on a machine as Administrator, the first enrolled
user has administrator privilege in

Enrolling additional users on a Hardware Password Manager device

More than one user can log in to a Hardware Password Manager device with single-sign-on protection if your
administrator has enabled multiple users. When any of the enrolled users log in to the device, the Client
Portal runs and they are automatically logged in to Windows.

The following are required for enrolling additional users on a device:

• In the client policy applied to the device, Allow multiple users to enroll on a single device must be

selected.

• For each additional user, an account must be created on the device.

22

Hardware Password Manager Deployment Guide

BIOS.