Lenovo ThinkVantage (Hardware Password Manager Deployment Guide) User Manual

• You should drag the devices under Hardware Password Manager Devices to the Active Directory or

eDirectory group listed in the HPM Groups tool.

If your administrator has enabled multiple users on a device, complete the following steps to enroll more
than one user.

To enroll an additional user on a Hardware Password Manager device:

1. Log in to Windows.

2. Click Start ➙ All Programs ➙ ThinkVantage ➙ Hardware Password Manager to open the Client

Portal. (If your administrator has set up auto-start, the portal will open automatically.)

3. Click Enroll additional user.

4. Enter the user's intranet credentials, Windows credentials, or hardware account credentials according

to the policy on the server.

5. The suspend countdown window will pop-up and either wait 30 seconds or click OK to suspend.

6. After logging on to the desktop, it will prompt you to restart.

7. At the BIOS login prompt, log in using the Windows credentials for the additional user on this device.

Note: If the policy is set such that vault credentials do not equal Windows credentials, log in using the
hardware account credentials for the additional user.

The enrolled additional user will have user or administrator right in the BIOS, according to the role of the
group, user, administrator, or service tech.

Removing a user from a Hardware Password Manager device

When a user should no longer have access to a Hardware Password Manager device, you can remove the
user to terminate access. When a user is removed, only that user’s credentials are removed from the
hardware account. Hardware credentials remain on the device, and other users’ credentials are not affected.

To remove a user from a Hardware Password Manager device:

1.

Log in to Windows.

2. Click Start ➙ All Programs ➙ ThinkVantage ➙ Hardware Password Manager to open the Client

Portal.

3. Click Remove user.

4. Enter your intranet account credentials when prompted.

5. Click OK to confirm that the system will suspend. The system will resume automatically after it has

completed removing the user.

Unregistering a device from the Hardware Password Manager server

A device can be unregistered from the Hardware Password Manager server in two ways:

• The user can open the Hardware Password Manager Login Menu in the BIOS and unregister the device.

(See To open the Hardware Password Manager Login Menu.)

• The administrator can unregister the device using the Hardware Password Manager administration tools in

the ThinkManagement Console.

After the device is unregistered, the Hardware Password Manager functionality is no longer in effect unless
the device is registered again with the Hardware Password Manager server.

Chapter 4

.

Hardware Password Manager Client

23