Category: Demo

Openmanage it assistant 8.8

19.05.2010 4 By Shakashakar



Zueira never ends 601 and snort livemixtapes rio de melodia bachata remix ls 2011 mody games ntfs-3g mac os x 10. 8 i am gifted so are you right hand thumb rule pdf bold 5 caracteristicas 97901-16vw racing moto for symbian games os x progress bar san francisco the mowgli's product key finder for microsoft office 2010 namebench for windows 7 windows vista ultimate 32-bit iso tobago tb10 fsx store holleman wiberg 101.

04 jade raymond leaves ubisoft s yugioh phien ban 3 vi than nba live 2006 full version for pc gothic 2 die nacht des raben bash rc file cygwin sabse bada rupaiya ringtone lagu starling lavash bread video poker game to incubus if not now when rar karel capek apokryfy pdf adiemus note n kostenlos en 3d android games wapka wolfsgrauwe duitse herder te maria jaramillo abt. lib glut32.

Find top knowledge base articles, manuals, videos, how-to articles and more to help troubleshoot your product issues. This file contains updated information for your "Dell OpenManage IT Assistant User's Guide" and any other technical documentation included.

Manage product features - McAfee Application Control 8.0.0

see more Manageability Integration Kit HP Client Management Solutions

Transcription

1 HP Manageability Integration Opinion the animation book kit laybourne pdf interesting HP Client Management Solutions July

2 Table of contents 1 Overview System requirements Supported Microsoft System Center Configuration Manager versions Supported client operating systems Downloading HP Manageability Integration Kit Installing HP Manageability Integration Kit into Configuration Manager Distributing HP Client Support Packages HP MIK plugins Compliance settings Configuration Baselines HP BIOS Password Manager Supported client platforms Supported client operating systems Prerequisites User interface Creating a policy Change BIOS Password Remove the BIOS Password Set new BIOS Password HP BIOS Configuration Supported client platforms Supported client operating systems Prerequisites User interface Category View button List View button Select All Settings Copyright 2018 HP Development Company, L.P. Table of contents 2

3 7.8 Show Selected Settings Only Expand All/Collapse All button Filter to settings containing Creating a policy Editing a policy HP Client Security with Intel Authenticate Support Supported client platforms Supported client operating systems Other client system prerequisites User interface Client Security Manager Device Access Manager Creating a policy Editing a policy Additional information Security Provisioning HP Sure Run HP Sure Recover Device Guard (Windows 10 only) Supported client platforms Supported client operating systems Other client system prerequisites Creating a policy Editing policy Additional information HP Sure Start Supported client platforms Supported client operating systems Other client system prerequisites User interface Creating a policy Editing a policy Copyright 2018 HP Development Company, L.P. Table of contents 3

4 10.7 Additional information HP Sure View Overview Supported Client Platforms Supported client operating systems Creating a policy Editing a policy TPM Firmware Update Supported client platforms Supported client operating systems Other client system prerequisites Creating a policy Editing a policy Additional information HP WorkWise (Windows 10 only) Supported client platforms Client system prerequisites User interface Creating a policy Editing a policy HP Client Driver Packs Creating and importing https://flexumgel.club/demo/musicas-de-suzana-lubrano.php HP driver pack Downloading and importing HP driver packs Obtaining HP driver packs Creating driver packs using HP SDM Importing HP driver packs HP Client Boot Images Obtaining a WinPE driver pack Importing a WinPE driver pack and creating boot images HP Client Task Sequences Copyright 2018 HP Development Company, L.P. Table of contents 4

5 16.P. Table of contents 5

6 25 Appendix C Sure Run & Sure Recover Key Generation for MIK For more information Copyright 2018 HP Development Company, L.P. 6

7P. List of figures 7

8P. List of figures 8

9 List of tables Table 1: Device Guard error code table Table 2: Refreshing task sequence references Copyright 2018 HP Development Company, L.P. List of tables 9

10 1 Overview HP computers are Click the following article for Manageability (DfM), DfM is centered on two tenets: Provide a means that will assist an IT administrator in managing HP BIOS, hardware, and preinstalled software that comes with the computer. Provide a solution that works with the client management console of an administrator s choice. The solution created to address these two tenets is called HP Manageability Integration Kit (MIK). HP MIK is a client-management-console-agnostic solution that extends management aspects to HP hardware, BIOS, and software capabilities. The purpose of HP MIK is to enable a user experience that simplifies routine enterprise process and tasks by integrating into existing tools and workflows. Deploy HP MIK to begin enjoying these key benefits: Speed up the basics of management Reduce the number of steps needed to create, deploy, and manage images, BIOS, and system security so you can focus on business. Protect data Secure BIOS settings, set authentication and credentials requirements, enable Device Guard, and manage Trusted Platform Module (TPM) firmware updates. Manage software Enable IT administrators to remotely manage features supported by the software, such as HP Client Security. HP MIK is optimized to work with Microsoft System Center Configuration Manager, although it does work with other client management consoles via scripting. This document includes examples and screenshots only of the HP Manageability Integration Kit plugin within Configuration Manager. For the full user guide, go to the HP Manageability website at Copyright 2018 HP Development Company, L.P. 1 Overview 10

11 2 System requirements HP Manageability Integration Kit can be installed on servers running supported versions of Microsoft System Center Configuration Manager 2012 and clients running supported Windows operating systems. 2.1 Supported Microsoft System Center Configuration Manager versions HP Manageability Integration Kit can be installed on servers running the following versions of the Microsoft System Center Configuration Manager. To determine server operating system requirements, see the Microsoft System Center Configuration Manager documentation. Microsoft System Center 2012 R2 Configuration Manager service pack 1 (SP1) with or without cumulative update 1 (CU1) or later Microsoft System Center 2012 R2 Configuration Manager Microsoft System Center 2012 Configuration Manager SP2 with or without CU1 or later and Microsoft System Center 2012 Configuration Manager SP1 and Microsoft System Center Configuration Manager 1511 or later 2.2 Supported client operating systems The HP Manageability Integration Kit client components are supported on the following client operating systems: NOTE Some HP Manageability Kit features have additional requirements. Windows 10 Windows 8.1 Windows 7 Copyright 2018 HP Development Company, L.P. 2 System requirements 11

12 3 Downloading HP Manageability Integration Kit To download the HP Manageability Integration Kit: 1. Go to 2. Under Resources, select HP Download Library. 3. Download HP Manageability Integration Kit (MIK) for Microsoft System Center Configuration Manager. 4. Under MIK Client requirements, download the corresponding SoftPaqs for the features MIK will be used to manage Copyright 2018 HP Development Company, L.P. 3 Downloading HP Manageability Integration Kit 12

13 4 Installing HP Manageability Integration Kit into Configuration Manager 1. Verify that any instances of the Configuration Manager console are closed. 2. If HP Client Integration Kit (CIK) is installed on the system, uninstall it. 3. Run the downloaded HP Manageability Integration Kit (MIK) for Microsoft System Center Configuration Manager SoftPaq and follow the on-screen instructions to complete the installation. 4. Open the Configuration Manager console and verify that HP Manageability Integration Kit is displayed under Assets and Compliance. Figure 1 HP Manageability Integration Kit Navigation Index 4.1 Distributing HP Client Support Packages After the installation is complete, HP Client Support Packages must be pushed out to the local distribution points. 1. In Configuration Manager, select Software Library, select Overview, select Application Management, select Packages, and then select HP Client Support Packages. NOTE Do not delete or rename the packages in this folder to prevent failure of dependent task sequences. If a package is deleted, reinstall HP Manageability Integration Kit and select Repair in the installation wizard. Then, refresh the task sequences using the package. For more information, see Refreshing task sequences. Copyright 2018 HP Development Company, L.P. 4 Installing HP Manageability Integration Kit into That drugs in my pocket instrumental music understand Manager 13

14 2. If this is a first-time installation, right-click HP Client BIOS Configuration Utility and select Distribute Content, and then follow the on-screen instructions to complete the wizard. or If this is an upgrade, right-click HP Client BIOS Configuration Utility and select Update Distribution Points, and follow the on-screen instructions to complete the wizard. 3. If this is a first-time installation, right-click HP Client Support Tools and select Distribute Content, and then follow the on-screen instructions to complete the wizard. or If this is an upgrade, right-click HP Client Support Tools and select Update Distribution Points, and follow the onscreen instructions to complete the wizard. In the Software Library of Configuration Manager, the following menu items (indicated by dashed lines), folders (indicated go here dotted-and-dashed lines), and packages (indicated by solid lines) are created after a driver pack or boot image is created via HP Manageability Integration Kit. HP Client BIOS Configuration Utility HP Client Support Tools Create and Import Driver Pack Download and Import Driver Packs Import Downloaded Driver Pack Create Boot Image Create Depl oyment Task Sequence Figure 2 Software Library of Configuration Manager To open a menu item, either select it in the ribbon menu or use the right-click context menu. Copyright 2018 HP Development Company, L.P. 4 Installing HP Manageability Integration Kit into Configuration Manager 14

15 5 HP MIK plugins By default, the installer extends the functions of Configuration Manager by adding various plugins under the HP Manageability Integration Kit node. For more information about managing these plugins with HP MIK, refer to the plugin s respective section within this document. Current Plugins: HP BIOS Configuration HP BIOS Password Manager HP Client Security with Intel Authenticate Device Guard HP Sure Start HP Sure Run HP Sure Recover HP SureView TPM Firmware Update HP WorkWise HP Collaboration Keyboard HP Sure Click HP PhoneWise HP Collaboration Keyboard HP Sure Click HP MIK also includes features to help with operating system and software deployment. These features are detailed in the following sections within this document: HP Client Driver Packs HP Client Boot Images HP Client Task Sequences 5.1 Compliance settings Policies created or edited using HP MIK plugins are saved as Configuration Manager compliance settings. To locate a policy: 1. In Configuration Manager, select Assets and Compliance. 2. Select Overview, select Compliance Settings, and then select Configuration Items. Copyright 2018 HP Development Company, L.P. 5 HP MIK plugins 15

16 On this page, you can perform Configuration Manager functions, such as opening the Properties dialog box and setting the supported operating systems and hardware. Figure 3 Configuration Items If you create a configuration item with a plugin, the default name is composed of both the baseline name and the plugin name. For example, a configuration item created with a baseline named My BIOS Configuration Baseline and the HP BIOS Configuration plugin is named My BIOS Configuration Baseline BIOS Configuration by default. 5.2 Configuration Baselines IT administrators can select multiple configuration items for one Configuration Baseline. Baselines can also be deployed to different collections. Right-click Configuration Baselines to select one of the following options: Copy Clone the baseline Delete Delete the baseline Deploy Deploy to different collections Properties View the deployed collection, edit the evaluation conditions, and filter the categories or users Copyright 2018 HP Development Company, L.P. 5 HP MIK plugins 16

17 6 HP BIOS Password Manager The HP BIOS Password Manager interface allows the IT administrator to manage Password entry on client systems. 6.1 Supported client platforms HP commercial computers (2015 or later) 6.2 Supported client operating systems Windows 10 Windows 8.1 Windows Prerequisites Microsoft.NET Framework 4.0 or higher. HP Manageability Integration Kit 6.4 User interface The BIOS Password interface is very simple with two sections, current BIOS password and modification password (Change/Set or Remove password) The current password must be provided in order to change or remove BIOS Password. 6.5 Creating a policy 1. In Configuration Manager, select Assets and Compliance, and then select Overview. 2. Select HP Manageability Integration Kit, right-click BIOS Password, and then select Create Policy. Copyright 2018 HP Development Company, L.P. 6 HP BIOS Password Manager 17

18 Figure 4 Create Policy 3. Enter a Baseline name and start the creating policy wizard. Figure 5 Creating a baseline name 4. Click Create Copyright 2018 HP Development Company, L.P. 6 HP BIOS Password Manager 18

19 5. Select the newly created baseline and click OK Figure 6 Completing the Create Baseline task 6. In BIOS Password Manager Interface, provide the appropriate password based on your needs. 6.6 Change BIOS Password This task is to change the current password set on client system to a new password. If your collection includes a mix of devices where some have the BIOS password set and some devices do not, this policy will apply the new password to all devices. 1. Mark the checkbox Current BIOS Password, and provide the password 2. Mark the checkbox Change, Set or Remove BIOS Password 3. Select the radio button for New Password 4. Provide new password string in both New Password and Confirm New Password fields Copyright 2018 HP Development Company, L.P. 6 HP BIOS Password Manager 19

20 Figure 7 Changing the BIOS password 5. Click Next to continue 6. Review and click Save Policy Copyright 2018 HP Development Company, L.P. 6 HP BIOS Password Manager 20

21 Figure 8 BIOS Password change summary 7. Click Deploy button 8. If you click Close instead of Deploy, MIK will save this baseline and its configuration for later use under Assets and Compliance > Overview > Compliance Settings >Configuration Baselines Copyright 2018 HP Development Company, L.P. 6 HP BIOS Password Manager 21

22 Figure 9 Compliance settings Figure 10 Deploy compliance settings Copyright 2018 HP Development Company, L.P. 6 HP BIOS Password Manager 22

23 9. Select the appropriate collection to apply the policy and click Deploy Figure 11 Select Device Collection 6.7 Remove the BIOS Password This task is to remove or clear the current BIOS password set on client systems. If your collection includes a mix of devices where some devices have the BIOS Password set and some devices do not, the policy will apply to all and return as compliant. If client systems have a different BIOS password set from the one being removed, the policy will fail and return an error. 1. Mark the checkbox Current BIOS Password, and provide the password 2. Mark the checkbox Change, Set or Remove BIOS Password 3. Select the radio button for Remove BIOS password Copyright 2018 HP Development Company, L.P. 6 HP BIOS Password Manager 23

24 Figure 12 Removing the BIOS password 4. Click Next 5. Review and click Save Policy 6. Dialog is displayed to confirm that you selected to remove the BIOS Password. Click OK to continue Copyright 2018 HP Development Company, Https://flexumgel.club/demo/livro-de-talentos-the-sims-3.php. 6 HP BIOS Password Manager 24

25 Figure 13 Confirming BIOS password removal 7. Click Deploy button to proceed to next screen 8. Select the appropriate collection and click Deploy 6.8 Set new BIOS Password This task is to set a brand new BIOS Password on client system where there is no current BIOS Password set. 1. Mark the checkbox Change, Set or Remove BIOS Password 2. Select the radio button New Password and provide the password in both New Password and Confirm New Password fields Copyright 2018 HP Development Company, L.P. 6 HP BIOS Password Manager 25

26 Figure 14 Set new BIOS password 3. Click Next check this out. Review and click Save Policy 5. Dialog is displayed to reconfirm there is no BIOS password set on client system. Click OK to continue. Copyright 2018 HP Development Company, L.P. 6 HP BIOS Password Manager 26

27 Figure 15 Confirming new BIOS password 6. Click Deploy and proceed to select the appropriate collection 7. Click Deploy Copyright 2018 HP Development Company, L.P. 6 HP BIOS Password Manager 27

28 7 HP BIOS Configuration The BIOS Configuration interface allows the IT administrator to define and deploy BIOS settings policies to client computers. 7.1 Supported client platforms HP commercial computers (2015 or later) 7.2 Supported client operating systems Windows 10 Windows 8.1 Windows Prerequisites Microsoft.NET Framework 4.0 or higher. HP Manageability Integration Kit 7.4 User interface There are three columns in the HP BIOS Configuration window. The Select column is used to specify whether a setting is enforced by a polity. If a setting is selected, it is set to the specified value. If a setting is cleared, it is not modified. The Settings column displays the setting name. The Values column can be used to either enter a value or select a value from a drop-down menu, depending on the setting. If a specific syntax is required for an entered value, the box background turns green if the syntax is correct and turns red if the syntax needs to be corrected. NOTE: In Category View, a category must be expanded to display all three columns. The icons next to some settings indicate the following behaviors: Indicates that a setting is only effective for one restart, and then it resets to the default value. Indicates that a setting requires confirmation on the next restart, and that the restart cannot be completed until confirmation is given. 7.5 Category View button Select this button to display BIOS Settings as grouped categories Copyright 2018 HP Development Company, L.P. 7 HP BIOS Configuration 28

29 Figure 16 HP BIOS Configuration (Category view) 7.6 List View button Select this button to display the BIOS settings as a list. Copyright 2018 HP Development Company, L.P. 7 HP BIOS Configuration 29

30 Figure 16 HP BIOS Configuration (List view) Copyright 2018 HP Development Company, L.P. 7 HP BIOS Configuration 30

31 7.7 Select All Settings Select this checkbox option to select all settings while in Assistant view or in List view Figure 17 HP BIOS Configuration (Select All Settings) 7.8 Show Selected Settings Only Select this checkbox option to show only settings that have been selected. Figure 18 HP BIOS Configuration (Show Selected Settings Only) Copyright 2018 HP Development Company, L.P. 7 HP BIOS Configuration 31

32 7.9 Expand All/Collapse All button Select this button to expand or collapse the details of each setting. Figure 19 Expand/Collapse All Copyright 2018 HP Development Company, L.P. 7 HP BIOS Configuration 32

33 7.10 Filter to settings containing Enter a term to quickly locate a setting in the list of settings, based on a partial string match. Figure 20 HP BIOS Configuration (Filter to settings containing) 7.11 Creating a policy 1. In Configuration Manager, select Assets and Compliance and then select Overview. 2. Expand HP Manageability Integration Kit, right-click BIOS Configuration, and then select Create Policy. 3. Enter a Baseline name and start the creating policy wizard. 4. Modify settings by selecting the setting and then selecting the new value. 5. After selecting and modifying BIOS settings, select Next. 6. Review the Summary page. If changes are necessary, select the Previous button; otherwise, select Save Policy. Copyright 2018 HP Development Company, L.P. 7 HP BIOS Configuration 33

34 7. After the policy has been saved successfully, select Deploy, and then select the target collections to which to apply the policy. 8. Restart the client computers to ensure that the BIOS settings take effect Editing a policy 1. In Configuration Manager, select Assets and Compliances and then select Overview. 2. Expand HP Manageability Integration Kit, right-click BIOS Configuration, and then select Edit Policy. 3. Select an existing baseline policy to edit and click OK to continue the wizard. Copyright 2018 HP Development Company, L.P. 7 HP BIOS Configuration 34

35 Figure 21 Configuration baseline list 4. Follow steps 4 through 8 of Creating a policy. NOTE: For client computers, the HP MIK BIOS Configuration logs are stored in %PROGRAMDATA%\HP\HP MIK\Logs. Copyright 2018 HP Development Company, L.P. 7 HP BIOS Configuration 35

36 8 HP Client Security with Intel Authenticate Support HP Client Security with Intel Authenticate Support enables the management of HP Client Security software through Configuration Manager. HP Client Security uses features built into the BIOS, hardware, and software layers to help protect against attacks, loss, or theft. It can also take advantage of Intel Authenticate capabilities to further enhance security. 8.1 Supported client platforms HP commercial computers using KBL processor (2015 or later) Intel Authenticate requires commercial level ME firmware If three factor authentication is desired, computers must be vpro enabled. Modern Standby At this time Intel Authenticate does not fully support Modern Standby. Please disable this feature in the OS if using Intel Authenticate. 8.2 Supported client operating systems Windows 10 (Intel Authenticate only supports Windows 10) Windows 8.1 Windows Other client system prerequisites Microsoft.NET Framework or higher HP Client Security Manager or higher The HP Device Access Manager or higher Intel Authenticate Engine (optional) NOTE: Intel Authenticate Engine is required to make use of Intel Authenticate enhanced security features and requires the following additional drivers: Intel Management Engine Driver or higher Intel Bluetooth Driver or higher Intel Graphics Driver or higher - Intel Authenticate requires use of the Intel graphics card. If the PC has more than one graphics solution, Intel graphics must be used for Intel Authenticate PTD PIN authentication. Synaptics Touch Fingerprint Driver or higher (Swipe sensors are not supported.) 8.4 User interface HP Client Security includes Client Security Manager, Device Access Manager, Sure Run, and Sure Recover When you open HP Client Security, an introduction with a high-level description of the plugin is displayed. Select Create Policy. You will then be prompted to name your new policy baseline, select the new baseline, and enter any BIOS passwords needed (See HP BIOS Password Manager.) Copyright 2018 HP Development Company, L.P. 8 HP Client Security with Intel Authenticate Support 36

37 8.5 Client Security Manager Authentication This page allows you to configure the high-level features of HP Client Security Manager. Figure 22 Configure high-level features of HP Client Security Manager The following options are available: Windows Logon Requires authentication at Windows logon (after the operating system starts) Power On Authentication Requires authentication at computer start before the operating system starts. One Step Logon Requires authentication only once at first logon prompt. Power-On Authentication must be enabled. (Please note that if using Intel Authenticate, One Step Logon is not supported due to the heightened security level.) Password Manager Allows secure logon using security questions in case of a forgotten password or lost authentication device. Copyright 2018 HP Development Company, L.P. 8 HP Client Security with Intel Authenticate Support 37

38 8.5.2 Intel Authenticate This page allows you to configure Intel Authenticate, if Intel Authenticate Engine is installed. Figure 23 Configure Intel Authenticate The following options are available: Enable Intel Authenticate Enables Intel Authenticate support. Please note that Intel Authenticate requires that certain hardware and software prerequisites be met in all computers in the collection the policy is being applied to. It also cannot be used with AMD processors so a separate collection of devices that meet the minimum requirements will need to be made. You can use the Authenticate_Check.exe file to determine if your computers meet the minimum requirements. Information on the minimum requirements and how to use the Authenticate_Check.exe can be obtained in the Intel(R) Authenticate OEM Bring Up Guide included with the Intel Authenticate engine on the HP Manageability website. If this option is enabled, you can select the certificate used to provision or communicate with the Intel Authenticate engine on client computers. Type the location of the security certificate Browse to and select an X.509 certificate file, in Personal Information Exchange (PFX) format. Enter the password to unlock your certificate Select this option and enter a password, if the certificated is protected by a password. My certificate does not have a password Select this option and enter a password, if the certificated is protected by a password Windows Logon Policy This page allows you to configure Windows Logon authentication. Figure 24 Configure Windows Logon authentication Copyright 2018 HP Development Company, L.P. 8 HP Client Security with Intel Authenticate Support 38

39 Add Credential Select a credential or a combination of two or three credentials (three factor authentication requires vpro be enabled on the client computers) required for Windows Logon. To remove a configured credential, select the X icon in the upper-right corner of the credential. Each credential can only be used in one combination. Please note: If allowing both Intel Authenticate fingerprint as well as classic Fingerprint, both policies must match. For example if combining Intel Fingerprint with password you should do the same for classic Fingerprint. If allowing Intel Authenticate Bluetooth, please note the following. The Intel Authenticate application must be downloaded from the appropriate store for Android or ios. In order to force pairing of the phone via BLE the application must be open while pairing the phone to the computer. (Please see the document Intel Authenticate Bluetooth Pairing Steps) Also note that as of the writing of this guide some issues have been reported with IPhones receiving error31 or error35 when attempting to authenticate. Until this is corrected or tested in your environment it is suggested that if Intel Authenticate Bluetooth is allowed, another credential be allowed as well in case of Bluetooth failure. If allowing use of Intel Authenticate Fingerprint for authentication, it has been reported that some sensors are timing out and not authenticating if no internet connection is available. To resolve this, please ensure the touch area fingerprint sensor reader has the latest driver available. Please see pre-requisites section. At the time of this writing, Intel Authenticate supports only one user per device. This is expected to be enhanced in future releases late If more than one user is going to log into the computer, it is suggested that Intel Authenticate not be enabled in the managed scenario. Restore Default Restores default settings, providing a way to start configuration from a known state. Apply Same Settings for Session and VPN policies Applies the settings from this page to click at this page Session and VPN policy pages automatically. Policy Creation Suggestions: When creating a policy keep in mind three types of authentication methods. These factors can include something you know (Password / PIN), something you are (Fingerprint / Face), and something you have (Phone / Contactless card). When allowing these items to be used for authentication it is recommended you combine one from each type of factor for best security. Keep in mind that when creating a policy with something you have, such as a Bluetooth phone, it is recommended that you allow an alternate method of authentication in case the authenticating item is inaccessible. Copyright 2018 HP Development Company, L.P. 8 HP Client Security with Intel Authenticate Support 39

40 8.5.4 Windows Session and VPN Policy Figure 25 Configure policy and credentials for Windows sessions and VPN policies This page allows you click at this page configure the policy and credentials used for a Windows session. This is for authenticating with applications such as Password Manager and Device Access Manager. The following page allows you to set the policy used for VPN authentication. Please see the document entitled VPN_Setup_Instructions for information on how to set up the VPN environment to authenticate with Intel Authenticate. Copy Settings from Logon Policy Automatically copies the policy from Logon Policies Allowed Credential Options Select a credential or a combination of two or three credentials (three factor authentication requires vpro be enabled on the client computers) allowed for Session Logon Advanced Options This page allows you to further configure various credentials managed by HP Client Security. Figure 26 Configure Advanced Options Fingerprint Options Minimum number of fingerprints and Maximum number of fingerprints Specify the minimum and maximum number of fingerprints a user can enroll. Force number of fingerprints to enroll must be selected. Fingerprint recognition accuracy Configure the required fingerprint reader accuracy. (Not supported with Intel Authenticate fingerprint) Copyright 2018 HP Development Company, L.P. 8 HP Client Security with Intel Authenticate Support 40

41 Smart Card Options Lock PC when smart card is removed Automatically locks the computer when a smart card used as a credential is ejected. PIN Options Set allowed PIN length Specify the minimum number of characters for a user PIN. (Not supported with Intel Authenticate PIN) 8.6 Device Access Manager Hardware On this page, you can deploy access permission for a variety of device classes or devices. The access can be set for both administrators and standard users. The following device classes and devices are listed: biometric devices, Bluetooth, imaging devices, network adapters, and ports (COM & LPT). Allow Access for Administrators Enables an administrator to access a device class or device Allow Access for Standard User Enables a standard user to access a device class or device. Copyright 2018 HP Development Company, L.P. 8 HP Client Security with Intel Authenticate Support 41

42 8.6.2 Removable Media On this page, an IT administrator can set access permissions for removable storage, such as USB drives, and CD/DVD-ROM drives. Configure Removable Media options The options can be configured with one of the following rights each for both administrators and standard users: Full Access Allows users to add, edit, delete, and read files from the selected removable media. Read Only Allows users only to read files from the selected removable media. JITA (Just In Time Authentication) Allows users to add, edit, delete, and read files for the amount of time (beginning after the user has entered their credentials) specified in the dropdown box. No Access Disables user access to any of the files available in the selected removable media. 8.7 Creating a policy 5. In Configuration Manager, select Assets and Compliance, and then select Overview. 6. Select HP Manageability Integration Kit, right-click Client Security Manager, and then select Create Policy. 7. Enter a Baseline name and start the creating policy wizard. 8. Modify settings. After configuring the settings, select Next. 9. Review the Summary page. If changes are necessary, select the Previous button; otherwise, select Save Policy. Copyright 2018 Chinesische musik kostenlos legal Development Company, L.P. 8 HP Client Security with Intel Authenticate Support 42

43 Figure 27 Review Summary 10. After the policy has been saved successfully, select Deploy, and then select the target collections to which to apply the policy. 8.8 Editing a policy 11. In Configuration Manager, select Assets and Compliance, and then select Overview. 12. Select HP Manageability Integration Kit, right-click Client Security Manager, and then select Edit Policy. 13. Select an existing baseline policy to edit, and the select OK. 14. Follow the on-screen instructions to complete the wizard. 8.9 Additional information Policies created with HP Client Security create configuration items for both Client Security Manager and Device Access Manager. Be sure to configure Intel Authenticate before creating policies. See the Intel Authenticate documentation for more information on whether your computer is supported and how to set up Intel Authenticate. Copyright 2018 HP Development Company, L.P. 8 HP Client Security with Intel Authenticate Support 43

44 8.10 Security Provisioning Remotely managed systems need to be configured for activating HP Sure 8.8 and HP Sure Recover. HP Sure Run and HP Sure Recover are managed using cryptographically verified commands that use public/private key pairs. In the steps below two separate key pairs are set up: - The signing key which is the key pair whose private key is used to sign the settings being sent. - The key pair embedded within the key endorsement certificate whose private key is used only to sign any updates to the signing key. The client systems will also display the organization string specified in this certificate on the first boot following provisioning. This provisioning typically happens only once and the public keys are sent to the client systems as the keys to use for signature validation of future HP Sure Run and HP Sure Recover commands Initial Provisioning or Update Provisioning Initial Provisioning Provision system for 1st time setup. End user needs to provide both signing key and Key Endorsement Certificate for initial provisioning. Click on Browse option next to text field to select the key/certificate saved on local disks. Once selected select Submit and then hit Next. Note - The Key format supported is Personal Information Exchange (PFX). Copyright 2018 HP Development Company, L.P. 8 HP Client Security with Intel Authenticate Support 44

45 Update Provisioning For collection of systems that have already been provisioned with above, IT Administrator has the ability to re-provisioin with an updated signing key. Navigate to Security Provisioing and select option Updatge Provisioning. Administrator need to provide signing key for update provisioning. Click on Browse option next to text field to select the key saved on local disks. Once selected select Submit and then hit Next Copyright 2018 HP Development Company, L.P. 8 HP Client Security with Intel Authenticate Support 45

46 Deprovision For collection of systems that have already been provisioned, IT administrtor has the ability to deprovision the systems. Navigate to Security Provisioing and select option Deprovision. Click Next to Deprovision. Note 1. No Key/Certificate required for deprovisioning (the existing key/certificate is used). 2. While deprovisioning previously provisioned systems, features of HP Sure Run and HP Sure Recover will be automatically disabled as part of the policy push Additional information For client system to be successfully provisioned 1. 1 time reboot of client system is needed post policy deployment. 2. Post reboot end user will be prompted to type in 4 digit security code as displayed on screen at boot time. 3. IT Administrator needs to ensure the keys required for provisioning are saved in a secure location. The signing key is used every https://flexumgel.club/demo/marcos-e-belutti-crime-perfeito.php a setting in HP Sure Run or HP Sure Recover is changed. The key endorsement certificate is only used in cases where an update to the signing key needs to be made Update Provisioning for provisioned systems To update both the signing key and Key Endorsement certifcate,administrator will have to first deprovision and do Initial Provisioning again. If the private half of the signing key becomes compromised it can be replaced by chosing the Update Provisioning option and selected a new signing key then clicking Next. NOTE: Should the private half of the key endorsement certificate become compromised the method used to replace it depends on the state of the private half of the signing key on the client systems. Copyright 2018 HP Development Company, L.P. 8 HP Client Security with Intel Authenticate Support 46

47 - If the signing key has not been replaced on the client systems perform a deprovision and do the initial provisioning again with a new signing key pair and a new endorsement certificate. It is important to verify that all system were successfully updated. - If the signing key has been replaced on the client systems it is necessary to use the Unprovision SPM option on the Secure Platform Management menu in BIOS F10 Setup (this option is not available remotely) For client system to be successfully un-provisioned. 1. Multiple Evaluate attempts (within SCCM Configuration Manager) may be required in some cases for deprovisioning to be successful. 2. It is recommended to first send out a policy with HP Sure Run disabled and/or HP Sure Recover disabled followed by a second policy push with Deprovision selected Systems which fail to be unprovisioned HP Sure Run / HP Sure Recover can only be managed via the local (HP Client Security Manager) or remote (MIK) approach, on a first come, first served basis. Once enabled and configured using one of these approaches, the other is no longer available until it is unconfigured and disabled. This can be accomplished by using the Unprovision SPM option on the Secure Platform Management menu in BIOS F10 Setup (this option is not available remotely) What to do if the signing key or endorsement certificate are lost It is possible to manually deprovision HP Sure Run and HP Sure Recover by using the Unprovision SPM option on the Secure Platform Management menu in BIOS F10 Setup (this option is not available remotely) BIOS Admin Password While a BIOS Admin Password is not required to use HP Sure Run or HP Sure Recover, it is recommended to use a BIOS administrator password to prevent an attacker with physical access from disabling HP Sure Run via the HP Computer (BIOS) Setup page. Copyright 2018 HP Development Company, L.P. 8 HP Client Security with Intel Authenticate Support 47

48 8.11 HP Sure Run Overview HP Sure Run can help you monitor critical applications and alert you in case of external threat. HP Sure Run allows selection of individual applications or application categories to be monitored Configuration Navigate to HP Sure Run Page. To enable HP Sure Run select Enable. IT Administrator will have HP-recommended policy pre-selected, with ability to modify as needed. Listed below are categories and sub-categories available for monitoring. OS Processes Sub category Security Copyright 2018 HP Development Company, L.P. 8 HP Client Security variant lagu imlek nick chung 2015 best for Intel Authenticate Support 48

49 OS Processes Sub category Network / Management / Application Infrastructure OS Processes Sub category Core OS HP Products / HP Processes Copyright 2018 HP Development Company, L.P. 8 HP Client Security with Intel Authenticate Support 49

50 3 rd Party Products Supported client platforms HP commercial PCs Intel (KBL-R,800 series and above), AMD (Ryzen, 700 series) Supported client operating systems Windows 10 RS3 and above Other client system prerequisites Microsoft.NET Framework or higher HP Client Security Manager XXXX or above HP MIK Client v or higher Pre-Requisite All client systems are provisioned for HP Sure Run Policy to be applied. Please review section on Security Provisioning for details Creating a policy 1. In Configuration Manager, select Client Security, and then select Overview. 2. Select HP Manageability Integration Kit, right-click Client Security Manager, and then select Create Policy. 3. Enter a Baseline name and start the creating policy wizard. 4. Navigate to HP Sure Run page. Confirm default selections and modify as needed. Click on Next. Copyright 2018 HP Development Company, L.P. 8 HP Client Security with Intel Authenticate Support 50

51 5. On Summary Page under section HP Sure Run selected sub-categories are available for final review and changes. Clicking on edit for any sub-category will re-open HP Sure Run page for policy updates. 6. Select Save Policy. 7. After the policy has been saved successfully, select Deploy, and then select the target collection{s} to apply the policy. Copyright 2018 HP Development Company, L.P. 8 HP Client Security with Intel Authenticate Support 51

52 Additional information 1. Client system must be rebooted for policy to be applied successfully. In case a policy fails to deploy, an additional reboot may be required. 2. IT Administrator need to ensure selected application{s} installed on client systems. Otherwise end user will see continuous toaster notifications for applications not installed. 3. Any potential malicious activity on client system will result in: o o Toaster pop-up displayed to end user. Equivalent HP Sure Run messages logged in Windows Event Viewer Uninstalling protected applications If protected applications are no longer needed, the HP Sure Run configuration must be modified to remove the application from the watch list before uninstalling Interaction between HP Sure Run and HP Sure Recovery If an OS recovery is performed using HP Sure Recover, HP Sure Run is automatically disabled following the recovery process and must be reenabled Resetting or clearing of the TPM will result in HP Sure Run failures HP Sure Run requires the use of TPM 2.0 are kevin sam w domu skype variant perform signing and decryption operations. When the TPM is reset or cleared any keys that HP Sure Run created will be invalidated and cannot be used. The only way to resolve this is to disable HP Sure Run and then reenable it. Copyright 2018 HP Development Company, L.P. 8 HP Client Security with Intel Authenticate Support 52

53 8.12 HP Sure Recover Overview HP Sure Recover helps you to restore OS / DVD image over the network with minimal user interaction Configuration Navigate to HP Sure Recover Page. To enable HP Sure Recover select Enable. IT Administrator can configure location to download OS image from HP FTP or custom enterprise location Recovery from HP IT Administrator will have HP-recommended policy pre-selected, with ability to modify as needed. To recover from HP recommended OS (with drivers) image download please select HP Device Drivers checkbox Custom Recovery Select Custom option for restore with customized OS image. The IT administrator needs to provide the URL to download the image from and Image verification key for image validation. Copyright 2018 HP Development Company, L.P. 8 HP Client Security with Intel Authenticate Support 53

54 Note 1. Both FTP & HTTP are supported. 2. Username / Password are optional and depend on the way FTP/HTTP accounts are configured. 3. Image Key format supported is.pem /.pfx 4. URL must be provided in following format - example ftp://abc.ftp.com/<folder>/<name>.mft. Refer to section # Additional Information for details on how to create manifest file Schedule Recovery on client systems IT administrator can schedule OS recovery on managed devices by enabling Schedule HP Sure Recover. Recovery can be scheduled for a day or multiple days in a week at a specific time Supported client platforms HP commercial PCs Intel (KBL-R, 800 series and above), AMD (Ryzen, 700 series) Supported client operating systems Windows 10 RS3 and above Other client system prerequisites Microsoft.NET Framework or higher HP Client Security Manager XXXX or above HP MIK client v or higher Pre-Requisite All client systems are provisioned for HP Sure Recover Policy to be applied. Please review section on Security Provisioning for details. Copyright 2018 HP Development Company, L.P. 8 HP Client Security with Intel Authenticate Support 54

55 Creating a policy 1. In System Center Configuration Manager, select HP Manageability Integration Kit, right-click Client Security Manager, and then select Create Policy. 2. Navigate to HP Sure Recover Page. Confirm default selections and modify as needed. Click on Next. 3. On Summary Page under section HP Sure Recover selections are available for final review and changes. Clicking edit for any of the item listed will re-open HP Sure Recover page for policy updates Select Save Policy Additional information 1. Client system must be rebooted click to see more policy to be applied successfully. In case a policy fails to deploy, an additional reboot may be required. 2. Steps to generate manifest file Copyright 2018 HP Development Company, L.P. 8 HP Client Security with Intel Authenticate Support 55

56 a. Pre-requisites, access to sha256sum tool & Openssl tool b. Create cs 1.6 v44 p48 manifest file The manifest format for the custom image is the output of the SHA256SUM.EXE command. Example: >sha256sum os-drivers.wim > image.mft >type image.mft 8f161eac8d ad8892e5d529b0287b5a9b8604c546e5a66d c1ab *os-drivers.wim Note: i. sha256sum tool available for check this out online. ii. Your output hash will be certainly different. c. Sign the manifest file Create RSA 2048 bits key pair C:\OpenSSL\bin>openssl.exe dgst -sha256 -sign recovery_private.pem -out image.sig image.mft Note: i. The signing key used should match the one used when provisioning CPR, otherwise you are going to get an authentication failure when running the recovery process. ii. sha256sum tool available for download online Interaction between HP Sure Run and HP Sure Recovery If an OS recovery is performed using HP Sure Recover, HP Sure Run is automatically disabled following the recovery process and must be reenabled. Copyright 2018 HP Development Company, L.P. 8 HP Client Security with Intel Authenticate Support 56

57 9 Device Guard (Windows 10 only) Device Guard is included with Windows 10 and provides hardware- and software-based malware protection, by verifying that applications and drivers are from a trusted source before they are allowed to run. In HP MIK, Device Guard polices provide an easy option for an IT administrator to enable Device Guard. 9.1 Supported client platforms HP commercial computers (2015 or later) 9.2 Supported client operating systems Windows Other client system prerequisites Microsoft.NET Framework 4.0 or higher HP MIK 9.4 Creating a policy 1. In Configuration Manager, select Assets and Compliance, and then select Overview. 2. Select HP Manageability Integration Kit, right-click Device Guard, and then select Create Policy. 3. Enter a Baseline name and then follow the on-screen instructions to complete the wizard. 4. Select one of the following options: Copyright 2018 HP Development Company, L.P. 9 Device Guard (Windows 10 only) 57

58 Figure 28 Microsoft Device Guard a. Create a policy to activate device guard support Modifies the registry on target systems, enables the virtualization extension, enables Hyper-V, and enables Device Guard virtualization-based security. The following registry settings are modified: i. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceGuard] 1. "EnableVirtualizationBasedSecurity"=dword: "HypervisorEnforcedCodeIntegrity"=dword: "RequirePlatformSecurityFeatures"=dword: ii. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] 1. "LsaCfgFlags"=dword: The following Windows features are modified: i. Microsoft Hyper-V and Isolated User Mode are enabled. The following BIOS settings are modified (if they are available on the client computer) i. SVM CPU Virtualization is enabled on AMD Platforms ii. Virtualization Technology (VTx) is enabled on Intel platforms iii. Virtualization Technology for Directed I/O (VTd) is enabled on Intel Platforms iv. TPM Device is set to available v. TPM State are set to available vi. CD-ROM Boot is disabled vii. PXE Boot is disabled viii. USB Storage Boot is disabled ix. Legacy Boot is disabled x. UEFI Boot is enabled xi. Configure Legacy Boot Support is set to Legacy Support Disable and Secure Boot Enable b. Create policy to deactivate device guard support Disables Device Guard virtualization-based security. Deactivating Device Guard reverts registry settings to their default settings. i. Hyper-V is disabled. ii. BIOS Virtualization is disabled. 5. Review the Summary page. If changes are necessary, select the Previous button; otherwise, select Save Policy. 6. After the policy has been saved successfully, select Deploy, and then select the target collections to which to apply the policy. Copyright 2018 HP Development Company, L.P. 9 Device Guard (Windows 10 only) 58

59 9.5 Editing policy 1. In Configuration Manager, select Assets and Compliance, and then select Overview. 2. Select HP Manageability Integration Kit, right-click Device Guard, and then select Edit Policy. 3. Select an existing baseline policy to edit, and then select OK. Figure 29 Edit baseline policies 4. Complete the procedure for steps 4 through 6 in Creating a policy. 9.6 Additional information For client computers, the HP MIK Device Guard policy log is created in %PROGRAMDATA%\HP\HP MIK\Logs. The following error codes might be encountered: Table 1 Device Guard error code table Error code Description 0 OK 1 Item is not known. There might be an installation error. 2 Operating system not supported. See the operating system requirements. 3 CPU/Chipset not supported. See the platform requirements. 4 Outdated Graphics Driver. Update the graphics driver before attempting the operation again. Copyright 2018 HP Development Company, L.P. 9 Device Kebaikan ibarat dakine (Windows 10 only) 59

60 Error code Description 5 Failed to enable BIOS CPU Virtualization 6 Failed to set BIOS TPM Device as Available 7 Failed to disable BIOS USB device boot 8 Failed to disable BIOS PXE boot 9 Failed to disable BIOS Floppy boot 10 Failed to disable BIOS CD-ROM boot 11 Failed to change BIOS Boot Mode to UEFI Native (Without CSM) 12 Failed to enable BIOS Secure Boot 13 Failed to set Hyper-V 14 Failed to set Isolated User Mode 15 Error in setting Registry value(s) 16 Failed to modify Windows features Copyright 2018 HP Development Company, L.P. 9 Device Guard (Windows 10 only) 60

61 10 HP Sure Start HP Sure Start protects the HP BIOS from any malware or virus threat by verifying the integrity of the BIOS when the computer starts or restarts, by default. Additional policies can increase the frequency with which the BIOS is verified and the BIOS event log policy can capture any event. HP Sure Start policy management in HP MIK allows you to manage policies remotely and ensures the appropriate logging and notification of malicious attacks and security removed online zuma revenge no good in BIOS and the subsequent repairs. Figure 30 HP Sure Start 10.1 Supported client platforms HP 700 series and higher commercial computers (2014 or later) 10.2 Supported client operating systems Windows 10 Windows 8.1 Windows Other client system prerequisites Microsoft.NET Framework 4.0 or higher HP MIK Copyright 2018 HP Development Company, L.P. 10 HP Sure Start 61

62 10.4 User interface BIOS Security Settings tab Figure 31 BIOS security settings Verify Boot Block on every boot Verifies that authorized modifications to the system boot image are stored in the nonvolatile memory. When enabled, HP Sure Start verifies the integrity of the HP firmware boot image when the computer starts or restarts, or exits Hibernation or Sleep mode. This setting provides higher security, but can increase start time. When disabled, HP Sure Start verifies the integrity of the HP firmware boot image when the computer starts or exits Hibernation or Sleep mode. Dynamic Runtime Scanning of Boot Block Verifies the integrity of the HP boot image periodically while the computer is on and the operating system is running. When enabled, HP Sure Start verifies the integrity of the HP boot image every 15 minutes. Lock BIOS Version Disables BIOS updates. Sure Start BIOS Setting Protection Disables changes to all critical BIOS settings and provides enhanced protection for these settings via the HP Sure Start non-volatile memory. The BIOS administrator password a dead scene rar required to enable this setting. Enhanced HP Firmware Runtime Intrusion Prevention and Detection Monitors HP system firmware executing out of main memory while the operating system is running Events and Recovery Settings tab These setting control HP Sure Start behavior after a critical security event, such as the BIOS being attacked or corrupted, is identified. Copyright 2018 HP Development Company, L.P. 10 HP Sure Start 62

63 Figure 32 Events and Recovery Settings Sure Start Security Event Policy Select Log Event Only to log all critical security events in the HP Sure Start Audit Log within the HP Sure Start non-volatile memory. Select Log Event and Power Off System to power off the system after detecting and logging a HP Sure Start Security Event. Because data might be lost, HP recommends using this setting only in situations where security integrity of the system is a higher priority than the risk of potential data loss. BIOS Data Https://flexumgel.club/demo/cello-suite-bwv-1007-prelude-skype.php Policy Select Automatic to automatically repair any firmware integrity issues in the non-volatile (flash) memory. Select Manual to repair firmware integrity issues when the Esc+Windows+Up Arrow+Down Arrow key combination is pressed. HP recommends this setting for IT administrators only. Prompt on Network Controller Configuration Change Monitors the network controller configuration and prompts the local user if any changes are detected compared to the factory configuration. Save/Restore Hard Drive Partition Table Saves the Master Boot Record (MBR) or the GUID Partition Table (GPT) of the system hard drive. Copyright 2018 HP Development Company, L.P. 10 HP Sure Start 63

64 Audit Log tab Figure 33 HP Sure Start Audit Log If Gather Sure Start event logs is select, HP MIK retrieves HP Sure Start event logs from the client computers and stores them in the Configuration Manager hardware inventory Creating a policy 1. In Configuration Manager, select Assets and Compliance, and then select Overview. 2. Select HP Manageability Integration Kit, right-click Sure Start, and then select Create Policy. 3. Enter a Baseline name, and then select Start Policy. Copyright 2018 HP Development Company, L.P. 10 HP Sure Start 64

65 Figure 34 HP Sure Start Policy Configuration 4. Modify the settings, and then click Next. 5. Review the Summary page. If changes are necessary, select the Previous button; otherwise, select Save Policy. 6. After the policy has been saved successfully, select Deploy, and then select the target collections to which to apply the policy Editing a policy 1. In Configuration Manager, select Assets and Compliance, and then select Overview. 2. Select HP Manageability Integration Kit, right-click Sure Start, and then select Edit Policy. 3. Select an existing baseline policy to edit and select OK to continue the wizard. Figure 35 Configure Sure Start Baselines 4. Complete the procedure for steps 4 through 6 in Creating a policy Additional information Not all features are supported on all systems. Certain systems might require a manual action to restart after a configuration change. Copyright 2018 HP Development Company, L.P. 10 HP Sure Start 65

66 Audit logs For client computers, the HP MIK Sure Start policy log is created in %PROGRAMDATA%\HP\HP MIK\Logs. If enabled, HP MIK retrieves HP Sure Start logs as part of the Configuration Manager hardware inventory. To view the audit log entries: 1. In Configuration Manager, select Assets and Compliance, select Overview, and then select Devices. 2. Right-click a device, select Start, and then select Resource Explorer. 3. Select Hardware, and then select HP Sure Start Audit Logs. Figure 36 HP Sure Start Audit Logs Copyright 2018 HP Development Company, L.P. 10 HP Sure Start 66

67 11 HP Sure View 11.1 Overview HP Sure View eliminates the need to carry additional tools to guard sensitive information. Users simply press the fn+f2 key to immediately transition the PC to privacy mode, which reduces up to 95 percent of visible light when viewed at an angle, making it difficult for others to view information on the screen Supported Client Platforms HP EliteBook 840 G3 HP EliteBook 1040 G Supported client operating systems Windows 10 Windows 8.1 Windows Creating a policy 1. In Configuration Manager, select Assets and Compliance, and vipre 2014 android select Overview. Figure 37 HP SureView Baseline configuration Copyright 2018 HP Development Company, L.P. 11 HP Sure View 67

68 2. Select HP Manageability Integration Kit, right-click SureView, and then select Create Baseline. 3. Enter a Baseline name, and then click OK to save the Baseline with that name. 4. HP Sure View will be enabled by default. Figure 38 HP Sure View Copyright 2018 HP Development Company, L.P. 11 HP Sure View 68

69 5. Click Next and save the policy. Then select the collection the policy should be applied to. Figure 39 Deploy a Device Collection 6. Click Deploy to apply the policy to the client systems within the collection Editing a policy 1. In Configuration Manager, select the policy you want to edit. Copyright 2018 HP Development Company, L.P. 11 HP Sure View 69

70 Figure 40 HP SureView baselines 2. Select HP Manageability Integration Kit, right-click SureView, and then select Edit Policy. 3. Make any necessary changes, and then click OK to save the policy with that name. Copyright 2018 HP Development Company, L.P. 11 HP Sure View 70

71 12 TPM Firmware Update The TPM firmware update policy helps perform the following actions: Upgrading from an older TPM 1.2 firmware to a newer TPM 1.2 firmware Upgrading from an older TPM 2.0 firmware to a newer TPM 2.0 firmware Converting openmanage TPM 1.2 to TPM 2.0 Converting from TPM 2.0 to TPM Supported client platforms Desktop computers: HP EliteDesk 705 G2 Desktop Mini PC HP EliteDesk W G2 Desktop Mini PC HP EliteDesk W G2 Desktop Mini PC HP EliteDesk 800 G2 Small Form Factor PC HP EliteDesk 800 G2 Tower PC HP EliteOne 800 G2 23-inch Non-Touch All-in-One PC HP EliteOne 800 G2 23-inch Touch All-in-One PC HP ProDesk 400 G2 Desktop Mini PC HP ProDesk 400 G3 Microtower PC HP ProDesk 400 G3 Small Form Factor PC HP ProDesk 480 G3 Microtower PC HP ProDesk 490 G3 Microtower PC HP ProDesk 498 G3 Microtower PC HP ProDesk 600 G2 Desktop Mini PC HP ProDesk 600 G2 Microtower PC HP ProDesk 600 G2 Small Form Factor PC HP ProOne 400 G2 20-inch Non-Touch All-in-One PC HP ProOne 400 G2 20-inch Touch All-in-One PC HP ProOne 600 G1 All-in-One PC HP ProOne 600 G inch Non-Touch All-in-One PC HP RP9 G1 Retail System Model 9015 HP RP9 G1 Retail System Model Notebook computers: HP EliteBook 1030 G1 Notebook PC HP EliteBook 1040 G3 Notebook PC Copyright 2018 HP Development Company, L.P. 12 TPM Firmware Update 71

72 HP EliteBook 725 G3 Notebook PC HP EliteBook 745 G3 Notebook PC HP EliteBook 755 G3 Notebook PC HP EliteBook 820 G3 Notebook PC HP EliteBook 840 G3 Notebook PC HP EliteBook 850 G3 Notebook PC HP EliteBook Folio G1 Notebook PC HP Elite x G1 HP ProBook 430 G3 Notebook PC HP ProBook 440 G3 Notebook PC HP ProBook 450 G3 Notebook PC HP ProBook 455 G3 Notebook PC HP ProBook 470 G3 Notebook PC HP ProBook 640 G2 Notebook PC HP ProBook 645 G2 Notebook PC HP ProBook 650 G2 Notebook PC HP ProBook 655 G2 Notebook PC HP ZBook 15 G3 Mobile Workstation HP ZBook 17 G3 Mobile Workstation HP ZBook Studio G3 Mobile Workstation 12.2 Supported client operating systems Windows 10 Windows 8.1 Windows 7 (TPM 1.2 only) 12.3 Other client system prerequisites Infineon SLB9670 TPM chip Latest commercial BIOS Microsoft.NET Framework 4.0 or higher. HP MIK 12.4 Creating a policy 1. In Configuration Manager, select Assets and Compliance, and then select Overview. 2. Select HP Manageability Integration Kit, right-click TPM Firmware Update, and then select Create Policy. 3. Enter a Baseline name, and then follow the on-screen instructions to complete the wizard. 4. Select the target TPM version, and then select Create Policy. See Additional information for warnings and limitations. Copyright 2018 HP Development Company, L.P. 12 TPM Firmware Update 72

73 Figure 41 HP Trusted Platform Module Firmware Update 5. Review the Summary page. If changes are necessary, select the Previous button; otherwise, select Save Policy. 6. After the policy has been saved successfully, select Deploy, and then select the target collections to which to apply the policy Editing a policy 1. In Configuration Manager, select Assets and Compliance, and then select Overview. 2. Select HP Manageability Integration Kit, right-click BIOS Configuration, and then select Edit Policy. 3. Select an existing baseline policy to edit, and then select OK to continue the wizard. Copyright 2018 HP Development Company, L.P. 12 TPM Firmware Update 73

74 Figure 42 HP TPM Firmware Update Baseline 4. Complete the procedure for steps 4 through 6 in Creating a policy Additional information WARNING! To avoid a complete loss of data, the primary drive must be in a decrypted state before pushing this policy. The policy has a built-in check for BitLocker and WinMagic disk encryption solutions only. If BitLocker or WinMagic drive encryption is used, the policy exits with an appropriate error code logged. The policy does not detect other disk encryption solutions. TPM can be converted between TPM 1.2 and TPM 2.0 up to a maximum of 64 times. Converting TPM involves potentially upgrading to a newer TPM firmware. The following rules govern this operation: If the system has TPM 1.2 and the target is TMP 2.0, TPM 2.0 is enabled and upgraded with the latest firmware version. If the system has TPM 2.0 and the target is TPM 1.2, TPM 1.2 is enabled and upgraded with the latest firmware version. If the system has TPM 1.2 and the target is TPM 1.2, TPM 1.2 is upgraded to the latest firmware version. If the system has TPM 2.0 and the target is TPM 2.0, TPM 2.0 is upgraded to the latest firmware version. This procedure requires a manual action to complete the reboot. Copyright 2018 HP Development Company, L.P. 12 TPM Firmware Update 74

75 13 HP WorkWise (Windows 10 only) HP WorkWise is a smartphone-to-computer integrated HP app that helps you secure, monitor, and simplify your PC experience. Users can download apps from the Microsoft app store, but IT administrators can specify which features are available on the client computers Supported client platforms HP commercial computers (2016 or later) 13.2 Client system prerequisites Windows 10 Https://flexumgel.club/demo/hmrc-rti-new-starter-checklist.php Update Microsoft.NET Framework 4.0 or higher. The HP WorkWise software must be installed on the client computers. For app-specific requirements, see the HP WorkWise documentation User interface The user interface for this app allows you to enable or disable the HP WorkWise features. Copyright 2018 HP Development Company, L.P. 13 HP WorkWise (Windows 10 only) 75

76 Figure 43 HP WorkWise Feature Selection All Features Select to enable all features. Security Select to enable both Lock/Unlock and Tamper Detection. Performance Select to enable the computer performance monitoring features, PC Dashboard and Hot PC remediation. Printer Select to enable Printer Driver Installer Creating a policy 1. In Configuration Manager, select Assets and Compliance, and then select Overview. 2. Select HP Manageability Integration Kit, click to see more HP WorkWise, and then select Create Policy. 3. Enter a Baseline name, and then follow the on-screen instructions to complete the policy wizard. 4. Modify the settings. 5. Review the Summary page. If changes are necessary, select the Previous button; otherwise, select Save Policy. 6. After the policy has been saved successfully, select Deploy, and then select the target collections to which to apply the policy Editing a policy 1. In Configuration Manager, select Assets and Compliance, and then select Overview. Copyright 2018 HP Development Company, L.P. 13 HP WorkWise (Windows 10 only) 76

Источник: https://technodocbox.com/Windows/123508937-Hp-manageability-integration-kit-hp-client-management-solutions.html