Manual
Table Of Contents
- Preface
- Chapter 1. Overview
- Chapter 2. Installation
- Chapter 3. Working with Client Security Solution
- Chapter 4. Working with ThinkVantage Fingerprint Software
- Chapter 5. Working with Lenovo Fingerprint Software
- Chapter 6. Best Practices
- Deployment examples for installing Client Security Solution
- Switching Client Security Solution modes
- Corporate Active Directory rollout
- Standalone Install for CD or script files
- System Update
- System Migration Assistant
- Generating a certificate using key generation in the TPM
- Using USB fingerprint keyboards with 2008 ThinkPad notebook computer models (R400/R500/T400/T500/W500/X200/X301)
- Appendix A. Special considerations for using the Lenovo Fingerprint Keyboard with some ThinkPad notebook models
- Appendix B. Synchronizing password in Client Security Solution after the Windows password is reset
- Appendix C. Using Client Security Solution on a reinstalled Windows operating system
- Appendix D. Using the TPM on ThinkPad notebook computers
- Appendix E. Notices
- Glossary
EFSprotectionutility
ClientSecuritySolutionprovidesacommandlineutilitythatenablesTPM-basedprotectionofencryption
certicatesusedbytheEncryptingFileSystem(EFS)toencryptlesandfolders.Thisutilitysupports
transferofthirdpartycerticates(certicatesgeneratedbyaCerticateAuthority)andalsosupports
generationofself-signedcerticates.
ProtectionoftheEFScerticatebyClientSecuritySolutionmeansthattheprivatekeyassociatedwiththe
EFScerticateisprotectedbytheTPM.Accesstothecerticateisgrantedaftertheuserhasauthenticated
toClientSecuritySolution.
IfnoTPMisavailable,theEFScerticateisprotectedusingtheTPMemulatorprovidedbyClientSecurity
Solution.YoumustbeenrolledwithClientSecuritySolutiontobeabletohavetheEFScerticatesprotected
byClientSecuritySolution.
CAUTION:
IfyouuseClientSecuritySolutionandtheEncryptingFileSystem(EFS)toencryptlesandfolders,
thenanytimeClientSecuritySolutionortheTrustedPlatformModuleisnotavailable,youcannot
accesstheencryptedles.
IftheTrustedPlatformModulebecomesnon-responsive,ClientSecuritySolutionwillrestoreaccessto
encrypteddataafterthemotherboardisreplaced.
UsingtheEFScommandlineutility
ThefollowingtableprovidesthecommandlineparametersthataresupportedforEFS:
Table9.CommandlineparameterssupportedforEFS
ParameterDescription
/generate:<size>Generatesaself-signedcertandassociatesthecerticate
withEFS.If<size>isspecied,thekeygeneratedwillbe
ofthespeciedbitsize.Validvaluesinclude512,1024
and2048.Ifnovalue,oraninvalidvalue,isspecied,the
defaultwillbethegenerationof1024-bitkeys.
/sn:xxxxxxSpeciestheserialnumberofanexistingcerticateto
transferandassociatewithEFS.
/cn:yyyyyySpeciesthename("issuedto")ofanexistingcerticate
totransferandassociatewithEFS.
/rstavailTransferstherstavailableexistingEFScerticateand
associatewithEFS.
/silent
Doesnotdisplayanyoutput.Returncodesprovidedby
thevaluewhentheprogramexits.
/?or/hor/help
Displaysthehelpinformation.
Whennotruninsilentmode,theutilitywillreturnoneofthefollowingerrors:
0-"Commandcompletedsuccessfully"
1-"ThisutilityrequiresWindowsXP"
2-"ThisutilityrequiresClientSecuritySolutionversion8.0"
3-"ThecurrentuserisnotenrolledwithClientSecuritySolution"
4-"Thespeciedcerticatecouldnotbefound"
5-"Unabletogenerateaself-signedcerticate”
6-"NoEFScerticateswerefound"
7-"UnabletoassociatethecerticatewithEFS”
Chapter3.WorkingwithClientSecuritySolution25