Fingerprint reader Setup

Performance, hardware, software, general buying and gaming discussion..
Post Reply
Message
Author
Nomad-Man
Freshman Member
Posts: 74
Joined: Fri Dec 10, 2004 12:41 am
Location: Michigan, USA

Fingerprint reader Setup

#1 Post by Nomad-Man » Thu Jul 14, 2005 10:30 am

Could somebody give me a walk through or show me a post maybe on the subject.
Ive never had WinXP or a IBM thinkpad. I need to set the FingerPrint reader, and before I start it says i need to set some windows passwords or something. I just want to make sure I do this right and dont get the whole computer hosed up.
A walk thru guide would be great.
Also how does the Security subsystem work along with this, do I need to do something there first before setting the fingerprint reader.
Like I said all this is new to me as this is my first thinkpad.
T43 .. First Thinkpad...Ordered 06/07/05...Received 06/21/05
Lovin' it
Top
Ground Loop
Sophomore Member
Posts: 174
Joined: Sun Jul 10, 2005 2:19 am

#2 Post by Ground Loop » Thu Jul 14, 2005 12:01 pm

There is indeed a dazzling array of passwords, and it would be nice if there was some document that explained (with examples) how each one would be used.
  • BIOS Supervisor Password
If you define and enable it, you need this password to change BIOS settings. This password might be handy if you lend out your Thinkpad. Someone could boot and use it, but not go in and dork your BIOS settings.
  • Boot Password
You need this password to boot the machine at all. Without it, you can't access the BIOS, choose a boot device, or do anything useful. This is the one that makes the laptop useless to a thief.

The BIOS Supervisor Password can also be used in place of the boot password (?).
  • Hard Disk Password
There are two passwords on the IBM hard disk drive itself.. the master and user password. These passwords lock the IDE drive so the entire drive can not be used without first sending them. It's important to note that this is a common IDE feature, not a BIOS feature. The BIOS just allows you to enter the password and passes it down to the drive to either unlock or ignore.

If you lock the hard drive, and forget the password, the drive would have to be replaced -- its contents lost.

Moving the drive to another ThinkPad simply moves the password with it.

The actual contents on the hard drive are not encryped or hidden. It's just the IDE firmware refusing access to the drive. There are secret methods to defeat this password, and companies that provide that service regularly to law enforcement or companies, so it should not be considered high security. Typically the IT department would set the Master Password and allow the owner to set the User Password, so they always have some way to recover the drive after it is returned. Smart IT departments would never send the drive out with the Master Password unset, since it might come back to them with a password they don't know.

This password would be used as a speed-bump for a laptop thief or someone trying to access your confidential files.
  • Windows user password
Hopefully you know what this is. You picked this password when you created the initial user account during installation.
  • Windows Admin password
Although it doesn't show in the Login list, or under the User Manager, there is also a login named "Administrator" that was defined during Windows installation.
  • Fingerprint Reader
I need some help with this one, being new to it myself.. it seems the fingerprint scanner (a USB device) holds inside it a number of fingerprint templates. It also holds the cleartext passwords for enrolled users. So, without any Windows software, it can scan your fingerprint at power-up and supply the Boot Password and Windows password for your login. What else can it be used for? Hard Disk password as well?
  • Rescue / Recovery password (for each user?)
Every time I change or modify my Windows login password, I am prompted to set the R&R password as well. It appears IBM has hooked into the Windows password-change operation so that it can get your cleartext password right after you have set it, and use that same password for its own security features. I haven't used R&R, so I keep chosing "Later" with no password.
  • IBM Embedded Security Subsystem 2.0
This TCG-compliant NS PC8394T chip is a whole cryptographic processor with secure (tamper-proof) key storage. I haven't used it yet, but I believe this lets you store private keys inside the module, and do things like encrypt files by passing the file data through the Security processor. This would be used to lock down files or directories on your hard drive so that someone stealing or spying on your laptop would have a more difficult time accessing your confidential files. It doesn't appear to be theft protection, because anyone can erase the whole processor at any time, restoring it to factory defaults. Without a backup of the keys, though, all the files would then be unreadable to anyone.
Top
Nomad-Man
Freshman Member
Posts: 74
Joined: Fri Dec 10, 2004 12:41 am
Location: Michigan, USA

#3 Post by Nomad-Man » Thu Jul 14, 2005 2:49 pm

There is indeed a dazzling array of passwords, and it would be nice if there was some document that explained (with examples) how each one would be used.
Holy Crap....Talk about adding fuel to the fire.. its worse than I thought.

I have no passwords to speak of.. not even windows.
It looks like I have a Admistrator account with my name and a guest account.

Dont really know what I need to do at this point.
Somebody needs to make up a users manual on this.. as the Ibm documention that came with the laptop doesnt do much.
T43 .. First Thinkpad...Ordered 06/07/05...Received 06/21/05
Lovin' it
Top
Nomad-Man
Freshman Member
Posts: 74
Joined: Fri Dec 10, 2004 12:41 am
Location: Michigan, USA

#4 Post by Nomad-Man » Fri Jul 22, 2005 8:53 am

No takers on this huh..

well can someone atleast tell me if I need to download and install the Embedded Security Subsystem first before doing the fingerprint reader or doesnt it matter?
T43 .. First Thinkpad...Ordered 06/07/05...Received 06/21/05
Lovin' it
Top
GomJabbar
Moderator
Moderator
Posts: 9765
Joined: Tue Jun 07, 2005 6:57 am

#5 Post by GomJabbar » Fri Jul 22, 2005 11:32 am

I did a search right here for 'fingerprint reader setup'. I pulled up (10) message links, each with several posts. One of the posts lists a web page that Bill setup, that touches on these things:

http://www.thinkpads.com/fingerprint.htm

BTW while I was gleaning over some documents I had downloaded, regarding the IBM Client Security Software, it mentioned that the fingerprint reader software had to be uninstalled before installing the IBM Client Security Software. You can find these publications by starting out here:

http://www-3.ibm.com/pc/support/site.ws ... date=false

Myself, I don't have a fingerprint reader, so I can't help you much more.
DKB
Top
Ground Loop
Sophomore Member
Posts: 174
Joined: Sun Jul 10, 2005 2:19 am

#6 Post by Ground Loop » Fri Jul 22, 2005 11:59 am

Nomad-Man wrote:No takers on this huh..

well can someone atleast tell me if I need to download and install the Embedded Security Subsystem first before doing the fingerprint reader or doesnt it matter?
I haven't done anything with the ESS yet, and the fingerprint reader is working great. I never initialized or set a master password on the Security Subsystem. It seems to be largely unrelated.

I have the fingerprint trick for the boot password and XP login. No problems yet.

You can even set up right hand / left hand for different logins, which is pretty useful for being on & off a domain.
Top
Post Reply
  • Similar Topics
    Replies
    Views
    Last post

Return to “Thinkpad - General HARDWARE/SOFTWARE questions”

Who is online

Users browsing this forum: No registered users and 7 guests