TPM for Dell Business Clients Using Self Contained Executable. A Dell Technical White Paper



Similar documents
Dell OptiPlex XE Watchdog Timer

In order to enable BitLocker, your hard drive must be partitioned in a particular manner.

Manage Dell Hardware in a Virtual Environment Using OpenManage Integration for VMware vcenter

Dell Client BIOS: Signed Firmware Update

DELL. Unified Server Configurator Security Overview. A Dell Technical White Paper. By Raja Tamilarasan, Wayne Liles, Marshal Savage and Weijia Zhang

Patching the Windows 2000 Server Operating System on S8100 Media Servers, IP600 Communications Servers, & DEFNITY ONE Communications Systems

etoken Enterprise For: SSL SSL with etoken

Deploying Dell OpenManage Server Administrator on VMware ESXi Using Dell Online Depot and VMware Update Manager

Remote Installation of VMware ESX Server Software Using Dell Remote Access Controller

Q A F 0 3. ger A n A m client dell dell client manager 3.0 FAQ

AdminToys Suite. Installation & Setup Guide

BitLocker/Active Directory Encryption Procedure Department: Information Security Office Version: 1.0 Last Revised: 09/26/2011

Lifecycle Controller Platform Update/Firmware Update in Dell PowerEdge 12th Generation Servers

Dell DR4000 Disk Backup System. Introduction to the Dell DR4000 Restore Manager A primer for creating and using a Restore Manager USB flash drive

SQL Server 2008 R2 Express Edition Installation Guide

Factory-Installed, Standards-Based Hardware Security. Steven K. Sprague President & CEO, Wave Systems Corp.

Dell Statistica Statistica Enterprise Installation Instructions

Integration Guide. Microsoft Active Directory Rights Management Services (AD RMS) Microsoft Windows Server 2008

GUARD1 PLUS Mini-Attendant File Manager User's Guide Version 2.71

Shellfire L2TP-IPSec Setup Windows XP

User Manual. Onsight Management Suite Version 5.1. Another Innovation by Librestream

Defender Token Deployment System Quick Start Guide

Table of Contents. TPM Configuration Procedure Configuring the System BIOS... 2

CONFIGURING MICROSOFT SQL SERVER REPORTING SERVICES

Dell Client. Take Control of Your Environment. Powered by Intel Core 2 processor with vpro technology

Building Multi-platform Images for Deploying Operating Systems on Dell Business Client Systems

Trusted Platform Module (TPM) Quick Reference Guide

How to Encrypt your Windows 7 SDS Machine with Bitlocker

SPECOPS DEPLOY / OS 4.6 DOCUMENTATION

Windows BitLocker Drive Encryption Step-by-Step Guide

BitLocker Encryption for non-tpm laptops

DIGIPASS CertiID. Getting Started 3.1.0

Universal Management Service 2015

Zanibal Plug-in For Microsoft Outlook Installation & User Guide Version 1.1

Acronis Backup & Recovery 11.5 Quick Start Guide

INSTALLING MICROSOFT SQL SERVER AND CONFIGURING REPORTING SERVICES

Interworks. Interworks Cloud Platform Installation Guide

Deploying Business Objects Crystal Reports Server on IBM InfoSphere Balanced Warehouse C-Class Solution for Windows

Dell ControlPoint Security Manager

Software Installation Requirements

Installation & Upgrade Guide. Hand-Held Configuration Devices Mobility DHH820-DMS. Mobility DHH820-DMS Device Management System Software

Pro-Watch Software Suite Installation Guide Honeywell Release 4.1

Trustworthy Computing

Contents. Hardware Configuration Uninstalling Shortcuts Black...29

Installing Windows 95 Drivers and Utilities for the Cisco Aironet 340/350 Series Client Adapters

Supplement I.B: Installing and Configuring JDK 1.6

Hyper-V Server 2008 Setup and Configuration Tool Guide

Contents. VPN Instructions. VPN Instructions... 1

User Guide Microsoft Exchange Remote Test Instructions

SplendidCRM Deployment Guide

MANAGING CLIENTS WITH DELL CLIENT INTEGRATION PACK 3.0 AND MICROSOFT SYSTEM CENTER CONFIGURATION MANAGER 2012

ADFS Integration Guidelines

MICROSOFT BITLOCKER ADMINISTRATION AND MONITORING (MBAM)

To add Citrix XenApp Client Setup for home PC/Office using the 32bit Windows client.

4cast Client Specification and Installation

How To Configure CU*BASE Encryption

Cautions When Using BitLocker Drive Encryption on PRIMERGY

Check Point FDE integration with Digipass Key devices

Installing Microsoft Outlook on a Macintosh. This document explains how to download, install and configure Microsoft Outlook on a Macintosh.

Issue Tracking Anywhere Installation Guide

Dell Spotlight on Active Directory Server Health Wizard Configuration Guide

For Active Directory Installation Guide

HP Compaq Thin Client Imaging Tool HP Compaq Thin Client t5000 Series

Installation and Connection Guide to the simulation environment GLOBAL VISION

HP ProtectTools Embedded Security Guide

SafeGuard Enterprise Web Helpdesk. Product version: 6 Document date: February 2012

Introduction. Before you begin. Installing efax from our CD-ROM. Installing efax after downloading from the internet

Intel Rapid Storage Technology

FileMaker Pro 12. Using a Remote Desktop Connection with FileMaker Pro 12

FileMaker Pro 11. Running FileMaker Pro 11 on Terminal Services

STEP BY STEP IIS, DotNET and SQL-Server Installation for an ARAS Innovator9x Test System

FlashAir Configuration Software. User s Manual. (Windows) Revision 2

Setting Up the Device and Domain Administration

XenClient Enterprise Synchronizer Installation Guide

Using BitLocker to encrypt a Windows 8 device

HP ProtectTools User Guide

Getting Started with MozyPro Online Backup Online Software from Time Warner Cable Business Class

e-dpp May 2013 Quick Installation Guide Microsoft Windows 2003 Server, XP, Vista, 7 Access Database

Motion Computing Tablet PC

Implementing Microsoft SQL Server 2008 Exercise Guide. Database by Design

Windows Server 2008 Hyper-V, Windows Server 2008 Server Core Installation Notes

FileMaker. Running FileMaker Pro 10 on Citrix Presentation Server

Using Group Policies to Install AutoCAD. CMMU 5405 Nate Bartley 9/22/2005

STATISTICA VERSION 9 STATISTICA ENTERPRISE INSTALLATION INSTRUCTIONS FOR USE WITH TERMINAL SERVER

ICE.TCP Pro Update Installation Notes

DELL Remote Access Configuration Tool

SafeGuard Enterprise Web Helpdesk. Product version: 6.1

SQL EXPRESS INSTALLATION...

USER GUIDE. Snow Inventory Data Receiver Version 2.1 Release date Installation Configuration Document date

DELL. Unified Server Configurator: IT and Systems Management Overview. A Dell Technical White Paper

SafeGuard Enterprise Web Helpdesk

Secure IIS Web Server with SSL

Self Help Guides. Create a New User in a Domain

NAS 253 Introduction to Backup Plan

VERITAS Backup Exec 9.1 for Windows Servers Quick Installation Guide

How to Setup and Configure ESXi 5.0 and ESXi 5.1 for OpenManage Essentials

QUANTIFY INSTALLATION GUIDE

Milestone Systems Software Manager 1.5. Administrator's Manual

Deploying System Center 2012 R2 Configuration Manager

BlackBerry Web Desktop Manager. Version: 5.0 Service Pack: 4. User Guide

Transcription:

TPM for Dell Business Clients Using Self Contained Executable A Dell Technical White Paper

Authors Vibha Garg is an engineer in the Dell Open Manage Biz Client Organization. Sharmad Naik is an engineer in the Dell Open Manage Biz Client Organization. Sahid Md Shaik is an engineer in the Dell Open Manage Biz Client Organization. THIS WHITE PAPER IS FOR INFORMATIONAL PURPOSES ONLY, AND MAY CONTAIN TYPOGRAPHICAL ERRORS AND TECHNICAL INACCURACIES. THE CONTENT IS PROVIDED AS IS, WITHOUT EXPRESS OR IMPLIED WARRANTIES OF ANY KIND. 2011 Dell Inc. All rights reserved. Reproduction of this material in any manner whatsoever without the express written permission of Dell Inc. is strictly forbidden. For more information, contact Dell. Dell, the DELL logo, and the DELL badge, OptiPlex, Latitude, Dell Precision, and OpenManage are trademarks of Dell Inc. Microsoft, Windows, Windows Vista, and Active Directory are either trademarks or registered trademarks of Microsoft Corporation in the United States and/or other countries. Page ii

Contents Introduction... 2 CCTK and SCE... 2 Scope... 2 Prerequisites... 2 Target machines:... 2 Download CCTK... 2 Create an SCE with CCTK... 3 Running SCE on the Target System... 3 Using SCE for TPM Settings... 4 Generate the First SCE File to Set the BIOS Setup Password... 4 Generate the Second SCE for TPM... 5 Applying the SCEs on the Target System for TPM... 6 Use these steps to apply the SCE files on the target system.... 6 Understanding the SCE LOG... 6 Additional Resources... 7 Appendix... 7 Page 1

Introduction A Trusted Platform Module (TPM) is a type of hardware data protection provided by a microchip built into the computer. Microsoft Windows BitLocker Drive Encryption, a software data protection feature, is designed to work with a TPM. Dell uses TPM to provide the Core Root of Trust for Measurement (CRTM) and Reporting for applications desiring the ability to verify that the system state has not changed and as the Root of Trust for Storage (RTS) for applications desiring a secure storage mechanism for rooting their encryption key hierarchies. Dell Business Client Systems, for example: Latitude, Precision and Optiplex line PCs are shipped with the TPM chip. CCTK and SCE CCTK is a Dell tool used to configure BIOS settings on Dell Business Client systems. SCE is a self-contained executable with.exe extension. SCE is just execute-only and does not install itself. It is a zero-touch program. SCE is created by CCTK user interface. SCE contains the configuration in a file that you export using CCTK user interface. Scope This white paper illustrates how to prepare an SCE to enable and activate TPM using the CCTK user interface. This document is not intended to explain TPM. You should have knowledge of TPM. Prerequisites Below is the required system components list used to create a SCE: CCTK installed on a system.net 3.5 sp1 Administrator access Setup/Admin password is not set Target machines: TPM must be present. Trusted Platform Module (TPM) must not be currently owned. TPM must be in deactivated state. Setup/Admin password is not set. Note: Dell strongly recommends that customers continue to maintain an administrator password on systems that have TPM active. Download CCTK Download CCTK as self-extractable file for Windows from http://support.dell.com. The most current release is CCTK 2.0. Check for the later release if available. In addition, CCTK is available directly as ftp.dell.com/sysman/dell_cctk_200_a00_r304287.exe. Page 2

Create an SCE with CCTK Below are the detailed steps to create a SCE using the CCTK user interface. 1. Install CCTK to the default installation directory. 2. On the desktop, double-click on the Dell Client Configuration Wizard Icon, or Click on Start->Programs->Dell->CTK->CCTK Configuration Wizard. 3. Once the user interface comes up, click Create Package. 4. Next select one of the following options, the usage details of each are as follows: a. Multi-Platform File: Use this when you want to define your set of token to be applied from scratch i.e. you are not carrying any token from the host or earlier configurations b. This System s File: Use this when you did like to use the tokens defined on the current host system. c. A Saved File: Use this when you did like to use the tokens defined earlier in a CCTK configuration file saved earlier as.cctk/.ini file. 4. Choose the desired set of tokens and set their values in the configuration page and then click Export Configuration.exe. 5. Save the SCE/EXE in a folder on the hard drive. Running SCE on the Target System The SCE is a standalone program you run directly on the client machine using a command. For more information refer to section Applying SCE on the target system in the CCTK User Guide document. Page 3

Using SCE for TPM Settings To activate the TPM setting using SCE, you need to generate two SCE files. The first SCE file sets the BIOS password on the target machine. The second SCE file activates and enables the TPM on the machine using the BIOS password provided at the time of SCE generation. Generate the First SCE File to Set the BIOS Setup Password Use these steps to generate the first SCE file, which sets the BIOS setup password. 1. Create Package->This System s File->Next. 2. Search for the string setuppwd. 3. Double click on the highlighted row. 4. In the BIOS Setup Password dialog box, enter the values for password. 5. Click Save. Figure 1. Setting the BIOS Setup Password. Figure 2. 6. Click Export configuration.exe. 7. Select No password is required. 8. Click OK. Selecting the No Password is Required Option. Page 4

9. Save the SCE file. Generate the Second SCE for TPM Use these steps to generate the second SCE file. 1. Create Package->This System s File->Next. 2. Search for the string tpm. 3. Set the tpm to on and tpmactivation to activate. Figure 3. Setting the tpm to on and tpmactivation to activate. 4. Click Export configuration.exe. Page 5

5. Select Use the Password information below and enter the same password as in step 5 of first SCE. Figure 4. Enter the same password as the previous procedure. 6. Save the SCE file. Applying the SCEs on the Target System for TPM Use these steps to apply the SCE files on the target system. 1. Execute the first SCE. 2. Execute the second SCE. 3. Reboot to operating system. Note: Do not go to the system BIOS (F2). Understanding the SCE LOG When SCE is applied a log is generated. The log is found in the same directory as SCE with the name as SCE. It provides details of the tokens applied to target systems. Page 6

Additional Resources The Dell Custom Factory Integration (CFI) process lets you enumerate and activate the TPM on all the new Dell systems you order by default. Contact your Dell account executive for more information. Additional CCTK information is available from the following sources: http://www.delltechcenter.com/page/dell+client+configuration+toolkit Appendix Sequence of steps to follow when setting TPM using the CCTK command line: 1. Set up the BIOS password: cctk --setuppwd=<password>. 2. TPM enable: cctk --tpm=on --valsetuppwd=<password>. 3. TPM Activate: cctk --tpmactivation=activate --valsetuppwd=<password>. 4. Reboot to OS. 5. TPM check: cctk --tpm -tpmactivation. Page 7