Lenovo ThinkVantage (Client Security Solution 8.21) User Manual

4. Install ThinkVantage Fingerprint tutorial by running the f001zpz7001us00.exe to extract the tutess.exe

file from the Web package. This will automatically extract the setup.exe to the following location:
C:\SWTOOLS\APPS\tutorial\TFS5.8.2 Buildxxxx\Tutorial\0409\tutess.exe

5. Install ThinkVantage Fingerprint console by running the f001zpz5001us00.exe to extract the

fprconsole.exe file from the Web package. Running the f001zpz5001us00.exe will automatically extract
the setup.exe to the following location:
C:\SWTOOLS\APPS\fpr_con\APPS\UPEK\FPR Console\TFS5.8.2-Buildxxx\Fprconsole\fprconsole.exe

6. Install the Client Security Solution program with the following options:

tvtcss82_xxxxcc.exe /s /v”/qn NOCSSWIZARD=1 SUPERVISORPW=
”BIOSpw”"

7. After rebooting, login with the Windows domain administrator account and prepare the XML script for

deployment. From the command line run:

“C:\Program Files\Lenovo\Client Security Solution\css_wizard.exe”
/name:C:\ThinkPad

Select the following options in the wizard to match the example script:

• Click Secure logon method ➙ Next.

• Type the Windows password (for example, WPW4Admin) for the Domain administrator account and

click Next.

• Type the Client Security passphrase for the Domain administrator account.

• Check Ignore Password Recovery Setting and click Next.

• Review the Summary and click Apply to write the XML file to the following location

C:\ThinkPad.xml

• Click Finish to close the wizard.

8. Use the tool found at C:\Program Files\Lenovo\Client Security Solution\xml_crypt_tool.exe to encrypt

the XML script with a password. From a command Prompt, use the following syntax:

a. xml_crypt_tool.exe C:\ThinkPad.xml /encrypt XMLScriptPW.

b. The file will be called C:\ThinkPad.xml.enc and be protected by the password = XMLScriptPW.

On the deployment machine:

1. Using your company’s software distribution tools, deploy the ThinkVantage Fingerprint software

executable setup.exe that was extracted from the preparation machine to each deployment machine.
When the setup.exe is pushed to the machine, install using the following command:

setup.exe CTLCNTR=0 /q /i

2. Using your company’s software distribution tools, deploy the ThinkVantage Fingerprint tutorial

executable (tutess.exe) that was extracted from the preparation machine to each deployment machine.
When the tutess.exe is pushed to the machine, install using the following command:

tutess.exe /q /i

3. Using your company’s software distribution tools, deploy the ThinkVantage Fingerprint Console

executable (fprconsole.exe) that was extracted from the preparation machine to each deployment
machine.

• Place the fprconsole.exe file in the C:\Program Files\ThinkVantage Fingerprint Software\ directory.

• Turn off BIOS power-on security support by running the following command:

fprconsole.exe settings TBX 0

4. Using your company’s software distribution tools, deploy the ThinkVantage Client Solution executable

tvtvcss82_xxxx.exe (where xxxx is the build ID).

• When the tvtvcss82_xxxx.exe is pushed to the machine, install through the following command:

tvtvcss83_xxxx.exe /s /v"/qn "NOCSSWIZARD=1" "SUPERVISORPW="BIOSpw""

• The installation of the software will automatically enable the Trusted Platform Module hardware.

58

Client Security Solution 8.21Deployment Guide