When you start a machine with a Fingerprint reader for the first time, you will see the following screen when you reach the Desktop. This is the main console for configuring and managing the Fingerprint reader.
Here you can enroll your fingerprint, and adjust your Power-on security settings.
When you click on “Create new passport and enroll fingerprints” you will be prompted for your logon password.
Once you enter your password you will see the main enrollment screen.
You can select a fingerprint to enroll either by selecting the fingertip with your mouse, or by choosing from the drop down list. To enroll, either double-click the fingertip you wish to use, or press the Enroll button. You will then see the following screen:
On the left is an animated finger that demonstrates how to swipe. You must swipe your finger three times to enroll.
If your finger is not centered, you will be prompted to move it to the right or to the left. If it’s not able to read at all you will be prompted to try again.
When you swipe successfully, you will see the following screen:
Once you have swiped three times successfully, the three images merge into one and you are brought back to the main enrollment screen, where the enrolled finger is shown with a red dot.
- You can enroll multiple fingers.
- The Enroll button has changed to say Delete. This allows you to delete a fingerprint you have already enrolled. If you used the mouse to click on a fingertip that was not already enrolled, the button would change back to Enroll.
When you click Next you are brought to the Power-on Security screen.
This is also the second choice from the main Fingerprints enrollment screen. Here you can use a fingerprint to replace your Power-on passwords if you are using them.
If you are using Power-on passwords, then select the box at the top. When you click on the Add button, you will be shown a list of the fingers that you have enrolled, and can select which one(s) you want to enable to replace your Power-on passwords.
Once you select a choice from the box, the finger will show up in the list. The first time you restart your machine after this, you may be asked to swipe your fingerprint as well as enter any Power-on passwords you have set. After that you should only be asked for your fingerprint.
- Predesktop Authentication
- In addition to the process above, there is a setting in BIOS that must be enabled for a user to be prompted for their fingerprint instead of a Power-on password. The Default for this Setting is “Enabled”, so no change should be necessary. It is in the Security Section under Fingerprint. The setting is called “Predesktop Authentication” Again, the default is “Enabled”. If disabled, a user will not be able to use their fingerprint on Power-on.
- Security Mode
- This controls what password will allow a user access to the system if they are not able to gain access using their fingerprint. The default setting is “Normal”. This will allow the use of either a user Power on password, or a Supervisor password instead of a fingerprint.
The alternative setting is High. This will allow only a Supervisor password to be entered instead of a fingerprint to gain access to the system.
Once you click Finish, you will be brought back to the main Fingerprints screen.
Note: There are now three choices shown.
The Create new Passport and enroll fingerprints choice has gone. Replacing it are two new choices:
- Edit passport and fingerprints
- Delete passport and fingerprints.
If you choose Edit passport and fingerprints you will be prompted to swipe your finger to confirm your identity.
You will then see the password screen. Click next to go to the main enrollment screen.
This is the same screen that appears when you have successfully enrolled a fingerprint.
Here again you can delete or enroll fingerprints.
The second new choice on the main Fingerprints screen lets you delete your Passport and fingerprints. This is a blanket option that will delete all enrolled fingerprints. If you choose this option you will see the following screen:
If you have already added fingerprints to the Power-on security section, when you hit Finish here you will also be asked if you wish to delete the fingerprints that you added for Power-on security.
If you choose No. You will still be able to use your fingerprint instead of your Power-on password.
You have several settings you can adjust
This allows you to replace your Windows logon with an enrolled fingerprint. There are two additional choices that are active once you put a check in the box to replace your windows logon. The second choice, "Automatically log on user verified by Power-on security", if selected, means that if you have a fingerprint enrolled under the Power-on security setting, you will only have to swipe your finger once when the machine starts up and it will bring you all the way in to windows, using that one swipe instead of having to enter your Power-on, hard disk drive and Windows passwords.
Fast User switching support will enable or disable this feature depending on if you have the box checked or not.
If you have this enabled and have a password protected screensaver running, you can disable the screensaver by swiping your finger instead of entering a password. This is enabled by default.
Depending on the installed devices, you may see different types of passports listed here. The default is Local Passport – Fingerprint sensor.
There are two choices in this screen.
Convenient mode is the Default. Secure mode gives additional features, for example, an administrator can logon using only a password and not having to enter a fingerprint.
There are additional software packages for Enterprise use and management of Fingerprints. The Web link goes to the main ThinkVantage Security Web page where information will be posted soon.
This is the screen that allows a user to install the Client Security Software. Once you click on the link to Install Embedded Security, a series of Help Screens are displayed that explain more about what Client Security is and what it provides, as well as the different components and configuration options.
This is linked off the prior page.
This is also linked off of the previous page.
The installation for Client Security is pretty straightforward. Users should accept the defaults.
Once the Installation completes the Software will request to restart the machine.
After the restart the Advanced screen changes. The choice is now to Configure Advanced Security instead of Install.
Once you click on Configure the main Client Security Screen comes up.
The recommendation would be to accept the Default and choose the Typical configuration. The Advanced gives additional options such as key storage location selection ability, application support (Lotus Notes etc.).
The Typical installation will install:
- Password Manager
- Right click file encryption
- Passphrase and fingerprint authentication
- Digital Signature support
The next screen that comes up is the passphrase screen. Here you enter a passphrase that conforms to the passphrase requirements.
The passphrase requirements are:
- Must contain at least 6 characters
- Contain at least one digit(s)
- Not contain more than two repeated characters
- Not end with a digit
- Not begin with a digit
- Not contain the User ID
You can also enter a hint to help you remember the passphrase. Note that in Typical mode; the passphrase that is entered here becomes the equivalent of the Administrator passphrase in Advance mode (or older versions of CSS).
The next screen will indicate that the software has detected the presence of a fingerprint reader.
If you put a check in the box “Yes I would like to edit my fingerprint information now,” you will be asked to swipe your finger and taken to the screen where you can edit, delete, or enroll extra fingerprints. You do not have to do this however. You can just choose Skip, and continue.
This screen allows you to authorize additional users to use the Client Security software. You can also just choose Skip. This will take you to the end of the Configuration process for Client Security.
Once you complete the configuration the software you will see a summary screen similar to the one below. Then software will then take a short time to process your enrollment
When this completes, you will see a message that the computer is now protected by the Client Security Software.