ThinkVantage Client Security Solution
for Microsoft(R) Windows(R) 2000 and XP
Version 7.00.0035.00
Installation Readme


This package will install Client Security Solution v7.00.0035.00

Client Security Solution, a ThinkVantage Technology is designed to help
you protect PC-based computing assets. These assets include the PC
itself, confidential data on the PC and the company network.

The Lenovo Password Manager is intended to provide password management
support for most HTML-based applications.  It is not intended to support
applications that request userid and password authentication through an
interface that is not HTML and browser based.


Supported systems
=================
For a list of supported systems, visit 	
http://www.lenovo.com/support/site.wss/document.do?sitestyle=lenovo&lndocid=MIGR-46391


System requirements
===================
- Update your system to the latest BIOS
- 1.5GB of free space on your hard drive
- 256MB of memory is recommended
- Microsoft Windows XP with Service Pack 1 or Windows 2000 with Service
  Pack 3 or higher
- 8MB or less of VRAM shared memory set in BIOS
- If you  are using Client Security Software 7.0 in a domain environment,
  the server must be running Windows 2003 Server SP1 (with current
  Critical Updates) or  Windows 2000 Server SP4 (with current Critical
  Updates).  Windows NT 4.0 server is not supported. 


New in this release
===================
License Agreements were updated in the install.


Downloading the package
=======================
It is recommended that this code be installed without any previous
versions of the Rescue and Recovery or Client Security Solution 
programs installed on the computer. If this is not possible, 
complete the installation process, following the provided prompts.
NOTE: Read the Considerations section below for important installation
information.

To download this code, complete the following procedure:
1. Click the file links to download the files from the Web page.
2. When prompted, select a drive and directory in which to save the
   downloaded files.


Considerations
==============
To get the latest information regarding the Client Security Solution
program, visit 

http://www.lenovo.com/support/site.wss/document.do?sitestyle=lenovo&lndocid=MIGR-4Q2QAK

To view Hints & Tips associated with the Client Security Solution program, do
the following: Click Hints & Tips. In the Brand field use the drop-down
menu to select ThinkVantage Technologies. In the Family field use the
drop-down menu to select Client Security Solutions. Then click Continue.

The following are considerations associated with the Client Security Solution
program:

Consideration 1
A user might get locked out of the system immediately following Client Security 
Solution user enrollment. If this occurs, reboot the computer immediately after 
enrolling a user using the Security Setup Wizard.

Consideration 2
After an 'operating system and applications only' restore operation, the user is 
required to re-enroll with the Client Security Solution application. Run a full 
restore of the selected backup without password persistence.

Consideration 3
For a limited user, the list of files might not display when attempting to restore 
individual files from a network backup in the Windows environment. If this occurs,
use the Restore Individual Files option in the Rescue and Recovery workspace. 
In the Rescue and Recovery workspace, a limited user can view the list of files 
when attempting to restore individual files from a network backup.

Consideration 4
Secondary users, with the exception of the master administrator, might experience 
a “Fingerprint not enrolled” error message following Client Security Solution 
enrollment. If this occurs, enroll fingerprints before completing the Security 
Setup Wizard enrollment or simply continue with fingerprint enrollment.

Consideration 5
The Japanese language labels for the text boxes on the export entry interface
are translated incorrectly.

Consideration 6
The fingerprint device might not display as a policy option immediately following 
Client Security Solution enrollment. If this occurs, reboot the computer immediately 
after enrolling with the Client Security Solution application.

Consideration 7
The Remote Desktop feature might fail when using the Client Security Solution login 
interface, so that just before a user is logged on remotely, the “Control-Alt-Delete” 
screen is displayed and the user is unable to log on. If this occurs, use the Policy 
Manager application to disable the Client Security Solution logon interface.

Consideration 8
Information saved in the Password Manager application is not automatically populated 
in the Web site fields by the Ctrl-F2 recall hotkey when using a Mozilla browser.

Consideration 9
An exported Password Manager database (.PWM or .EXE) file becomes corrupt and cannot 
be imported when using a device with less than 1.7 MB of free space. To avoid this issue, 
export the database file to a device with at least 1.7 MB of free space.

Consideration 10
PrivateDisk volumes that are protected with certificates might fail to mount when 
the option ‘Mount after user logged on to the system’ is selected.
To avoid this problem, complete the following procedure:
Select ‘Mount manually’ as the startup option for the PrivateDisk volume.
To recover from a broken state, complete the following procedure:
Mount the PrivateDisk volume manually using the PrivateDisk ‘Mount’ option.

Consideration 11
The PrivateDisk "Fixed Drive" option causes an Event Viewer - System error when 
Windows System Restore is running causing the System Restore Points to disappear.
Do not use the PrivateDisk "Fixed Drive" option when running Windows System Restore. 
Assign a drive letter without making the volume a fixed drive.

Consideration 12
On ThinkPad computers, the BIOS Setup utility references an out-of-date Windows 
shortcut to configure the Hardware Password Reset application. When you go to the 
Security > Password screen in the BIOS Setup utility, and highlight the Password 
Reset Service item, the Windows shortcut name in the description field is out-of-date.
The out-of-date value is Start > All Programs >ThinkVantage >Create Recovery Media.  
This path is correct in Rescue and Recovery 3.0, but is incorrect in Rescue and 
Recovery 3.1.  This feature is configurable using the Client Security Solution 
application in the Rescue and Recovery 3.1 application. To configure the 
Hardware Password Reset feature, use the Client Security Solution 
application.

Consideration 13
The state of the Enable Password Manager check box might not save properly.  
The check box always displays as checked when you open the Advanced tab of the
Password Manager Preferences interface.  To disable the Password Manager
application, clear all of the other check boxes in the Application Support
sub-section on the Advanced tab of the Password Manager Preferences interface.

Consideration 14
Password Manager Hotkey changes require the user to reboot or to re-initialize 
the Password Manager application. After changing the Enable Hotkeys check box 
state, the hotkeys are still in the same state (either enabled or disabled).
This is because the keyboard references are established during the initialization 
of the Password Manager application.  Consequently, the Password Manager 
application must be re-initialized for the hotkey changes to take effect.

Log off and log back on the Password Manager application, or reboot the computer, 
to ensure that your changes take effect.

Consideration 15
Upgrade considerations for the OEM version of the Rescue and Recovery program

When upgrading from the OEM version of Rescue and Recovery 3.0 to the OEM version 
of Rescue and Recovery 3.1 AND when installing the OEM version of the Client 
Security Solution 7.0 program, a problem might occur during configuration of 
Client Security Solution 7.0 program, such that the Password Manager application 
might not function properly.

To avoid any potential problems caused by upgrading from Rescue and Recovery 3.0 
to Rescue and Recovery 3.1, complete the upgrade by following all on-screen 
prompts and interfaces.  After the upgrade is completed, then install the Client 
Security Solution 7.0 program, if desired.  Do not try to install the Client 
Security Solution application before the upgrade to Rescue and Recovery 3.1 is 
complete.

Consideration 16
The Hardware Password Reset process might allow a user to enter an incorrect 
BIOS administrator password during initial setup.  When setting up the Hardware 
Password Reset feature, the process might allow a user to enter an incorrect BIOS 
administrator password without informing the user.  As a result, after the secure 
environment is created, it will not boot because it cannot authenticate the image 
and the setup cannot be completed.  This problem has only occurred on Japanese 
installations of the Rescue and Recovery program.
 
If the BIOS administrator password is in passphrase mode (i.e., is greater than 
seven characters), then the code that validates the password might fail to inform 
the user when an incorrect password has been entered, especially if less than eight 
characters are entered.  Otherwise, the message indicating that a wrong password 
has been entered will be displayed.

To avoid this problem, do one of the following:
•	Do not enter a wrong password.
•	Boot to Windows and re-create the secure environment, 
	entering the correct BIOS administrator password when prompted.

Consideration 17
Logon failure using the CSS logon interface after changing the Windows userID.
When the Control Panel > User Accounts > Change an Account > Change My Name command
is used, only the user Full Name is changed.  This command does not change the actual
account name.  When the user tries to use the new userID, it is not recognized as a
valid username.  The current version of Client Security logon interface does not
support changing only full names.

To resolve this problem, continue to use the old username or change the full name
back to the original.

Consideration 18
The PrivateDisk configuration screen might display even though the initial user
elected not to create private disks. During the enrollment of secondary users, the
Security Wizard displays the PrivateDisk configuration screen even when the initial
user elected not to create private disks. 

To disable the use of private disks, an administrative user must exclude the private
disk module from the installation using the installation wizard. This can be
accomplished during initial installation or subsequently by re-running the
installation wizard using the Windows Control Panel “Add/Remove Programs” utility.

Consideration 19
During enrollment of subsequent users via the Security Wizard an unexpected graphic
might display behind the text on the PrivateDisk screen. This problem occurs during
the enrollment of subsequent users only if the initial user configured the computer
using the secure mode and disabled the password recovery mechanism.

This problem does not hinder the functionality of the Security Wizard. Although the
image is distracting, the text is legible and the controls are accessible. Follow the
instructions on the screen and continue with the enrollment.

Consideration 20 
Client Security Solution logon interface changes to Windows logon interface

The Client Security Solution logon interface might change to the Windows logon
interface if your firewall application is blocking access to the winlogon.exe
program. Before you can re-enable the Client Security Solution logon interface, you
must allow or unrestrict this program from within your firewall application.

For further assistance in configuring your firewall application, contact the
manufacturer of the firewall application, your system administrator, or your
corporate Help Desk.


Installing the package
======================
1. Click Start, select Find or Search, then click Files and folders.
2. Type tvtcss*.exe in the search field, then click Find Now.
   This will locate the file you just downloaded.
3. Double-click the tvtcss*.exe icon.
4. Follow the onscreen instructions to complete the installation.


Trademarks
==========
The following terms are trademarks of Lenovo in the United States, 
other countries, or both:
Lenovo
ThinkCentre
ThinkPad
ThinkVantage
Client Security Solution

Microsoft, Windows, and Windows NT are trademarks or registered trademarks 
of Microsoft Corporation in the United States, other countries, or both.

Other company, product, and service names may be trademarks or
service marks of others.

THIS DOCUMENT IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND.
IBM DISCLAIMS ALL WARRANTIES, WHETHER EXPRESS OR IMPLIED,
INCLUDING WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF FITNESS
FOR A PARTICULAR PURPOSE AND MERCHANTABILITY WITH RESPECT TO THE
INFORMATION IN THIS DOCUMENT.  BY FURNISHING THIS DOCUMENT, IBM
GRANTS NO LICENSES TO ANY PATENTS OR COPYRIGHTS.

(C) Copyright Lenovo 2006.
(C) Portions Copyright IBM Corp. 2005. All rights reserved.