Lenovo Tp Tablet Deployment Guide User Manual Think Pad Type 1839
2014-03-20
User Manual: Lenovo Tp Tablet Deployment Guide Deployment Guide - ThinkPad Tablet ThinkPad Tablet - Type 1839 ThinkPad Tablet, 1839
Open the PDF directly: View PDF .
Page Count: 26
ThinkPadTabletDeploymentGuide
ThinkPadTabletDeploymentGuide
Note:Beforeusingthisinformationandtheproductitsupports,readthegeneralinformationinAppendixA
“Notices”onpage17.
FirstEdition(August2011)
©CopyrightLenovo2011.
LIMITEDANDRESTRICTEDRIGHTSNOTICE:IfdataorsoftwareisdeliveredpursuantaGeneralServicesAdministration
“GSA”contract,use,reproduction,ordisclosureissubjecttorestrictionssetforthinContractNo.GS-35F-05925.
Contents
Chapter1.Overview..........1
LenovoDevicePolicyManagerService.....2
Chapter2.Conguration.......5
XMLcongurationles...........5
ActiveDirectorydomainserver........11
CongurationProleSignandEncryptUtility...11
LenovoProleManager...........11
Chapter3.UsingMicrosoftExchange
ActiveSync..............13
Chapter4.LenovoMobility
Manager................15
AppendixA.Notices..........17
Trademarks................18
©CopyrightLenovo2011iii
ivThinkPadTabletDeploymentGuide
Chapter1.Overview
TheLenovoThinkPadTabletgivesyoutheabilitytocongureandmanagethetabletusingregulartoolssuch
asyouusewithinyourenterprise.Youcancontroltabletfunctions,enablecorporatesecurity,passwords,
encryptionanddigitalsignatures.
YoucanpushdowncongurationorpolicysettingstotheThinkPadTabletintheseways:
•MicrosoftExchangeActiveSync
•AnXMLcongurationle
•LenovoMobilityManager
©CopyrightLenovo20111
HereistheinformationowfortheThinkPadTablet:
Figure1.ThinkPadTabletow
MicrosoftExchangeisusedasthecorporateemailcommunicationmethod.
YoucancreateormodifyanXMLleusingeitheratexteditororanXMLeditortopushdowntotheThinkPad
tabletthroughtheLenovoCongurationFileHandlerAPK.OryoucanuseLenovoMobilityManagerSuiteto
manageyouruser’sThinkPadtabletsusingthesuppliedLenovoMobilityManagerAPK.Thesemethodsthen
arepassedthroughtheLenovoDevicePolicyManagerService.Formoreinformation,see“LenovoDevice
PolicyManagerService”onpage2.
LenovoDevicePolicyManagerService
TheDevicePolicyManagerServicehandlesthemanagementoftheThinkPadTablet.Thiscomponent
providesaninterfacethatallowsmanagementtools,suchasActiveSync,anXMLle,orLenovoMobility
Managertoconguredevicefeatures,suchasWiFiprolesanddevicepolicies.
2ThinkPadTabletDeploymentGuide
ThisinterfaceallowsyoutopushthefollowingcongurationstotheThinkPadTablet:
•WiFiproles
•WiFiaccesspointlters
•WiFiradiopowersettings
•MicrosoftExchangeE-mailserverconguration
•VPNconguration
•ActiveSyncserverconguration
•Devicefeaturedisable,including:
–Camera
–USBport
–SDcard
–Microphone
–Pen
–Bluetooth
–WiFi
•Clientcerticates
•Webproxy
•SDcardencryption
•AndroidPasswordpolicies
Chapter1.Overview3
4ThinkPadTabletDeploymentGuide
Chapter2.Conguration
TheThinkPadTabletallowsyoutocongurethecorporateservicesthatusersneedbyspecifying
congurationsettingsinXMLles.WhentheseXMLlesaredeliveredtousersandimportedbytheThinkPad
Tablet,thesettingsareappliedbytheThinkPadTablet.ConguringtheThinkPadTabletwithXMLleshelps
makeiteasierforuserstoconnecttotheircorporatenetworksandaccounts,andquicklybeproductive.
XMLcongurationles
TheThinkPadT abletallowsyoutocongurecorporateservicesforusersbyspecifyingcongurationsettings
intheXMLle.WhentheseXMLlesaredeliveredtousersandloadedontheThinkPadTablet,thesettings
areautomaticallyappliedbythetablet.ConguringtheThinkPadTabletwithXMLlesmakesiteasierforthe
usertoconnecttocorporatenetworksandaccounts.
UsingtheXMLle,youcancongurethefollowing:
•MicrosoftExchangee-mailserver
•VirtualPrivateNetwork(VPN)
•WirelessNetworkSettings
•Digitalcerticates
•ActiveDirectorydomainserver
•DevicePolicies
Youcancreateasingle,commonXMLcongurationleformultipleusers.TheXMLlemaycontain,for
example,thecongurationsettingsforthesecurecorporatewirelessnetwork,theCAcerticateforthe
wirelessnetwork,andtheaddressofthecorporateExchangeserver.YoucanmakethisXMLleavailableto
theuserbysendingittotheuser’spersonale-mailaccount,whichtheusercanaccessusinganunsecured
visitornetworkconnection,ortheuser’shomeinternetconnection.OryoucanalsoputtheXMLconguration
leonaWebserver,makingitaccessibletoanyuserthatalreadyhastheproperintranetcredentials.
OncetheXMLcongurationleisreceivedbytheuser,thatusersimplytapstheleandtheLenovo
CongurationProleHandlerislaunchedtoimportandapplythecongurationsettingsonthedevice.The
usermaybepromptedtoenterpersonallogoncredentialsiftheywerenotincludedinthecongurationle,
butallofthecommonserverinformationandsettingswillbepredenedfortheuser.
YoucansecuretheXMLcongurationlebydigitallysigningand/orencryptingit.Encryptinghelpsensure
thatsensitivedataincludedinthecongurationle,suchaspasswords,cannotbereadbyunauthorized
users.Digitalsignatureshelpsensurethatthecontentsofthelearenotchangedinanyway.
TheCongurationProleSignandEncryptUtilityallowssigningofthecongurationprolewithan
embeddedprivatekey.Theutilityalsoallowstheletobeencryptedusinganencryptionkeyderived
fromthepasswordprovidedtotheutility.
TheXMLcongurationlenamingconventionalwayshasaleextensionof.lenovocong,sothatthe
ThinkPadTabletwillrecognizeitasacongurationle.Theleconsistsofthreeparts:
1.LenovoCongSettings
2.LenovoPolicySettings
3.AndroidPolicySettings
©CopyrightLenovo20115
TheLenovoCongSettingssectionprovidescontrolforthesecurityandencryptionfortheThinkPadTablet.It
importscongurationsettingssuchasWiFiproles,corporatedomainservers,virtualprivatenetworks,and
certicates.Oncetheseareapplied,theycannotbedeleted.
TheLenovoPolicySettingssectionallowsyoutosetcontrolsforthevariousfunctionsoftheThinkPadtablet
suchasthecamera,microphone,SDcardsandBluetooth,andWiradios.Anyofthesefunctionscanbe
enabledordisableddependingonyourcorporatepolicy.
TheAndroidPolicySettingsectionisusedtosetuppolicysettingssupportednativelybyAndroid,including
storageencryption,passwordlength,numberofnumbersandlettersrequired.
NotethataUUIDisrequiredforeachXMLlethatyoucreate.Ifyouwanttooverwriteorremoveanyexisting
policies,youcansenddownanewlewiththesameUUIDoftheexistingappliedpolicy,anditwilloverwrite
theexistingle.SincemultipleXMLles(withdifferentUUIDs)canberesidentontheThinkPadTablet,the
lewiththestrongestpolicieswillbeapplied.Forexample,ifyouhaveanXMLlethatrequiresonlya
numericpasswordandanotherlewithadifferentUUIDthatrequiresalonger,alphanumericpassword,the
lewiththealphanumericpasswordwillbeapplied.
ThefollowingtablesprovideinformationonsettingsfortheXMLle.Thetableheadersare:
•Setting-Thesettinginthexmllethatyoucanuserequireausertologintoacorporateserverortoallo
orpreventuserfromusingacertainfunctionrequireofthedevice.
•Parameter-Theeldsinthesettingthatyouassignavaluefortheusertollin
•Value-Therequiredvalueyouneedtoenterforthateldsuchasserveraddress,userid,Y es/Noand
soon.
•Notes-Anyspecialnotesthatapplytoasetting.
Table1.LenovoCongSettings
SettingParameterValuesNotes
EmailAccount•Type
•SSL
•AcceptAllCerts
•Exchange
•Yes/No
•Yes/No
MicrosoftExchangeis
theonlysupportedemail
typeatthistime.
DomainServer•ServerAddress
•UserID
•Password
•Serveraddress
•UserID
•Password
•Serveraddressis
required
•Optional
•Optional
CerticateType•Type
•Name
•Filename/Encoded
•Root/User
•CerticateName
•?
Certicatesmaybe
includedintheXMLle
inaBase-64encoded
format.
VPN•PPTP
–Name
–Server
–OverwriteIfExists
–DNSSearchDomain
–DNSSearchDomain
–Encryption
•L2TP
–Name
•Point-toPointT unnelingProtocol
–Protocolnames
–ServerIPaddress
–Yes/No
–DomainIPAddress
–DomainIPaddress
–Yes/No
•Layer2TunnelProtocol
–Nameoftheserver
6ThinkPadTabletDeploymentGuide
Table1.LenovoCongSettings(continued)
SettingParameterValuesNotes
–Server
–OverwriteIfExists
–DNSSearchDomain
–Encryption
•L2TPIPSecPSK
–Name
–Server
–OverwriteIfExists
–Secret
–IPSecPresharedKey
•L2TPIPSecCrt
–Name
–Server
–OverwriteIfExists
–DNSSearchDomain
–DNSSearchDomain
–UserCerticate
–CaCerticate
•AnyConnect
–Name
–Host
–OverwriteIfExists
–UserCert
–CertCommonName
–ServerIPaddress
–Yes/No
–IPAddress
–Yes/No
•AndroidPSK
–PSKname
–ServerURL
–Yes/No
–Password
–PresharedKey
•L2TPIPSecCrt
–CRTName
–URL
–Yes/No
–DomainIPAddress
–DomainIPadress
–Certicatename
–Certicateinfo
•AnyConnect
–VPNnames
–HostIPaddress
–Yes/No
–Yes/No
–Certicatename
Table2.LenovoPolicySettings
SettingFieldValuesNotes
DeviceControl•Camera
•SDCardSlot
•Mic
•Bluetooth
•Dataroaming
•USBPort
•MicroUSBPort
•SDCardSlot
•UnknownSources
•USBDebugging
•Wi
•HDMI
•Tethering
•Allow/Block
•Allow/Block
•Allow/Block
•Allow/Block
•Allow/Block
•Allow/Block
•Allow/Block
•Allow/Block
•Allow/Block
•Allow/Block
•Allow/Block
•Allow/Block
•Allow/Block
Chapter2.Conguration7
Table2.LenovoPolicySettings(continued)
SettingFieldValuesNotes
•Hotspot•Allow/Block
SecurityPolicy•SDCardEncryption
•ADScreenLock
•Notrequired/Required
•Notrequired/Required
Table3.AndroidPolicySettings
SettingFieldValuesNotes
StorageEncryption•Required/Notrequired
Password•maxFailuresForWipe
•maxTimeToLock
•expirationTimeout
•historyLength
•minLength
•minLetters
•minLowercase
•minNonletters
•minNumeric
•minSymbols
•minUppercase
•Quality
•Numberoffailuresbeforedeviceis
wiped
•Numberinmilliseconds
•Numberinmilliseconds
•Numberofpreviouspasswords
•Minimumcharacterlength
•Minimumnumberofletters
•Minimumnumberoflowercaseletters
•Minimumnumberofnonletters
•Minimumnumericdigits
•Minimumsymbols
•MinimumUppercaseletters
•Setpasswordrestrictionssuchas
numericsandalphanumerics
FormoreinformationonAndroidPolicySettings,see
http://www.google.com/support/a/bin/answer.py?answer=1056433&topic=14576
HereisasampleXMLle:
<?xmlversion="1.0"encoding="utf-8"?>
<lenovocong
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:noNamespaceSchemaLocation="lenovocong.xsd"
uuid="2237f15e-1ce5-4e55-9fe6-767118c370c8">
<Header>
<DisplayName>Samplepolicy</DisplayName>
<Author>DavidRivera</Author>
<Source>Manual</Source>
<AllowUserRemove>yes</AllowUserRemove>
<RebootOnApply>no</RebootOnApply>
</Header>
<LenovoCongSettings>
<EmailType="Exchange"SSL="yes"AcceptAllCerts="yes">
<ServerAddress>gmail.com</ServerAddress>
<UserID>t.cloud09@gmail.com</UserID>
</Email>
<DomainServer>
<ServerAddress>dc.lenovo.com</ServerAddress>
8ThinkPadTabletDeploymentGuide
<UserID>drivera</UserID>
</DomainServer>
<Certicatetype="Root">
<name>CorporateCACert</name>
<encoded>
MIIDEzCCAnygAwIBAgIBATANBgkqhkiG9w0BAQQFADCBxDELMAkGA1UEBhMCWkEx
FTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3duMR0wGwYD
VQQKExRUaGF3dGUgQ29uc3VsdGluZyBjYzEoMCYGA1UECxMfQ2VydGlmaWNhdGlv
biBTZXJ2aWNlcyBEaXZpc2lvbjEZMBcGA1UEAxMQVGhhd3RlIFNlcnZlciBDQTEm
MCQGCSqGSIb3DQEJARYXc2VydmVyLWNlcnRzQHRoYXd0ZS5jb20wHhcNOTYwODAx
MDAwMDAwWhcNMjAxMjMxMjM1OTU5WjCBxDELMAkGA1UEBhMCWkExFTATBgNVBAgT
DFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3duMR0wGwYDVQQKExRUaGF3
dGUgQ29uc3VsdGluZyBjYzEoMCYGA1UECxMfQ2VydGlmaWNhdGlvbiBTZXJ2aWNl
cyBEaXZpc2lvbjEZMBcGA1UEAxMQVGhhd3RlIFNlcnZlciBDQTEmMCQGCSqGSIb3
DQEJARYXc2VydmVyLWNlcnRzQHRoYXd0ZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQAD
gY0AMIGJAoGBANOkUG7I/1Zr5s9dtuoMaHVHoqrC2oQl/Kj0R1HahbUgdJSGHg91
yekIYfUGbTBuFRkC6VLAYttNmZ7iagxEOM3+vuNkCXDF/rFrKbYvScg71CcEJRCX
L+eQbcAoQpnXTEPew/UhbVSfXcNY4cDk2VuwuNy0e982OsK1ZiIS1ocNAgMBAAGj
EzARMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAB/pMaVz7lcxG
7oWDTSEwjsrZqG9JGubaUeNgcGyEYRGhGshIPllDfU+VPaGLtwtimHp1it2ITk6e
QNuozDJ0uW8NxuOzRAvZim+aKZuZGCg70eNAKJpaPNW15yAbi8qkq43pUdniTCxZ
qdq5snUb9kLy78fyGPmJvKP/iiMucEc=
</encoded>
</Certicate>
<VPN>
<PPTP>
<Name>MyPPTPVPN</Name>
<Server>pptp.server.com</Server>
<OverwriteIfExists>yes</OverwriteIfExists>
<DNSSearchDomain>10.10.10.10</DNSSearchDomain>
<DNSSearchDomain>11.11.11.11</DNSSearchDomain>
<Encryption>no</Encryption>
</PPTP>
<L2TP>
<Name>MyL2TPVPN</Name>
<Server>l2tp.server.com</Server>
<OverwriteIfExists>no</OverwriteIfExists>
<DNSSearchDomain>12.12.12.12</DNSSearchDomain>
<Secret>123456789A</Secret>
</L2TP>
<L2TPIPSecPSK>
<Name>MyL2TPIPSecPSKVPN</Name>
<Server>ipsecpsk.server.com</Server>
<Secret>FEDCBA987654</Secret>
<IPSecPresharedKey>MyPreshardKey</IPSecPresharedKey>
</L2TPIPSecPSK>
<L2TPIPSecCRT>
<Name>MyL2TPIPSecCRTVPN</Name>
<Server>ipseccrt.server.com</Server>
<DNSSearchDomain>13.13.13.13</DNSSearchDomain>
<DNSSearchDomain>14.14.14.14</DNSSearchDomain>
<UserCerticate>DavidRiveraCert</UserCerticate>
<CaCerticate>CorporateCACert</CaCerticate>
</L2TPIPSecCRT>
<AnyConnect>
<Name>MyCiscoVPN</Name>
<Host>20.20.20.20</Host>
<UseCert>yes</UseCert>
<CertCommonName>DavidRiveraCert</CertCommonName>
Chapter2.Conguration9
</AnyConnect>
</VPN>
<WirelessProleversion="0.01"type="WLAN">
<name>MyHomeNetwork</name>
<SSIDtype="Normal">MyHome</SSID>
<networktype>Infrastructure</networktype>
<AuthenticationAlgorithm>Shared</AuthenticationAlgorithm>
<keymgmt>None</keymgmt>
<WEPKeys>
<DefaultKeyIndex>1</DefaultKeyIndex>
<key1>MyWEPKey</key1>
</WEPKeys>
</WirelessProle>
<WirelessProleversion="0.01"type="WLAN">
<name>MyOfceNetwork</name>
<SSIDtype="Normal">MyOfce</SSID>
<networktype>Infrastructure</networktype>
<AuthenticationAlgorithm>Open</AuthenticationAlgorithm>
<keymgmt>WPA_PSK</keymgmt>
<presharedkey>somepresharedsecret</presharedkey>
<protocol>RSN</protocol>
<proxytype="HTTP"requiresauth="no">
<address>10.10.10.34</address>
<port>8080</port>
</proxy>
</WirelessProle>
<AccessPointFilter>
<allow>
<SSID>MyOfce</SSID>
</allow>
<allow>
<SSID>MyHome</SSID>
<Security>WEP</Security>
</allow>
<deny>
<SSID>CoffeeShop</SSID>
</deny>
</AccessPointFilter>
</LenovoCongSettings>
<LenovoPolicySettings>
<DeviceControl>
<Camera>Allow</Camera>
<SDCardSlot>Allow</SDCardSlot>
<Mic>Allow</Mic>
<Bluetooth>Allow</Bluetooth>
<DataRoaming>Block</DataRoaming>
<USBPort>Allow</USBPort>
<MicroUSBPort>Allow</MicroUSBPort>
<SDCardSlot>Allow</SDCardSlot>
<UnknownSources>Block</UnknownSources>
<USBDebugging>Allow</USBDebugging>
<Wi>Allow</Wi>
<HDMI>Allow</HDMI>
<Tethering>Block</Tethering>
<Hotspot>Block</Hotspot>
</DeviceControl>
10ThinkPadTabletDeploymentGuide
<SecurityPolicy>
<!–<SDCardEncryption>Required</SDCardEncryption>–>
<SDCardEncryption>Notrequired</SDCardEncryption>
<ADScreenLock>Notrequired</ADScreenLock>
</SecurityPolicy>
</LenovoPolicySettings>
<AndroidPolicySettings>
<storageEncryption>Notrequired</storageEncryption>
<Password>
<maxFailuresForWipe>10</maxFailuresForWipe>
<maxTimeToLock>5000</maxTimeToLock>
<expirationTimeout>7776000000</expirationTimeout>
<historyLength>5</historyLength>
<minLength>8</minLength>
<minLetters>2</minLetters>
<minLowercase>1</minLowercase>
<minNonLetters>1</minNonLetters>
<minNumeric>3</minNumeric>
<minSymbols>1</minSymbols>
<minUppercase>1</minUppercase>
<quality>393216</quality>
</Password>
</AndroidPolicySettings>
</lenovocong>
TheThinkPadTabletXMLschemacanbefoundontheLenovoWebsiteatwww.lenovo.com/support.
ActiveDirectorydomainserver
AnexclusivefeatureoftheLenovoThinkPadtabletisthatyoucanuseMicrosoftActiveDirectorytoallowthe
usertounlocktheThinkPadTabletusingcorporatecredentials.YousettheXMLletorequireanActive
directorylogon,andtheusertouchesSettings->Location&Security->Congurelockscreen->Corporate
logon.TheuserentersthedomainnameorIPaddress,username,andpassword.Afterthis,theusercan
onlyusetheActiveDirectorydomaincredentialstounlockthemachine.
CongurationProleSignandEncryptUtility
ITadministratorscansecuretheXMLcongurationlebydigitallysigningand/orencryptingit.Encrypting
helpsensurethatsensitivedataincludedinthecongurationle,suchaspasswords,cannotbereadby
unauthorizedparties.Digitalsignatureshelpensurethatthecontentsofthelearenottamperedwith.
TheCongurationProleSignandEncryptUtilityallowssigningofthecongurationprolewithan
embeddedprivatekey.Theutilitywillalsoallowtheletobeencryptedusinganencryptionkeyderived
fromthepasswordprovidedtotheutility.
ThiscomponentisintendedonlyforthepreparationoftheXMLcongurationlefordeploymenttodevices.
Itisavailableatwww.lenovo.com/supportandclickDownloadDrivers&Software
LenovoProleManager
TheLenovoProleManagerisanAndroidapplication(APK)thatispreloadedontheThinkPadTablet.This
APKtakesXMLcongurationlesandhasthecongurationandpolicysettingsapplied,anddisplays
informationaboutnewandinstalledcongurationproles.
Chapter2.Conguration11
AcongurationlereceivedbytheThinkPadTabletmusthaveaspecicleextension(.lenovocong).
TheLenovoProleManagerisregisteredasthehandlerforleswiththisextension.Whenalewiththis
extensionisreceivedonthedeviceandtappedbytheuser,theXMLCongurationProleHandlerwillrun.
TheLenovoProleManagercallsintotheLenovoDevicePolicyManagerServicetoperformaninitial
parseofthecontentsofthele.Theinitialparse:
•VeriesthattheXMLlecontentsarevalidagainsttheschema
•Determineswhatsettingsareincludedinthele
TheLenovoProleManagerisregisteredasanAndroidDeviceAdministrationReceiverusingthenative
Androidcapabilities.
TheLenovoProleManageralsodisplaysinformationabouttheinstalledprolestotheuser.Whentheuser
touchesSettings->Location&security->Congurationproles,alistofinstalledproleswillbedisplayed
usingthe“DisplayName”propertyofthecongurationle.Ifnoprolesareinstalled,theapplicationwill
displaythemessage“Nocongurationproleshavebeenapplied.”Ifmultipleprolesareinstalled,theuser
willseealistofthem.Thedevicewillshowwhichpolicyistheappliedpolicyatthebottomofthepage.
Iftheuserselectsaninstalledprolefromthelist,thedetailsofthecongurationsettingsinthatlistwillbe
displayed.AllinstalledprolesaredisplayedbytheCongurationProleHandler.Thisallowstheuserto
viewallcongurationsettingsthathavebeenapplied.
Theproledisplayalsoallowstheusertoremoveselectedproles.Onlycongurationprolesthatwere
installedbytheLenovoProleManagercanberemovedbytheuser,aslongasyoudidnotsettheproperty
indicatingthatthepolicycannotberemoved.CongurationsettingsthatwerenotsetbytheLenovoProle
Managerwillbedisplayed,butcannotberemovedbytheuser.
TheLenovoProleManageralsocallsintotheLenovoDevicePolicyManagerServicetoreceivealistof
installedproles,andreceivesthelistofinstalledproles,theirsource,andwhethertheproleisallowedto
beinstalledfromtheLenovoDevicePolicyManagerService.
12ThinkPadTabletDeploymentGuide
Chapter3.UsingMicrosoftExchangeActiveSync
TheThinkPadTabletincludessupportforMicrosoftExchangeActiveSync.TheThinkPadTabletscanbe
managedwithMicrosoftExchangeActiveSyncinthesamewayasothermobiledevices.
MicrosoftExchangeActiveSyncofferspushmailcapabilityformobiledevices.Inadditiontopushinge-mail
andcalendarentries,ActiveSyncallowstheyoutopushdevicepolicies.
TheThinkPadTabletsupportsthefollowingExchangeActiveSynccontrols:
•Remotewipe
•Passwordpolicies
•Deviceencryption
•Camera
•Wi-Fi
•Bluetooth
•SyncfromPC
•Removablestorage
•SDcardencryption
OnceaThinkPadTabletisconguredtoconnecttotheExchangeserver,policysettingspushedtothe
devicefromtheExchangeserverareautomaticallyapplied,ensuringthatthedevicemaintainsthesecurity
settingsthatyourITdepartmentrequires.
TheThinkPadtablete-mailclientincludessupportforExchangeActiveSyncpolicies.Thesepoliciesarefor
passwordenforcementandfordeviceencryption.ThosesettingsnativelysupportedbyAndroid,including
passwordanddeviceencryption,aresupportedwithoutchangebyLenovo.
ThiscomponentextendsthenativeActiveSynccapabilitybuiltintothee-mailclienttosupportadditional
devicepoliciesnotnativelysupportedbyAndroid.TheadditionalActiveSyncpoliciessupportedonthe
ThinkPadTabletinclude:
•Removablestorage(USBportandSDcardenable/disable)
•Camera
•WiFi
•Desktopsynchronization(microUSBenable/disable)
•Bluetooth(onlyBluetoothenable/disableissupported.IftheyousetBluetoothto“Handsfreeonly”inthe
ActiveSyncconsole,itdisablestheBluetoothradio).
©CopyrightLenovo201113
14ThinkPadTabletDeploymentGuide
Chapter4.LenovoMobilityManager
Lenovohasamobilitymanagementplug-inthatenablesyouto:
•Discoverdevices,withoutanagentatthepointofdataaccess,throughMicrosoftExchangeActiveSync
systems
•Knowwhichusersareconsumingcorporatedataandwhatdevicestheyareusing
•Pushdowncorporatemanagementandsecuritysettingstoout-of-policydevices
•Wipedatausingasingleuser-basedpolicyfromdevicesthatarelostorstolenorwhensomeoneleaves
yourorganization
•ImprovebusinessprocessesforreclaimingcorporateITassetsandproprietaryinformationasinthe
caseofemployeetermination
TheLenovoMobilityManagerrequirestheusertologintothecongurationserverusingaPIN,whichthe
userretrievesbyloggingintoaPINserverfromaPC.TheuserauthenticatestothePINserverusing
corporatecredentials,andsuppliesthatPINwhenloggingontotheLenovoMobilityManagerconguration
serverfromhisThinkPadTablet.Afterconnectingtothecongurationserver,theIT-providedconguration
informationispushedtothedeviceandthedeviceisautomaticallycongured.
TousetheMobilitymanagementtools,thefollowingprerequisitesarerequired:
•LenovoThinkManagementConsoleVersion9.0withSP2orlater.
•ForExchange-enableddevices,youmusthaveinstalledtheExchangeManagementTools,availableasan
optionfromwithintheMicrosoftExchangeinstallation.
•WindowsCommunicationFoundation(WCF)andInternetInformationServices(IIS)mustbeinstalledand
registered.
Whenamobiledevicelogsintosynchronizee-mail,contact,andcalendarinformation,itdoessousingan
existingOutlookmailboxaccount.Oncethedevicehasloggedin,theExchangeserverstoresidentifying
informationinitsdatabase,includingtheDeviceID,owner,thedate/timeitloggedin,andsoon.That
informationcanthenberetrievedfromtheExchangeserveranddisplayedintheMobilitymanagementtool.
©CopyrightLenovo201115
16ThinkPadTabletDeploymentGuide
AppendixA.Notices
Lenovomaynotoffertheproducts,services,orfeaturesdiscussedinthisdocumentinallcountries.Consult
yourlocalLenovorepresentativeforinformationontheproductsandservicescurrentlyavailableinyour
area.AnyreferencetoaLenovoproduct,program,orserviceisnotintendedtostateorimplythatonlythat
Lenovoproduct,program,orservicemaybeused.Anyfunctionallyequivalentproduct,program,orservice
thatdoesnotinfringeanyLenovointellectualpropertyrightmaybeusedinstead.However,itistheuser's
responsibilitytoevaluateandverifytheoperationofanyotherproduct,program,orservice.
Lenovomayhavepatentsorpendingpatentapplicationscoveringsubjectmatterdescribedinthis
document.Thefurnishingofthisdocumentdoesnotgiveyouanylicensetothesepatents.Y oucansend
licenseinquiries,inwriting,to:
Lenovo(UnitedStates),Inc.
1009ThinkPlace-BuildingOne
Morrisville,NC27560
U.S.A.
Attention:LenovoDirectorofLicensing
LENOVOPROVIDESTHISPUBLICATION“ASIS”WITHOUTWARRANTYOFANYKIND,EITHEREXPRESS
ORIMPLIED,INCLUDING,BUTNOTLIMITEDTO,THEIMPLIEDWARRANTIESOFNON-INFRINGEMENT,
MERCHANTABILITYORFITNESSFORAPARTICULARPURPOSE.Somejurisdictionsdonotallow
disclaimerofexpressorimpliedwarrantiesincertaintransactions,therefore,thisstatementmaynotapply
toyou.
Thisinformationcouldincludetechnicalinaccuraciesortypographicalerrors.Changesareperiodically
madetotheinformationherein;thesechangeswillbeincorporatedinneweditionsofthepublication.
Lenovomaymakeimprovementsand/orchangesintheproduct(s)and/ortheprogram(s)describedinthis
publicationatanytimewithoutnotice.
Theproductsdescribedinthisdocumentarenotintendedforuseinimplantationorotherlifesupport
applicationswheremalfunctionmayresultininjuryordeathtopersons.Theinformationcontainedinthis
documentdoesnotaffectorchangeLenovoproductspecicationsorwarranties.Nothinginthisdocument
shalloperateasanexpressorimpliedlicenseorindemnityundertheintellectualpropertyrightsofLenovo
orthirdparties.Allinformationcontainedinthisdocumentwasobtainedinspecicenvironmentsandis
presentedasanillustration.Theresultobtainedinotheroperatingenvironmentsmayvary.
Lenovomayuseordistributeanyoftheinformationyousupplyinanywayitbelievesappropriatewithout
incurringanyobligationtoyou.
Anyreferencesinthispublicationtonon-LenovoWebsitesareprovidedforconvenienceonlyanddonotin
anymannerserveasanendorsementofthoseWebsites.ThematerialsatthoseWebsitesarenotpartof
thematerialsforthisLenovoproduct,anduseofthoseWebsitesisatyourownrisk.
Anyperformancedatacontainedhereinwasdeterminedinacontrolledenvironment.Therefore,the
resultinotheroperatingenvironmentsmayvarysignicantly.Somemeasurementsmayhavebeenmade
ondevelopment-levelsystemsandthereisnoguaranteethatthesemeasurementswillbethesame
ongenerallyavailablesystems.Furthermore,somemeasurementsmayhavebeenestimatedthrough
extrapolation.Actualresultsmayvary.Usersofthisdocumentshouldverifytheapplicabledatafortheir
specicenvironment.
©CopyrightLenovo201117
Trademarks
ThefollowingtermsaretrademarksofLenovointheUnitedStates,othercountries,orboth:
Lenovo
TheLenovologo
ThinkPad
ThinkVantage
IntelisatrademarkorregisteredtrademarkofIntelCorporationoritssubsidiariesintheUnitedStatesand
othercountries.
Microsoft,ActiveDirectory,ActiveSync,andWindowsaretrademarksoftheMicrosoftgroupofcompanies.
Othercompany,product,orservicenamesmaybetrademarksorservicemarksofothers.
18ThinkPadTabletDeploymentGuide
PartNumber:
PrintedinUSA
(1P)P/N:
**