asset management (theft deterrent)* training foils · yes or no to “do you want the theft...

1

Intel-powered Classmate PC

Asset Management (Theft Deterrent)*Training Foils

Version 1.8.0

*Other names and brands may be claimed as the property of others.

2

INFORMATION IN THIS DOCUMENT IS PROVIDED IN CONNECTION WITH INTEL® PRODUCTS. NO LICENSE, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, TO ANY INTELLECTUAL PROPERTY RIGHTS IS GRANTED BY THIS DOCUMENT. EXCEPT AS PROVIDED IN INTEL'S TERMS AND CONDITIONS OF SALE FOR SUCH PRODUCTS, INTEL ASSUMES NO LIABILITY WHATSOEVER, AND INTEL DISCLAIMS ANY EXPRESS OR IMPLIED WARRANTY, RELATING TO SALE AND/OR USE OF INTEL PRODUCTS INCLUDING LIABILITY OR WARRANTIES RELATING TO FITNESS FOR A PARTICULAR PURPOSE, MERCHANTABILITY, OR INFRINGEMENT OF ANY PATENT, COPYRIGHT OR OTHER INTELLECTUAL PROPERTY RIGHT.

UNLESS OTHERWISE AGREED IN WRITING BY INTEL, THE INTEL PRODUCTS ARE NOT DESIGNED NOR INTENDED FOR ANY APPLICATION IN WHICH THE FAILURE OF THE INTEL PRODUCT COULD CREATE A SITUATION WHERE PERSONAL INJURY OR DEATH MAY OCCUR.

Intel may make changes to specifications and product descriptions at any time, without notice. Designers must not rely on the absence or characteristics of any features or instructions marked "reserved" or "undefined." Intel reserves these for future definition and shall have no responsibility whatsoever for conflicts or incompatibilities arising from future changes to them. The information here is subject to change without notice. Do not finalize a design with this information.

The products described in this document may contain design defects or errors known as errata which may cause the product to deviate from published specifications. Current characterized errata are available on request.

Contact your local Intel Sales Office or your distributor to obtain the latest specifications and before placing your product order.

Intel and the Intel logo are trademarks or registered trademarks of Intel Corporation in the United States and other countries.

Copyright © 2010, Intel Corporation. All rights reserved.

*Other brands and names are the property of their respective owners.

Legal Information

3

Revision Table

Document Revision Revision History Date

1.0 Initial released. WW31 ’07

1.7.0 Update for quarterly release WW16 ’10

1.8.0 Update for Operation System support WW41 ’10

4

Agenda

• Pre-Training

• Installation

• How To Deploy

• How To Use

• Uninstall

• Q & A

• Backup

5

Pre-Training

Introduction

The theft deterrent software discourages thieves from taking a classmate PC from a student or school. If a thief attempts to steal a classmate PC, this software will disable all functions and the PC will stop working, thus making the act of taking the PC not worth the risk to the thief.

In this presentation, server refers to the Intel® Theft Control Server for classmate PCs, and agent refers to the Intel® Theft Control Agent for classmate PCs.

6

Pre-Training

Goal:

This training explains how to install and use the Intel® Theft Control Server for classmate PCs and the Intel® Theft Control Agent for classmate PCs within a Local Area Network using classmate PCs as clients. This training includes how to deploy the theft deterrent software beyond both the server and the client, as well as how to check if the installation works.

Target Audience:

This training is intended for Intel Technical Marketing Engineers, Intel Technical Support, customers with technical knowledge, post sales technical support, and anyone else interested in the theft deterrent software for the classmate PC.

Note: The operators participating in this guide should be familiar with both Microsoft

Windows* OS installation on a regular PC and network settings on both a PC and a router.


7

Pre-Training

Term Meaning

CA Certificate Authority: a trusted organization that issues a public key certificate.

JKS Java* Key Store: a format for a public key certificate store used in JAVA.

Shared Secret A secret key used in the classmate PC system.

Agent In this document, we sometimes call the Intel-powered classmate PC version 1.0 or the second generation Intel-powered classmate PC as the Agent from a network perspective.

XML Extensible Markup Language: a data format.

Unlock Code A type of boot certificate in the form of a 10-digit number to unlock the device when the official boot certificate has expired.

Device owner ID The device owner ID.

Hardware ID Device hardware ID which is created at system provisioning stage and uses the system MAC address.

Expiration date The date after which the device can no longer be used.

Bootable times The number of times the device is allowed to boot before the certificate expires.

BC Boot Certificate.

Terminology


8

Pre-Training

Term Meaning

IP address Internet Protocol address.

Gateway IP address Gateway Internet Protocol address.

Proxy URL The URL of Proxy server.

DNS Server IP address The Internet Protocol address of Domain Name Server.

WINS Server IP address The Internet Protocol address of WINS server.

Common boot certificate A type of boot certificate with a default expiration date and number of boots until expiration.

One-time boot certificate A type of boot certificate in which the expiration date and number of boots until expiration can be set by an IT administrator. When the agent downloads the certificate, the setting is invalidated.

Permanent boot certificate A type of boot certificate in which the expiration date is set to 2099-01-01 and the number of boots until expiration is set to 999999.

TPM Trusted Platform Module.

Terminology (Continued)

9

Pre-TrainingHardware Requirements (for hands-on training)

Hardware Server (Recommended) Server (Basic)

CPU Intel® Pentium® 4 Processor 2.8 GHz Intel Pentium 4 Processor 2.4 GHz

Memory 2 GB 1 GB

Hard disk 160 GB SCSI 160 GB SCSI or 160 GB IDE

CD-ROM CD-ROM 8X CD-ROM

Ethernet NIC 1000 Mbps 100 Mbps

Server:

Client:• One Intel-powered classmate PC with Winbond* TPM

Other Requirements:• Wired/Wireless Router (Linksys* WRT54G, for example)

• LAN cables

• USB flash disk


10

Pre-TrainingSoftware requirements (for post-training hands-on operation)

Server: • Microsoft Windows* Server 2003 (SP1), Windows* 7 Professional or

Microsoft Windows* XP Pro (SP2) OS• Intel® Theft Control Server for classmate PCs Installation Package

Client:• Microsoft Windows* XP Pro or Windows* 7 Professional/Home

Basic/Starter• Intel® Theft Control Agent for classmate PCs Installation Package


Note: The applications are available in IBP.

To access the portal, use the following URL: Businessportal.intel.com

11

Agenda

• Pre-Training

• Installation

• How To Deploy

• How To Use

• Uninstall

• Q & A

• Backup

12

Installation

Network Installation

Server Installation

Client Installation

13

1. Right-click the wireless network connection icon in the system tray area and then click View Available Wireless Networks.

InstallationAgent Network-Wireless

Note: This illustration is an example only.

14

2. The “Wireless Network Connection” dialog will appear. Click Refresh network list in network tasks to search for wireless networks.



15

3. Double click a wireless network.



16

4. When the computer has been successfully connected to the network, you will see the word “Connected” shown in the network selection.



17

Repeat the network connection settings for the server. Use the same

network.

InstallationServer Network-Wireless

18

If the client has to be connected to the server by LAN cables, use one

LAN cable to connect the server to port 1 of the router and another

LAN cable to connect the client to port 2 of the router. No critical

setting is required because the server and the client will automatically

connect to the same network in this way.

InstallationServer Network-LAN Cable

19

Installation


Server Installation

Client Installation

20

Do the following before installing the Intel® Theft Control Server for classmate PCs:

• For Windows* XP, open ports “443” and “80” in the Windows OS firewall so that the agent can connect with the server.

• Uninstall Apache Tomcat* 6.0, if installed. If it is not uninstalled, you will see the error shown in Tomcat* error (shown on the next slide).

• If port 443 is already in use, resolve the conflict before installing the server. See the backup material for instructions on how to do this. If it is resolved, you will see the error shown in 443 port error (shown on the next slide).

• If there is old version (lower than 0.9.7) of LIBEAY32.dll or SSLEAY32.dll in system path, you must resolve this deficiency first before installing the server. Again, refer to the backup material for instructions on how to do this. If it is resolved, you will see the error shown in DLL error (shown on the next slide).

• Verify that the Server and Agent are in the same Time Zone and that the system time of the Server is not later than that of the agent.

InstallationServer


21

These illustrations show the three possible error messages described on

the previous page:

InstallationServer


22

InstallationServer

1. Click setup.exe in the server Installation Package. Choose setup language and click OK.

2. Click Next.

23

3. Choose I accept the terms in the license agreement then click Next.

InstallationServer

4. Click Next.

24

5. Choose setup type:

a. Default (install J2SDK* V1.4.2_08, Tomcat* V5.0.30, PostgreSQL* V8.2, and Intel® Theft Control Server for classmate PCs in the default location which is written in “\Tools\CMPC Configuration File\CMPCConfig.ini”).

b. Custom (you can change the installation location of J2SDK, Tomcat, PostgreSQL, and the server software in the next step).

Click Next.

InstallationServer


25

6. If you selected custom in Step 4, Click Browse... to choose the installation location of J2SDK*, Tomcat*, and PostgreSQL* components. Click Next.

InstallationServer


26

7.The deployment packet checks to determine if PostgreSQL* and MySQL* databases are installed on the Server PC. Do one of the following:

a. If there is the same or higher version of PostgreSQL, and MySQL is not installed, then go to step 7.b.

b. If there is the same or higher version of PostgreSQL, and there is an existing MySQL database, choose Yes or No to “Do you want Theft Deterrent data to be migrated automatically?” If you choose Yes, then input the password of the existed MySQL database. After the migration is finished, go to step 7.b. If you choose No, then go directly to step 7.b.

InstallationServer

(Continued)


27

7. (Continued)

c. If there is a lower version of PostgreSQL*, choose Yes or No to “Do you

want the Theft Deterrent data to be migrated automatically?” If Yes, then input

the password of the existed PostgreSQL database. When finished with the

migration, go to step 7.a. If you choose No, go directly to step 7.a.

d. If there are no PostgreSQL or MySQL* databases, then go to step 7.a.

e. If there is no PostgreSQL database, but there is a MySQL database, choose

Yes or No to “Do you want the Theft Deterrent data to be migrated automatically?” If Yes, then input the password of the existed PostgreSQL database. When finished with the migration, go to step 7.a. If you choose No, go to step 7.a.

InstallationServer


28

Database check if there is a lower version of PostgreSQL* or nothing installed on the server:

Have PostgreSQL?

PostgreSQL

Version?

Have

MySQL*?

Install PostgreSQL 8.2

Migrate

PostgreSQL?

Migrate

MySQL?

Yes

No

Low

Yes

Yes

No

No

Yes

No


29

Database check if there is the same or higher version of PostgreSQL* database on the server:

Have PostgreSQL?

PostgreSQL

Version?

Have

MySQL*?

Migrate

MySQL?

Yes

Yes

Yes

No

No

Do Not install PostgreSQL 8.2

Same or

higher


30

Set PostgreSQL 8.2 Password

8. Install components.

a. Install PostgreSQL* 8.2. You can use the default root account password

which is written in “\Tools\CMPC Configuration File\CMPCConfig.ini”. You

can also set a new password for the database. Click Next.

InstallationServer


31

8. Install components (continued).

b. Install J2SDK*, Tomcat*, PostgreSQL*, and the server software. Click

Next. This step may take a few minutes.

Installing J2SDK*, Tomcat*, PostgreSQL*, and theft deterrent software components

InstallationServer


32

9. Set the server Admin password.

Note: The password must not be less than 6 characters, it must contain at least one lowercase letter,

one uppercase letter, and one special character (for example, ! @ # , $ %). Some special letters are

considered illegal, for example the question mark (?), backslash (\), and single quote (‘).

Set the Server Admin Password

InstallationServer

33

10.Set the IP address.

InstallationServer

34

The server IP address must be set static.

The server IP Address can be blank when server machine has only one network card.

If the server has more than one network card, the installation program will remind you to input a valid static IP address.

Note 1

Note 2

Note 3

InstallationServer

10. Set the IP address (continued).

35

11. Wait for the Setup program to install the server software.

InstallationServer

12. Click Finish to finish the installation.

36

Checkpoint 1: How To check to determine if the three third-party software applications have been installed and are working correctly?

How to check if the third party software has already been installed?

After the server has been deployed, you can check the three third-party software applications through "Add or Remove Programs" in the Windows* Control Panel. Their names are “Java* 2 Runtime Environment, SE v1.4.2_08”, “Apache Tomcat* 5.0” and “PostgreSQL* 8.2”.

How To CheckServer


http://image.baidu.com/i?ct=503316480&z=1&tn=baiduimagedetail&word=%CE%CA%BA%C5&in=5094&cl=2&cm=1&sc=0&lm=-1&pn=34&rn=1&di=1561942324&ln=1279

37

How to check if the Tomcat* web server works?

Step 1: Choose Start Menu All Programs Apache Tomcat* 5.0

Monitor Tomcat. There should be a Check Tomcat client icon in system tray. Double-click it; you will see the form shown at the right. It’s working if the Service Status is shown as “Started.”

Step 2: Open a web browser and input http://localhost. You should be able to access the Tomcat default page.

How To CheckServer


http://localhost/

38

How to check if the PostgreSQL* database working?

Select Start Menu All Programs PostgreSQL 8.2 pgAdmin III. Double click the “PostgreSQL Database Server 8.2 (localhost:5432)”, then enter the

database password which you set when you installed the server. (The default PostgreSQL root password is "Intel1234"). It’s working if you can connect to

the database successfully.

How To CheckServer


39

How To Recover From a Failure

a) If you see any error messages while installing the server, refer to the Theft Deterrent Software for Intel-powered classmate PCs Deployment Guide.

b) If the Tomcat* web server is not started, select Start Menu All Programs Apache Tomcat 5.0 Monitor Tomcat, then click Start manually in the

“Apache Tomcat Properties”.

How To CheckServer


40

How To Check the PostgreSQL Database

To check the PostgreSQL* Service to see if it has started, go to Control Panel Performance and Maintenance Administrative Tools Services.

Manually right-click and start the PostgreSQL Service if it has not already started.

How To CheckServer


41

Checkpoint 2: How To check if the Intel® Theft Control Server for classmate PCs has already been installed and works?

Open a web browser and go to the server main page: http://localhost/tdserver. Log into the admin account.

How To Recover From a Failure:

• If you cannot access the server main web page, verify that the Tomcat* web server has been started, if not, start it and try again.

• If you can access the server main web page, but cannot log-in, verify that the PostgreSQL* Service has been started. If it is not started, start it and try again.

How To CheckServer


http://localhost/tdserver.

42

Installation


Server Installation

Agent Installation

43

Pre-Installation

Before starting the Intel® Theft Control Agent for classmate PCs

installation, make sure that the classmate PC can boot to Windows* XP

OS, that all drivers have been installed, and that there are no “!”

indications in the device management listing, especially for the TPM

device.

InstallationAgent


44

1. Click setup.exe in Agent Installation Package. Choose setup language and click OK.

InstallationAgent

2. Click Next.

45

3. Select I accept the terms in the license agreement and then clickNext.

InstallationAgent

4. In the configure file (“\Tools\CMPC Configuration File\CMPCConfig.ini”), the default directory is [C:\Program Files\Intel\Theft Deterrent Agent\]. Click Next.

46

5. Click Next. This step may take a few minutes.

InstallationAgent

6. Wait a moment and click Finish to finish the installation.

47

7. Click Yes to restart the computer or No if you plan to restart later.

InstallationAgent

8. After restarting the computer, the agent will start up automatically when the OS starts up. The program will be minimized, displaying an icon in the Windows* OS taskbar.

48

Checkpoint 3: How To Check the TPM Module

Connect the agent with the server, then move the mouse over the agent’s icon in the system tray. Check the popup tooltips:

• If HWID in the tooltip equals the wired or wireless NIC Mac address, the TPM is working, otherwise it is not working.

• If the Expiration Date is between 2000 and 2099 and the format is “MM/DD/YYYY”, then the TPM is working, otherwise it is not working.

• If the Remain Boots is an abnormal value that exceeds the normal scope (for example 10000, depending on the individual machine), then the TPM isn’t working properly. If it is in the normal range then the TPM is working properly.

How To CheckAgent

49

Checkpoint 3: How To Check the TPM Module (continued)

How To Recover From a Failure• Go to Control Panel System Hardware Device Manager System

devices Winbond Trusted Platform Module 1.2. If the driver is disabled or shows an abnormal status, restart the computer or “disable/enable” the driver.

• Go to Control Panel Administrative Tool Services NTRU TSS v1.2.1.25 TCS. If the service is stopped or shows an abnormal status, restart the computer or “stop/start” the service.

How To CheckAgent

50

Checkpoint 4: How To Check if the Agent Has Already Been Installed and Works Correctly?

Manually download and parse a new Boot Certificate. The expiration status will be changed.

How To CheckAgent

How To Recover from a Failure:

• Check that the TPM module in working normally.

• Check that the TSS Service is running in the classmate PC.

• Check that the network of the classmate PC is working properly. You can check the network by accessing the server main web page from a classmate PC.

• Check that the CA certificate has been installed successfully when the agent

downloads the Auto Provision Package.

51

• Pre-Training

• Installation

• How To Deploy

• How To Use

• Uninstall

• Q & A

• Backup

Agenda

52

How To DeployServer and Agent

Prerequisites:

• Install the server and agent software.

• Configure the network.

53


1. Open a web browser and log-on to the server at “http://localhost/tdserver”, make sure to input the correct user name and password. (You set both of these in Server Installation Step 8.)

54

2. Check that the Server Broadcast Control is On (the default status is ON). (Choose Server Left Navigation Bar Service Management.)


55


Agent side

3. Check the Settings. The agent will use the server IP address shown below (right). Double-click the tray icon or right-click the tray icon then choose Settings.

56

4. The agent will register itself as a temp account on the server. After the

admin logs-in, the window shown below will display. Click Click here to

go to next page.

Note: Only “Admin” users can see this temp account page.


57


5. Approve the temp account.

Note: Only “Admin” users have the privilege to approve the temp account.

58


6. The agent will download the certification authority (CA) automatically.

Click Yes to accept this CA.

59

Note: If the downloaded CA can’t take effect in the classmate PC, follow the steps illustrated below to manually import the CA.


60


7. The agent will download the “auto provision package,” and then request

that the user reboot. Click Reboot now to reboot the classmate PC or

wait and it will reboot automatically in 30 seconds.

Note: After rebooting the OS, move the mouse over the agent icon in the taskbar.

The deployment was successful if it shows the information below.

61


8. The agent will then download the “shared secret,” and request the user

to reboot again. Click Reboot now to reboot the classmate PC, or wait

and it will reboot automatically in 30 seconds.

Note: After rebooting the OS, move the mouse over the agent icon in the taskbar. The deployment was successful if it shows the information below.

62


The agent has now been deployed successfully. This agent can

now be used to download a Boot Certificate from the server.

63

Agenda

• Pre-Training

• Installation

• How To Deploy

• How To Use

• Uninstall

• Q & A

• Backup

64

How To UseServer

1. Device Management: The features are shown below.

65

How To UseServer

Device Management:

Delete a device

Add a new account Click the hardware ID to edit

66

How To UseServer

2. Provision Management: The features are shown below.

67

How To Use Server

Provision Management: Common Boot Certificate settings. You can set the

expiration duration and average boot times per day for all agents.

Note:The Boot certificate expiration duration can’t be less than 15 days, and the total boot times can’t be

less than 100.

68

Provision Management: One-time Boot Certificate settings. You can

set a one-time or permanent Boot Certificate for a special device.

How To UseServer

Set one-time or permanent BCAdvance search

69

How To UseServer

3. Unlock Code Retrieval: You can generate the unlock code for the

locked agent.

Generate unlock code

70

How To UseServer

4. Data Management: The features are shown below.

Import data

Export data

Import server credential files

Export server credential files

Data Management

71

How To Use Server

Data Management: Here you can backup the server data or import server data.

Import backup account data

Export account data for backup

Import server credential files for

backup

Export backup server credential

files

Note: When importing server credential files, do the followings:

• Unzip the server credential files, then import anyone of them. The remaining files will be imported

automatically.

• Manually restart Tomcat* service or restart the OS after importing the files.


72

How To Use Server

5. Security Management: The features are shown below.

73

Security Management: Shared Secret Settings.

How To Use Server

Update shared secret Export shared secret Advanced search

74

How To Use Server

Security Management: Public Key Settings.

Update public key for all devices

Export public key for backup

75

How To UseServer

Security Management: Intel Provision Package. (Refer to the next page to see how to use

the Intel provision package.)

Import Intel provision package

76

Scenario:

If the server has updated the public key and any of the classmate PCs have been locked, because their boot-time expired without having a new public key downloaded, then how can the Administrator unlock these classmate PCs?

In this scenario, it can only be resolved by using Intel provision package (the procedure

is described in the following steps).

How To Use Server

http://www.funbq.com/list/285/

77

1. Power on the locked classmate PC and get the S/N number at locked screen.

How To Use Server

78

2. Get the updated Pub_Key file from the server which can be found in the C:/CMPC directory if the server was installed on the C: drive.

How To UseServer

79

3. Send the S/N number and pub_key file to your Intel representatives who will give you an Intel signed package named tcopp.bin.

4. Copy the tcopp.bin file to a USB disk.

5. Insert the USB disk to the classmate PC

6. Reboot the classmate PC.

Note: Limitation for using a USB disk:

• Must be formatted by Windows* XP OS built-in format tool.

• FAT16 supports sizes up to 2 GB (Intel recommends using a size < 2 GB).

• FAT32 supports sizes up to 8 GB.

How To Use Server


80

6. In the locked screen, press the Ctrl+Insert hotkey to read the USB disk. The screen shown below will display if the USB disk can be read successfully. The classmate PC will reboot automatically.

The classmate PC has been unlocked successfully after the reboot.

How To UseServer

81

6. Taskbar Icon: The color of the taskbar icon changes to indicate a

different status.

How To Use Agent

“Normal” status.

“Warning” status indicates this PC has less than 2 days or less than 5 boot times until it’s BC expires. The Agent will download common boot certificate automatically.

“Not activated” status indicates this PC account has not been approved at the server.

“Cannot connect with server” status indicates this PC cannot connect with server.

“Cannot connect with server” status indicates this PC cannot connect with server and the account has not been approved.

82

7. Taskbar Icon: Right-click on the Agent’s taskbar icon to open the menu

shown below.

Log onto server

Settings

Help

About

How To Use Agent

83

8. Taskbar Icon: device account

Right-click the taskbar icon and then select Log onto Server. Follow the steps shown

below:

Click Login to continue.

For the first log-in, set the password, student name, and birthday.

How To UseAgent

84

Log onto Server: After the first log-in, input the password and click Login.

Input password

How To UseAgent

85

Log onto Server: Enter the Profile Settings under My Account.

Profile Setting

How To UseAgent

Click Save to save the new settings.

86

Log onto Server: Unlock Code Retrieval.

Notes:• When the classmate PC has been locked, you can use your own account to log into the

sever by another classmate PC, and generate the unlock code.

• When the classmate PC has been set to stolen status in the server database, the unlock

code generated by the student account can’t unlock the classmate PC.

How To UseAgent

87

9. Taskbar Icon: Right-click the taskbar icon and then select Settings. The window

shown below will display.

You can import the server IP address manually

How To UseAgent

88

If you want to use the Proxy Server, check Use Proxy Server.

You can import the Proxy Server info manually here.

Notes:

• If you have set the Proxy Server in Microsoft Internet Explorer* and have

never used the Theft Deterrent Proxy Server before, the Theft Deterrent

Proxy Server Address will automatically be filled with what is in the IE

setting.

• If the Theft Deterrent Proxy Server has been used before, the Theft

Deterrent Proxy Server Address will be filled with the last used address.

How To UseAgent


89

How To UseAgent

10. Taskbar Icon: Right-click the taskbar icon then choose Help. The help page

for the agent will open.

90

How To UseAgent

11. Taskbar Icon: Right-click the taskbar icon then select About. The About window

for the agent will open.

91

• Pre-Training

• Installation

• How To Deploy

• How To Use

• Uninstall

• Q & A

• Backup

Agenda

92

1. In the Control Panel, find the “Intel classmate PC Theft Deterrent Server ”

and click Remove.

UninstallServer

2. Click Yes to begin the uninstall.

3. The uninstall is finished when the progress indicator dialog closes.

93

1. In the Control Panel, find the “Intel classmate PC Theft Deterrent Agent ”

and click Remove.

UninstallAgent

2. Click Yes to begin the uninstall.

3. The uninstall is finished when the progress indicator dialog closes.

94

• Pre-Training

• Installation

• How To Deploy

• How To Use

• Uninstall

• Q & A

• Backup

Agenda

95

Q & A

96

• Pre-Training

• Installation

• How To Deploy

• How To Use

• Uninstall

• Q & A

• Backup

Agenda

97

To change the default port of the server, if port 80 or 443 has been used by another

application, do the following:

On the server side:

1. Find server.xml file in Tomcat* working folder. If you installed Tomcat* in

C:\Program Files\Tomcat, server.xml file is in C:\Program Files\Tomcat\conf.

2. Change server.xml file as shown below.

For example, if you choose to use 8080 as HTTP port and 8443 as HTTPS port for server, then

change the text shown below.

(Continued)

BackupPort Changing


98

3. Restart Tomcat*.

On the agent side:

1. Wait for the server broadcast. When the Intel-powered classmate PC receives the

server broadcast, the server IP address will fill in the edit box of the Agent UI.

2. Modify the configuration file “AgentConfig.ini.” Change the value of “ServerAddress.”

For example, if you have received broadcast from 192.1.1.1, and the HTTP port is

8080, then change the value from ServerAddress="192.1.1.1" to

ServerAddress="192.1.1.1:8080." The temp account will then be registered in the

server.

3. After the admin accepts the device account, the agent will download the auto

provision package and display a message box to reminder user to reboot. Select

Cancel, and then modify the configuration file named "AgentConfig.ini" if the HTTPS

port is 8443, then change the value from ServerAddress="192.1.1.1:8080" to

ServerAddress="192.1.1.1:8443", reboot device.

4. Download the boot certificate from the server.

BackupPort Changing


99

Notes:

• When the Admin logs into the server, use https://192.1.1.1:8443/tdserver

• When the student sets his password for the first time in the server, use

https://192.1.1.1:8443/tdserver/student/actication.jsp?HWID=************

• When the student logs into the server, use https://192.1.1.1:8443/tdserver/

student/student_login.jsp

BackupPort Changing


100

If there are old versions of LIBEAY32.dll or SSLEAY32.dll (older than version

0.9.7) in the system path, do the following:

1. Press Start and then click Run….

2. Enter cmd then click OK.

3. Input “path” command to list the

system paths.

BackupDLL Changing

101

For example, you can double-click the icon of My Computer, click Search, and then select All

files and folders.

Input the file name (LIBEAY32.DLL) and select Look in: Local Disk (C:\); then press Search.

BackupDLL Changing

4. Search for the LIBEAY32.dll and SSLEAY32.dll files from these system paths.

Note: The system paths may include several folders. Search for the two files under every subfolder in

the system path.

102

If old versions of LIBEAY32.dll or SSLEAY32.dll (lower than 0.9.7) files are found in the system

path, do the following:

1. Rename the Libeay32.dll file to Libeay32.bak at “C:\windows\system32” (this must be included

in the system path). Rename SSLEAY32.dll to SSLEAY32.bak.

2. Install the theft deterrent software.

3. After the installation of theft deterrent software is complete, change the name back to the

original names on all the files you changed in the first two steps.

BackupDLL Changing

asset management (theft deterrent)* training foils · yes or no to “do you want the theft...

Documents