BET 268556 Safeboot Service Desk GITCS-OSI-054 2
-
Upload
poncho-davila -
Category
Documents
-
view
217 -
download
0
Transcript of BET 268556 Safeboot Service Desk GITCS-OSI-054 2
-
8/22/2019 BET 268556 Safeboot Service Desk GITCS-OSI-054 2
1/32
If you are using a printed copy of this document, please check that the version number is consistent with the current versionnumber in the EIS Electronic Library.
Title: GITCS-OSI-054 SafeBoot Mobile Data Security ClientSoftware Support for Service Desks
Page 1 of 32 Version 2.0
Owner: Christina Payton Confidential Last Save Date: 26-Sep-2007
GITCS-OSI-054
SafeBoot Mobile Data Security ClientSoftware Support for Service Desks
Version 2.0
Effective Date: 01-Oct-2007
Purpose: The purpose of this OSI is to describe how to support end users with SafeBootMobile Data Security Client Software loaded on their business computers.
Scope: The scope for this document is global Zone 1, Zone 2 and Zone 3 service desks.
Areas Invol ved: Global IT Customer Services
Supersedes/Replaces : GITCS-OSI-054, SafeBoot Mobile Data Security Client Software Support forService Desks Version 4.2 and higher, Version 1.0
-
8/22/2019 BET 268556 Safeboot Service Desk GITCS-OSI-054 2
2/32
If you are using a printed copy of this document, please check that the version number is consistent with the current version
number in the EIS Electronic Library.
ELI LILLY AND COMPANYSafeBoot Mobile Data Security Client Software Support for Service Desks
Title: GITCS-OSI-054 SafeBoot Mobile Data Security ClientSoftware Support for Service Desks
Page 2 of 32Version 2.0
Owner: Christina Payton Confidential Last Save Date: 26-Sep-2007
TABLE OF CONTENTS
1.
INTRODUCTION............................................................................................................................................. 3
1.1 SCOPE ....................................................................................................................................................... 31.2 CHANGE CONTROL REQUEST ...................................................................................................................... 31.3 REFERENCE DOCUMENTS............................................................................................................................31.4 DOCUMENTS REFERENCED IN THIS PROCEDURE: .......................................................................................... 31.5 ROLES AND RESPONSIBILITIES:.................................................................................................................... 41.6 GLOSSARY/ACRONYMS/ABBREVIATIONS:...................................................................................................... 5
2. USING SAFEBOOT MOBILE DATA SECURITY CLIENT.............................................................................. 7
2.1 CHECKING SAFEBOOT ENCRYPTION STATUS ................................................................................................ 7
3. TIER 1 REGIONAL SUPPORT USER TOOLS ............................................................................................ 8
3.1 RESETTING A FORGOTTEN PASSWORD.......................................................................................................... 83.2 RESETTING PASSWORD AFTER TOO MANY BAD ATTEMPTS TO LOGON .......................................................... 14
3.3 BINDUSERTOOL...................................................................................................................................... 223.4 RECOVERING A COMPUTER WITH UNKNOWN SAFEBOOT CREDENTIALS (BOOT ONCE).................................... 24
4. TRAINING ....................................................................................................................................................... 31
REVISION HISTORY: .......................................................................................................................................... 32
PROCEDURE APPROVAL SIGNATURES:......................................................................................................... 32
-
8/22/2019 BET 268556 Safeboot Service Desk GITCS-OSI-054 2
3/32
If you are using a printed copy of this document, please check that the version number is consistent with the current version
number in the EIS Electronic Library.
ELI LILLY AND COMPANYSafeBoot Mobile Data Security Client Software Support for Service Desks
Title: GITCS-OSI-054 SafeBoot Mobile Data Security ClientSoftware Support for Service Desks
Page 3 of 32Version 2.0
Owner: Christina Payton Confidential Last Save Date: 26-Sep-2007
1. INTRODUCTION
1.1 Scope
The purpose of this document is to describe how to support end users with SafeBoot Mobile Data SecurityClient software on a Lilly Business Computer loaded on their business computer.
1.2 Change Contro l Request
Problems with the content of this Operational Support Instructions (OSI) document will be documented with aChange Request and resolved in a subsequent version of the document.
1.3 Reference Documents
Refer to the GITCS Master Document List System located on the GITCS website for the latest version of thisdocument. The GITCS Quality Integrator maintains the Master Document List Systems.
1.4 Documents Referenced in this Procedure:
Document Name Location
GITCS-OSI-052 SafeBoot Mobile Data Security Administration GITCS Master Document List System
GIS-OPS-SOP-010H Pilars Docbase , gel / eis / csc
CSC-SOP-006 Access and Control of the EDS LDAPPassword Help Desk Tool
Pilars Docbase , gel / eis / csc
-
8/22/2019 BET 268556 Safeboot Service Desk GITCS-OSI-054 2
4/32
If you are using a printed copy of this document, please check that the version number is consistent with the current version
number in the EIS Electronic Library.
ELI LILLY AND COMPANYSafeBoot Mobile Data Security Client Software Support for Service Desks
Title: GITCS-OSI-054 SafeBoot Mobile Data Security ClientSoftware Support for Service Desks
Page 4 of 32Version 2.0
Owner: Christina Payton Confidential Last Save Date: 26-Sep-2007
1.5 Roles and Responsibilit ies:
Role Responsibility
EnterpriseAdministrator Highest Administrative Authority for the SafeBoot Administrative Environment. TheEnterprise Administrator is the system owner.
1. Server Architecture/Design/Administrationa. Architecture and design implementationb. Administer the SafeBoot Databasec. Administer the SafeBoot Server(s)
2. Policy Design and Maintenancea. Globally administer user and machine groups policiesb. Create and apply changes to policies for users and machine groups
3. User Managementa. Globally create/delete/rename user accountsb. Globally administer users in support groups
4. Machine Managementa. Globally create/delete/rename machine accounts
5. Group Managementa. Globally create/delete/rename user groupsb. Globally create/delete/rename machine groups
6. AD Synchronization Managementa. Globally maintain Active Directory Connector objects.
7. Password/token resetsa. Perform WebRecovery Password Resetsb. Perform Administrative Password Resets
8. Perform Recovery Operationsa. Perform WebRecovery Machine Recoveries/unlocksb. Perform Administrative Machine Recoveries/unlocksc. Perform Administrative SafeBoot decryption and SafeBoot
uninstallationd. Distribute daily SafeTech access codes to Regional Administrators,
as needed.
-
8/22/2019 BET 268556 Safeboot Service Desk GITCS-OSI-054 2
5/32
If you are using a printed copy of this document, please check that the version number is consistent with the current version
number in the EIS Electronic Library.
ELI LILLY AND COMPANYSafeBoot Mobile Data Security Client Software Support for Service Desks
Title: GITCS-OSI-054 SafeBoot Mobile Data Security ClientSoftware Support for Service Desks
Page 5 of 32Version 2.0
Owner: Christina Payton Confidential Last Save Date: 26-Sep-2007
Regional
Administrator
The Regional Administrator (one per EIS IT Zone) administers all users andmachines for the respective Zone. Scope is machine groups and user groups inthe respective Zone only.
1. Server Managementa. Check status of SafeBoot Serverb. Restart SafeBoot Server
2. User Managementa. Globally create/delete/rename user accountsb. Globally administer users in support groups
3. Machine Managementa. Globally create/delete/rename machine accounts
4. Password/token resetsa. Perform WebRecovery Password Resetsb. Perform Administrative Password Resets
5. Perform Recovery Operations
a. Perform WebRecovery Machine Recoveries/unlocksb. Perform Administrative Machine Recoveries/unlocksc. Perform Administrative SafeBoot decryption and uninstallationsd. Distribute daily SafeTech access codes to Local Support User on an
as needed basis.
Regional
Support User
Tier 1/Remote
Tier2
Regional Support encompasses the typical Tier 1/Help Desk function, andpossesses the responsibility to perform password/token resets for users in theirrespective Zone. The Regional Support role also possesses the responsibility tounlock machines for machines in their respective Zone. It embodies thecapabilities of a technician doing remote Tier 2 support (remote control of the PCwith the business partner on the telephone).
It is not expected that SafeBoot will create any significant increase in incidents to
be resolved, but resolution times will increase due to the challenge/response natureof the account management tools.
1. Perform WebRecovery Password Resets2. Perform WebRecovery Machine Recoveries/unlocks
Local Support
User On-site
Tier 2
Local Support User role exists to allow a small number of Tier 2 technicians theability to provide valid SafeBoot pre-boot credentials to a SafeBoot users machinewithin the specific locality. This role has no administrative authority in the serverenvironment. Scope of the role is machines assigned to groups for their respectiveaffiliate location. Such technicians are presumed to have Windows-basedAdministrator rights to perform the needed modifications to the computer. Disasterrecovery incident resolution times will increase due to the need to decrypt theinformation on the computer to perform some recovery efforts.
1. Perform Disaster Recovery Operations using SafeBoot tools (WinTech)provided by the vendor
2. Performing Boot Once Procedure as needed3. Reinstall SafeBoot Data Encryption on notebooks during break/fix activities
End User Client end user. No administrative authority in the server environment. Ability tochange their password via self help utilities or request password reset.
1.6 Glossary/Acronyms/Abbreviations:
-
8/22/2019 BET 268556 Safeboot Service Desk GITCS-OSI-054 2
6/32
If you are using a printed copy of this document, please check that the version number is consistent with the current version
number in the EIS Electronic Library.
ELI LILLY AND COMPANYSafeBoot Mobile Data Security Client Software Support for Service Desks
Title: GITCS-OSI-054 SafeBoot Mobile Data Security ClientSoftware Support for Service Desks
Page 6 of 32Version 2.0
Owner: Christina Payton Confidential Last Save Date: 26-Sep-2007
Acronym Descr iption
BET Business Event Training (Course Number)
GITCS Global IT Customer Services
OSI Operational Support Instructions
IVI Installation Verification Instructions
MBR Master Boot Record
T1 Tier 1
T2 Tier 2
CR Change Request
TT Trouble Ticket
-
8/22/2019 BET 268556 Safeboot Service Desk GITCS-OSI-054 2
7/32
If you are using a printed copy of this document, please check that the version number is consistent with the current version
number in the EIS Electronic Library.
ELI LILLY AND COMPANYSafeBoot Mobile Data Security Client Software Support for Service Desks
Title: GITCS-OSI-054 SafeBoot Mobile Data Security ClientSoftware Support for Service Desks
Page 7 of 32Version 2.0
Owner: Christina Payton Confidential Last Save Date: 26-Sep-2007
2. USING SAFEBOOT MOBILE DATA SECURITY CLIENT
2.1 Checking SafeBoot Encrypt ion Status
To check the status of SafeBoot encryption or connection to the SafeBoot server, follow the steps below. Youwould want to do this to help an end user verify encryption has completed on the business computer.
Step # Action Expected Result
1Instruct the end user to right click on SafeBoot icon insystem tray
Drop down menu appears
2Have end user select Show Status from the menu(NOTE: Do not double click or SafeBoot screen saverwill activate.)
SafeBoot Status Window appears
3Have end user verify the encryption status in thebottom right corner of window
Encryption status will be:
Blue: In Progress
Red: None
Green: Encrypted
4Instruct end user to click Close button SafeBoot Status Windows closes
-
8/22/2019 BET 268556 Safeboot Service Desk GITCS-OSI-054 2
8/32
If you are using a printed copy of this document, please check that the version number is consistent with the current version
number in the EIS Electronic Library.
ELI LILLY AND COMPANYSafeBoot Mobile Data Security Client Software Support for Service Desks
Title: GITCS-OSI-054 SafeBoot Mobile Data Security ClientSoftware Support for Service Desks
Page 8 of 32Version 2.0
Owner: Christina Payton Confidential Last Save Date: 26-Sep-2007
3. TIER 1 REGIONAL SUPPORT USER TOOLS
The following tools are provided for Regional Support Users (Tier 1 Service Desk Agents) who have privilegedaccounts to log into the SafeBoot Web Recovery tool.
3.1 Resetting a forgot ten password
The following procedure should be used when a SafeBoot End User calls the Service Desk when they haveforgotten their password.
Step # Action Expected Result
1Navigate to the SafeBoot Web Helpdesk website foryour zone.
Z1 - IC1encrprd01: https://40.1.234.72 Z2 - YO2VMENCSVR01: https://40.205.6.78 Z3 - sg3sboot01: https://40.191.33.58
NOTE: Use of fully qualified domain name(am.lilly.com) will cause the website to lock during areset. Recommendation: use IP address.)
SafeBoot Web Helpdesk opens
2Select Perform SafeBoot Recovery. Under HelpdeskOperators
SafeBoot Web Helpdesk Recovery pageappears. NOTE: If you see a 4 alongthe left edge of the screen, this isexpected it just confirms that you areusing ver 4 of SafeBoot.
3Select PC/Laptop/User Recoverybutton
Web Helpdesk Logon page appears
-
8/22/2019 BET 268556 Safeboot Service Desk GITCS-OSI-054 2
9/32
If you are using a printed copy of this document, please check that the version number is consistent with the current version
number in the EIS Electronic Library.
ELI LILLY AND COMPANYSafeBoot Mobile Data Security Client Software Support for Service Desks
Title: GITCS-OSI-054 SafeBoot Mobile Data Security ClientSoftware Support for Service Desks
Page 9 of 32Version 2.0
Owner: Christina Payton Confidential Last Save Date: 26-Sep-2007
Step # Action Expected Result
4Login using your SafeBoot credentials. Web Helpdesk User Challenge screen
appears
5 Verify end user identity usingGIS-OPS-SOP-010H (Challenge Questions).
End user identity is verified
6Verify the end user is at the SafeBoot Security Systemscreen and is getting :Password is Incorrect errormessage. (If End User is getting Account Lockederror, see Section 3.2 of this document.)
End user verifies they are at SafeBootlogin and is getting Password is Incorrecterror
7 Have the end user enter their User ID in the SafeBootLogin Screen and click Options. Button The end user will be presented with aSafeBoot Options screen with their nameas Common Name.
-
8/22/2019 BET 268556 Safeboot Service Desk GITCS-OSI-054 2
10/32
If you are using a printed copy of this document, please check that the version number is consistent with the current version
number in the EIS Electronic Library.
ELI LILLY AND COMPANYSafeBoot Mobile Data Security Client Software Support for Service Desks
Title: GITCS-OSI-054 SafeBoot Mobile Data Security ClientSoftware Support for Service Desks
Page 10 of 32Version 2.0
Owner: Christina Payton Confidential Last Save Date: 26-Sep-2007
Step # Action Expected Result
8Have the end user click Recover. button The end user will be presented with a 16
digit User Code on their screen.
9Have the end user read the 16 digit User Code fromtheir screen.
User reads 16 digit User Code fromscreen
10On the Web Helpdesk User Challenge screen, enterthe end users code in the Challenge (from end usersscreen) space and reads it back to the End User toVerify Ensure that Reset Users Password is selectedunder Select Action. Click Next.
You will be presented with the WebHelpdesk User Recovery Responsescreen showing you a 17 digit user code.
-
8/22/2019 BET 268556 Safeboot Service Desk GITCS-OSI-054 2
11/32
If you are using a printed copy of this document, please check that the version number is consistent with the current version
number in the EIS Electronic Library.
ELI LILLY AND COMPANYSafeBoot Mobile Data Security Client Software Support for Service Desks
Title: GITCS-OSI-054 SafeBoot Mobile Data Security ClientSoftware Support for Service Desks
Page 11 of 32Version 2.0
Owner: Christina Payton Confidential Last Save Date: 26-Sep-2007
Step # Action Expected Result
11From the Web Helpdesk User Recovery Responsescreen, read Line 1 of the recovery code (this will be a17 digit code) to the end user.
User code is read and verified to the enduser. End user enters code in the
Recovery Code box on their screen.
12 Have end user click Next The end user will see a message on thescreen that says, SafeBoot is now readyto recover your computer. To proceed,click Finish.
13
Instruct the end user to click Finish
A message appears on the end usersscreen that says, Recovery completedsuccessfully.
-
8/22/2019 BET 268556 Safeboot Service Desk GITCS-OSI-054 2
12/32
If you are using a printed copy of this document, please check that the version number is consistent with the current version
number in the EIS Electronic Library.
ELI LILLY AND COMPANYSafeBoot Mobile Data Security Client Software Support for Service Desks
Title: GITCS-OSI-054 SafeBoot Mobile Data Security ClientSoftware Support for Service Desks
Page 12 of 32Version 2.0
Owner: Christina Payton Confidential Last Save Date: 26-Sep-2007
Step # Action Expected Result
14Instruct the end user to click OK
User receives message that passwordhas been reset to 12345
15Have the end user enter the password, 12345 on theSafeBoot login screen and click OK.
User will be prompted to change theirSafeBoot password.
16Have end user enter a new SafeBoot password (thisshould be what the user wants their Windowspassword to be.)
End user changes SafeBoot passwordand will see Password ChangedSuccessfully window
17 Windows will then begin to load. End user will be prompted with iPassprompt
18
If Then Result
The user is already connectedvia Ethernet to the Lillynetwork (i.e. at an affiliate)
Have the end user click Noto iPASS prompt.
End user will be promptedwith the SecurityAuthentication screen
The end user is workingremotely and is in locationwhere they can make an
iPASS connection
Have end user click on Yesto make an iPASSconnection to Lilly
End user is prompted tologin into iPASS and entertheir iPASS information and
presented with the SecurityAuthorization screen.
The end user is unable toconnect to the Lilly network atthis time
Have the end user click Noto iPASS prompt.
End user will be promptedwith the SecurityAuthentication screen
-
8/22/2019 BET 268556 Safeboot Service Desk GITCS-OSI-054 2
13/32
If you are using a printed copy of this document, please check that the version number is consistent with the current version
number in the EIS Electronic Library.
ELI LILLY AND COMPANYSafeBoot Mobile Data Security Client Software Support for Service Desks
Title: GITCS-OSI-054 SafeBoot Mobile Data Security ClientSoftware Support for Service Desks
Page 13 of 32Version 2.0
Owner: Christina Payton Confidential Last Save Date: 26-Sep-2007
Step # Action Expected Result
19End user clicks OK to the Security Authorization
End user is logged into Windowsautomatically with their forgotten
Windows credentials. NOTE: Theforgotten password is NOT presented tothe user.
20At this point the end user no longer knows their Windows password so it must be reset to create
the synchronization with the SafeBoot password.
If Then Result
The end user is connected viaEthernet to the Lilly network(i.e. at an affiliate) or the useris working remotely via iPASS
1. Walk the end userthrough changing theirLotus Notes passwordto what they made theirSafeBoot password.
2. Click NO whenprompted tosynchronize the Notespassword with Windows
3. Instruct end user to
Logoff (usingStart/shutdown/Logoff DO NOT RESTART.
4. Reset end usersWindows password to atemporary passwordthat will force them tochange at next login.
1. End users Lotus Notespassword is changed tocurrent what theSafeBoot password wasset to in Step 16.
2. Windows password ISNOT changed at thispoint.
3. End user is logged outand brought back to the
Ctrl/Alt/Del screen readyto login in to windows
4. End user logs intoWindows with theTemporary password andwill be prompted tochange password to theone set in Step 16
Proceed to Step 21
The end user isunable toconnect to the Lilly network atthis time (Skip steps 20-24).
End process here andadvise the end user tocall Service Desk whenthey can connect to Lilly
network to synchronizepasswords.
The end user will continue tobe able to log into SafeBootwith the new password thatwas set in Step 16, however
SafeBoot will still be loggingthem into Windows with theforgotten password so thismust be reset.
-
8/22/2019 BET 268556 Safeboot Service Desk GITCS-OSI-054 2
14/32
If you are using a printed copy of this document, please check that the version number is consistent with the current version
number in the EIS Electronic Library.
ELI LILLY AND COMPANYSafeBoot Mobile Data Security Client Software Support for Service Desks
Title: GITCS-OSI-054 SafeBoot Mobile Data Security ClientSoftware Support for Service Desks
Page 14 of 32Version 2.0
Owner: Christina Payton Confidential Last Save Date: 26-Sep-2007
Step # Action Expected Result
21Have end user log on to Windows with temporaryWindows password.
End user logs on with temporarypassword and is prompted to change
Windows password. NOTE: If end useris not prompted to change Windowspassword, have user press Ctrl/Alt/Deland change password.
22End user enters new password (This should be sameas they entered in step 16)
Windows Password is changed
23Have end user restart computer using Start/ShutDown/Restart
Computer restarts and end user isprompted with SafeBoot logon
24Have end user logon to SafeBoot with their newWindows password
End user is logged in to SafeBoot andinto Windows. SafeBoot and Windowspasswords are now changed andsynchronized.
3.2 Resetting Password after too Many Bad Attempts to Logon
The following procedure should be used to reset a SafeBoot users password when they have attempted tolog in with an incorrect password too many times.
Step # Action Expected Result
1Navigate to the SafeBoot Web Helpdesk website foryour zone.
Z1 - IC1encrprd01: https://40.1.234.72 Z2 - YO2VMENCSVR01: https://40.205.6.78 Z3 - sg3sboot01: https://40.191.33.58
NOTE: Use of fully qualified domain name(am.lilly.com) will cause the website to lock during areset. Recommendation: use IP address.)
SafeBoot Web Helpdesk opens
2Select Perform SafeBoot Recovery. Under HelpdeskOperators
SafeBoot Web Helpdesk Recovery pageappears. NOTE: If you see a 4 alongthe left edge of the screen, this isexpected it just confirms that you areusing Ver 4 of SafeBoot.
-
8/22/2019 BET 268556 Safeboot Service Desk GITCS-OSI-054 2
15/32
If you are using a printed copy of this document, please check that the version number is consistent with the current version
number in the EIS Electronic Library.
ELI LILLY AND COMPANYSafeBoot Mobile Data Security Client Software Support for Service Desks
Title: GITCS-OSI-054 SafeBoot Mobile Data Security ClientSoftware Support for Service Desks
Page 15 of 32Version 2.0
Owner: Christina Payton Confidential Last Save Date: 26-Sep-2007
Step # Action Expected Result
3Select PC/Laptop/User Recovery Web Helpdesk Logon page appears
4Login using your SafeBoot credentials. Web Helpdesk User Challenge screen
appears
5 Verify end user identity usingGIS-OPS-SOP-010H End user identity is verified
6Verify the end user is at the SafeBoot Security Systemscreen and is getting Account Locked error message.(If End User is getting Password is Incorrect error, seeSection 3.1 of this document.)
End User verifies at SafeBoot login and isgetting Account Locked error.
-
8/22/2019 BET 268556 Safeboot Service Desk GITCS-OSI-054 2
16/32
If you are using a printed copy of this document, please check that the version number is consistent with the current version
number in the EIS Electronic Library.
ELI LILLY AND COMPANYSafeBoot Mobile Data Security Client Software Support for Service Desks
Title: GITCS-OSI-054 SafeBoot Mobile Data Security ClientSoftware Support for Service Desks
Page 16 of 32Version 2.0
Owner: Christina Payton Confidential Last Save Date: 26-Sep-2007
Step # Action Expected Result
7Have the end user enter their User ID in the SafeBootLogin Screen and click Options.
The end user will be presented with aSafeBoot Options screen with their name
as Common Name.
8Have the end user click Recover. The end user will be presented with a 16
digit User Code on their screen.
9Have the end user read you the 16 digit User Codefrom their screen.
User reads the 16 digit User Code to youfrom screen.
10On the Web Helpdesk User Challenge screen, enterthe end users code in the Challenge (from end usersscreen) space. Select the first Change Tokenoption. The drop down to the right of the radio buttonshould say, Password only. Click Next.
You will be presented with the WebHelpdesk User Recovery Responsescreen.
-
8/22/2019 BET 268556 Safeboot Service Desk GITCS-OSI-054 2
17/32
If you are using a printed copy of this document, please check that the version number is consistent with the current version
number in the EIS Electronic Library.
ELI LILLY AND COMPANYSafeBoot Mobile Data Security Client Software Support for Service Desks
Title: GITCS-OSI-054 SafeBoot Mobile Data Security ClientSoftware Support for Service Desks
Page 17 of 32Version 2.0
Owner: Christina Payton Confidential Last Save Date: 26-Sep-2007
Step # Action Expected Result
11From the Web Helpdesk User Recovery Responsescreen, read Line 1 of the recovery code (this will be a17 digit code) to the end user. Instruct the End User to
click Next.
End User enters code and clicks Next."
12Read line 2 of the recovery code (this will be 8 digits)to the end user) to the end user. Instruct the End Userto click Next.
User code is read to end user andverified.
-
8/22/2019 BET 268556 Safeboot Service Desk GITCS-OSI-054 2
18/32
If you are using a printed copy of this document, please check that the version number is consistent with the current version
number in the EIS Electronic Library.
ELI LILLY AND COMPANYSafeBoot Mobile Data Security Client Software Support for Service Desks
Title: GITCS-OSI-054 SafeBoot Mobile Data Security ClientSoftware Support for Service Desks
Page 18 of 32Version 2.0
Owner: Christina Payton Confidential Last Save Date: 26-Sep-2007
Step # Action Expected Result
13End user enters code and clicks Next.
The end user will see a message on theend users screen that says, SafeBoot is
now ready to recover your computer. Toproceed, click Finish.
14Instruct the end user click Finish
A message appears on the end usersscreen that says, Recovery completedsuccessfully.
-
8/22/2019 BET 268556 Safeboot Service Desk GITCS-OSI-054 2
19/32
If you are using a printed copy of this document, please check that the version number is consistent with the current version
number in the EIS Electronic Library.
ELI LILLY AND COMPANYSafeBoot Mobile Data Security Client Software Support for Service Desks
Title: GITCS-OSI-054 SafeBoot Mobile Data Security ClientSoftware Support for Service Desks
Page 19 of 32Version 2.0
Owner: Christina Payton Confidential Last Save Date: 26-Sep-2007
Step # Action Expected Result
15Instruct the end user to click OK
All of the text boxes will close except forthe login box.
16Have the end user enter the password, 12345 on theSafeBoot login screen and click OK.
End user will be prompted to change theirSafeBoot password.
17Have end user enter a new SafeBoot password (thisshould be what the user wants their Windowspassword to be.)
End User changes SafeBoot password
18Windows will then begin to load.
End user will be prompted with iPasslogon screen.
-
8/22/2019 BET 268556 Safeboot Service Desk GITCS-OSI-054 2
20/32
If you are using a printed copy of this document, please check that the version number is consistent with the current version
number in the EIS Electronic Library.
ELI LILLY AND COMPANYSafeBoot Mobile Data Security Client Software Support for Service Desks
Title: GITCS-OSI-054 SafeBoot Mobile Data Security ClientSoftware Support for Service Desks
Page 20 of 32Version 2.0
Owner: Christina Payton Confidential Last Save Date: 26-Sep-2007
Step # Action Expected Result
19 NOTE: If end user is not connected to the Lilly network, they will need to make a connection viaiPASS at this point.
If Then Result
The user is already connectedvia Ethernet to the Lillynetwork (i.e. at an affiliate)
Have the end user click Noto iPASS prompt.
End user will be promptedwith the SecurityAuthentication screen
The end user is workingremotely and is in locationwhere they can make aniPASS connection
Have end user click on Yesto make an iPASSconnection to Lilly
End user is prompted tologin into iPASS and entertheir iPASS information andpresented with the SecurityAuthorization screen.
The end user is unable to
connect to the Lilly network atthis time
Have the end user click No
to iPASS prompt.
End user will be prompted
with the SecurityAuthentication screen
20Have end user click OK to the Security Authorizationscreen
End user is logged into Windowsautomatically with their forgotten Windowscredentials. NOTE: The forgottenpassword will NOT be presented to theuser.
-
8/22/2019 BET 268556 Safeboot Service Desk GITCS-OSI-054 2
21/32
If you are using a printed copy of this document, please check that the version number is consistent with the current version
number in the EIS Electronic Library.
ELI LILLY AND COMPANYSafeBoot Mobile Data Security Client Software Support for Service Desks
Title: GITCS-OSI-054 SafeBoot Mobile Data Security ClientSoftware Support for Service Desks
Page 21 of 32Version 2.0
Owner: Christina Payton Confidential Last Save Date: 26-Sep-2007
Step # Action Expected Result
21At this point the end user no longer knows their Windows password so it must be reset to createsynchronization with the SafeBoot password.
If Then Result
The end user is connected viaEthernet to the Lilly network(i.e. at an affiliate) or the useris working remotely via iPASS
1. Walk the end userthrough changing theirLotus Notes passwordto what they made theirSafeBoot password.
2. Click NO whenprompted tosynchronize the Notespassword with Windows
3. Instruct end user toLogoff (usingStart/shutdown/Logoff DO NOT RESTART.
4. Reset end usersWindows password to atemporary passwordthat will force them tochange at next login.
1. End users Lotus Notespassword is changed tocurrent what theSafeBoot password wasset to in Step 17.
2. Windows password ISNOT changed at thispoint.
3. End user is logged outand brought back to theCtrl/Alt/Del screen readyto login in to windows
4. End user logs intoWindows with theTemporary password andwill be prompted tochange password to theone set in Step 17
Proceed to Step 21
The user is unable to connectto the Lilly network at this time(Skip steps 21-25).
End process here andadvise the end user to callService Desk when theycan connect to Lillynetwork to synchronizepasswords.
The end user will continue tobe able to log into SafeBootwith the new password thatwas set in Step 17, howeverSafeBoot will still be loggingthem into Windows with theforgotten password so thismust be reset.
22Have end user log on to Windows with temporaryWindows password.
End user logs on with temporarypassword and is prompted to changeWindows password. NOTE: If End Useris not prompted to change Windowspassword, have user press Ctrl/Alt/Deland change password.
23End user enters new password (This should be sameas they entered in step 14)
Windows Password is changed
24 Have end user restart business computer usingStart/Shut Down/Restart
Business computer restarts and end useris prompted with SafeBoot logon
25Have end user logon to SafeBoot with their newWindows password
End user is logged in to SafeBoot and intoWindows. SafeBoot and Windowspasswords are now changed andsynchronized.
-
8/22/2019 BET 268556 Safeboot Service Desk GITCS-OSI-054 2
22/32
If you are using a printed copy of this document, please check that the version number is consistent with the current version
number in the EIS Electronic Library.
ELI LILLY AND COMPANYSafeBoot Mobile Data Security Client Software Support for Service Desks
Title: GITCS-OSI-054 SafeBoot Mobile Data Security ClientSoftware Support for Service Desks
Page 22 of 32Version 2.0
Owner: Christina Payton Confidential Last Save Date: 26-Sep-2007
3.3 Bind User Tool
This is a configuration of the SafeBoot package installer that allows a Local Support User or Regional SupportUser to bind (add) a user to a machine with or without their windows password. This can only be used if themachine is already encrypted and Windows is up and running.
Step#
Action Expected Resu lt
1 Remote control intomachine if you donthave physical accessto it.
Connected via remote control to the users computer
2
Walk End Userthrough running theSB: Bind User Toolfrom ISIT.
Installation begins and you are prompted to enter credentials for the useryou need to bind to the machine
3
If Then Result
End User is an existingSafeBoot User or if the EndUser is at the desk during theinstallation
Have End User enter theirUser name and passwordand click OK
End User is a new SafeBootuser or/and is not physicallypresent to enter password.
Enter User name, clickcheck box to Bind UserIDwithout a Password andclick OK
User is successfully boundto the machine
-
8/22/2019 BET 268556 Safeboot Service Desk GITCS-OSI-054 2
23/32
If you are using a printed copy of this document, please check that the version number is consistent with the current version
number in the EIS Electronic Library.
ELI LILLY AND COMPANYSafeBoot Mobile Data Security Client Software Support for Service Desks
Title: GITCS-OSI-054 SafeBoot Mobile Data Security ClientSoftware Support for Service Desks
Page 23 of 32Version 2.0
Owner: Christina Payton Confidential Last Save Date: 26-Sep-2007
Step#
Action Expected Resu lt
4
Click OK
If Then
User is an existing SafeBoot Useror if the user is at the desk duringthe installation
Have End User log in with theirUser name and password toensure they can log in
End User is a new SafeBoot userand/or is not physically present toenter password.
End User will need to contact theservice desk to get theirtemporary SafeBoot Passwordand have the service desk walkthem thru logging in
-
8/22/2019 BET 268556 Safeboot Service Desk GITCS-OSI-054 2
24/32
If you are using a printed copy of this document, please check that the version number is consistent with the current version
number in the EIS Electronic Library.
ELI LILLY AND COMPANYSafeBoot Mobile Data Security Client Software Support for Service Desks
Title: GITCS-OSI-054 SafeBoot Mobile Data Security ClientSoftware Support for Service Desks
Page 24 of 32Version 2.0
Owner: Christina Payton Confidential Last Save Date: 26-Sep-2007
3.4 Recovering a Computer with Unknown SafeBoot Credentials (Boot Once)
This option is used in case the user name is forgotten or the end user or technician is not assigned to thebusiness computer and the business computer is in the pre boot environment. In this instance you will need to
initiate a process to boot the business computer into Windows. An example of an instance to use thisprocess would be when a new Local Support User needs to log onto a business computer that has not beensynchronized for an extended period of time, thus the new support user does not have valid credentials on themachine.
NOTE: This process should never be used with an End User.
Step # Action Expected Result
1Navigate to the SafeBoot Web Helpdesk website foryour zone.
Z1 - IC1encrprd01: https://40.1.234.72 Z2 - YO2VMENCSVR01: https://40.205.6.78 Z3 - sg3sboot01: https://40.191.33.58
NOTE: Use of fully qualified domain name(am.lilly.com) will cause the website to lock during areset. Recommendation: use IP address.)
SafeBoot Web Helpdesk opens
2Select Perform SafeBoot Recovery. Under HelpdeskOperators
SafeBoot Web Helpdesk Recovery pageappears. NOTE: If you see a 4 alongthe left edge of the screen, this isexpected it just confirms that you areusing Ver 4 of SafeBoot.
3Select PC/Laptop/User Recovery Web Helpdesk Logon page appears
-
8/22/2019 BET 268556 Safeboot Service Desk GITCS-OSI-054 2
25/32
If you are using a printed copy of this document, please check that the version number is consistent with the current version
number in the EIS Electronic Library.
ELI LILLY AND COMPANYSafeBoot Mobile Data Security Client Software Support for Service Desks
Title: GITCS-OSI-054 SafeBoot Mobile Data Security ClientSoftware Support for Service Desks
Page 25 of 32Version 2.0
Owner: Christina Payton Confidential Last Save Date: 26-Sep-2007
Step # Action Expected Result
4Login using your SafeBoot credentials. Web Helpdesk User Challenge screen
appears
5Have End User boot computer to the SafeBoot LoginScreen. Instruct them to leave the User Name and
SafeBoot Password fields blank and then click on
Options.
SafeBoot Options screen appears.
6Have End User click on Recover. The End User will be presented with a
16 digit key on their screen.
-
8/22/2019 BET 268556 Safeboot Service Desk GITCS-OSI-054 2
26/32
If you are using a printed copy of this document, please check that the version number is consistent with the current version
number in the EIS Electronic Library.
ELI LILLY AND COMPANYSafeBoot Mobile Data Security Client Software Support for Service Desks
Title: GITCS-OSI-054 SafeBoot Mobile Data Security ClientSoftware Support for Service Desks
Page 26 of 32Version 2.0
Owner: Christina Payton Confidential Last Save Date: 26-Sep-2007
Step # Action Expected Result
7Have End User read this 16 digit User Code fromtheir screen to you.
User code is read and verified
8On the Web Helpdesk User Challenge screen, enterthe code in the Challenge (from end users screen)space. Select the Boot Machine Once option.Click Next.
You will be presented with the WebHelpdesk User Recovery Responsescreen.
9From the Web Helpdesk User Recovery Response
screen, read Line 1 of the recovery code (this will be a17 digit code) to the end user. Instruct the End User toclick Next on their screen.
End User will receive a screen with a
blank Recovery Code.
10User enters code and verifies code back Code is verified
-
8/22/2019 BET 268556 Safeboot Service Desk GITCS-OSI-054 2
27/32
If you are using a printed copy of this document, please check that the version number is consistent with the current version
number in the EIS Electronic Library.
ELI LILLY AND COMPANYSafeBoot Mobile Data Security Client Software Support for Service Desks
Title: GITCS-OSI-054 SafeBoot Mobile Data Security ClientSoftware Support for Service Desks
Page 27 of 32Version 2.0
Owner: Christina Payton Confidential Last Save Date: 26-Sep-2007
Step # Action Expected Result
11Click on Enter Challenge line at top of screen.
You will be taken back to the UserChallenge screen.
12 Instruct End User to click on Next. The End User will see a message on theirscreen that says, SafeBoot is now readyto recover your machine. To proceed,click Finish.
13Instruct them to ClickFinish
End User receives a message that says,Recovery completed successfully.
-
8/22/2019 BET 268556 Safeboot Service Desk GITCS-OSI-054 2
28/32
If you are using a printed copy of this document, please check that the version number is consistent with the current version
number in the EIS Electronic Library.
ELI LILLY AND COMPANYSafeBoot Mobile Data Security Client Software Support for Service Desks
Title: GITCS-OSI-054 SafeBoot Mobile Data Security ClientSoftware Support for Service Desks
Page 28 of 32Version 2.0
Owner: Christina Payton Confidential Last Save Date: 26-Sep-2007
Step # Action Expected Result
14Instruct them to Click OK End User will receive a message that the
business computer will Boot Once.
Business computer will restart, windowswill load and End User will be presentedwith a SafeBoot login prompt that will lookdifferent than the normal prompt.
15Have End User click Recoveron the SafeBoot Loginin prompt.
They will receive a screen with another 16digit User Code.
16Have the End User read the 16 digit User Codefrom the screen to you. Enter the 16 digit Code intothe Challenge box, verify the code, Select the CancelScreen Saver option and click on Next.
User Code is read and verified.
17Instruct the End User to click on Next on their screen. End User will receive a screen with a
blank Recovery Code.
-
8/22/2019 BET 268556 Safeboot Service Desk GITCS-OSI-054 2
29/32
If you are using a printed copy of this document, please check that the version number is consistent with the current version
number in the EIS Electronic Library.
ELI LILLY AND COMPANYSafeBoot Mobile Data Security Client Software Support for Service Desks
Title: GITCS-OSI-054 SafeBoot Mobile Data Security ClientSoftware Support for Service Desks
Page 29 of 32Version 2.0
Owner: Christina Payton Confidential Last Save Date: 26-Sep-2007
Step # Action Expected Result
18Read the Recovery Code Line 1 to the End User whowill enter it into the Recovery Code field.
Code is verified and entered
19Instruct the End User to clickNext End User will see a message on their
screen that says, SafeBoot is now readyto recover the business computer. Toproceed, click Finish.
20Have the End User clickFinish A message appears on End User screen
that says, Recovery completedsuccessfully.
-
8/22/2019 BET 268556 Safeboot Service Desk GITCS-OSI-054 2
30/32
If you are using a printed copy of this document, please check that the version number is consistent with the current version
number in the EIS Electronic Library.
ELI LILLY AND COMPANYSafeBoot Mobile Data Security Client Software Support for Service Desks
Title: GITCS-OSI-054 SafeBoot Mobile Data Security ClientSoftware Support for Service Desks
Page 30 of 32Version 2.0
Owner: Christina Payton Confidential Last Save Date: 26-Sep-2007
Step # Action Expected Result
21 Have End User to ClickOK End User will be prompted with theiPass logon.
22 NOTE: If the End User is not connected to the Lilly network, they will need to connect via
Ethernet or make a connection via iPASS at this point. To bring valid credentials down to thebusiness computer it must connect with the SafeBoot server. If you are only trying to access thebusiness computer to retrieve data you do not need to be connected to the network.
If Then Result
If already connected viaEthernet to the Lilly network(i.e. at an affiliate)
Click No to iPASS prompt. End User will beprompted with the SecurityAuthentication screen
If working remotely and inlocation where they can makean iPASS connection
Click on Yes to make aniPASS connection to Lilly
End User will be promptedto login into iPASS andenter iPASS informationand presented with the
Security Authorizationscreen.
If unable to connect to the Lillynetwork or just needing toaccess business computer tomove data
Click No to iPASS prompt. End User will be promptedwith the SecurityAuthentication screen
23Click OK to the Security Authorization screen
Windows Logon screen appears
24Have End User enter valid Windows logoncredentials to logon the business computer (if they arenot connected to the network, these credentials willneed to be cached on machine or they will not be ableto log in.)
Windows will load. Connection toSafeBoot server is made, if connected tonetwork, and valid credentials are added.
25 Have End User open the SafeBoot status icon andverify SafeBoot synchronization occurred in ActivityLog
End User credentials are verified inactivity log.
26Have End User restart business computer End User will be prompted with the
normal login prompt for SafeBoot
27Have End User login to SafeBoot with valid SafeBootcredentials
End User will be prompted for Windowscredentials and Windows desktop willappear
-
8/22/2019 BET 268556 Safeboot Service Desk GITCS-OSI-054 2
31/32
If you are using a printed copy of this document, please check that the version number is consistent with the current version
number in the EIS Electronic Library.
ELI LILLY AND COMPANYSafeBoot Mobile Data Security Client Software Support for Service Desks
Title: GITCS-OSI-054 SafeBoot Mobile Data Security ClientSoftware Support for Service Desks
Page 31 of 32Version 2.0
Owner: Christina Payton Confidential Last Save Date: 26-Sep-2007
4. TRAINING
Training on this procedure includes reading this document and understanding the contents therein. If thisreading is included as a part of your training curriculum, please utilize the electronic trainingacknowledgement process to record the training. If the electronic training acknowledgement process is notavailable, complete a hardcopy training acknowledgement form and forward it to the local TrainingCoordinator. Retain a copy of the training acknowledgement form for your records
-
8/22/2019 BET 268556 Safeboot Service Desk GITCS-OSI-054 2
32/32