Trusted Platform Module?

Similar Messages

• What models have Trusted Platform Module (TPM)?

  I'm in the processs of enabeling Bitlocker on my new Thinkpad Edge E531 running Windows 7 Ultimate 64-bit. Windows seems to think the machine does not have a Trusted Platform Module (TPM) chip installed, which nowadays one would think would be pretty standard. No where in the bios does anything refer to a TPM chip, so if it has to be enabled, it's not clear how. The E531 User manual also makes no mention of TPM, which you'd think it would since it talks about disk encryption. So.... 1. Does the Thinkpad Edge E531 not have a TPM chip?2. If it does, how does one get Windows to recognize it? It is called something else in the bios?3. If it does not, can one be added? Lenovo does sell a TPM module but gives no info on what models it is for.4. And last. what models of Lenovo's present line contain a TPM chip?

  Andy, I have an Erazer X510 that came with Windows 8.1 I recently purchased.  I installed 8.1 Pro Pack to be able to use Media Center and Bitlocker encryption & am having the same issue not having the ability to enable TPM, an extra security feature for encryption that was not available with standard Windows 8.1.  I would have opted for 8.1Pro when I ordered this desktop from Lenovo,  but it wasn't offered.  I was able to set up a Bitlocker password and recovery pin, but when I attempted to enable everything with TPM it failed because it was not found.  The error message stated it may need to be accessed by changing BIOS.  I tried getting to BIOS settings without restarting the OS as documentation I could find stated how to,  but there wasn't a selection for EUFA Settings on the wash screens.  I will have to try to access it from the usual method of rebooting.  In order to use the Bitlocker encryption it requires TPM 1.2, and one of the popup error responses my system offers refers to possibly it only having version1.0, and also says TPM needs to be accessed in BIOS settings.  1) Can you please elaborate in detail exactly what you were stating needed to be done in your last sentence of your post on this topic?  I know if I do enter BIOS to change settings,  it may have unintended consequences for the system if I alter the wrong options.  2) Which particular option(s) am I required to change to enable the TPM version it has installed?  And, what does it require if it needs an update to version1.2?  If this Erazer system actually has the option with the TPM security chip, it would have been nice for Lenovo to have already had it enabled,  and if it actually is not there,  it would have been helpful if this information could have been stated in documentation.  

• License Key Platform and Trusted Platform Module support

  I need to implement license key functionality for a product being deployed on Sun blade servers (Solaris). One requirement is that we be able to bind the license key to a particular piece of hardware (ideally using a Trusted Platform Module if available).
  What tools and/or documentation are available to help me with this?
  Thank you

  Thanks,
  our plan is to download the evaluation software LMS 3.2.1 for Windows from CCO and install it on a server.
  In order to extend the evaluation period of 90 days we try to do so with the license key we have for SunOS.
  Database copy is maybe possible through export/import of a csv file. Or not?
  Best regards
  Mike

• Satellite U200-181: How can I check if Trusted Platform Module is present

  How can I check Trusted Platform module is present or not?

  Hi
  The configuration of TPM (trusted platform module) is carried out in the BIOS setup program and this function is provided only with some models.
  I dont know if the U200-181 supports this or not but you can check it yourself.
  The security controller settings should be available in BIOS system Setup on the second site.
  If the unit supports the TPM you should see the switch to enable or disable this security option. Usually as per default the TPM is disabled.

• R52 18494Wu - Winbond Trusted Platform Module

  I had to rebuild my trusty laptop and after recovering all drivers I keep getting a yellow unknown device and its the Winbond Trusted Platform Module. I have downloaded the driver from the Lenovo site followed procedure:  clicked on device manager,  clicked on unknown device,  clicked on driver, clicked on update driver, pointed it to Drivers/Win/TPM it attempts to update Windows/system32 and than the entire laptop freezes . I have tried this several time same results, Is their a way to get around this issue so it can be updated properly.   and./or can my particular laptop work without this driver.  Thank You In Advance for your time and response

  In the bios it is under Security and it should be an option called Security chip.
  You can refer to this article for more infos: http://technet.microsoft.com/en-us/library/cc749022(v=ws.10).aspx
  Try some of the steps listed and see if you can solve your problem.
  Vince.
  Knowledge is of two kinds. We know a subject ourselves, or we know where we can find information on it.
  ThinkPad T510 4313-CTO Windows 8 x64 - Intel Core i7-620M - NVIDIA NVS 3100M - 8GB RAM - 240GB SSD- Intel Centrino Ultimate-N 6300 - Gobi 2000.
  ThinkPad Helix 3697-CTO Windows 8.1 x64 - Intel Core i7-3667U - Intel HD Graphics 4000 - 8GB RAM- 256GB SSD - Intel Centrino Advanced-N 6205 - Ericsson C5621gw

• OL6.5 - Trusted Platform Module ERROR!

  I am getting the following boot error message when starting Oracle Linux 6.5 (UEKR3 kernel-3.8.13):
  tpm_tis 00:09: A TPM error (7) occurred attempting to read a pcr value
  IMA: No TPM chip found, activating TPM-bypass!
  I have no TPM chip on motherboard and therefore TPM is disabled and not activated in BIOS. OL6.5 UEKR3 kernel-3.8.13 is compiled with options
  CONFIG_TCG_TPM=y
  CONFIG_TCG_TIS=y
  (drivers/char/tpm/tpm_tis.c)
  So, as tpm_tis is not built as module, but compiled in kernel, I cannot suspend this error message by blacklisting the module as it doesn't exist. The only way might be a kernel boot parameter, but this area is poorly and badly documented.
  Has anybody a clue how to get rid of this stupid error message?

  Thanks.
  Neither  noload=tpm_tis  nor  tpm_tis=0 work. By the way, do you know what the best place is to find the full list of kernel boot parameters for kernel 2.6.32 and 3.8.13? The kernel documentation shipped by all distros is very poor and obscure.
  Of course, I am pretty sure that I don't have the TPM module on motherboard, although there is the place for it, but the place is empty as I never wanted Trusted Platform Module. Therefore both BIOS options - enable/disable and activate/deactivate - are dimmed, i.e. TPM is automatically disabled and deactivated and cannot be set by admin, showing only the dimmed text in both input fields that are read-only: "TPM is disabled and deactivated". Kernel also detects this fact and that is the all what kernel is doing right here. The following is the complete stuff with regard to TPM that I see at boot time:
  [root@localhost ~]# dmesg | grep TPM
  tpm_tis 00:09: 1.2 TPM (device-id 0x4A10, rev-id 78)
  tpm_tis 00:09: TPM is disabled/deactivated (0x7)
  tpm_tis 00:09: A TPM error (7) occurred attempting to read a pcr value
  IMA: No TPM chip found, activating TPM-bypass!
  These messages are screwy. The first message claims that I have TPM device with device-id 0x4A10, rev-id 78. Wrong! I do not have such a device. The second message is correct. The third message is foolish and useless as it must necessarily follow from the second message if an attempt to read a pcr value has been done. But why is kernel attempting to read a pcr value after detecting that TPM was disabled and deactivated? The fourth message is correct - No TPM chip found.

• Regarding Trusted Platform Module: TPM is it pre-enabled in all hp laptops

  Sir,
  i want to ask that is TPM pre enabled in Hp laptops or trusted platform module is pre-enabled in hp laptops or it is 
  disabled by deafult and we have to configure in most hp laptops.
  Thnaks & regards
  ashutosh

  Hi:
  The only HP PC's that have a TPM module are business-class PC's.
  No consumer PC's have that device.

• Trusted Platform Module Reset

  The password for my TPM is not working, or I forgot what it is.  I like to think that it is not working.   In the help file it says to enter BIOS to clear that information.  After checking BIOS I don't see where to do that.  I do see where to clear fingerprints and where to disable the TPM but not where to clear it.  How do I reset or clear the Trusted Platform Module?
  One other thing.  I downgraded to XP Pro after having issues with Vista.  The TPM password was set using Vista.  Does this make a difference?
  Message Edited by MaxxManic on 02-01-2008 10:04 AM

  XSYLUS wrote:
  Another way to do the following - see bellow:
  Fredz60m wrote:
  I found this on another forum. TPM is actually the Security Chip
  Keep on hitting the ESC key. You will see what looks like drivers loading etc.
  When you see black xp screen hold the power button down.It takes a few seconds.
  It does work.
  I rebooted , got the windows did not shut down properly and choose default start normally.
  CSS 8.1 only asked me for my windows password and then enrolled me.
  My only question now is  Do Ihave a TPM password and WHAT IS IT?
  1) Shut down your thinkpad
  2) Turn on your thinkpad and keep hitting the 'ESC' key until you see the windows boot screen
  3) Hold down the power button to turn off the thinkpad.
  NOTE: You MUST TURN THE MACHINE OFF....If you let it boot and then choose restart you will not get the option to clear the chip!
  4)Turn on the thinkpad and press 'F1' to go into bios
  5)Go to 'security' then 'IBM Security Chip'
  6)Now there should be an additional option that will let you clear the embedded security chip.
  7)Save and exit bios
  8)Boot normally - you will get a screen saying the machine didn't shut down properly due to step 3 above.
  Thats it. No need to get a new motherboard.
  FYI: This worked for me on my Z60m  machine.
  My next challenge is what happened to my backups I made before uninstalling R and R 3.00 installing Rescue and Recovery 4..
  My C:/ says that I am using 13 Gigs of space. This is just with the OS and ThinkVantage. I can see RRBackups when I enable hidden OS files. But is says that it is not accesable.What good are these backups if I can not use and they are sucking up space on an already small (36 gig not counting Recovery Partition.) Do I need to uninstall Rand R 4.1 to then delete them. Seems kinda lame.
  Another way (and in my opinion a better way) to reveal the BIOS option to Clear Security Chip Encryption is to:
  1.) Shutdown the computer
  2.) Hold down F1 (while computer is off)
  3.) Continue holding F1 and power on the computer.
  4.) When the boot screen says that's in entering the bios, release the F1 key.
  5.) Go under Security, Security Chip, and Choose to clear the encryption.
   It is recommended that you uninstall Client Security Solutions (CSS) before following the above steps and then reinstalling CSS afterward.  If you have a previously encrypted data I wouldn't recommend performing any of these steps as it will likely render those encrypted files unreadable afterward.
  Hope this helps,
  Enjoy,
  • XSYLUS •
  Message Edited by XSYLUS on 05-24-2008 01:44 AM
  Well, I guess that the new way is also working if I want to upgrade from XP to Vista - it seems that the old one is just working if you're using XP

• Apple Trusted Platform Module in MBP?

  Hi,
  I just wonder is there any use of this "Apple Trusted Platform Module" in MBP (CD, 17") showed in windows XP and vista?
  If we will use the bitlocker in vista, we need to config this option in BIOS (PC) but Mac has no where to config?
  I tried to search the support in apple web, but no words can be found.
  Thank you all

  Hi:
  According to the quickspecs link below, it does not have a TPM.
  http://www8.hp.com/h20195/v2/GetPDF.aspx%2Fc03944068.pdf
  If you want a notebook with a TPM you need a minimum of the HP Probook 600 G1 series.
  If you want AMD, and a 15.6" screen then the HP 655 G1 would be the one you want.
  http://www8.hp.com/h20195/v2/getDocument.aspx?docname=c04126034

• X131e Trusted Platform Module (TPM) Activate Enable

  I've read in the documentation that the x131e has a TPM 1.2 module, however I don't see a way of activating it in the BIOS. How can I activate this in order to use BitLocker?
  Thanks

  Hi,
  Welcome to Lenovo Community Forums!
  To turn on TPM, Click Start, click All Programs, click Accessories, and then click Run.
  Type tpm.msc in the Open box, and then press ENTER.
  If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue. The TPM Management console is displayed.
  In the Actions pane, click Initialize TPM. The TPM Initialization Wizard is started.
  If the TPM has never been turned on or is currently turned off, the TPM Initialization Wizard displays the Turn on the TPM Security Hardware page. If the TPM Initialization Wizard detects a BIOS that does not meet Windows requirements, you cannot continue with the wizard, and you will be alerted.
  Click Shutdown (or Restart), and then follow the BIOS screen prompts.
  After the computer restarts, but before you log on to Windows, you will be prompted to accept the reconfiguration of the TPM.
  Once the TPM is initialized, go to TPM management console again and in the actions pane, turn on TPM.
  Hope this helps!
  Best regards,
  Mithun.
  Did someone help you today? Press the star on the left to thank them with a Kudo!
  If you find a post helpful and it answers your question, please mark it as an "Accepted Solution"! This will help the rest of the Community with similar issues identify the verified solution and benefit from it.
  Follow @LenovoForums on Twitter!

• Consequences of clearing Trusted Platform Module

  I've only just discovered this Forum and wish I had spotted it earlier as I tried to solve a conflict between Lenovo's Client Security System and Firefox 3 by upgrading CSS 8.0 to 8.2.
  Problem is that this now raises another issue where I have to re-set the TPM chip before I can use the new version of CSS.
  I can enter my Windows password and my old CSS security passphrase but have no idea of any password for the TPM chip.
  I have read all of the other threads about this and now know how to do the BIOS reset but want reassurance that I will still be able to read my previous data after I re-set.
  I'm not worried about passwords as I have a hard copy of these (I'm old-fashioned in that way) but my data is really precious.
  Wal
  x60tablet, XP Pro SP2.

  According to this article Apple stopped putting TPM devices in their computers back in 2006:
  http://www.osxbook.com/book/bonus/chapter10/tpm/
  Even when Apple did have TPM devices in their computers there were no drivers included in the operating system to use them.
  I enabled the Windows Bitlocker encryption function in the Windows 7 partition I have on my MacBook Pro and Windows did not see any TPM device in the computer. This is a MacBook Pro less than 6 months old.

• Trusted Platform Module TPM in HP 455 G1

  Has laptop HP 455 G1 a TPM? 
  This question was solved.
  View Solution.

  Hi:
  According to the quickspecs link below, it does not have a TPM.
  http://www8.hp.com/h20195/v2/GetPDF.aspx%2Fc03944068.pdf
  If you want a notebook with a TPM you need a minimum of the HP Probook 600 G1 series.
  If you want AMD, and a 15.6" screen then the HP 655 G1 would be the one you want.
  http://www8.hp.com/h20195/v2/getDocument.aspx?docname=c04126034

• Is it possible to disable the Trusted Platform Module (TPM) ?

  I have a Thinkstation D20 and went into the BIOS and selected Inactive & Disabled for the TPM option. The strange thing is that it still shows up in the Device Manager as active and ready. No error messages that I can see.
  Any ideas?

  It says how to turn it off in here --> http://technet.microsoft.com/en-us/library/cc749022%28WS.10%29.aspx
  IT Specialist and Consultant
  Lenovo Tablet Evangelist
  Current Machines: IdeaCentre A300, ThinkPad Tablet, IdeaPad U410, and Yoga 3 Pro Touch
  Deutsche Community   Comunidad en Español
  Lenovo - the latest in DOtabs, DOpads, DOcentre's, DOstations and DOservers!

• TPM Module

  I was wondering if you can add a TPM Module to the MSi X79A GD65 [8D] and if so, where can I purchase a TPM Module?
  I'm not sure if its possible to add a TPM Module but I do know that you can add this to some Mainboards....
  Sent from my iPhone using Tapatalk

   Yes. Look at the Internal I/O Connectors list. You can also download the manual for the MB if you want to know more about the MB setup, installation of components etc..
  - 1 x TPM module connector
  http://www.msi.com/product/mb/X79A-GD65.html#/?div=Detail
   Search the web for stores that sell the modules.
  Trusted Platform Module microcontrollers are currently produced by:
      Atmel
      Broadcom
      Infineon (Infineon TPM)
      Intel
      ITE (ITE TPM)
      Nuvoton (formerly Winbond)
      Sinosun
      STMicroelectronics
      Toshiba

• Guide: Optimizing Your Windows XP/Vista Notebook

  purpose:
  to build a highly optimized, personalized, faster, smaller and more secure OS installation using windows xp (can use vista also but this guide will not cover it in any detail)
  plus i was bored to tears
  information:
  this is a somewhat advanced guide not meant for those unfamilure with the tools and techniques used here
  the basics of this guide can be applied to most/all windows xp/vista notebooks and desktops, not just Lenovo, however in my case i run windows xp pro on a T60 (8743) with an add-on graphics card (similar to a T60p i assume) and this guide will be geared toward this config.
  many alterations can be made, so it is very general in nature and should not be taken literally
  this is my personal machine and i am not on a private network. you may have to adjust as necessary.
  disclaimer:
  it ain't my fault
  what will you gain:
  * a highly customized OS
  * faster boot times
  * more free disk space
  * a lighter, snappier feeling OS
  * a more secure OS
  * a more stable OS
  * more free RAM
  * less problems (or maybe more if you're not careful)
  with all due respect to Lenovo, i have found that the less Lenovo software i install the fewer glitches i have and the faster things run. this is often the case for various other hardware vendors that supply proprietary software which is often not needed, or not all of which is needed.
  what you will need: (all free, except for possibly the OS):
  * a windows xp/vista installation disk. though you may be able to do this using your i386 directory (perhaps on the recovery partition), a full, non-OEM disk is preferred.
  * SP2 and SP3 (it is my understanding that either SP1 or SP2 should be installed before installing SP3, though i have built installations with SP3 only).
  * dotNet runtime
  * nLite (or vLite for vista) - http://www.nliteos.com/
  * Ryan's Windows XP Post-SP3 Update Pack - http://www.ryanvm.net/msfn/
  * Ryan's integration tool - http://integrator.siginetsoftware.com/index.php?do​wnload
  * all current drivers for your hardware
  please read any license agreements for the above (for instance, nLite is not to be used for commercial applications)
  also visit the nLite and RyanVM forums as there's a ton of helpful info there, add-on packs, etc., and please consider donating to them both if you like the software. both are great guys. i wouldn't bother running windows anymore without nLite. from Nuhi's page (his english is not the best):
  Have you ever wanted to remove Windows components like Media Player, Internet Explorer, Outlook Express, MSN Explorer, Messenger...
  How about not even to install them with Windows ?
  nLite is a tool for pre-installation Windows configuration and component removal at your choice. Optional bootable image ready for burning on media or testing in virtual machines.
  With nLite you will be able to have Windows installation which on install does not include, or even contain on media, the unwanted components.
  Features
  * Service Pack Integration
  * Component Removal
  * Unattended Setup
  * Driver Integration *
  * Hotfixes Integration **
  * Tweaks
  * Services Configuration
  * Patches ***
  * Bootable ISO creation
  basic build procedure:
  * install the dotNet runtime
  * install nLite (or vLite for vista)
  * create a directory structure something like:
  c:\nlite\source\
  c:\nlite\working\
  c:\nlite\sp\
  c:\nlite\hotfix\
  * download Ryan's post SP3 update pack and dump it in c:\nlite\hotfix\
  * download Ryan's integration tool and dump in c:\nlite\hotfix\ 
  note that you can use nLite to integrate service packs and hotfix's, but i prefer Ryan's tool as i have had problems in the past using nLite to integrate Ryan's post SP update cabs, though this happened during the earlier beta days of nLite.
  * download xp SP2 and SP3 service packs and dump in c:\nlite\sp\
  * copy contents of windows installation disk to c:\nlite\source\
  * using Ryan's integrator, set update pack path to c:\nlite\sp\WindowsXP-KB835935-SP2-ENU.exe, windows source to c:\nlite\source\, and destination to c:\nlite\working\ and start integration
  * using Ryan's integrator, set update pack path to c:\nlite\sp\WindowsXP-KB936929-SP3-x86-ENU.exe set windows source to c:\nlite\working\ and destination to c:\nlite\working\ and integrate SP3. after SP3 is integrated, if you want to save the windows installation for the next time you install, copy it elsewhere before moving on.
  *  using Ryan's integrator set source to c:\nlite\hotfix\ (where you dumped Ryan's post SP3 update cab) and destination to c:\nlite\working\ and run it.
  * start nLite and set the windows installation path to c:\nlite\working\
  make sure that, in the "version" box, that SP3 is written, otherwise you've made an error earlier.
  IMPORTANT: when using nLite be very careful and move slowly, making sure to READ ALL DESCRIPTIONS and explore all options -- it's easy to skip or screw up something if you're not very careful. 
  rule of thumb: don't remove something if you don't know what it is or what the implications might be
  * following the wizard, select your options. i would suggest the following:
  remove components
  unattended
  options
  patches
  tweaks
  build ISO
  in the case of my thinkpad my hard drive will not be recognized by windows unless i integrate the driver for the SATA controller using nLite OR enter BIOS setup and put the controller in compatibility mode so i can install the driver from windows (after which BIOS needs to be changed again).  integrating drivers will require extra reading on your part and is beyond what i wish to get into here, so, to make things easy if you're not comfortable doing this, just put your controller in compatibility mode if necessary and install the driver from within windows.
  * following the wizard and hitting "next" as necessary, if you've selected the options above, nLite will pop-up a compatibility options window where you want to select what components you really need (prevents you from removing dependancies later).
  * in the next step you'll remove unwanted components - the part i enjoy most.  be careful what you remove! stuff in red is important. this is what i typically remove, give or take:
  Accessibility Options
  Briefcase
  ClipBook Viewer
  Defragmenter (replaced with JKDefragGUI)
  Games
  Internet Games
  Paint
  Pinball
  Screensavers (useful only for very old CRT monitors)
  WordPad (replaced with PSPad)
  Keyboards (i remove all - nLite will keep default for your language)
  ActiveX for streaming video (depends on IE which i remove parts of)
  AOL ART Image Format Support (depends on IE which i remove parts of)
  Images and Backgrounds (desktop eye candy)
  Luna desktop theme (cartoonish desktop theme)
  Media Center
  Mouse Cursors
  Movie Maker
  Music Samples
  Old CDPlayer and Sound Recorder (replaced in part by foobar2000)
  Speech Support
  Tablet PC
  Windows Media Player (replaced by foobar2000, VLC and Satsuki codec pack)
  Windows Media Player 6.4 (replaced by foobar2000, VLC and Satsuki codec pack)
  Windows Picture and Fax Viewer (replaced by XnView)
  Windows Sounds (unneeded sound themes)
  Communication tools (phone dialer, hyperterminal, etc., some replaed by better 3rd part s/w)
  FrontPage Extensions
  Internet Connection Wizard (not needed to create a connection)
  Internet Explorer (i keep the core (there's 2 options for removing this; one to remove parts but keep basic functionality and another to remove the core, which i suggest keeping) as it's functionality is needed by many applications - removing this will remove the "Program Files\Internet Explorer" directory, but you can still browse the web using windows explorer (file manager) if need be. i replace with Firefox)
  Internet Information Services (IIS) (i use Apache (WAMP) for web development)
  IP Conferencing
  MSN Explorer (partially replaced with Miranda IM)
  Netmeeting
  Outlook Express (replaced with Thunderbird)
  Peer-to-Peer (only for MS networks, nothing to do with P2P)
  Share Creation Wizard
  Synchronization Manager
  Vector Graphics Rendering (VML) (depends on IE i think, which i remove parts of)
  Web Folders
  Windows Messenger (replaced with Miranda IM
  .NET Framework (i don't install this at all)
  Blaster/Nachi removal tool
  Color Schemes (predefined desktop color schemes)
  Desktop Cleanup Wizard (replaced with CCleaner)
  Disk Cleanup (replaced with CCleaner)
  File and Settings Wizard (used to transfer settings between 2 computers)
  File System Encryption (try TrueCrypt or AxCrypt - note that MS encryption is propritary and, as such, should not be trusted)
  Help and Support (huge space hog)
  IExpress Wizard
  Manual Install and Upgrade (ability to upgrade OS, which is always a bad idea (better to install clean))
  MS Agent (used for annoying animated paperclip in MS office)
  Out of Box Experience (OOBE) (do NOT remove unless you have a VLK)
  Remote Installation Services (RIS)
  Search Assistant (annoying animated dog in search window)
  Security Center (replaced with Comodo firewall)
  Service Pack Messages
  Shell Media Handler
  Tour (useless windows tour)
  User account pictures
  Web View
  Zip Folders (replaced with IZArc and Universal Extractor)
  Automatic Updates (hardly needed once attack vectors are removed)
  Beep Driver (annoying beep, such as when you press too many keys at once)
  Error Reporting (automitic error reporting to MS - i suppose vista is the result?)
  IMAPI CD-Burning COM Service (replaced with ImgBurn)
  Remote Registry
  Secondary Logon
  System Restore Service (bloated nonsense used for restoring viruses to their orgional state - better to reinstall)
  Languages (i remove all - nLite will keep your default language)
  as should be apparent from the above, security is already enhanced since many attack vectors were removed (OE, WMP, MSN, remote registry, system restore, etc., etc., etc.).
  missing functionality is replaced by better, more functinal and more secure software
  * for the "unattended setup" step, you can select many options, change default paths (Program Files), disable hibernate, configure network adapters and much more.
  * next is "options" where you are presented with many more choices.
  * next is "patches". here i would highly suggest turning off SFC (windows file protection) as this is an incredible annoyance for many people and will greatly increase the time required for your installation.  furthermore, malicious folks and vendors that write drivers know how to get around this nonsense anyway.
  * next is "tweaks" and then you'll finish up by building your installation. i typically cut the size of a default windows xp install by about 50%, but i'm a bit agressive with what i remove.  also some of that space is used by 3rd party software to replace the components removed.
  * if you are comfortable with virtual machine software, that'd be the way to test your shiny new installation ISO. if not, then get ready to take the plunge
  when installed an nLite OS on my thinkpad for the first time (a day or 2 after i got it), i did a test install first - i kept the recovery partition in tact. once i got comfortable with installing the drivers and got everything working, i un-hid and formatted the recovery partition -- gone! you may want to do the same, though speaking from expierence i can tell you that it's rather trivial to get everything working on my T60 (though i do not have nor did i want a fingerprint reader, i would doubt it would be an issue to get working).
  * once windows is up and running, there will be allot of broken stuff  
  some of the "Fn" keys will not work, some will (because the hardware is configured in BIOS). you'll need to install the drivers for the items that you want to work, and this is another area where i depart from the norm. here's some things i don't install and the reasons why (whenever possible, any hardware below is disabled in BIOS or device manager):
  * easy eject utility - not needed/i don't use it anyway
  * hotkey driver - bloated and sometimes buggy software that may corrupt OGL and DX full-screen display (games) and cause stop errors (BSOD)
  * trackpoint - i don't use it, though it works anyway with limited functionality if not disabled in BIOS/device manager
  * trusted platform module - yeah, well i don't trust it
  * away manager -  don't use it/lighter weight alternitives available
  * keyboard customizer - not needed/i don't use it
  * scroll lock indicator - not needed/i don't use it
  * software installer - bloated mess/not needed (subscribe to the Lenovo RSS feed to be made aware of updates)
  * thinkpad configuration package - i'll configure it myself, thanks
  * thinkvantage access connectkions - bloated mess/slows boot time/not needed (better and lighter weight alternitives * available if you need this functionality)
  * ultra-nav wizard - not needed
  * bluetooth - i install the microsoft bluetooth stack (which is smaller and simpler) and have noticably less lag with bluetooth devices resuming from a standby state (mouse in particular)
  * display drivers - i use the highly acclaimed and optimized Omega drivers.
  for the drivers i do install, i install only the drivers, NOT the software (in other words i do not run the installer). i do this by extracting the installer using IZArc or Universal Extractor and using device manager to point the hardware to the extracted *.inf files.  for me, there is only one device that comes up "unknown device" before drivers are installed (i forget which).  the rest are named, so it's easy to tell what path to give them for the drivers. installing drivers for the unknown device is then simple a process of elimination, or you can use software to help identify the device.
  ::: the end :::
  hack it 'till it BREAKS!

  *bookmarked for desection*
  I already see flaws, like turning off remote registry for example. Remote registry only has very limited access, and you can change the access, but why would you? You can see what it has access to by going into Control Panel > Administative Tools > Local Security Policy > > Local Polices > Security Options, then scroll a little more than half-way, and it's under the Network access box.
  There are so many crack pot guides out there, that the only good advice is to look where they looked, and if you don't get it, and don't go though all of it, LEAVE IT ALONE! It only makes servicing the box at a later time a HUGE pain, and if it's in a business, it'll just be reimaged.
  Keep this guy's disclaimer in mind at all times. Just do the easy ones to start, like run CCleaner, it basically does everything for you, and doesn't cause any errors (or as far as I know, and I use it just about every other day)
  Currently Just passed the CompTIA A+ 601 with flying colours! =D
  Owner of an SL500 running Vista Business with 4GB of PC2 6400 RAM