You are on page 1of 102

Intel-powered Classmate PC

Asset Management (Theft Deterrent)*


Training Foils
Version 1.8.0

*Other names and brands may be claimed as the property of others.

Legal Information
INFORMATION IN THIS DOCUMENT IS PROVIDED IN CONNECTION WITH INTEL PRODUCTS. NO LICENSE,
EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, TO ANY INTELLECTUAL PROPERTY RIGHTS IS
GRANTED BY THIS DOCUMENT. EXCEPT AS PROVIDED IN INTEL'S TERMS AND CONDITIONS OF SALE FOR
SUCH PRODUCTS, INTEL ASSUMES NO LIABILITY WHATSOEVER, AND INTEL DISCLAIMS ANY EXPRESS OR
IMPLIED WARRANTY, RELATING TO SALE AND/OR USE OF INTEL PRODUCTS INCLUDING LIABILITY OR
WARRANTIES RELATING TO FITNESS FOR A PARTICULAR PURPOSE, MERCHANTABILITY, OR
INFRINGEMENT OF ANY PATENT, COPYRIGHT OR OTHER INTELLECTUAL PROPERTY RIGHT.
UNLESS OTHERWISE AGREED IN WRITING BY INTEL, THE INTEL PRODUCTS ARE NOT DESIGNED NOR
INTENDED FOR ANY APPLICATION IN WHICH THE FAILURE OF THE INTEL PRODUCT COULD CREATE A
SITUATION WHERE PERSONAL INJURY OR DEATH MAY OCCUR.
Intel may make changes to specifications and product descriptions at any time, without notice. Designers
must not rely on the absence or characteristics of any features or instructions marked "reserved" or
"undefined." Intel reserves these for future definition and shall have no responsibility whatsoever for
conflicts or incompatibilities arising from future changes to them. The information here is subject to change
without notice. Do not finalize a design with this information.
The products described in this document may contain design defects or errors known as errata which may
cause the product to deviate from published specifications. Current characterized errata are available on
request.
Contact your local Intel Sales Office or your distributor to obtain the latest specifications and before placing
your product order.
Intel and the Intel logo are trademarks or registered trademarks of Intel Corporation in the United States
and other countries.
Copyright 2010, Intel Corporation. All rights reserved.
*Other brands and names are the property of their respective owners.
2

Revision Table
Document Revision
1.0

Revision History

Date

Initial released.

WW31 07

1.7.0

Update for quarterly release

WW16 10

1.8.0

Update for Operation System support

WW41 10

Agenda
Pre-Training
Installation
How To Deploy
How To Use
Uninstall
Q&A

Backup

Pre-Training
Introduction
The theft deterrent software discourages thieves from taking a
classmate PC from a student or school. If a thief attempts to steal a
classmate PC, this software will disable all functions and the PC will
stop working, thus making the act of taking the PC not worth the risk
to the thief.
In this presentation, server refers to the Intel Theft Control Server
for classmate PCs, and agent refers to the Intel Theft Control Agent
for classmate PCs.

Pre-Training
Goal:
This training explains how to install and use the Intel Theft Control
Server for classmate PCs and the Intel Theft Control Agent for
classmate PCs within a Local Area Network using classmate PCs as
clients. This training includes how to deploy the theft deterrent
software beyond both the server and the client, as well as how to check
if the installation works.

Target Audience:
This training is intended for Intel Technical Marketing Engineers, Intel
Technical Support, customers with technical knowledge, post sales
technical support, and anyone else interested in the theft deterrent
software for the classmate PC.
Note: The operators participating in this guide should be familiar with both Microsoft
Windows* OS installation on a regular PC and network settings on both a PC and a router.

*Other names and brands may be claimed as the property of others.

Pre-Training
Terminology
Term

Meaning

CA

Certificate Authority: a trusted organization that issues a public key certificate.

JKS

Java* Key Store: a format for a public key certificate store used in JAVA.

Shared Secret

A secret key used in the classmate PC system.

Agent

In this document, we sometimes call the Intel-powered classmate PC version 1.0 or the
second generation Intel-powered classmate PC as the Agent from a network perspective.

XML

Extensible Markup Language: a data format.

Unlock Code

A type of boot certificate in the form of a 10-digit number to unlock the device when the
official boot certificate has expired.

Device owner ID

The device owner ID.

Hardware ID

Device hardware ID which is created at system provisioning stage and uses the system
MAC address.

Expiration date

The date after which the device can no longer be used.

Bootable times

The number of times the device is allowed to boot before the certificate expires.

BC

Boot Certificate.

*Other names and brands may be claimed as the property of others.

Pre-Training
Terminology (Continued)

Term

Meaning

IP address

Internet Protocol address.

Gateway IP address

Gateway Internet Protocol address.

Proxy URL

The URL of Proxy server.

DNS Server IP address

The Internet Protocol address of Domain Name Server.

WINS Server IP address

The Internet Protocol address of WINS server.

Common boot certificate

A type of boot certificate with a default expiration date and number of boots until
expiration.

One-time boot certificate

A type of boot certificate in which the expiration date and number of boots until
expiration can be set by an IT administrator. When the agent downloads the
certificate, the setting is invalidated.

Permanent boot certificate

A type of boot certificate in which the expiration date is set to 2099-01-01 and the
number of boots until expiration is set to 999999.

TPM

Trusted Platform Module.

Hardware Requirements

Pre-Training
(for hands-on training)

Server:
Hardware

Server (Recommended)

Server (Basic)

CPU

Intel Pentium 4 Processor 2.8 GHz

Intel Pentium 4 Processor 2.4 GHz

Memory

2 GB

1 GB

Hard disk

160 GB SCSI

160 GB SCSI or 160 GB IDE

CD-ROM

CD-ROM 8X

CD-ROM

Ethernet NIC

1000 Mbps

100 Mbps

Client:
One Intel-powered classmate PC with Winbond* TPM

Other Requirements:

Wired/Wireless Router (Linksys* WRT54G, for example)


LAN cables
USB flash disk

*Other names and brands may be claimed as the property of others.

Pre-Training
Software requirements (for post-training hands-on operation)
Server:
Microsoft Windows* Server 2003 (SP1), Windows* 7 Professional or
Microsoft Windows* XP Pro (SP2) OS
Intel Theft Control Server for classmate PCs Installation Package
Client:
Microsoft Windows* XP Pro or Windows* 7 Professional/Home
Basic/Starter
Intel Theft Control Agent for classmate PCs Installation Package
Note: The applications are available in IBP.
To access the portal, use the following URL: Businessportal.intel.com

10

*Other names and brands may be claimed as the property of others.

Agenda
Pre-Training
Installation
How To Deploy
How To Use
Uninstall
Q&A

Backup

11

Installation

Network Installation

Server Installation
Client Installation

12

Installation
Agent Network-Wireless
1. Right-click the wireless network connection icon in the system tray
area and then click View Available Wireless Networks.

Note: This illustration is an example only.

13

Installation
Agent Network-Wireless
2. The Wireless Network Connection dialog will appear. Click Refresh
network list in network tasks to search for wireless networks.

Note: This illustration is an example only.

14

Installation
Agent Network-Wireless
3. Double click a wireless network.

Note: This illustration is an example only.

15

Installation
Agent Network-Wireless
4. When the computer has been successfully connected to the network, you
will see the word Connected shown in the network selection.

Note: This illustration is an example only.

16

Installation

Server Network-Wireless
Repeat the network connection settings for the server. Use the same
network.

17

Installation

Server Network-LAN Cable


If the client has to be connected to the server by LAN cables, use one
LAN cable to connect the server to port 1 of the router and another
LAN cable to connect the client to port 2 of the router. No critical
setting is required because the server and the client will automatically
connect to the same network in this way.

18

Installation

Network Installation
Server Installation
Client Installation

19

Installation

Server

Do the following before installing the Intel Theft Control Server for
classmate PCs:

For Windows* XP, open ports 443 and 80 in the Windows OS firewall so
that the agent can connect with the server.

Uninstall Apache Tomcat* 6.0, if installed. If it is not uninstalled, you will


see the error shown in Tomcat* error (shown on the next slide).

If port 443 is already in use, resolve the conflict before installing the server.
See the backup material for instructions on how to do this. If it is resolved,
you will see the error shown in 443 port error (shown on the next slide).

If there is old version (lower than 0.9.7) of LIBEAY32.dll or SSLEAY32.dll in


system path, you must resolve this deficiency first before installing the
server. Again, refer to the backup material for instructions on how to do
this. If it is resolved, you will see the error shown in DLL error (shown on
the next slide).

Verify that the Server and Agent are in the same Time Zone and that the
system time of the Server is not later than that of the agent.

20

*Other names and brands may be claimed as the property of others.

Installation
Server
These illustrations show the three possible error messages described on
the previous page:

21

*Other names and brands may be claimed as the property of others.

Installation
1. Click setup.exe in the server Installation Package. Choose setup
language and click OK.

2. Click Next.

22

Server

Installation
3. Choose I accept the terms in the license agreement then
click Next.

4. Click Next.

23

Server

Installation
5. Choose setup type:

Server

a. Default (install J2SDK* V1.4.2_08, Tomcat* V5.0.30, PostgreSQL* V8.2,


and Intel Theft Control Server for classmate PCs in the default location
which is written in \Tools\CMPC Configuration File\CMPCConfig.ini).
b. Custom (you can change the installation location of J2SDK, Tomcat,
PostgreSQL, and the server software in the next step).

Click Next.

24

*Other names and brands may be claimed as the property of others.

Installation
Server
6. If you selected custom in Step 4, Click Browse... to choose the
installation location of J2SDK*, Tomcat*, and PostgreSQL* components.
Click Next.

25

*Other names and brands may be claimed as the property of others.

Installation
Server
7.The deployment packet checks to determine if PostgreSQL* and MySQL*
databases are installed on the Server PC. Do one of the following:
a. If there is the same or higher version of PostgreSQL, and MySQL is not
installed, then go to step 7.b.
b. If there is the same or higher version of PostgreSQL, and there is an
existing MySQL database, choose Yes or No to Do you want Theft
Deterrent data to be migrated automatically? If you choose Yes,
then input the password of the existed MySQL database. After the
migration is finished, go to step 7.b. If you choose No, then go
directly to step 7.b.
(Continued)

26

*Other names and brands may be claimed as the property of others.

Installation
Server

7. (Continued)
c. If there is a lower version of PostgreSQL*, choose Yes or No to Do you
want the Theft Deterrent data to be migrated automatically? If Yes, then input
the password of the existed PostgreSQL database. When finished with the
migration, go to step 7.a. If you choose No, go directly to step 7.a.
d. If there are no PostgreSQL or MySQL* databases, then go to step 7.a.
e. If there is no PostgreSQL database, but there is a MySQL database, choose
Yes or No to Do you want the Theft Deterrent data to be migrated
automatically? If Yes, then input the password of the existed
PostgreSQL database. When finished with the migration, go to step
7.a. If you choose No, go to step 7.a.

27

*Other names and brands may be claimed as the property of others.

Database check if there is a lower version of PostgreSQL* or


nothing installed on the server:
Have PostgreSQL?

No

Yes

No

Have
MySQL*?

PostgreSQL
Version?

Yes

Low

No

Migrate
PostgreSQL?

No

Migrate
MySQL?
Yes

Yes

Install PostgreSQL 8.2


28

*Other names and brands may be claimed as the property of others.

Database check if there is the same or higher version of


PostgreSQL* database on the server:
Have PostgreSQL?
Yes

PostgreSQL
Version?

Same or
higher

No

Have
MySQL*?
Yes

No

Migrate
MySQL?
Yes

Do Not install PostgreSQL 8.2


29

*Other names and brands may be claimed as the property of others.

Installation
Server
8. Install components.
a. Install PostgreSQL* 8.2. You can use the default root account password
which is written in \Tools\CMPC Configuration File\CMPCConfig.ini. You
can also set a new password for the database. Click Next.

Set PostgreSQL 8.2 Password

30

*Other names and brands may be claimed as the property of others.

Installation
8. Install components (continued).

Server

b. Install J2SDK*, Tomcat*, PostgreSQL*, and the server software. Click


Next. This step may take a few minutes.

Installing J2SDK*, Tomcat*, PostgreSQL*, and theft deterrent software components

31

*Other names and brands may be claimed as the property of others.

Installation
Server
9. Set the server Admin password.

Set the Server Admin Password

Note: The password must not be less than 6 characters, it must contain at least one lowercase letter,

one uppercase letter, and one special character (for example, ! @ # , $ %). Some special letters are
considered illegal, for example the question mark (?), backslash (\), and single quote ().

32

Installation
Server
10.Set the IP address.

33

Installation
Server
10. Set the IP address (continued).

Note 1

The server IP address must be set static.

Note 2

The server IP Address can be blank when server machine has only
one network card.

Note 3

If the server has more than one network card, the installation
program will remind you to input a valid static IP address.

34

Installation
Server
11. Wait for the Setup program to install the server software.

12. Click Finish to finish the installation.

35

How To Check
Server

Checkpoint 1: How To check to determine if the three third-party software


applications have been installed and are working correctly?

How to check if the third party software has already been installed?
After the server has been deployed, you can check the three third-party
software applications through "Add or Remove Programs" in the Windows*
Control Panel. Their names are Java* 2 Runtime Environment, SE v1.4.2_08,
Apache Tomcat* 5.0 and PostgreSQL* 8.2.

36

*Other names and brands may be claimed as the property of others.

How To Check
Server
How to check if the Tomcat* web
server works?
Step 1: Choose Start Menu All
Programs Apache Tomcat* 5.0
Monitor Tomcat. There should be a
Check Tomcat client icon in system tray.
Double-click it; you will see the form
shown at the right. Its working if the
Service Status is shown as Started.

Step 2: Open a web browser and


input http://localhost. You should be
able to access the Tomcat default
page.

37

*Other names and brands may be claimed as the property of others.

How To Check
Server
How to check if the PostgreSQL* database working?
Select Start Menu All Programs PostgreSQL 8.2 pgAdmin III. Double
click the PostgreSQL Database Server 8.2 (localhost:5432), then enter the
database password which you set when you installed the server. (The default
PostgreSQL root password is "Intel1234"). Its working if you can connect to
the database successfully.

38

*Other names and brands may be claimed as the property of others.

How To Check
Server
How To Recover From a Failure
a) If you see any error messages while installing the server, refer to the Theft
Deterrent Software for Intel-powered classmate PCs Deployment Guide.
b) If the Tomcat* web server is not started, select Start Menu All Programs
Apache Tomcat 5.0 Monitor Tomcat, then click Start manually in the
Apache Tomcat Properties.

39

*Other names and brands may be claimed as the property of others.

How To Check
Server
How To Check the PostgreSQL Database
To check the PostgreSQL* Service to see if it has started, go to Control Panel
Performance and Maintenance Administrative Tools Services.
Manually right-click and start the PostgreSQL Service if it has not already
started.

40

*Other names and brands may be claimed as the property of others.

How To Check
Server
Checkpoint 2: How To check if the Intel Theft Control Server for
classmate PCs has already been installed and works?

Open a web browser and go to the server main page:


http://localhost/tdserver. Log into the admin account.
How To Recover From a Failure:

If you cannot access the server main web page, verify that the Tomcat*
web server has been started, if not, start it and try again.

If you can access the server main web page, but cannot log-in, verify
that the PostgreSQL* Service has been started. If it is not started, start
it and try again.

41

*Other names and brands may be claimed as the property of others.

Installation

Network Installation
Server Installation
Agent Installation

42

Installation
Agent

Pre-Installation
Before starting the Intel Theft Control Agent for classmate PCs
installation, make sure that the classmate PC can boot to Windows* XP
OS, that all drivers have been installed, and that there are no !
indications in the device management listing, especially for the TPM
device.

43

*Other names and brands may be claimed as the property of others.

Installation
Agent
1. Click setup.exe in Agent Installation Package. Choose setup language
and click OK.

2. Click Next.

44

Installation
Agent
3. Select I accept the terms in the license agreement and then click
Next.

4. In the configure file (\Tools\CMPC Configuration File\CMPCConfig.ini), the


default directory is [C:\Program Files\Intel\Theft Deterrent Agent\]. Click
Next.

45

Installation
Agent
5. Click Next. This step may take a few minutes.

6. Wait a moment and click Finish to finish the installation.

46

Installation
Agent
7. Click Yes to restart the computer or No if you plan to restart later.

8. After restarting the computer, the agent will start up automatically


when the OS starts up. The program will be minimized, displaying
an icon in the Windows* OS taskbar.

47

How To Check
Agent
Checkpoint 3: How To Check the TPM Module
Connect the agent with the server, then move the mouse over the agents
icon in the system tray. Check the popup tooltips:
If HWID in the tooltip equals the wired or wireless NIC Mac address, the
TPM is working, otherwise it is not working.
If the Expiration Date is between 2000 and 2099 and the format is
MM/DD/YYYY, then the TPM is working, otherwise it is not working.
If the Remain Boots is an abnormal value that exceeds the normal scope
(for example 10000, depending on the individual machine), then the
TPM isnt working properly. If it is in the normal range then the TPM is
working properly.

48

How To Check
Agent
Checkpoint 3: How To Check the TPM Module (continued)

How To Recover From a Failure


Go to Control Panel System Hardware Device Manager System
devices Winbond Trusted Platform Module 1.2. If the driver is disabled or
shows an abnormal status, restart the computer or disable/enable the
driver.
Go to Control Panel Administrative Tool Services NTRU TSS
v1.2.1.25 TCS. If the service is stopped or shows an abnormal status,
restart the computer or stop/start the service.

49

How To Check
Agent
Checkpoint 4: How To Check if the Agent Has Already Been Installed
and Works Correctly?
Manually download and parse a new Boot Certificate. The expiration status will
be changed.
How To Recover from a Failure:
Check that the TPM module in working normally.
Check that the TSS Service is running in the classmate PC.

Check that the network of the classmate PC is working properly. You can
check the network by accessing the server main web page from a classmate
PC.
Check that the CA certificate has been installed successfully when the agent
downloads the Auto Provision Package.

50

Agenda
Pre-Training
Installation
How To Deploy
How To Use
Uninstall
Q&A

Backup

51

How To Deploy
Server and Agent
Prerequisites:

52

Install the server and agent software.

Configure the network.

How To Deploy
Server and Agent
1. Open a web browser and log-on to the server at
http://localhost/tdserver, make sure to input the correct user name
and password. (You set both of these in Server Installation Step 8.)

53

How To Deploy
Server and Agent
2. Check that the Server Broadcast Control is On (the default status is
ON). (Choose Server Left Navigation Bar Service Management.)

54

How To Deploy
Server and Agent
3. Check the Settings. The agent will use the server IP address shown
below (right). Double-click the tray icon or right-click the tray icon then
choose Settings.
Agent side

55

How To Deploy
Server and Agent
4. The agent will register itself as a temp account on the server. After the
admin logs-in, the window shown below will display. Click Click here to
go to next page.

Note: Only Admin users can see this temp account page.

56

How To Deploy
Server and Agent
5. Approve the temp account.

Note: Only Admin users have the privilege to approve the temp account.

57

How To Deploy
Server and Agent
6. The agent will download the certification authority (CA) automatically.
Click Yes to accept this CA.

58

How To Deploy
Server and Agent

Note: If the downloaded CA cant take effect in the classmate PC, follow the
steps illustrated below to manually import the CA.

59

How To Deploy
Server and Agent
7. The agent will download the auto provision package, and then request
that the user reboot. Click Reboot now to reboot the classmate PC or
wait and it will reboot automatically in 30 seconds.

Note: After rebooting the OS, move the mouse over the agent icon in the taskbar.
The deployment was successful if it shows the information below.

60

How To Deploy
Server and Agent
8. The agent will then download the shared secret, and request the user
to reboot again. Click Reboot now to reboot the classmate PC, or wait
and it will reboot automatically in 30 seconds.

Note: After rebooting the OS, move the mouse over the agent icon in the
taskbar. The deployment was successful if it shows the information below.

61

How To Deploy
Server and Agent
The agent has now been deployed successfully. This agent can
now be used to download a Boot Certificate from the server.

62

Agenda
Pre-Training
Installation
How To Deploy
How To Use
Uninstall
Q&A

Backup

63

How To Use
Server
1. Device Management: The features are shown below.

64

How To Use
Server
Device Management:

Add a new account

Click the hardware ID to edit


Delete a device

65

How To Use
Server
2. Provision Management: The features are shown below.

66

How To Use
Server
Provision Management: Common Boot Certificate settings. You can set the
expiration duration and average boot times per day for all agents.

Note:
The Boot certificate expiration duration cant be less than 15 days, and the total boot times cant be
less than 100.

67

How To Use
Provision Management: One-time Boot Certificate settings. You can
set a one-time or permanent Boot Certificate for a special device.

Set one-time or permanent BC

68

Advance search

Server

How To Use
Server
3. Unlock Code Retrieval: You can generate the unlock code for the
locked agent.

Generate unlock code

69

How To Use
Server
4. Data Management: The features are shown below.

Import data

Export data

Data Management

Import server credential files

Export server credential files

70

How To Use
Server
Data Management: Here you can backup the server data or import server data.

Import backup account data

Export account data for backup

Import server credential files for


backup
Export backup server credential
files

Note: When importing server credential files, do the followings:

Unzip the server credential files, then import anyone of them. The remaining files will be imported
automatically.
Manually restart Tomcat* service or restart the OS after importing the files.

71

*Other names and brands may be claimed as the property of others.

How To Use
Server
5. Security Management: The features are shown below.

72

How To Use
Server
Security Management: Shared Secret Settings.

Update shared secret

73

Export shared secret

Advanced search

How To Use
Server
Security Management: Public Key Settings.

Update public key for all devices

Export public key for backup

74

How To Use
Server
Security Management: Intel Provision Package. (Refer to the next page to see how to use
the Intel provision package.)

Import Intel provision package

75

How To Use
Server
Scenario:
If the server has updated the public key and any of the classmate PCs have
been locked, because their boot-time expired without having a new public
key downloaded, then how can the Administrator unlock these classmate
PCs?
In this scenario, it can only be resolved by using Intel provision package (the procedure
is described in the following steps).

76

How To Use
Server
1. Power on the locked classmate PC and get the S/N number at locked screen.

77

How To Use
Server
2. Get the updated Pub_Key file from the server which can be found in the
C:/CMPC directory if the server was installed on the C: drive.

78

How To Use
Server
3. Send the S/N number and pub_key file to your Intel representatives who will
give you an Intel signed package named tcopp.bin.
4. Copy the tcopp.bin file to a USB disk.
5. Insert the USB disk to the classmate PC

6. Reboot the classmate PC.

Note: Limitation for using a USB disk:

Must be formatted by Windows* XP OS built-in format tool.

FAT16 supports sizes up to 2 GB (Intel recommends using a size < 2 GB).

FAT32 supports sizes up to 8 GB.

79

*Other names and brands may be claimed as the property of others.

How To Use
Server
6. In the locked screen, press the Ctrl+Insert hotkey to read the USB disk. The
screen shown below will display if the USB disk can be read successfully. The
classmate PC will reboot automatically.

The classmate PC has been unlocked successfully after the reboot.

80

How To Use
Agent
6. Taskbar Icon: The color of the taskbar icon changes to indicate a
different status.
Normal status.
Warning status indicates this PC has less than 2 days or less than
5 boot times until its BC expires. The Agent will download common
boot certificate automatically.

Not activated status indicates this PC account has not been


approved at the server.

Cannot connect with server status indicates this PC cannot


connect with server.

Cannot connect with server status indicates this PC cannot connect


with server and the account has not been approved.

81

How To Use
Agent
7. Taskbar Icon: Right-click on the Agents taskbar icon to open the menu
shown below.

Log onto server


Settings
Help
About

82

How To Use
Agent
8. Taskbar Icon: device account
Right-click the taskbar icon and then select Log onto Server. Follow the steps shown
below:

For the first log-in, set the password, student


name, and birthday.

Click Login to continue.

83

How To Use
Agent
Log onto Server: After the first log-in, input the password and click Login.

Input password

84

How To Use
Agent
Log onto Server: Enter the Profile Settings under My Account.

Profile Setting
Click Save to save the new settings.

85

How To Use
Agent
Log onto Server: Unlock Code Retrieval.

Notes:

86

When the classmate PC has been locked, you can use your own account to log into the
sever by another classmate PC, and generate the unlock code.
When the classmate PC has been set to stolen status in the server database, the unlock
code generated by the student account cant unlock the classmate PC.

How To Use
Agent
9. Taskbar Icon: Right-click the taskbar icon and then select Settings. The window
shown below will display.

You can import the server IP address


manually

87

How To Use
Agent
If you want to use the Proxy Server, check Use Proxy Server.

You can import the Proxy Server info


manually here.

Notes:
If you have set the Proxy Server in Microsoft Internet Explorer* and have
never used the Theft Deterrent Proxy Server before, the Theft Deterrent
Proxy Server Address will automatically be filled with what is in the IE
setting.
If the Theft Deterrent Proxy Server has been used before, the Theft
Deterrent Proxy Server Address will be filled with the last used address.
88

*Other names and brands may be claimed as the property of others.

How To Use
Agent
10. Taskbar Icon: Right-click the taskbar icon then choose Help. The help page
for the agent will open.

89

How To Use
Agent
11. Taskbar Icon: Right-click the taskbar icon then select About. The About window
for the agent will open.

90

Agenda
Pre-Training
Installation
How To Deploy
How To Use
Uninstall
Q&A

Backup

91

Uninstall
1. In the Control Panel, find the Intel classmate PC Theft Deterrent Server
and click Remove.

2. Click Yes to begin the uninstall.

3. The uninstall is finished when the progress indicator dialog closes.

92

Server

Uninstall
Agent
1. In the Control Panel, find the Intel classmate PC Theft Deterrent Agent
and click Remove.

2. Click Yes to begin the uninstall.

3. The uninstall is finished when the progress indicator dialog closes.

93

Agenda
Pre-Training
Installation
How To Deploy
How To Use
Uninstall
Q&A

Backup

94

Q&A

95

Agenda
Pre-Training
Installation
How To Deploy
How To Use
Uninstall
Q&A

Backup

96

Backup
Port Changing
To change the default port of the server, if port 80 or 443 has been used by another
application, do the following:
On the server side:
1. Find server.xml file in Tomcat* working folder. If you installed Tomcat* in
C:\Program Files\Tomcat, server.xml file is in C:\Program Files\Tomcat\conf.
2. Change server.xml file as shown below.

For example, if you choose to use 8080 as HTTP port and 8443 as HTTPS port for server, then
change the text shown below.

(Continued)

97

*Other names and brands may be claimed as the property of others.

Backup
Port Changing
3. Restart Tomcat*.
On the agent side:
1. Wait for the server broadcast. When the Intel-powered classmate PC receives the
server broadcast, the server IP address will fill in the edit box of the Agent UI.
2. Modify the configuration file AgentConfig.ini. Change the value of ServerAddress.
For example, if you have received broadcast from 192.1.1.1, and the HTTP port is
8080, then change the value from ServerAddress="192.1.1.1" to
ServerAddress="192.1.1.1:8080." The temp account will then be registered in the
server.
3. After the admin accepts the device account, the agent will download the auto
provision package and display a message box to reminder user to reboot. Select
Cancel, and then modify the configuration file named "AgentConfig.ini" if the HTTPS
port is 8443, then change the value from ServerAddress="192.1.1.1:8080" to
ServerAddress="192.1.1.1:8443", reboot device.
4. Download the boot certificate from the server.

98

*Other names and brands may be claimed as the property of others.

Backup
Port Changing

Notes:

When the Admin logs into the server, use https://192.1.1.1:8443/tdserver

When the student sets his password for the first time in the server, use
https://192.1.1.1:8443/tdserver/student/actication.jsp?HWID=************

When the student logs into the server, use https://192.1.1.1:8443/tdserver/


student/student_login.jsp

99

*Other names and brands may be claimed as the property of others.

Backup
DLL Changing
If there are old versions of LIBEAY32.dll or SSLEAY32.dll (older than version
0.9.7) in the system path, do the following:

100

1.

Press Start and then click Run.

2.

Enter cmd then click OK.

3.

Input path command to list the


system paths.

Backup
DLL Changing
4.

Search for the LIBEAY32.dll and SSLEAY32.dll files from these system paths.
Note: The system paths may include several folders. Search for the two files under every subfolder in
the system path.
For example, you can double-click the icon of My Computer, click Search, and then select All
files and folders.

Input the file name (LIBEAY32.DLL) and select Look in: Local Disk (C:\); then press Search.

101

Backup
DLL Changing
If old versions of LIBEAY32.dll or SSLEAY32.dll (lower than 0.9.7) files are found in the system
path, do the following:

102

1.

Rename the Libeay32.dll file to Libeay32.bak at C:\windows\system32 (this must be included


in the system path). Rename SSLEAY32.dll to SSLEAY32.bak.

2.
3.

Install the theft deterrent software.


After the installation of theft deterrent software is complete, change the name back to the
original names on all the files you changed in the first two steps.