IBM Advanced Settings Utility for x86_64 Windows Version 2.4.0 (Build ID ASUT51A) Installation README File CONTENTS ________ 1.0 Overview 2.0 Installation and Setup Instructions 3.0 Configuration Information 4.0 Unattended Mode 5.0 Web Sites and Support Phone Number 6.0 Trademarks and Notices 7.0 Disclaimer 1.0 Overview 1.1 This README file contains the latest information about installing the Advanced Settings Utility for DOS. 1.2 Limitations: N/A 1.3 Enhancements: N/A 1.4 Recommendations and Prerequisites for the Update: N/A 1.5 Dependencies - Definition files must be at version 2.3.0 or below. 2.0 Installation and Setup Instructions The procedure to install the Advanced Settings Utility for x86_64 Windows is as follows: 1. Copy the .exe to a directory on the hard drive. 2. Double-click on the .exe or run it from the command line. asu64.exe will be extracted to the hard disk. NOTE: For ASU version 2.1 and greater, ASU supports certificate generation using RSA/RSAII commands. As part of the rsa command "generate" a xml file is needed as an argument for the generate command. The xml file contains information that is needed at the time of certificate generation. When the extraction is done a template.xml is provided in the same directory where this readme is placed. In the template.xml, XXXX indicates fields where the user should imput the information for that particular item in the xml file. The items have min and max lengths which are defined in the xml file. If the item is defined as "Optional" and if it not needed, the user should delete that item from the xml file before executing the generate command. The xml file supports the two types of RSA certificate generation: "Generate Self-Signed Certificate" and "Generate Certificate Signing Request (CSR)". Syntax of the asu commands are: asu64 generate RSA_Generate_SSL_Server_Certificate temp.xml asu64 generate RSA_Generate_SSL_Server_CSR temp.xml asu64 generate RSA_Generate_SSL_Client_Certificate temp.xml asu64 generate RSA_Generate_SSL_Client_CSR temp.xml 2.1: Windows PE instructions for RSA operations For ASU to communicate with RSA on Windows PE, the RSAII Device Drivers needs to be installed on the WinPE Boot CD. Also for the ASU to communicate with the BMC on Windows PE, the BMC Device Drivers needs to be installed on the WinPE Boot CD. To establish communication with RSAII the IBMSPREM.exe and IBMSPSVC.exe needs to be executed once after boot. This can be accomplished by updating the OEMRunOnce section in winbom.ini file to execute IBMSPREM.exe and IBMSPSVC.exe. To update the winbom.ini file perform the following: Edit e:\winpe\winbom.ini Add the following: [OEMRun] "IBMSPREM App Execution", "X:\RSAII\IBMSPREM.EXE" "IBMSPSVC App Execution", "X:\RSAII\IBMSPSVC.EXE -install" 2.2: Windows PE setup on versions 1.x For ASU to work properly on Windows PE 1.x, either a writable TEMP directory must be created, or ASU's helper device driver must be extracted on the Windows PE CD. To extract the device driver, run "asu.exe extractdriver", and make sure that wflash.sys is in the same directory as asu.exe at all times. 2.3: Windows PE setup on version 2.0 (Windows Automated Installation Kit) The Windows PE image will need additional packages to be installed. WinPE-MDAC-Package and WinPE-WMI-Package must be installed via instructions found in the Windows Automated Installation Kit documentation or via Microsoft's website. 2.4: Microsoft Vista Notes If the Windows operating system is Microsoft Vista, the asu utility must be run with Administrator privileges. This may be done by logging in under the 'Administrator' ID or, when logged in as a user with Administrator privileges. If logging into Microsoft Vista as 'Administrator", executing the asu utility there are no additions steps require. If logging into Microsoft Vista, as a user, the user must select one of the following two ways to execute the asu utility with Administrator privileges. A. Turn User Account Control (UAC) off. Procedure to turn User Account Control off: - Select and left click on start icon, select and left click on Control Panel. - Select and left click on User Accounts. - Select and left click User Accounts. - In User Account panel, select and left click on 'Turn User Account Control on or off'. - When User Account Control panel appears select and left click on 'Continue'. - In User Account Control On or Off panel, if 'Use User Account Control (UAC) to help protect your compute' box is checked, then uncheck the box using the mouse - Select OK and left click using the mouse. - When Microsoft Windows warning message 'You must restart your computer to apply these changes', select and left click 'Restart Now'. The system will restart, when Microsoft Vista login screen appears, login in using the same user account. After restart has completed, the administrator privileges are active. B. Executing asu utility with administrator approval. If User Account Control (UAC) is active, asu execution must be executed with administrator approval. Procedure to execute with adminstrator approval from the command prompt: - Select and right click on 'Command Prompt" icon. Select and left click on 'Run as administrator'. The User Account Control message window pops up. Select and left click on 'Continue'. The Administrator Command Prompt window appears. - In the Administrator Command Prompt window execute the desired asu commands. 3.0 Configuration Information ASU 2.0(and higher) contains the RSA and BMC definition files(patches) already. Depending on the machine that you are running, BIOS CMOS definition file(patch) might also be present. To check what definition files(patches) are avaliable run "asu64 patchlist". The patches that are available will be displayed. If the system does not have RSA, and the user issues any commands that would use the RSA an error message is presented to remove the RSA patch. To remove the RSA patch, the user should execute "asu64 patchlist" to determine which patch # corresponds to the RSA patch. Execute the asu command "asu64 patchremove #", where # is the patch number that corresponds to the RSA patch. Similar if the system does not have a BMC, the user would do the same steps as was describe to remove the RSA patch. If a BIOS CMOS definition file(patch) is not present and the operator needs this definition file(patch), then the operator needs to add it. The steps to add the BIOS definition file(patch) to asu: 3.1 Download/copy the definition file .exe to the same directory on the hard drive to which asu.exe was extracted. The BIOS definition file exe can be downloaded from the support download site for the selected machine/model. 3.2 Extract the definition file by running the exe at the command line. This will place the ".def" in the directory the exe is executed from. 3.3 Run "asu64 patchadd .def" where .def is the .def extracted from the downloaded .exe. 4.0 Unattended Mode All ASU operations are command line based and don't wait for user input. As such, ASU can be scripted by using "batch" mode (see the Advanced Settings Utility User's Guide for more details) or any scripting facility of your operating system. 5.0 Web Sites and Support Phone Number 5.1 IBM Support Web Site: http://www.pc.ibm.com/support 5.2 IBM Marketing Web Site: http://www.pc.ibm.com/ww/eserver/xseries/ 5.3 If you have any questions about this update or problems applying the update go to the following Help Center World Telephone Numbers URL: http://www.pc.ibm.com/qtechinfo/YAST-3P2QYL.html. 6.0 Trademarks and Notices 6.1 IBM and the e(logo) are registered trademarks of International Business Machines Corporation. 6.2 U.S. Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP Contract with IBM Corporation. IBM web site pages may contain other proprietary notices and copyright information which should be observed. 7.0 Disclaimer THIS DOCUMENT IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IBM DISCLAIMS ALL WARRANTIES, WHETHER EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF FITNESS FOR A PARTICULAR PURPOSE AND MERCHANTABILITY WITH RESPECT TO THE INFORMATION IN THIS DOCUMENT. BY FURNISHING THIS DOCUMENT, IBM GRANTS NO LICENSES TO ANY PANTENTS OR COPYRIGHTS.