You are here:   Research
  |  Login

Welcome to my blog, quickest way to find articles is usually to search for them.

Minimize
Search in All Title Contents
 
     

Allowing normal users to connect to a new Thunderbolt docking station

Nov 08 2016

Here is a post on how to configure the Thunderbolt Software to not require admin rights when connecting a new Thunderbolt device.

Creds: Thanks to Jim Hamby (@TheJimHamby) for providing the screen shots.

Disclaimer: Allowing normal users to authorize the thunderbolt connection is obviously less secure than requiring administrator approval, but it really has to usable too :)

Background

If you ever tried to secure the setup of a new HP ZBook 200W Thunderbolt 3 Dock, you quickly learn that a normal user cannot connect to the docking station without being and admin. This is what the user will get, and as you can see, connecting the device requires admin privileges:

Bk29S4LU
Admin rights required to connect the device.

The BIOS setup

The above dialog is being shown when BIOS is setup to require Thunderbolt security level is set to User Level Authorization. This is how it looks on HP BIOS:

RWu2n2rV
The HP BIOS setup, Thunderbolt Security Level.

Fixing the problem

To allow normal users to authorize the thunderbolt device, do the following:

1. Uninstall the Thunderbolt Software and restart the machine

2. Add the following registry key to the machine

HKLM\SYSTEM\CurrentControlSet\Services\ThunderboltService\TbtServiceSettings
"ApprovalLevel"=dword:00000001

3. Reinstall the Thunderbolt software. If using the SP74500 files, you can use the below command to do it silent:

msiexec /i setup.msi /q

Tip: Always check the HP SoftPaq CVA for info about setup unattended switches. Btw CVA means “Compaq Value Add”, has been around for a while :)

/ Johan









Deployment News


Happy deployment, and thanks for reading!


What our lawyers makes us say:

This information is provided "AS IS" with no warranties, confers no rights and is not supported by the authors or Deployment Artist.

Copyright © 2017 by Deployment Artist (the company behind deployment research). All rights reserved. No part of the information on this web site may be reproduced or posted in any form or by any means without the prior written permission of the publisher.

Shorthand: Don't pass off our work as yours, it's not nice.

Blog Archive

Minimize




Where you can meet us!

Live Stream Recordings
ConfigMgr 1806 and W10 OSD

5 Days - Mega Geek Week 
(multiple classes, ConfigMgr, OSD etc.)
- Johan Arwidmark, Mikael Nystrom...
Jun 10, 2019, Chicago, IL, US

4 Days - Windows 10 OSD Classes
- Johan Arwidmark
May 20, 2019, San Diego, CA, US
Jun 17, 2019, Culemborg, NL
Jul 8, 2019, Phoenix, AZ, US

5 days - ConfigMgr Classes
- Johan Arwidmark and Kent Agerlund
Apr 8, 2019, Chicago, IL, US
Apr 22, 2019, Houston, TX, US

Video-based trainings
https://online.truesec.com
https://deploymentartist.com/Training/Videos

MDT, Windows 10 and ConfigMgr Books
http://deploymentartist.com/Books

Contact Info
http://deploymentresearch.com/theteam