Persistent enrollment of a computing device based on a temporary user

US 10,635,819 B2
Filed: 03/22/2017
Issued: 04/28/2020
Est. Priority Date: 03/22/2017
Status: Active Grant

First Claim

Patent Images

1. A method for enrolling a computing device with a management server prior to a user initially logging into the computing device, comprising:

during initial boot, executing firmware to generate an enroller, the enroller creating a temporary user account in a WINDOWS operating system, the temporary user account enabling interaction with the operating system;

blocking the operating system from allowing user login;

requesting enrollment with a management server based on the temporary user account, wherein enrollment causes the computing device to enforce management policies defined at the management server;

unblocking the operating system after the enrollment is complete; and

deleting the temporary user account.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods are included for causing a computing device to implement a management policy prior to a user logging into an operating system on initial boot. As part of initial boot, the computing device contacts a management server for enrollment. Installation of the operating system is paused while the management server synchronizes the software and policies on the computing device. To do this prior to login, the management server can create a temporary user account to associate with the computing device and apply a default management policy. After the installation is complete, an installed management agent can gather user inputs made during login. The management agent can send these inputs to the management server for use in creating an actual user account to associate with the computing device.

Citations

20 Claims

1. A method for enrolling a computing device with a management server prior to a user initially logging into the computing device, comprising:
- during initial boot, executing firmware to generate an enroller, the enroller creating a temporary user account in a WINDOWS operating system, the temporary user account enabling interaction with the operating system;
  
  blocking the operating system from allowing user login;
  
  requesting enrollment with a management server based on the temporary user account, wherein enrollment causes the computing device to enforce management policies defined at the management server;
  
  unblocking the operating system after the enrollment is complete; and
  
  deleting the temporary user account.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, further comprising:
    - receiving an update to the enroller from the management server, the update altering functionality related to creation of the temporary user account.
  - 3. The method of claim 1, wherein creating the temporary user account includes providing account information in an XML file that WINDOWS executes during the initial boot.
  - 4. The method of claim 1, further comprising displaying graphics to notify a user that enrollment is occurring prior to unblocking the operating system.
  - 5. The method of claim 1, further comprising:
    - receiving login information from a user after unblocking the operating system;
      
      deleting the enroller; and
      
      reporting the login information to the management server.
  - 6. The method of claim 5, wherein the management server associates the enrolled user device with a user account based on the login information.
  - 7. The method of claim 5, further comprising downloading a management agent from the management server, the management agent enforcing the management policies defined at the management server, wherein the management agent reports the login information to the management server.
  - 8. The method of claim 1, wherein the enroller blocks login by pausing a binary that is part of a boot process for the operating system.

9. A computing device that enrolls with a management server during initial boot based on a temporary user account, comprising:
- a non-transitory, computer-readable medium containing instructions;
  
  a processor that executes the instructions to perform stages comprising;
  
  during initial boot, executing firmware to generate an enroller, the enroller creating the temporary user account in a WINDOWS operating system, the temporary user account enabling interaction with the operating system;
  
  blocking the operating system from allowing user login;
  
  requesting enrollment with a management server based on the temporary user account, wherein enrollment causes the computing device to enforce management policies defined at the management server;
  
  unblocking the operating system after the enrollment is complete; and
  
  deleting the temporary user account.
- View Dependent Claims (10, 11, 12, 13, 14, 15)
- - 10. The computing device of claim 9, the stages further comprising:
    - receiving an update to the enroller from the management server, the update altering functionality related to creation of the temporary user account.
  - 11. The computing device of claim 9, wherein creating the temporary user account includes providing account information in an XML file that WINDOWS executes during the initial boot.
  - 12. The computing device of claim 9, the stages further comprising displaying graphics to notify a user that enrollment is occurring prior to unblocking the operating system.
  - 13. The computing device of claim 9, the stages further comprising:
    - receiving login information from a user after unblocking the operating system;
      
      deleting the enroller; and
      
      reporting the login information to the management server.
  - 14. The computing device of claim 13, wherein the management server associates the enrolled user device with a user account based on the login information.
  - 15. The computing device of claim 13, the stages further comprising downloading a management agent from the management server, the management agent enforcing the management policies defined at the management server, wherein the management agent reports the login information to the management server.

16. A non-transitory, computer-readable medium containing instructions for enrollment on initial boot based on a temporary user account, the instructions causing a processor to perform stages comprising:
- during initial boot, executing firmware to generate an enroller, the enroller creating the temporary user account in a WINDOWS operating system, the temporary user account enabling interaction with the operating system;
  
  blocking the operating system from allowing user login;
  
  requesting enrollment with a management server based on the temporary user account, wherein enrollment causes the computing device to enforce management policies defined at the management server;
  
  unblocking the operating system after the enrollment is complete; and
  
  deleting the temporary user account.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The non-transitory, computer-readable medium of claim 16, the stages further comprising:
    - receiving an update to the enroller from the management server, the update altering functionality related to creation of the temporary user account.
  - 18. The non-transitory, computer-readable medium of claim 16, wherein creating the temporary user account includes providing account information in an XML file that WINDOWS executes during the initial boot.
  - 19. The non-transitory, computer-readable medium of claim 16, the stages further comprising displaying graphics to notify a user that enrollment is occurring prior to unblocking the operating system.
  - 20. The non-transitory, computer-readable medium of claim 16, the stages further comprising:
    - receiving login information from a user after unblocking the operating system;
      
      deleting the enroller; and
      
      reporting the login information to the management server.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Omnissa, LLC
Original Assignee
VMware, Inc. (Broadcom, Inc.)
Inventors
Roszak, Jason, Newell, Craig, Shantharam, Shravan, Murthy, Varun, Regula, Kalyan, Watts, Blake
Primary Examiner(s)
Kim, Tae K

Application Number

US15/466,837
Publication Number

US 20180276386A1
Time in Patent Office

1,133 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/575   Secure boot

G06F 8/61   Installation

G06F 9/4416   Network booting; Remote ini...

G06F 9/452   Remote windowing, e.g. X-Wi...

H04L 63/0815   providing single-sign-on or...

H04L 63/102   Entity profiles

Persistent enrollment of a computing device based on a temporary user

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Persistent enrollment of a computing device based on a temporary user

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links