06-01-2018 12:24 PM
I am a solutions architect trying to solve an issue which I have never heard of before. Though others users are having this same issue, my experience has been different then what they have seen.
The following are the Security options for Thunderbolt devices as per user guide No Security: Allow Thunderbolt devices to be connected automatically. User Authorization: Allow Thunderbolt devices to be connected after user authorization. Secure Connect: Allow Thunderbolt devices to be connected with a saved key that has been approved by the user. Display Port and USB: Allow only DisplayPort-compatible devices and USB devices to be connected. Thunderbolt devices are not allowed to be connected
I don't think this is entirely true or at least does not apply properly each time.
T480, T580, or Yoga x1 3rd gen
Imaging with a standalone MDT environment
Devices come pre-configured from Lenovo with Thunderbolt 3 Security Options set to "User Authentication"
Installing all the drivers in the latest SCCM driver packs that Lenovo offers - though the x1 3rd gen driver pack was missing on the site this morning.
On some devices, this security option seems to do absolutely nothing. MDT uses the local "Administrator" account to perform post-OS items. I'd say about 75% of the devices reach their destination and the user logs in for the first time as a user, not an admin, and the dock functions properly; monitors/mice/keyboard/etc. work. 25% of the time either nothing works, or only the mouse and keyboard.
In testing, on all three device types, setting security level to none allows everything to work as necessary.
However, setting "Display Port/USB" only allows our monitors to work - mice and keyboards do not.
Is anyone else experiencing this issue in the way that I am? Not really sure how to proceed. What is the overall risk to turning off security? Is Thunderbolt 3 creating a trust relationship with the OS where you can navigate the host device going through the connected dock via USB or what?