公开(公告)号：US20230195493A1

公开(公告)日：2023-06-22

申请号：US17644873

申请日：2021-12-17

Applicant: VMware, Inc.

Inventor： Chris Halstead ,  Jared Cook ,  Kevin B. Sheehan

IPC: G06F9/455 ,  G06F21/73 ,  G06F21/60

CPC classification number: G06F9/45558 ,  G06F21/73 ,  G06F21/602 ,  G06F2009/4557

Abstract: Enrollment management for virtual devices is described. In some examples, an enrollment agent of a virtual device retrieves a serial number using an operating system command that identifies the serial number locally to the virtual device. A request to identify device records with the management service is transmitted along with the serial number. A management identifier is received for a device record that is associated with the serial number. A local device management parameter of the virtual device is set to specify the management identifier. An enrollment request is transmitted to the management service.

公开(公告)号：US12153689B2

公开(公告)日：2024-11-26

申请号：US17546160

申请日：2021-12-09

Applicant: VMware, Inc.

Inventor： Chris Halstead ,  Kevin B. Sheehan ,  Jared Cook ,  Joshua Spencer

IPC: G06F21/60 ,  G06F9/455 ,  G06F21/31

Abstract: Examples of enrollment of virtual devices for unprivileged users are described. In some examples, a virtual device includes an enrollment agent, encrypted enrollment credentials, and a user mode privilege elevation component that elevates privilege of the enrollment agent. A privilege elevated token is created to include an administrative privilege of a local security authority service, and a security context of an unprivileged user account logged in to the virtual device. The enrollment agent is launched using the privilege elevated token rather than a user token of a user that is logged in. The enrollment agent decrypts the encrypted enrollment credentials based on administrative privilege of the privilege elevated token, and enrolls the virtual device with a management service using decrypted enrollment credentials.

公开(公告)号：US20230185929A1

公开(公告)日：2023-06-15

申请号：US17546160

申请日：2021-12-09

Applicant: VMware, Inc.

Inventor： Chris Halstead ,  Kevin B. Sheehan ,  Jared Cook ,  Joshua Spencer

IPC: G06F21/60 ,  G06F21/31 ,  G06F9/455

CPC classification number: G06F21/604 ,  G06F21/31 ,  G06F9/45558 ,  G06F2009/45595 ,  G06F2009/45587

Abstract: Examples of enrollment of virtual devices for unprivileged users are described. In some examples, a virtual device includes an enrollment agent, encrypted enrollment credentials, and a user mode privilege elevation component that elevates privilege of the enrollment agent. A privilege elevated token is created to include an administrative privilege of a local security authority service, and a security context of an unprivileged user account logged in to the virtual device. The enrollment agent is launched using the privilege elevated token rather than a user token of a user that is logged in. The enrollment agent decrypts the encrypted enrollment credentials based on administrative privilege of the privilege elevated token, and enrolls the virtual device with a management service using decrypted enrollment credentials.

公开(公告)号：US20230016069A1

公开(公告)日：2023-01-19

申请号：US17371198

申请日：2021-07-09

Applicant: VMware, Inc.

Inventor： Neeraj Saluja ,  Muhammad Anadil Furqan ,  Kevin B. Sheehan

IPC: G06F21/60 ,  G06F3/06

Abstract: Examples of scheduled and on-demand volume encryption suspension are described. A management service can identify multi-volume encryption rules for local volumes of a client device including the operating system volume as well as non-operating-system volumes. The encryption rules can be transmitted to the client device. Volume encryption samples for the client device can be received, and a console user interface can be generated to indicate compliance status information for the multi-volume encryption rules for local volumes of a client device.

公开(公告)号：US12135797B2

公开(公告)日：2024-11-05

申请号：US17371198

申请日：2021-07-09

Applicant: VMware, Inc.

Inventor： Neeraj Saluja ,  Muhammad Anadil Furqan ,  Kevin B. Sheehan

IPC: G06F21/60 ,  G06F3/06

Abstract: Examples of scheduled and on-demand volume encryption suspension are described. A management service can identify multi-volume encryption rules for local volumes of a client device including the operating system volume as well as non-operating-system volumes. The encryption rules can be transmitted to the client device. Volume encryption samples for the client device can be received, and a console user interface can be generated to indicate compliance status information for the multi-volume encryption rules for local volumes of a client device.

公开(公告)号：US20240169078A1

公开(公告)日：2024-05-23

申请号：US17989668

申请日：2022-11-17

Applicant: VMware, Inc.

Inventor： Senthil Parthasarathy ,  Kevin B. Sheehan ,  Muhammad Anadil Furqan ,  Haroon Barlas ,  Amruta Moghe ,  Kishore Krishnakumar ,  Adarsh Subhash Chandra Jain

IPC: G06F21/60 ,  H04L9/06

CPC classification number: G06F21/606 ,  H04L9/0643

Abstract: Disclosed are various embodiments of a multiuser unified endpoint management (UEM) system. A device check-in can be received from a client device. The device check-in can include a device identifier that uniquely identifies the client device with respect to other client devices and a user identifier that uniquely identifies the user of the client device with respect to other users of the client device. In response, a device channel identifier associated with the device identifier and a user channel identifier associated with both the user identifier and the device identifier can be obtained. Then a first set of entitlements associated with the device channel identifier and a second set of entitlements associated with the user channel identifier can be selected. Both sets of entitlements can be provided to the client device in response to the device check-in.