How it Works
Compaq
Loading...
5850 - Deskjet Color Inkjet Printer
Hardware Reference Manual
58 pgs3.64 Mb0
Reference Manual
255 pgs10.83 Mb0
Technical Reference Manual
114 pgs1.07 Mb0
Troubleshooting Manual
69 pgs1.4 Mb0
Use Manual
22 pgs1.12 Mb0
User Manual
72 pgs1.51 Mb0
User Manual
19 pgs433.89 Kb0

Compaq dc5800 - Microtower PC, dc5850 - Microtower PC, 5850 - Deskjet Color Inkjet Printer, ProtectTools User Manual

HP ProtectTools
User Guide
© Copyright 2007 Hewlett-Packard Development Company, L.P.
Microsoft and Windows are U.S. registered trademarks of Microsoft Corporation. Intel is a trademark or registered trademark of Intel Corporation or its subsidiaries in the United States and other countries. AMD, the AMD Arrow logo, and combinations thereof are trademarks of Advanced Micro Devices, Inc. Bluetooth is a trademark owned by its proprietor and used by Hewlett-Packard Company under license. Java is a US trademark of Sun Microsystems, Inc. SD Logo is a trademark of its proprietor.
The information contained herein is subject to change without notice. The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP shall not be liable for technical or editorial errors or omissions contained herein.
Second Edition: October 2007
Document Part Number: 451271-002
Table of contents
1 Introduction to security
HP ProtectTools features ..................................................................................................................... 2
Accessing HP ProtectTools Security .................................................................................................... 4
Achieving key security objectives ......................................................................................................... 5
Protecting against targeted theft .......................................................................................... 5
Restricting access to sensitive data ..................................................................................... 5
Preventing unauthorized access from internal or external locations ................................... 6
Creating and using strong passwords ................................................................................. 6
Additional security elements ................................................................................................................. 7
Assigning security roles ....................................................................................................... 7
Managing HP ProtectTools passwords ................................................................................ 7
Creating a secure password ............................................................................... 8
HP ProtectTools Backup and Restore ................................................................................. 9
Backing up credentials and settings .................................................................... 9
Restoring credentials ........................................................................................ 10
Configuring settings .......................................................................................... 10
2 Credential Manager for HP ProtectTools
Setup procedures ............................................................................................................................... 12
Logging on to Credential Manager .................................................................................... 12
Using the Credential Manager Logon Wizard ................................................... 12
Logging on for the first time ............................................................................... 12
Registering credentials ...................................................................................................... 12
Registering fingerprints ..................................................................................... 12
Setting up the fingerprint reader ....................................................... 13
Using your registered fingerprint to log on to Windows .................... 13
Registering a Java Card, USB eToken, or virtual token .................................... 13
Registering a USB eToken ................................................................................ 13
Registering other credentials ............................................................................ 13
General tasks ..................................................................................................................................... 14
Creating a virtual token ...................................................................................................... 14
Changing the Windows logon password ............................................................................ 14
Changing a token PIN ........................................................................................................ 14
Managing identity ............................................................................................................... 15
Clearing an identity from the system ................................................................. 15
Locking the computer ........................................................................................................ 15
Using Windows Logon ....................................................................................................... 15
Logging on to Windows with Credential Manager ............................................. 15
Adding an account ............................................................................................ 16
Removing an account ....................................................................................... 16
Using Single Sign On ......................................................................................................... 16
Registering a new application ........................................................................... 16
Using automatic registration ............................................................. 16
iii
Using manual (drag and drop) registration ....................................... 17
Managing applications and credentials ............................................................. 17
Modifying application properties ....................................................... 17
Removing an application from Single Sign On ................................. 17
Exporting an application ................................................................... 18
Importing an application ................................................................... 18
Modifying credentials ........................................................................ 18
Using Application Protection .............................................................................................. 19
Restricting access to an application .................................................................. 19
Removing protection from an application .......................................................... 19
Changing restriction settings for a protected application .................................. 19
Advanced tasks (administrator only) .................................................................................................. 21
Specifying how users and administrators log on ............................................................... 21
Configuring custom authentication requirements .............................................................. 21
Configuring credential properties ....................................................................................... 22
Configuring Credential Manager settings .......................................................................... 22
Example 1—Using the “Advanced Settings” page to allow Windows logon
from Credential Manager .................................................................................. 23
Example 2—Using the “Advanced Settings” page to require user verification
before Single Sign On ....................................................................................... 23
3 Embedded Security for HP ProtectTools
Setup procedures ............................................................................................................................... 25
Enabling the embedded security chip ................................................................................ 25
Initializing the embedded security chip .............................................................................. 25
Setting up the basic user account ...................................................................................... 26
General tasks ..................................................................................................................................... 27
Using the Personal Secure Drive ....................................................................................... 27
Encrypting files and folders ................................................................................................ 27
Sending and receiving encrypted e-mail ............................................................................ 27
Changing the Basic User Key password ........................................................................... 27
Advanced tasks .................................................................................................................................. 28
Backing up and restoring ................................................................................................... 28
Creating a backup file ....................................................................................... 28
Restoring certification data from the backup file ............................................... 28
Changing the owner password .......................................................................................... 28
Resetting a user password ................................................................................................ 28
Enabling and disabling Embedded Security ...................................................................... 28
Permanently disabling Embedded Security ...................................................... 29
Enabling Embedded Security after permanent disable ..................................... 29
Migrating keys with the Migration Wizard .......................................................................... 29
4 Java Card Security for HP ProtectTools
General tasks ..................................................................................................................................... 31
Changing a Java Card PIN ................................................................................................ 31
Selecting the card reader ................................................................................................... 31
Advanced tasks (administrators only) ................................................................................................ 32
Assigning a Java Card PIN ................................................................................................ 32
Assigning a name to a Java Card ...................................................................................... 32
Setting power-on authentication ........................................................................................ 32
Enabling Java Card power-on authentication and creating an administrator
Java Card .......................................................................................................... 33
Creating a user Java Card ................................................................................ 33
iv
Disabling Java Card power-on authentication ................................................... 34
5 BIOS Configuration for HP ProtectTools
File ...................................................................................................................................................... 36
Storage ............................................................................................................................................... 37
Security .............................................................................................................................................. 38
Power ................................................................................................................................................. 39
Advanced ........................................................................................................................................... 40
6 Device Access Manager for HP ProtectTools
Starting background service ............................................................................................................... 42
Simple configuration ........................................................................................................................... 43
Device class configuration (advanced) ............................................................................................... 44
Adding a user or a group ................................................................................................... 44
Removing a user or a group .............................................................................................. 44
Denying access to a user or group .................................................................................... 44
Allowing access to a device class for one user of a group ................................................ 44
Allowing access to a specific device for one user of a group ............................................ 45
7 Drive Encryption for HP ProtectTools
Encryption management .................................................................................................................... 47
User management .............................................................................................................................. 48
Recovery ............................................................................................................................................ 49
8 Troubleshooting
Credential Manager for HP ProtectTools ........................................................................................... 50
Embedded Security for HP ProtectTools ............................................................................................ 53
Miscellaneous ..................................................................................................................................... 59
Glossary ............................................................................................................................................................. 61
Index ................................................................................................................................................................... 63
v
vi
1 Introduction to security
HP ProtectTools Security Manager software provides security features that help protect against unauthorized access to the computer, networks, and critical data. Enhanced security functionality is provided by the following software modules:
Credential Manager for HP ProtectTools
Embedded Security for HP ProtectTools
Java Card Security for HP ProtectTools
BIOS Configuration for HP ProtectTools
Drive Encryption for HP ProtectTools
Device Access Manager for HP ProtectTools
The software modules available for your computer may vary depending on your model. For example, Embedded Security for HP ProtectTools is available only for computers on which the Trusted Platform Module (TPM) embedded security chip is installed.
HP ProtectTools software modules may be preinstalled, preloaded, or available for download from the HP Web site. For select HP Compaq Desktops, HP ProtectTools is available as an after market option. Visit
http://www.hp.com for more information.
NOTE: The instructions in this guide are written with the assumption that you have already installed
the applicable HP ProtectTools software modules.
1
HP ProtectTools features
The following table details the key features of HP ProtectTools modules:
Module Key features
Credential Manager for HP ProtectTools
Credential Manager serves a dual role acting as a personal password vault, providing single sign on capability, and allowing the user to define and deploy more stringent security for user authentication beyond a password.
Password storage is protected through encryption and can be hardened through the use of a TPM embedded security chip.
Beyond Single Sign On, Credential Manager offers the capability to utilize combinations of different security authentication technologies, such as a Java™ Card or biometrics, for user authentication along with password.
Embedded Security for HP ProtectTools
Embedded Security manages security user and administrator options for protecting various encryption keys employing TPM technology on the local computer like EFS (Windows Encrypting File System). Personal Secure Drive (PSD), and third-party digital certificates.
Embedded Security uses a Trusted Platform Module (TPM) embedded security chip to help protect against unauthorized access to sensitive user data or credentials stored locally on a PC. TPM provides secure storage for encryption keys and has key generation capabilities. It also provides a strong defense against password attacks.
Embedded Security allows creation of a personal secure drive (PSD) — a virtual drive that can be hidden from view in the system for protecting user data.
Embedded Security supports third-party applications (such as Microsoft Outlook and Internet Explorer) for protected digital certificate operations.
Java Card Security for HP ProtectTools
Java Card Security configures the HP ProtectTools Java Card for user authentication before the hard drive boots. Java Card Security can be accessed by Embedded Security, Java Card, and passwords.
Java Card Security configures separate Java Cards for an administrator and a user.
Java Card Security is a management software interface for Java Card. Java Card is a personal security device that protects authentication data requiring both the card and a PIN number to grant access. The Java Card can be used to access Credential Manager, Drive Encryption, HP BIOS, or any number of third party access points.
BIOS Configuration for HP ProtectTools
BIOS Configuration provides access to power-on user and administrator password management.
BIOS Configuration provides an alternative to the pre-boot BIOS configuration utility known as F10 Setup.
2 Chapter 1 Introduction to security
Module Key features
Drive Encryption for HP ProtectTools
Drive Encryption provides complete, full-volume hard drive encryption.
Drive Encryption utilizes pre-boot authentication to decrypt and access the data.
Drive Encryption provides an authentication management tool used to encrypt partitions, hard drives, and multiple hard drives.
Device Access Manager for HP ProtectTools
Device Access Manager provides customizable control of data storage and transmission hardware (USB, COM & LPT ports, personal music players, CD drives, network interface cards, etc.)
Device Access Manager can also manage users and user groups to provide read, write, allow or deny access to data on the hardware.
HP ProtectTools features 3
Accessing HP ProtectTools Security
To access HP ProtectTools Security from Windows® Control Panel:
Select Start > All Programs > HP ProtectTools Security Manager (or HP ProtectTools Security Manager for Administrators In Windows Vista)
NOTE: After you have configured the Credential Manager module, you can also open HP ProtectTools
by logging on to Credential Manager directly from the Windows logon screen. For more information, refer to “
Logging on to Windows with Credential Manager on page 15.”
For Windows Vista, the administrator must use the “HP ProtectTools Security Manager for Administrators” when accessing Drive Encryption.
4 Chapter 1 Introduction to security
Achieving key security objectives
The HP ProtectTools modules can work together to provide solutions for a variety of security issues, including the following key security objectives:
Protecting against targeted theft
Restricting access to sensitive data
Preventing unauthorized access from internal or external locations
Creating and using strong passwords
Protecting against targeted theft
An example of this type of incident would be the targeted theft of a computer containing confidential data and customer information in a cubicle or open environment. The following features help protect against targeted theft:
The pre-boot authentication feature, if enabled, helps prevent access to the operating system. See the following procedures:
Assigning a name to a Java Card on page 32
Device Access Manager for HP ProtectTools on page 41
Drive Encryption for HP ProtectTools on page 46
DriveLock helps ensure that data cannot be accessed even if the hard drive is removed and installed into an unsecured system. Refer to “
Security on page 38”.
The Personal Secure Drive feature, provided by the Embedded Security for HP ProtectTools module, encrypts sensitive data to help ensure it cannot be accessed without authentication. See the following procedures:
Embedded Security “
Setup procedures on page 25
Using the Personal Secure Drive on page 27
Restricting access to sensitive data
Suppose a contractor is working onsite and has been given computer access to review sensitive financial data; you do not want the contractor to be able to print the files or save them to a writeable device such as a CD. The following feature helps restrict access to data:
Device Access Manager for HP ProtectTools allows IT managers to restrict access to writeable devices so sensitive information cannot be printed or copied from the hard drive onto removable media. See “
Device class configuration (advanced) on page 44.”
DriveLock helps ensure that data cannot be accessed even if the hard drive is removed and installed into an unsecured system. Refer to “
Security on page 38”.
Achieving key security objectives 5
Preventing unauthorized access from internal or external locations
If a PC containing confidential data and customer information is accessed from an internal or external location, unauthorized users may be able to gain entry to corporate network resources or data from financial services, an executive, or R&D team. The following features help prevent unauthorized access:
The pre-boot authentication feature, if enabled, helps prevent access to the operating system. See the following procedures:
Assigning a name to a Java Card on page 32
Drive Encryption for HP ProtectTools on page 46
Embedded Security for HP ProtectTools helps protect sensitive user data or credentials stored locally on a PC using the following procedures:
Embedded Security “
Setup procedures on page 25
Using the Personal Secure Drive on page 27
Using the following procedures, Credential Manager for HP ProtectTools helps ensure that an unauthorized user cannot get passwords or access to password-protected applications:
Credential Manager “
Setup procedures on page 12
Using Single Sign On on page 16
Device Access Manager for HP ProtectTools allows IT managers to restrict access to writeable devices so sensitive information cannot be copied from the hard drive. See
Simple configuration
on page 43
The Personal Secure Drive feature encrypts sensitive data to help ensure it cannot be accessed without authentication using the following procedures:
Embedded Security “
Setup procedures on page 25
Using the Personal Secure Drive on page 27
Creating and using strong passwords
With all the passwords required to regularly access websites or secured applications, users tend to use a simple password for every application and website, or get creative and promptly forget which password goes with which application. Credential Manager for HP ProtectTools provides a protected repository for passwords and Single Sign On convenience using the following procedures:
Creating a secure password on page 8
Credential Manager “
Setup procedures on page 12
Using Single Sign On on page 16
For stronger security, Embedded Security for HP ProtectTools then protects that repository of user names and passwords. This allows users to maintain multiple strong passwords without having to write them down or try to remember them. See Embedded Security “
Setup procedures on page 25.”
6 Chapter 1 Introduction to security
Additional security elements
Assigning security roles
In managing computer security (particularly for large organizations), one important practice is to divide responsibilities and rights among various types of administrators and users.
NOTE: In a small organization or for individual use, these roles may all be held by the same person.
For HP ProtectTools, the security duties and privileges can be divided into the following roles:
Security officer—Defines the security level for the company or network and determines the security features to deploy, such as Java™ Cards, biometric readers, or USB tokens.
NOTE: Many of the features in HP ProtectTools can be customized by the security officer in
cooperation with HP. For more information, see the HP Web site at
http://www.hp.com.
IT administrator—Applies and manages the security features defined by the security officer. Can also enable and disable some features. For example, if the security officer has decided to deploy Java Cards, the IT administrator can enable Java Card BIOS security mode.
User—Uses the security features. For example, if the security officer and IT administrator have enabled Java Cards for the system, the user can set the Java Card PIN and use the card for authentication.
Managing HP ProtectTools passwords
Most of the HP ProtectTools Security Manager features are secured by passwords. The following table lists the commonly used passwords, the software module where the password is set, and the password function.
The passwords that are set and used by IT administrators only are indicated in this table as well. All other passwords may be set by regular users or administrators.
HP ProtectTools password Set in this HP ProtectTools
module
Function
Credential Manager logon password
Credential Manager This password offers 2 options:
It can be used in a separate logon to access Credential Manager after logging on to Windows.
It can be used in place of the Windows logon process, allowing access to Windows and Credential Manager simultaneously.
Credential Manager recovery file password
Credential Manager, by IT administrator
Protects access to the Credential Manager recovery file.
Basic User Key password
NOTE: Also known as:
Embedded Security password
Embedded Security Used to access Embedded Security
features, such as secure e-mail, file, and folder encryption. When used for power-on authentication, also protects access to the computer contents when the computer is turned on, restarted, or restored from hibernation.
Emergency Recovery Token password
NOTE: Also known as:
Emergency Recovery Token Key password
Embedded Security, by IT administrator
Protects access to the Emergency Recovery Token, which is a backup file for the embedded security chip.
Additional security elements 7
HP ProtectTools password Set in this HP ProtectTools
module
Function
Owner password Embedded Security, by IT
administrator
Protects the system and the TPM chip from unauthorized access to all owner functions of Embedded Security.
Java™ Card PIN Java Card Security Protects access to the Java Card contents
and authenticates users of the Java Card. When used for power-on authentication, the Java Card PIN also protects access to the Computer Setup utility and to the computer contents.
Authenticates users of Drive Encryption, if the Java Card token is selected.
Computer Setup password
NOTE: Also known as BIOS
administrator, F10 Setup, or Security Setup password
BIOS Configuration, by IT administrator
Protects access to the Computer Setup utility.
Power-on password BIOS Configuration Protects access to the computer contents
when the computer is turned on, restarted, or restored from hibernation.
Windows Logon password Windows Control Panel Can be used for manual logon or saved on
the Java Card.
Creating a secure password
When creating passwords, you must first follow any specifications that are set by the program. In general, however, consider the following guidelines to help you create strong passwords and reduce the chances of your password being compromised:
Use passwords with more than 6 characters, preferably more than 8.
Mix the case of letters throughout your password.
Whenever possible, mix alphanumeric characters and include special characters and punctuation marks.
Substitute special characters or numbers for letters in a key word. For example, you can use the number 1 for letters I or L.
Combine words from 2 or more languages.
Split a word or phrase with numbers or special characters in the middle, for example, “Mary2-2Cat45.”
Do not use a password that would appear in a dictionary.
Do not use your name for the password, or any other personal information, such as birth date, pet names, or mother's maiden name, even if you spell it backwards.
Change passwords regularly. You might change only a couple of characters that increment.
If you write down your password, do not store it in a commonly visible place very close to the computer.
Do not save the password in a file, such as an e-mail, on the computer.
Do not share accounts or tell anyone your password.
8 Chapter 1 Introduction to security
HP ProtectTools Backup and Restore
HP ProtectTools Backup and Restore provides a convenient and quick way to back up and restore credentials from all supported HP ProtectTools modules.
Backing up credentials and settings
You can back up credentials in the following ways:
Use the HP ProtectTools Backup Wizard to select and back up HP ProtectTools modules
Back up preselected HP ProtectTools modules
NOTE: You must set backup options before you can use this method.
Schedule backups
NOTE: You must set backup options before you can use this method.
Using the HP ProtectTools Backup Wizard to select and back up HP ProtectTools modules
1. Select Start > All Programs > HP ProtectTools Security Manager.
2. In the left pane, click HP ProtectTools, and then click Backup and Restore.
3. In the right pane, click Backup Options. The HP ProtectTools Backup Wizard opens. Follow the
on-screen instructions to back up credentials.
Setting backup options
1. Select Start > All Programs > HP ProtectTools Security Manager.
2. In the left pane, click HP ProtectTools, and then click Backup and Restore.
3. In the right pane, click Backup Options. The HP ProtectTools Backup Wizard opens.
4. Follow the on-screen instructions.
5. After you set and confirm the Storage File Password, select Remember all passwords and
authentication values for future automated backups.
6. Click Save Settings, and then click Finish.
Backing up preselected HP ProtectTools modules
NOTE: You must set backup options before you can use this method.
1. Select Start > All Programs > HP ProtectTools Security Manager.
2. In the left pane, click HP ProtectTools, and then click Backup and Restore.
3. In the right pane, click Backup.
Scheduling backups
NOTE: You must set backup options before you can use this method.
1. Select Start > All Programs > HP ProtectTools Security Manager.
2. In the left pane, click HP ProtectTools, and then click Backup and Restore.
3. In the right pane, click Schedule Backups.
4. On the Task tab, select the Enabled check box to enable scheduled backups.
Additional security elements 9
5. Click Set Password and type and confirm your password in the Set Password dialog box. Click
OK.
6. Click Apply. Click the Schedule tab. Click the Schedule Task arrow and select the automatic
backup frequency.
7. Under Start time, use the Start time arrows to select the exact time for the backup to begin.
8. Click Advanced to select a start date, an end date, and recurring task settings. Click Apply.
9. Click Settings, and select settings for Scheduled Task Completed, Idle Time, and Power
Management.
10. Click Apply, and then click OK to close the dialog box.
Restoring credentials
1. Select Start > All Programs > HP ProtectTools Security Manager.
2. In the left pane, click HP ProtectTools, and then click Backup and Restore.
3. In the right pane, click Restore. The HP ProtectTools Restore Wizard opens. Follow the on-screen
instructions.
Configuring settings
1. Select Start > All Programs > HP ProtectTools Security Manager.
2. In the left pane, click HP ProtectTools, and then click Settings.
3. In the right pane, select your settings, and then click OK.
10 Chapter 1 Introduction to security
2 Credential Manager for HP
ProtectTools
Credential Manager serves a dual role in that it allows the user to define and deploy more stringent security for user authentication beyond a password, and it acts as a personal password vault which provides single sign on capability. Credential Manager for HP ProtectTools protects against unauthorized access to your computer using the following security features:
Alternatives to passwords when logging on to Windows, such as using a Smart Card or biometric reader to log on to Windows. For additional information, refer to “
Registering credentials
on page 12.”
Single Sign On feature that automatically remembers credentials for Web sites, applications, and protected network resources.
Support for optional security devices, such as Smart Cards and biometric readers.
Support for additional security settings, such as requiring authentication using an optional security device to unlock the computer.
11
Setup procedures
Logging on to Credential Manager
Depending on the configuration, you can log on to Credential Manager in any of the following ways:
Credential Manager Logon Wizard (preferred)
HP ProtectTools Security Manager icon in the notification area
HP ProtectTools Security Manager
NOTE: If you use the Credential Manager Logon prompt on the Windows Logon screen, you are
logged on to Windows at the same time.
The first time you open Credential Manager, log on with your regular Windows Logon password. A Credential Manager account is then automatically created with your Windows logon credentials.
After logging on to Credential Manager, you can register additional credentials, such as a fingerprint or a Java Card. For additional information, refer to “
Registering credentials on page 12.”
At the next logon, you can select the logon policy and use any combination of the registered credentials.
Using the Credential Manager Logon Wizard
To log on to Credential Manager using the Credential Manager Logon Wizard, use the following steps:
1. Open the Credential Manager Logon Wizard in any of the following ways:
From the Windows logon screen
From the notification area, by double-clicking the HP ProtectTools Security Manager icon
From the “Credential Manager” page of ProtectTools Security Manager, by clicking the Log On link in the upper-right corner of the window
2. Follow the on-screen instructions to log on to Credential Manager.
Logging on for the first time
Before you begin, you must be logged on to Windows with an administrator account, but not logged on to Credential Manager.
1. Open HP ProtectTools Security Manager by double-clicking the HP ProtectTools Security Manager
icon in the notification area. The HP ProtectTools Security Manager window opens.
2. In the left pane, click Credential Manager, and then click Log On in the upper-right corner of the
right pane. The Credential Manager Logon Wizard opens.
3. Type your Windows password in the Password box, and then click Next.
Registering credentials
You can use the “My Identity” page to register your various authentication methods, or credentials. After they have been registered, you can use these methods to log on to Credential Manager.
Registering fingerprints
A fingerprint reader allows you to log on to Windows using your fingerprint for authentication instead of, or in combination with, using a Windows password.
12 Chapter 2 Credential Manager for HP ProtectTools
Setting up the fingerprint reader
1. After logging on to Credential Manager, swipe your finger across the fingerprint reader. The
Credential Manager Registration Wizard opens.
2. Follow the on-screen instructions to complete registering your fingerprints and setting up the
fingerprint reader.
3. To set up the fingerprint reader for a different Windows user, log on to Windows as that user and
then repeat steps 1 and 2.
Using your registered fingerprint to log on to Windows
1. Immediately after you have registered your fingerprints, restart Windows.
2. At the Windows Welcome screen, swipe any of your registered fingers to log on to Windows.
Registering a Java Card, USB eToken, or virtual token
NOTE: You must have a card reader or smart card keyboard configured for this procedure. If you
choose not to use a smart card, you can register a virtual token as described in “
Creating a virtual token
on page 14.”
1. Select Start > All Programs > HP ProtectTools Security Manager.
2. In the left pane, click Credential Manager.
3. In the right pane, click Register Smart Card or Token. The Credential Manager Registration
Wizard opens.
4. Follow the on-screen instructions.
Registering a USB eToken
1. Be sure that the USB eToken drivers are installed.
NOTE: Refer to the USB eToken user guide for more information.
2. Select Start > All Programs > HP ProtectTools Security Manager.
3. In the left pane, click Credential Manager.
4. In the right pane, click Register Smart Card or Token. The Credential Manager Registration
Wizard opens.
5. Follow the on-screen instructions.
Registering other credentials
1. Select Start > All Programs > HP ProtectTools Security Manager.
2. In the left pane, click Credential Manager.
3. In the right pane, click Register Credentials. The Credential Manager Registration Wizard opens.
4. Follow the on-screen instructions.
Setup procedures 13
General tasks
All users have access to the “My Identity” page in Credential Manager. From the “My Identity” page, you can perform the following tasks:
Creating a virtual token
Changing the Windows logon password
Managing a token PIN
Managing identity
Locking the computer
NOTE: This option is available only if the Credential Manager classic logon prompt is enabled.
See “
Example 1—Using the “Advanced Settings” page to allow Windows logon from Credential
Manager on page 23.”
Creating a virtual token
A virtual token works very much like a Java Card or USB eToken. The token is saved either on the computer hard drive or in the Windows registry. When you log on with a virtual token, you are asked for a user PIN to complete the authentication.
To create a new virtual token:
1. Select Start > All Programs > HP ProtectTools Security Manager.
2. In the left pane, click Credential Manager.
3. In the right pane, click Virtual Token. The Credential Manager Registration Wizard opens.
NOTE: If Virtual Token is not an option, use the procedure for “Registering other credentials
on page 13.”
4. Follow the on-screen instructions.
Changing the Windows logon password
1. Select Start > All Programs > HP ProtectTools Security Manager.
2. In the left pane, click Credential Manager.
3. In the right pane, click Change Windows Password.
4. Type your old password in the Old password box.
5. Type your new password in the New password and Confirm password boxes.
6. Click Finish.
Changing a token PIN
1. Select Start > All Programs > HP ProtectTools Security Manager.
2. In the left pane, click Credential Manager.
3. In the right pane, click Change Token PIN.
4. Select the token for which you want to change the PIN, and then click Next.
5. Follow the on-screen instructions to complete the PIN change.
14 Chapter 2 Credential Manager for HP ProtectTools
Managing identity
Clearing an identity from the system
NOTE: This does not affect your Windows user account.
1. Select Start > All Programs > HP ProtectTools Security Manager.
2. In the left pane, click Credential Manager.
3. In the right pane, click Clear Identity for this Account.
4. Click Yes in the confirmation dialog box. Your identity is logged off and removed from the system.
Locking the computer
This feature is available if you log on to Windows using Credential Manager. To secure your computer when you are away from your desk, use the Lock Workstation feature. This prevents unauthorized users from gaining access to your computer. Only you and members of the administrators group on your computer can unlock it.
NOTE: This option is available only if the Credential Manager classic logon prompt is enabled. See
Example 1—Using the “Advanced Settings” page to allow Windows logon from Credential Manager
on page 23.”
For added security, you can configure the Lock Workstation feature to require a Java Card, biometric reader, or token to unlock the computer. For more information, see “
Configuring Credential Manager
settings on page 22.”
To lock the computer:
1. Select Start > All Programs > HP ProtectTools Security Manager.
2. In the left pane, click Credential Manager.
3. In the right pane, click Lock Workstation. The Windows logon screen is displayed. You must use
a Windows password or the Credential Manager Logon Wizard to unlock the computer.
Using Windows Logon
You can use Credential Manager to log on to Windows, either at a local computer or on a network domain. When you log on to Credential Manager for the first time, the system automatically adds your local Windows user account as the account for the Windows Logon service.
Logging on to Windows with Credential Manager
You can use Credential Manager to log on to a Windows network or local account.
1. If you have registered your fingerprint to log on to Windows, swipe your finger to log on.
2. If you have not registered your fingerprint to log on to Windows, click the keyboard icon in the
upper-left corner of the screen next to the fingerprint icon. The Credential Manager Logon Wizard opens.
3. Click the User name arrow, and then click your name.
4. Type your password in the Password box, and then click Next.
General tasks 15
5. Select More > Wizard Options.
a. If you want this to be the default user name the next time that you log on to the computer,
select the Use last user name on next logon check box.
b. If you want this logon policy to be the default method, select the Use last policy on next
logon check box.
6. Follow the on-screen instructions. If your authentication information is correct, you will be logged
on to your Windows account and to Credential Manager.
Adding an account
1. Select Start > All Programs > HP ProtectTools Security Manager.
2. In the left pane, click Credential Manager, and then click Services and Applications.
3. In the right pane, click Windows Logon, and then click Add a Network Account. The Add Network
Account Wizard opens.
4. Follow the on-screen instructions.
Removing an account
1. Select Start > All Programs > HP ProtectTools Security Manager.
2. In the left pane, click Credential Manager, and then click Services and Applications.
3. In the right pane, click Windows Logon, and then click Manage Network Accounts. The Manage
Network Accounts dialog box opens.
4. Click the account you want to remove, and then click Remove.
5. In the confirmation dialog box, click Yes.
6. Click OK.
Using Single Sign On
Credential Manager has a Single Sign On feature that stores user names and passwords for multiple Internet and Windows programs, and automatically enters logon credentials when you access a registered program.
NOTE: Security and privacy are important features of Single Sign On. All credentials are encrypted
and are available only after successful logon to Credential Manager.
NOTE: You can also configure Single Sign On to validate your authentication credentials with a Java
Card, a fingerprint reader, or a token before logging on to a secure site or program. This is particularly useful when logging on to programs or Web sites that contain personal information, such as bank account numbers. For more information, refer to “
Configuring Credential Manager settings
on page 22.”
Registering a new application
Credential Manager prompts you to register any application that you launch while you are logged on to Credential Manager. You can also register an application manually.
Using automatic registration
1. Open an application that requires you to log on.
2. Click the Credential Manager SSO icon in the program or Web site password dialog box.
16 Chapter 2 Credential Manager for HP ProtectTools
Loading...
+ 50 hidden pages
Buy Points How it Works FAQ Contact Us Questions and Suggestions Privacy Policy Cookie Policy Terms of Use