How it Works
HP
Loading...
C
Loading...
Loading...
COMPAQ DC5750
User Manual
4 pgs281.04 Kb0
User Manual
79 pgs1.79 Mb0
User Manual
20 pgs1.05 Mb1
User Manual
18 pgs238.08 Kb0
User Manual
114 pgs2.75 Mb0
User Manual
78 pgs749.31 Kb0
Reference Guide
52 pgs1.37 Mb0
User Manual
20 pgs228.02 Kb0
White Paper
8 pgs218.42 Kb0
Reference Guide
62 pgs1.49 Mb0
Service and Maintain
38 pgs986.99 Kb0
Troubleshooting
72 pgs745.47 Kb0
User Manual
4 pgs71.22 Kb0
User Manual
18 pgs83.72 Kb0
User Manual
7 pgs107.85 Kb0
User Manual
214 pgs2.52 Mb0
User Manual
64 pgs1.49 Mb0
User Manual
82 pgs1.84 Mb0
User Manual
35 pgs4.3 Mb0
User Manual
42 pgs3.13 Mb0
User Manual
56 pgs1.38 Mb0
User Manual
24 pgs249.46 Kb0
User Manual
44 pgs1.54 Mb0
Table of contents
Loading...

HP Compaq dc5750 User Manual

ProtectTools
User Guide
© Copyright 2007 Hewlett-Packard Development Company, L.P.
Microsoft and Windows are U.S. registered trademarks of Microsoft Corporation. Intel is a trademark or registered trademark of Intel Corporation or its subsidiaries in the United States and other countries. AMD, the AMD Arrow logo, and combinations thereof are trademarks of Advanced Micro Devices, Inc. Bluetooth is a trademark owned by its proprietor and used by Hewlett-Packard Company under license. Java is a US trademark of Sun Microsystems, Inc. SD Logo is a trademark of its proprietor.
The information contained herein is subject to change without notice. The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP shall not be liable for technical or editorial errors or omissions contained herein.
First Edition: July 2007
Document Part Number: 451271-001
Table of contents
1 Introduction to security
HP ProtectTools features ..................................................................................................................... 2
Accessing HP ProtectTools Security .................................................................................................... 3
Achieving key security objectives ......................................................................................................... 4
Protecting against targeted theft .......................................................................................... 4
Restricting access to sensitive data ..................................................................................... 4
Preventing unauthorized access from internal or external locations ................................... 4
Creating strong password policies ....................................................................................... 5
Additional security elements ................................................................................................................. 6
Assigning security roles ....................................................................................................... 6
Managing HP ProtectTools passwords ................................................................................ 6
Creating a secure password ............................................................................... 8
HP ProtectTools Backup and Restore ................................................................................. 8
Backing up credentials and settings .................................................................... 8
Restoring credentials .......................................................................................... 9
Configuring settings .......................................................................................... 10
2 Credential Manager for HP ProtectTools
Setup procedures ............................................................................................................................... 12
Logging on to Credential Manger ...................................................................................... 12
Using the Credential Manager Logon Wizard ................................................... 12
Logging on for the first time ............................................................................... 13
Registering credentials ...................................................................................................... 13
Registering fingerprints ..................................................................................... 13
Setting up the fingerprint reader ....................................................... 14
Using your registered fingerprint to log on to Windows .................... 14
Registering a Java Card, USB eToken, or virtual token .................................... 14
Registering a USB eToken ................................................................................ 14
Registering other credentials ............................................................................ 14
General tasks ..................................................................................................................................... 15
Creating a virtual token ...................................................................................................... 15
Changing the Windows logon password ............................................................................ 15
Changing a token PIN ........................................................................................................ 15
Managing identity ............................................................................................................... 16
Clearing an identity from the system ................................................................. 16
Locking the computer ........................................................................................................ 17
Using Windows Logon ....................................................................................................... 17
Logging on to Windows with Credential Manager ............................................. 17
Adding an account ............................................................................................ 17
Removing an account ....................................................................................... 18
Using Single Sign On ......................................................................................................... 18
Registering a new application ........................................................................... 18
Using automatic registration ............................................................. 18
ENWW iii
Using manual (drag and drop) registration ....................................... 19
Managing applications and credentials ............................................................. 19
Modifying application properties ....................................................... 19
Removing an application from Single Sign On ................................. 19
Exporting an application ................................................................... 19
Importing an application ................................................................... 20
Modifying credentials ........................................................................ 20
Using Application Protection .............................................................................................. 20
Restricting access to an application .................................................................. 21
Removing protection from an application .......................................................... 21
Changing restriction settings for a protected application .................................. 21
Advanced tasks (administrator only) .................................................................................................. 23
Specifying how users and administrators log on ............................................................... 23
Configuring custom authentication requirements .............................................................. 24
Configuring credential properties ....................................................................................... 24
Configuring Credential Manager settings .......................................................................... 25
Example 1—Using the “Advanced Settings” page to allow Windows logon
from Credential Manager .................................................................................. 25
Example 2—Using the “Advanced Settings” page to require user verification
before Single Sign On ....................................................................................... 26
3 Embedded Security for HP ProtectTools
Setup procedures ............................................................................................................................... 28
Enabling the embedded security chip ................................................................................ 28
Initializing the embedded security chip .............................................................................. 29
Setting up the basic user account ...................................................................................... 30
General tasks ..................................................................................................................................... 31
Using the Personal Secure Drive ....................................................................................... 31
Encrypting files and folders ................................................................................................ 31
Sending and receiving encrypted e-mail ............................................................................ 31
Changing the Basic User Key password ........................................................................... 32
Advanced tasks .................................................................................................................................. 33
Backing up and restoring ................................................................................................... 33
Creating a backup file ....................................................................................... 33
Restoring certification data from the backup file ............................................... 33
Changing the owner password .......................................................................................... 34
Resetting a user password ................................................................................................ 34
Enabling and disabling Embedded Security ...................................................................... 34
Permanently disabling Embedded Security ...................................................... 34
Enabling Embedded Security after permanent disable ..................................... 34
Migrating keys with the Migration Wizard .......................................................................... 35
4 Java Card Security for HP ProtectTools
General tasks ..................................................................................................................................... 37
Changing a Java Card PIN ................................................................................................ 37
Selecting the card reader ................................................................................................... 37
Advanced tasks (administrators only) ................................................................................................ 38
Assigning a Java Card PIN ................................................................................................ 38
Assigning a name to a Java Card ...................................................................................... 39
Setting power-on authentication ........................................................................................ 39
Enabling Java Card power-on authentication and creating an administrator
Java Card .......................................................................................................... 40
Creating a user Java Card ................................................................................ 41
iv ENWW
Disabling Java Card power-on authentication ................................................... 41
5 BIOS Configuration for HP ProtectTools
General tasks ..................................................................................................................................... 43
Managing boot options ...................................................................................................... 43
Enabling and disabling system configuration options ........................................................ 44
Advanced tasks .................................................................................................................................. 46
Managing HP ProtectTools add-on module settings ......................................................... 46
Enabling and disabling smart card power-on authentication support ................ 46
Enabling and disabling power-on authentication support for Embedded
Security ............................................................................................................. 47
Enabling and disabling DriveLock hard drive protection ................................... 48
Using DriveLock ............................................................................... 48
DriveLock Applications ..................................................................... 48
Managing Computer Setup passwords .............................................................................. 49
Setting the power-on password ......................................................................... 49
Changing the power-on password .................................................................... 49
Setting the setup password ............................................................................... 49
Changing the setup password ........................................................................... 50
Setting password options .................................................................................. 50
Enabling and disabling stringent security ......................................... 50
Enabling and disabling power-on authentication on Windows
restart ............................................................................................... 50
6 Drive Encryption for HP ProtectTools
Encryption management .................................................................................................................... 53
User management .............................................................................................................................. 54
Recovery ............................................................................................................................................ 55
7 Troubleshooting
Credential Manager for ProtectTools ................................................................................................. 56
Embedded Security for ProtectTools .................................................................................................. 60
Miscellaneous ..................................................................................................................................... 66
Glossary ............................................................................................................................................................. 68
Index ................................................................................................................................................................... 70
ENWW v
vi ENWW

1 Introduction to security

HP ProtectTools Security Manager software provides security features that help protect against unauthorized access to the computer, networks, and critical data. Enhanced security functionality is provided by the following software modules:
Credential Manager for HP ProtectTools
Embedded Security for HP ProtectTools
Java Card Security for HP ProtectTools
BIOS Configuration for HP ProtectTools
Drive Encryption for HP ProtectTools
The software modules available for your computer may vary depending on your model. For example, Embedded Security for HP ProtectTools is available only for computers on which the Trusted Platform Module (TPM) embedded security chip is installed.
HP ProtectTools software modules may be preinstalled, preloaded, or available for download from the HP Web site. Visit
NOTE: The instructions in this guide are written with the assumption that you have already installed
the applicable HP ProtectTools software modules.
http://www.hp.com for more information.
ENWW 1

HP ProtectTools features

The following table details the key features of HP ProtectTools modules:
Module Key features
Credential Manager for HP ProtectTools
Embedded Security for HP ProtectTools
Java Card Security for HP ProtectTools
Credential Manager acts as a personal password vault.
Single Sign On remembers multiple passwords for various
password-protected Web sites, applications, and network resources.
Single Sign On offers additional protection by requiring
combinations of different security technologies, such as a Java™ Card and biometrics, for user authentication.
Password storage is protected through encryption and can be
hardened through the use of a TPM embedded security chip and/ or security device authentication, such as Java Cards or biometrics.
Embedded Security uses a Trusted Platform Module (TPM)
embedded security chip to help protect against unauthorized access to sensitive user data or credentials stored locally on a PC.
Embedded Security allows creation of a personal secure drive
(PSD) for protecting user data.
Embedded Security supports third-party applications (such as
Microsoft Outlook and Internet Explorer) for protected digital certificate operations.
Java Card Security configures the HP ProtectTools Java Card for
user authentication before the operating system loads.
Java Card Security configures separate Java Cards for an
administrator and a user.
BIOS Configuration for HP ProtectTools
Drive Encryption for HP ProtectTools
BIOS Configuration provides access to power-on user and
administrator password management.
BIOS Configuration provides an alternative to the pre-boot BIOS
configuration utility known as F10 Setup.
DriveLock helps protect a hard drive from unauthorized access,
even if it is removed from a system, without requiring the user to remember any additional passwords.
Drive Encryption provides complete, full-volume hard drive
encryption.
Drive Encryption forces pre-boot authentication in order to decrypt
and access the data.
2 Chapter 1 Introduction to security ENWW

Accessing HP ProtectTools Security

To access HP ProtectTools Security from Windows® Control Panel:
Select Start > All Programs > HP ProtectTools Security Manager.
NOTE: After you have configured the Credential Manager module, you can also open HP ProtectTools
by logging on to Credential Manager directly from the Windows logon screen. For more information, refer to “
Logging on to Windows with Credential Manager on page 17.”
ENWW Accessing HP ProtectTools Security 3

Achieving key security objectives

The HP ProtectTools modules can work together to provide solutions for a variety of security issues, including the following key security objectives:

Protecting against targeted theft

Restricting access to sensitive data

Preventing unauthorized access from internal or external locations

Creating strong password policies
Protecting against targeted theft
An example of this type of incident would be the targeted theft of a computer containing confidential data and customer information in a cubicle or open environment. The following features help protect against targeted theft:
The pre-boot authentication feature, if enabled, helps prevent access to the operating system. See
the following procedures:
Enabling and disabling smart card power-on authentication support on page 46
Enabling and disabling power-on authentication support for Embedded Security
on page 47
Assigning a name to a Java Card on page 39
Drive Encryption for HP ProtectTools on page 52
DriveLock helps ensure that data cannot be accessed even if the hard drive is removed and
installed into an unsecured system. See “
on page 48.”
The Personal Secure Drive feature, provided by the Embedded Security for HP ProtectTools
module, encrypts sensitive data to help ensure it cannot be accessed without authentication. See the following procedures:
Embedded Security “
Using the Personal Secure Drive on page 31
Setup procedures on page 28
Restricting access to sensitive data
Suppose a contract auditor is working onsite and has been given computer access to review sensitive financial data; you do not want the auditor to be able to print the files or save them to a writeable device such as a CD. The following feature helps restrict access to data:
The DriveLock helps ensure that data cannot be accessed even if the hard drive is removed and
installed into an unsecured system. See “
on page 48.”
Enabling and disabling DriveLock hard drive protection
Enabling and disabling DriveLock hard drive protection
Preventing unauthorized access from internal or external locations
If a PC containing confidential data and customer information is accessed from an internal or external location, unauthorized users may be able to gain entry to corporate network resources or data from
4 Chapter 1 Introduction to security ENWW
financial services, an executive, or R&D team, or private information such as patient records or personal financial data. The following features help prevent unauthorized access:
The pre-boot authentication feature, if enabled, helps prevent access to the operating system. See
the following procedures:
Enabling and disabling smart card power-on authentication support on page 46
Enabling and disabling power-on authentication support for Embedded Security
on page 47
Assigning a name to a Java Card on page 39
Drive Encryption for HP ProtectTools on page 52
Embedded Security for HP ProtectTools helps protect sensitive user data or credentials stored
locally on a PC using the following procedures:
Embedded Security “
Using the Personal Secure Drive on page 31
Using the following procedures, Credential Manager for HP ProtectTools helps ensure that an
unauthorized user cannot get passwords or access to password-protected applications:
Credential Manager “
Using Single Sign On on page 18
The Personal Secure Drive feature encrypts sensitive data to help ensure it cannot be accessed
without authentication using the following procedures:
Embedded Security “
Using the Personal Secure Drive on page 31
Setup procedures on page 28
Setup procedures on page 12
Setup procedures on page 28

Creating strong password policies

If a mandate goes into effect that requires the use of strong password policy for dozens of Web-based applications and databases, Credential Manager for HP ProtectTools provides a protected repository for passwords and Single Sign On convenience using the following procedures:
Credential Manager “
Using Single Sign On on page 18
Setup procedures on page 12
For stronger security, Embedded Security for HP ProtectTools then protects that repository of user names and passwords. This allows users to maintain multiple strong passwords without having to write them down or try to remember them. See Embedded Security “
ENWW Achieving key security objectives 5
Setup procedures on page 28.”

Additional security elements

Assigning security roles

In managing computer security (particularly for large organizations), one important practice is to divide responsibilities and rights among various types of administrators and users.
NOTE: In a small organization or for individual use, these roles may all be held by the same person.
For HP ProtectTools, the security duties and privileges can be divided into the following roles:
Security officer—Defines the security level for the company or network and determines the security
features to deploy, such as Java™ Cards, biometric readers, or USB tokens.
NOTE: Many of the features in HP ProtectTools can be customized by the security officer in
cooperation with HP. For more information, see the HP Web site at
IT administrator—Applies and manages the security features defined by the security officer. Can
also enable and disable some features. For example, if the security officer has decided to deploy Java Cards, the IT administrator can enable Java Card BIOS security mode.
User—Uses the security features. For example, if the security officer and IT administrator have
enabled Java Cards for the system, the user can set the Java Card PIN and use the card for authentication.
http://www.hp.com.

Managing HP ProtectTools passwords

Most of the HP ProtectTools Security Manager features are secured by passwords. The following table lists the commonly used passwords, the software module where the password is set, and the password function.
The passwords that are set and used by IT administrators only are indicated in this table as well. All other passwords may be set by regular users or administrators.
HP ProtectTools password Set in this HP ProtectTools
module
Credential Manager logon password
Credential Manager recovery file password
Basic User Key password
NOTE: Also known as:
Embedded Security password
Credential Manager This password offers 2 options:
Credential Manager, by IT administrator
Embedded Security Used to access Embedded Security
Function
It can be used in a separate logon to
access Credential Manager after logging on to Windows.
It can be used in place of the Windows
logon process, allowing access to Windows and Credential Manager simultaneously.
Protects access to the Credential Manager recovery file.
features, such as secure e-mail, file, and folder encryption. When used for power-on authentication, also protects access to the computer contents when the computer is turned on, restarted, or restored from hibernation.
Emergency Recovery Token password
NOTE: Also known as:
Emergency Recovery Token Key password
Embedded Security, by IT administrator
Protects access to the Emergency Recovery Token, which is a backup file for the embedded security chip.
6 Chapter 1 Introduction to security ENWW
HP ProtectTools password Set in this HP ProtectTools
module
Function
Owner password Embedded Security, by IT
administrator
Java™ Card PIN Java Card Security Protects access to the Java Card contents
Computer Setup password
NOTE: Also known as BIOS
administrator, F10 Setup, or Security Setup password
Power-on password BIOS Configuration Protects access to the computer contents
Windows Logon password Windows Control Panel Can be used for manual logon or saved on
BIOS Configuration, by IT administrator
Protects the system and the TPM chip from unauthorized access to all owner functions of Embedded Security.
and authenticates users of the Java Card. When used for power-on authentication, the Java Card PIN also protects access to the Computer Setup utility and to the computer contents.
Authenticates users of Drive Encryption, if the Java Card token is selected.
Protects access to the Computer Setup utility.
when the computer is turned on, restarted, or restored from hibernation.
the Java Card.
ENWW Additional security elements 7
Creating a secure password
When creating passwords, you must first follow any specifications that are set by the program. In general, however, consider the following guidelines to help you create strong passwords and reduce the chances of your password being compromised:
Use passwords with more than 6 characters, preferably more than 8.
Mix the case of letters throughout your password.
Whenever possible, mix alphanumeric characters and include special characters and punctuation
marks.
Substitute special characters or numbers for letters in a key word. For example, you can use the
number 1 for letters I or L.
Combine words from 2 or more languages.
Split a word or phrase with numbers or special characters in the middle, for example,
“Mary2-2Cat45.”
Do not use a password that would appear in a dictionary.
Do not use your name for the password, or any other personal information, such as birth date, pet
names, or mother's maiden name, even if you spell it backwards.
Change passwords regularly. You might change only a couple of characters that increment.
If you write down your password, do not store it in a commonly visible place very close to the
computer.
Do not save the password in a file, such as an e-mail, on the computer.
Do not share accounts or tell anyone your password.

HP ProtectTools Backup and Restore

HP ProtectTools Backup and Restore provides a convenient and quick way to back up and restore credentials from all supported HP ProtectTools modules.
Backing up credentials and settings
You can back up credentials in the following ways:
Use the HP ProtectTools Backup Wizard to select and back up HP ProtectTools modules
Back up preselected HP ProtectTools modules
NOTE: You must set backup options before you can use this method.
Schedule backups
NOTE: You must set backup options before you can use this method.
Using the HP ProtectTools Backup Wizard to select and back up HP ProtectTools modules
1. Select Start > All Programs > HP ProtectTools Security Manager.
2. In the left pane, click HP ProtectTools, and then click Backup and Restore.
3. In the right pane, click Backup Options. The HP ProtectTools Backup Wizard opens. Follow the
on-screen instructions to back up credentials.
8 Chapter 1 Introduction to security ENWW
Setting backup options
1. Select Start > All Programs > HP ProtectTools Security Manager.
2. In the left pane, click HP ProtectTools, and then click Backup and Restore.
3. In the right pane, click Backup Options. The HP ProtectTools Backup Wizard opens.
4. Follow the on-screen instructions.
5. After you set and confirm the Storage File Password, select Remember all passwords and
authentication values for future automated backups.
6. Click Save Settings, and then click Finish.
Backing up preselected HP ProtectTools modules
NOTE: You must set backup options before you can use this method.
1. Select Start > All Programs > HP ProtectTools Security Manager.
2. In the left pane, click HP ProtectTools, and then click Backup and Restore.
3. In the right pane, click Backup.
Scheduling backups
NOTE: You must set backup options before you can use this method.
1. Select Start > All Programs > HP ProtectTools Security Manager.
2. In the left pane, click HP ProtectTools, and then click Backup and Restore.
3. In the right pane, click Schedule Backups.
4. On the Task tab, select the Enabled check box to enable scheduled backups.
5. Click Set Password and type and confirm your password in the Set Password dialog box. Click
OK.
6. Click Apply. Click the Schedule tab. Click the Schedule Task arrow and select the automatic
backup frequency.
7. Under Start time, use the Start time arrows to select the exact time for the backup to begin.
8. Click Advanced to select a start date, an end date, and recurring task settings. Click Apply.
9. Click Settings, and select settings for Scheduled Task Completed, Idle Time, and Power
Management.
10. Click Apply, and then click OK to close the dialog box.
Restoring credentials
1. Select Start > All Programs > HP ProtectTools Security Manager.
2. In the left pane, click HP ProtectTools, and then click Backup and Restore.
3. In the right pane, click Restore. The HP ProtectTools Restore Wizard opens. Follow the on-screen
instructions.
ENWW Additional security elements 9
Configuring settings
1. Select Start > All Programs > HP ProtectTools Security Manager.
2. In the left pane, click HP ProtectTools, and then click Settings.
3. In the right pane, select your settings, and then click OK.
10 Chapter 1 Introduction to security ENWW
2 Credential Manager for HP
ProtectTools
Credential Manager for HP ProtectTools protects against unauthorized access to your computer using the following security features:
Alternatives to passwords when logging on to Windows, such as using a Java Card or biometric
reader to log on to Windows. For additional information, refer to “
on page 13.”
Single Sign On feature that automatically remembers credentials for Web sites, applications, and
protected network resources.
Support for optional security devices, such as Java Cards and biometric readers.
Support for additional security settings, such as requiring authentication using an optional security
device to unlock the computer.
Registering credentials
ENWW 11

Setup procedures

Logging on to Credential Manger

Depending on the configuration, you can log on to Credential Manager in any of the following ways:
Credential Manager Logon Wizard (preferred)
HP ProtectTools Security Manager icon in the notification area
HP ProtectTools Security Manager
NOTE: If you use the Credential Manager Logon prompt on the Windows Logon screen to log on to
Credential Manager, you are logged on to Windows at the same time.
The first time you open Credential Manager, log on with your regular Windows Logon password. A Credential Manager account is then automatically created with your Windows logon credentials.
After logging on to Credential Manager, you can register additional credentials, such as a fingerprint or a Java Card. For additional information, refer to “
At the next logon, you can select the logon policy and use any combination of the registered credentials.
Using the Credential Manager Logon Wizard
To log on to Credential Manger using the Credential Manager Logon Wizard, use the following steps:
Registering credentials on page 13.”
1. Open the Credential Manager Logon Wizard in any of the following ways:
From the Windows logon screen
From the notification area, by double-clicking the HP ProtectTools Security Manager icon
From the “Credential Manager” page of ProtectTools Security Manager, by clicking the Log
On link in the upper-right corner of the window
2. Follow the on-screen instructions to log on to Credential Manager.
12 Chapter 2 Credential Manager for HP ProtectTools ENWW
Logging on for the first time
Before you begin, you must be logged on to Windows with an administrator account, but not logged on to Credential Manager.
1. Open HP ProtectTools Security Manager by double-clicking the HP ProtectTools Security Manager
icon in the notification area. The HP ProtectTools Security Manager window opens.
2. In the left pane, click Credential Manager, and then click Log On in the upper-right corner of the
right pane. The Credential Manager Logon Wizard opens.
3. Type your Windows password in the Password box, and then click Next.

Registering credentials

You can use the “My Identity” page to register your various authentication methods, or credentials. After they have been registered, you can use these methods to log on to Credential Manager.
Registering fingerprints
A fingerprint reader allows you to log on to Windows using your fingerprint for authentication instead of using a Windows password.
ENWW Setup procedures 13
Setting up the fingerprint reader
1. After logging on to Credential Manager, swipe your finger across the fingerprint reader. The
Credential Manager Registration Wizard opens.
2. Follow the on-screen instructions to complete registering your fingerprints and setting up the
fingerprint reader.
3. To set up the fingerprint reader for a different Windows user, log on to Windows as that user and
then repeat steps 1 and 2.
Using your registered fingerprint to log on to Windows
1. Immediately after you have registered your fingerprints, restart Windows.
2. At the Windows Welcome screen, swipe any of your registered fingers to log on to Windows.
Registering a Java Card, USB eToken, or virtual token
NOTE: You must have a card reader or smart card keyboard configured for this procedure. If you
choose not to use a smart card, you can register a virtual token as described in “
on page 15.”
1. Select Start > All Programs > HP ProtectTools Security Manager.
2. In the left pane, click Credential Manager.
Creating a virtual token
3. In the right pane, click Register Smart Card or Token. The Credential Manager Registration
Wizard opens.
4. Follow the on-screen instructions.
Registering a USB eToken
1. Be sure that the USB eToken drivers are installed.
NOTE: Refer to the USB eToken user guide for more information.
2. Select Start > All Programs > HP ProtectTools Security Manager.
3. In the left pane, click Credential Manager.
4. In the right pane, click Register Smart Card or Token. The Credential Manager Registration
Wizard opens.
5. Follow the on-screen instructions.
Registering other credentials
1. Select Start > All Programs > HP ProtectTools Security Manager.
2. In the left pane, click Credential Manager.
3. In the right pane, click Register Credentials. The Credential Manager Registration Wizard opens.
4. Follow the on-screen instructions.
14 Chapter 2 Credential Manager for HP ProtectTools ENWW

General tasks

All users have access to the “My Identity” page in Credential Manager. From the “My Identity” page, you can perform the following tasks:

Creating a virtual token

Changing the Windows logon password

Managing a token PIN
Managing identity
Locking the computer
NOTE: This option is available only if the Credential Manager classic logon prompt is enabled.
Example 1—Using the “Advanced Settings” page to allow Windows logon from Credential
See “
Manager on page 25.”
Creating a virtual token
A virtual token works very much like a Java Card or USB eToken. The token is saved either on the computer hard drive or in the Windows registry. When you log on with a virtual token, you are asked for a user PIN to complete the authentication.
To create a new virtual token:
1. Select Start > All Programs > HP ProtectTools Security Manager.
2. In the left pane, click Credential Manager.
3. In the right pane, click Virtual Token. The Credential Manager Registration Wizard opens.
NOTE: If Virtual Token is not an option, use the procedure for “Registering other credentials
on page 14.”
4. Follow the on-screen instructions.
Changing the Windows logon password
1. Select Start > All Programs > HP ProtectTools Security Manager.
2. In the left pane, click Credential Manager.
3. In the right pane, click Change Windows Password.
4. Type your old password in the Old password box.
5. Type your new password in the New password and Confirm password boxes.
6. Click Finish.

Changing a token PIN

1. Select Start > All Programs > HP ProtectTools Security Manager.
2. In the left pane, click Credential Manager.
3. In the right pane, click Change Token PIN.
4. Select the token for which you want to change the PIN, and then click Next.
5. Follow the on-screen instructions to complete the PIN change.
ENWW General tasks 15

Managing identity

Clearing an identity from the system
NOTE: This does not affect your Windows user account.
1. Select Start > All Programs > HP ProtectTools Security Manager.
2. In the left pane, click Credential Manager.
3. In the right pane, click Clear Identity for this Account.
4. Click Yes in the confirmation dialog box. Your identity is logged off and removed from the system.
16 Chapter 2 Credential Manager for HP ProtectTools ENWW

Locking the computer

This feature is available if you log on to Windows using Credential Manager. To secure your computer when you are away from your desk, use the Lock Workstation feature. This prevents unauthorized users from gaining access to your computer. Only you and members of the administrators group on your computer can unlock it.
NOTE: This option is available only if the Credential Manager classic logon prompt is enabled. See
Example 1—Using the “Advanced Settings” page to allow Windows logon from Credential Manager
on page 25.”
For added security, you can configure the Lock Workstation feature to require a Java Card, biometric reader, or token to unlock the computer. For more information, see “
settings on page 25.”
To lock the computer:
1. Select Start > All Programs > HP ProtectTools Security Manager.
2. In the left pane, click Credential Manager.
3. In the right pane, click Lock Workstation. The Windows logon screen is displayed. You must use
a Windows password or the Credential Manager Logon Wizard to unlock the computer.

Using Windows Logon

Configuring Credential Manager
You can use Credential Manager to log on to Windows, either at a local computer or on a network domain. When you log on to Credential Manager for the first time, the system automatically adds your local Windows user account as the account for the Windows Logon service.
Logging on to Windows with Credential Manager
You can use Credential Manager to log on to a Windows network or local account.
1. If you have registered your fingerprint to log on to Windows, swipe your finger to log on.
2. If you have not registered your fingerprint to log on to Windows, click the keyboard icon in the
upper-left corner of the screen next to the fingerprint icon. The Credential Manager Logon Wizard opens.
3. Click the User name arrow, and then click your name.
4. Type your password in the Password box, and then click Next.
5. Select More > Wizard Options.
a. If you want this to be the default user name the next time that you log on to the computer,
select the Use last user name on next logon check box.
b. If you want this logon policy to be the default method, select the Use last policy on next
logon check box.
6. Follow the on-screen instructions. If your authentication information is correct, you will be logged
on to your Windows account and to Credential Manager.
Adding an account
1. Select Start > All Programs > HP ProtectTools Security Manager.
2. In the left pane, click Credential Manager, and then click Services and Applications.
ENWW General tasks 17
3. In the right pane, click Windows Logon, and then click Add a Network Account. The Add Network
Account Wizard opens.
4. Follow the on-screen instructions.
Removing an account
1. Select Start > All Programs > HP ProtectTools Security Manager.
2. In the left pane, click Credential Manager, and then click Services and Applications.
3. In the right pane, click Windows Logon, and then click Manage Network Accounts. The Manage
Network Accounts dialog box opens.
4. Click the account you want to remove, and then click Remove.
5. In the confirmation dialog box, click Yes.
6. Click OK.

Using Single Sign On

Credential Manager has a Single Sign On feature that stores user names and passwords for multiple Internet and Windows programs, and automatically enters logon credentials when you access a registered program.
NOTE: Security and privacy are important features of Single Sign On. All credentials are encrypted
and are available only after successful logon to Credential Manager.
NOTE: You can also configure Single Sign On to validate your authentication credentials with a Java
Card, a fingerprint reader, or a token before logging on to a secure site or program. This is particularly useful when logging on to programs or Web sites that contain personal information, such as bank account numbers. For more information, refer to “
on page 25.”
Registering a new application
Credential Manager prompts you to register any application that you launch while you are logged on to Credential Manager. You can also register an application manually.
Using automatic registration
1. Open an application that requires you to log on.
2. Click the Credential Manager SSO icon in the program or Web site password dialog box.
3. Type your password for the program or Web site, and then click OK. The Credential Manager
Single Sign On dialog box opens.
4. Click More and select from the following options:
Do not use SSO for this site or application.
Configuring Credential Manager settings
Prompt to select account for this application.
Fill in credentials but do not submit.
Authenticate user before submitting credentials.
Show SSO shortcut for this application.
5. Click Yes to complete the registration.
18 Chapter 2 Credential Manager for HP ProtectTools ENWW
Loading...
+ 55 hidden pages
Buy Points How it Works FAQ Contact Us Questions and Suggestions Privacy Policy Cookie Policy Terms of Use