How it Works
HP
Loading...
C
Loading...
Loading...
COMPAQ DC7900
User Manual
110 pgs3.91 Mb0
Service and Maintain
4 pgs299.06 Kb0
User Manual
3 pgs440.19 Kb0
User Manual
74 pgs4.81 Mb0
User Manual
47 pgs1.51 Mb0
User Manual
50 pgs2.62 Mb0
Troubleshooting
73 pgs1.52 Mb0
User Manual
78 pgs1.57 Mb0
Quick Reference Guide
120 pgs908.78 Kb0
White Paper
8 pgs218.42 Kb0
Setup and Install
20 pgs473.88 Kb0
User Manual
20 pgs6.68 Mb0
User Manual
22 pgs493.11 Kb0
User Manual
70 pgs3.89 Mb0
Service and Maintain
4 pgs303.25 Kb0
Table of contents
Loading...

HP Compaq dc7900 User Manual

HP ProtectTools
User Guide
© Copyright 2008 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Microsoft, Windows, and Windows Vista are either trademarks or registered trademarks of Microsoft Corporation in the United States and/or other countries.
The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP shall not be liable for technical or editorial errors or omissions contained herein.
This document contains proprietary information that is protected by copyright. No part of this document may be photocopied, reproduced, or translated to another language without the prior written consent of Hewlett-Packard Company.
HP ProtectTools User Guide
HP Compaq Business PC
First Edition: July 2008
Document Part Number: 491163-001
About This Book
This guide provides basic information for upgrading this computer model.
WARNING! Text set off in this manner indicates that failure to follow directions could result in bodily
harm or loss of life.
CAUTION: Text set off in this manner indicates that failure to follow directions could result in damage
to equipment or loss of information.
NOTE: Text set off in this manner provides important supplemental information.
ENWW iii
iv About This Book ENWW
Table of contents
1 Introduction to security
HP ProtectTools features ..................................................................................................................... 2
Accessing HP ProtectTools Security .................................................................................................... 4
Achieving key security objectives ......................................................................................................... 4
Protecting against targeted theft .......................................................................................... 5
Restricting access to sensitive data ..................................................................................... 5
Preventing unauthorized access from internal or external locations ................................... 5
Creating strong password policies ....................................................................................... 6
Additional security elements ................................................................................................................. 7
Assigning security roles ....................................................................................................... 7
Managing HP ProtectTools passwords ................................................................................ 7
Creating a secure password ............................................................................... 9
Backing up and restoring HP ProtectTools credentials ....................................................... 9
Backing up credentials and settings .................................................................... 9
2 HP ProtectTools Security Manager for Administrators
About HP ProtectTools Security Manager for Administrators ............................................................ 10
Getting Started - Configuring HP ProtectTools Security Manager for Administrators ........................ 11
Getting Started - Configuring user security login methods ................................................................. 13
Logging in after Security Manager is configured ................................................................................ 14
Administrator Tools - Managing users (administrator task) ................................................................ 15
Adding a user ..................................................................................................................... 15
Removing a user ................................................................................................................ 15
Checking user status ......................................................................................................... 16
Backup and Restore ........................................................................................................................... 16
Using the Backup wizard .................................................................................................................... 17
Security Modules ............................................................................................................... 17
File Location ...................................................................................................................... 17
Backup Complete .............................................................................................................. 18
Using the Restore wizard ................................................................................................................... 18
File Location ...................................................................................................................... 18
Security Modules ............................................................................................................... 18
Confirmation ...................................................................................................................... 19
Restore Complete .............................................................................................................. 19
ENWW v
Settings .............................................................................................................................................. 19
3 Credential Manager for HP ProtectTools
Setup procedures ............................................................................................................................... 20
Logging on to Credential Manager .................................................................................... 20
Using the Credential Manager Logon Wizard ................................................... 21
Registering credentials ...................................................................................................... 21
Registering fingerprints ..................................................................................... 21
Setting up the fingerprint reader ....................................................... 21
Using your registered fingerprint to log on to Windows .................... 21
Registering a Smart Card or Token .................................................................. 22
Registering other credentials ............................................................................ 22
General tasks ..................................................................................................................................... 23
Creating a virtual token ...................................................................................................... 23
Changing the Windows logon password ............................................................................ 23
Changing a token PIN ........................................................................................................ 23
Locking the computer (workstation) ................................................................................... 24
Using Windows Logon ....................................................................................................... 24
Logging on to Windows with Credential Manager ............................................. 24
Using Single Sign On ......................................................................................................... 25
Registering a new application ........................................................................... 25
Using automatic registration ............................................................. 25
Using manual (drag and drop) registration ....................................... 26
Managing applications and credentials ............................................................. 26
Modifying application properties ....................................................... 26
Removing an application from Single Sign On ................................. 26
Exporting an application ................................................................... 26
Importing an application ................................................................... 27
Modifying credentials ........................................................................ 27
Using Application Protection .............................................................................................. 28
Restricting access to an application .................................................................. 28
Removing protection from an application .......................................................... 28
Changing restriction settings for a protected application .................................. 29
Advanced tasks (administrator only) .................................................................................................. 29
Configuring credential properties ....................................................................................... 29
Configuring Credential Manager settings .......................................................................... 30
Example 1—Using the “Advanced Settings” page to allow Windows logon
from Credential Manager .................................................................................. 30
Example 2—Using the “Advanced Settings” page to require user verification
before Single Sign On ....................................................................................... 31
4 Drive Encryption for HP ProtectTools
Setup procedures ............................................................................................................................... 32
Opening Drive Encryption .................................................................................................. 32
vi ENWW
General tasks ..................................................................................................................................... 32
Activating Drive Encryption ................................................................................................ 32
Deactivating Drive Encryption ............................................................................................ 32
Logging in after Drive Encryption is activated .................................................................... 32
Advanced tasks .................................................................................................................................. 33
Managing Drive Encryption (administrator task) ................................................................ 33
Activating a TPM-protected password .............................................................. 33
Encrypting or decrypting individual drives ......................................................... 33
Backup and recovery (administrator task) ......................................................................... 33
Creating backup keys ........................................................................................ 33
Registering for online recovery ......................................................................... 34
Managing an existing online recovery account ................................................. 35
Performing a recovery ....................................................................................... 35
5 Privacy Manager for HP ProtectTools
Opening Privacy Manager .................................................................................................................. 37
Setup procedures ............................................................................................................................... 38
Managing Privacy Manager Certificates ............................................................................ 38
Requesting and installing a Privacy Manager Certificate .................................................. 38
Requesting a Privacy Manager Certificate ........................................................ 38
Installing a Privacy Manager Certificate ............................................................ 38
Viewing Privacy Manager Certificate details ...................................................................... 39
Renewing a Privacy Manager Certificate ........................................................................... 39
Setting a default Privacy Manager Certificate .................................................................... 39
Deleting a Privacy Manager Certificate ............................................................................. 39
Restoring a Privacy Manager Certificate ........................................................................... 40
Revoking your Privacy Manager Certificate ....................................................................... 40
Managing Trusted Contacts ............................................................................................... 40
Adding Trusted Contacts ................................................................................... 41
Viewing Trusted Contact details ........................................................................ 42
Deleting a Trusted Contact ............................................................................... 42
Checking revocation status for a Trusted Contact ............................................ 43
General tasks ..................................................................................................................................... 43
Using Privacy Manager in Microsoft Office ........................................................................ 43
Using Privacy Manager in Microsoft Outlook ..................................................................... 46
Using Privacy Manager in Windows Live Messenger ........................................................ 47
Advanced tasks .................................................................................................................................. 52
Migrating Privacy Manager Certificates and Trusted Contacts to a different
computer ............................................................................................................................ 52
Exporting Privacy Manager Certificates and Trusted Contacts ......................... 52
Importing Privacy Manager Certificates and Trusted Contacts ......................... 52
Adding a Trusted Contact ................................................................. 41
Adding Trusted Contacts using your Microsoft Outlook address
book .................................................................................................. 42
ENWW vii
6 File Sanitizer for HP ProtectTools
Setup procedures ............................................................................................................................... 54
Opening File Sanitizer ....................................................................................................... 54
Setting a free space bleaching schedule ........................................................................... 54
Selecting or creating a shred profile .................................................................................. 54
Selecting a predefined shred profile .................................................................................. 54
Customizing a shred profile ............................................................................................... 55
Customizing a simple delete profile ................................................................................... 55
Setting a shred schedule ................................................................................................... 56
Setting a free space bleaching schedule ........................................................................... 57
Selecting or creating a shred profile .................................................................................. 57
Selecting a predefined shred profile .................................................................. 57
Customizing a shred profile ............................................................................... 57
Customizing a simple delete profile .................................................................. 58
General tasks ..................................................................................................................................... 59
Using a key sequence to initiate shredding ....................................................................... 59
Using the File Sanitizer icon .............................................................................................. 59
Manually shredding one asset ........................................................................................... 60
Manually shredding all selected items ............................................................................... 60
Manually activating free space bleaching .......................................................................... 60
Aborting a shred or free space bleaching operation .......................................................... 61
Viewing the log files ........................................................................................................... 61
7 Java Card Security for HP ProtectTools
General tasks ..................................................................................................................................... 62
Changing a Java Card PIN ................................................................................................ 62
Selecting the card reader ................................................................................................... 63
Advanced tasks (administrators only) ................................................................................................ 63
Assigning a Java Card PIN ................................................................................................ 63
Assigning a name to a Java Card ...................................................................................... 64
Setting power-on authentication ........................................................................................ 64
Enabling Java Card power-on authentication and creating an administrator
Java Card .......................................................................................................... 65
Creating a user Java Card ................................................................................ 66
Disabling Java Card power-on authentication ................................................... 66
8 BIOS Configuration for HP ProtectTools
General tasks ..................................................................................................................................... 68
Accessing BIOS Configuration .......................................................................................... 68
Viewing or changing settings ............................................................................................. 69
File ...................................................................................................................................................... 69
Storage ............................................................................................................................................... 69
Security .............................................................................................................................................. 69
viii ENWW
Power ................................................................................................................................................. 70
Advanced ........................................................................................................................................... 70
9 Embedded Security for HP ProtectTools
Setup procedures ............................................................................................................................... 72
Enabling the embedded security chip in Computer Setup ................................................. 72
Initializing the embedded security chip .............................................................................. 73
Setting up the basic user account ...................................................................................... 73
General tasks ..................................................................................................................................... 74
Using the Personal Secure Drive ....................................................................................... 74
Encrypting files and folders ................................................................................................ 74
Sending and receiving encrypted e-mail ............................................................................ 74
Changing the Basic User Key password ........................................................................... 75
Advanced tasks .................................................................................................................................. 75
Backing up and restoring ................................................................................................... 75
Creating a backup file ....................................................................................... 75
Restoring certification data from the backup file ............................................... 75
Changing the owner password .......................................................................................... 76
Resetting a user password ................................................................................................ 76
Enabling and disabling Embedded Security ...................................................................... 76
Permanently disabling Embedded Security ...................................................... 76
Enabling Embedded Security after permanent disable ..................................... 76
Migrating keys with the Migration Wizard .......................................................................... 77
10 Device Access Manager for HP ProtectTools
Starting background service ............................................................................................................... 78
Simple configuration ........................................................................................................................... 78
Device class configuration (advanced) ............................................................................................... 79
Adding a user or a group ................................................................................................... 79
Removing a user or a group .............................................................................................. 79
Denying access to a user or group .................................................................................... 79
11 Troubleshooting
Credential Manager for HP ProtectTools ........................................................................................... 80
Embedded Security for HP ProtectTools ............................................................................................ 83
Device Access Manager for HP ProtectTools .................................................................................... 89
Miscellaneous ..................................................................................................................................... 90
Glossary ............................................................................................................................................................. 93
Index ................................................................................................................................................................... 97
ENWW ix
x ENWW

1 Introduction to security

HP ProtectTools Security Manager for Administrators software provides security features that help protect against unauthorized access to the computer, networks, and critical data. Enhanced security functionality is provided by the following software modules:
Credential Manager for HP ProtectTools
Drive Encryption for HP ProtectTools
Privacy Manager for HP ProtectTools
File Sanitizer for HP ProtectTools
Java Card Security for HP ProtectTools
BIOS Configuration for HP ProtectTools
Embedded Security for HP ProtectTools
Device Access Manager for HP ProtectTools
NOTE: Credential Manager, Java Card Security, and Drive Encryption are configured using the
Security Manager setup wizard.
HP ProtectTools software modules may be preinstalled, preloaded, or available as a configurable option or as an after market option. Visit
NOTE: The instructions in this guide are written with the assumption that you have already installed
the applicable HP ProtectTools software modules.
http://www.hp.com for more information.
ENWW 1

HP ProtectTools features

The following table details the key features of HP ProtectTools modules:
Module Key features
HP ProtectTools Security Manager for Administrators
Credential Manager for HP ProtectTools
Drive Encryption for HP ProtectTools
The Security Manager setup wizard is used by administrators to
set up and configure levels of security and security logon methods.
Users can also use the setup wizard to configure their logon
methods.
Administrator tools are used to add and remove ProtectTools
users and view user status.
Backs up and restores security modules from installed
HP ProtectTools modules.
Credential Manager acts as a personal password vault,
streamlining the logon process with the Single Sign On feature, which automatically remembers and applies user credentials.
Single Sign On also offers additional protection by requiring
combinations of different security technologies, such as a Java™ Card and biometrics, for user authentication.
Password storage is protected through software encryption and
can be enhanced through the use of a TPM embedded security chip and/or security device authentication, such as Java Cards or biometrics.
Drive Encryption provides complete, full-volume hard drive
encryption.
Drive Encryption forces pre-boot authentication in order to decrypt
and access the data on the hard drive.
Privacy Manager for HP ProtectTools
File Sanitizer for HP ProtectTools
Java Card Security for HP ProtectTools
Privacy Manager is a tool used to obtain Certificates of Authority,
which verify the source, integrity, and security of communication when using Microsoft mail, Microsoft Office documents, and Live Messenger.
File Sanitizer allows you to securely shred digital assets (securely
delete sensitive information including application files, historical or Web-related content, or other confidential data) on your computer and periodically bleach the hard drive (write over data that has been previously deleted but is still present on the hard drive in order to make recovery of the data more difficult).
Java Card Security is a management software interface for Java
Card. Java Card is a personal security device that protects authentication data requiring both the card and a PIN number to grant access. The Java Card can be used to access Credential Manager, Drive Encryption, HP BIOS, or any number of third party access points.
Java Card Security configures the HP ProtectTools Java Card for
user authentication before the hard drive boots. Java Card Security can be accessed by Embedded Security, Java Card, and passwords.
Java Card Security configures separate Java Cards for an
administrator and a user.
2 Chapter 1 Introduction to security ENWW
Module Key features
BIOS Configuration for HP ProtectTools
Embedded Security for HP ProtectTools
Device Access Manager for HP ProtectTools
BIOS Configuration provides access to power-on user and
administrator password management.
BIOS Configuration provides an alternative to the pre-boot BIOS
configuration utility known as Computer Setup.
BIOS Configuration enablement of automatic DriveLock support,
which is enhanced with the embedded security chip, helps protect a hard drive from unauthorized access, even if it is removed from a system, without requiring the user to remember any additional passwords beyond the embedded security chip user password.
Embedded Security uses a Trusted Platform Module (TPM)
embedded security chip to help protect against unauthorized access to sensitive user data or credentials stored locally on a PC.
Embedded Security allows creation of a personal secure drive
(PSD), which is useful in protecting user file and folder information.
Embedded Security supports third-party applications (such as
Microsoft Outlook and Internet Explorer) for protected digital certificate operations.
Device Access Manager allows IT managers to control access to
devices such as USB ports, optical drives, etc. based on user profiles.
Device Access Manager prevents unauthorized users from
removing data using external storage media and from introducing viruses into the system from external media.
The administrator can disable access to writeable devices for
specific individuals or groups of users.
ENWW HP ProtectTools features 3

Accessing HP ProtectTools Security

To access HP ProtectTools Security Manager for Administrators from Windows® Control Panel:
In Windows Vista®, click Start, click All Programs, and then click HP ProtectTools Security
Manager for Administrators.
– or –
In Windows XP, click Start, click All Programs, and then click HP ProtectTools Security
Manager.
NOTE: If you are not an HP ProtectTools administrator, you can run HP ProtectTools in
nonadministrator mode to view information, but you cannot make changes.
NOTE: After you have configured the Credential Manager module, you can also open HP ProtectTools
by logging on to Credential Manager directly from the Windows logon screen. For more information, refer to
Logging on to Windows with Credential Manager on page 24.

Achieving key security objectives

The HP ProtectTools modules can work together to provide solutions for a variety of security issues, including the following key security objectives:
Protecting against targeted theft
Restricting access to sensitive data
Preventing unauthorized access from internal or external locations
Creating strong password policies
Addressing regulatory security mandates
4 Chapter 1 Introduction to security ENWW

Protecting against targeted theft

An example of this type of incident would be the targeted theft of a computer or its confidential data and customer information. This can easily occur in open office environments or in unsecured areas. The following features help protect the data if the computer is stolen:
The pre-boot authentication feature, if enabled, helps prevent access to the operating system. See
the following procedures:
Credential Manager
Embedded Security
Drive Encryption
DriveLock helps ensure that data cannot be accessed even if the hard drive is removed and
installed into an unsecured system.
The Personal Secure Drive feature, provided by the Embedded Security for HP ProtectTools
module, encrypts sensitive data to help ensure it cannot be accessed without authentication. See the following procedures:
Embedded Security “
Using the Personal Secure Drive on page 74
Setup procedures on page 72

Restricting access to sensitive data

Suppose a contract auditor is working onsite and has been given computer access to review sensitive financial data; you do not want the auditor to be able to print the files or save them to a writeable device such as a CD. The following features help restrict access to data:
Device Access Manager for HP ProtectTools allows IT managers to restrict access to writeable
devices so sensitive information cannot be printed or copied from the hard drive onto removable media. See
DriveLock helps ensure that data cannot be accessed even if the hard drive is removed and
installed into an unsecured system.
Device class configuration (advanced) on page 79.

Preventing unauthorized access from internal or external locations

Unauthorized access to an unsecured business PC presents a very tangible risk to corporate network resources such as information from financial services, an executive, or R&D team, and to private
ENWW Achieving key security objectives 5
information such as patient records or personal financial records. The following features help prevent unauthorized access:
The pre-boot authentication feature, if enabled, helps prevent access to the operating system. See
the following procedures:
Credential Manager
Embedded Security
Drive Encryption
Embedded Security for HP ProtectTools helps protect sensitive user data or credentials stored
locally on a PC using the following procedures:
Embedded Security “
Using the Personal Secure Drive on page 74
Using the following procedures, Credential Manager for HP ProtectTools helps ensure that an
unauthorized user cannot get passwords or access to password-protected applications:
Credential Manager “
Using Single Sign On on page 25
Device Access Manager for HP ProtectTools allows IT managers to restrict access to writeable
devices so sensitive information cannot be copied from the hard drive. See
on page 78.
The Personal Secure Drive feature encrypts sensitive data to help ensure it cannot be accessed
without authentication using the following procedures:
Embedded Security “
Using the Personal Secure Drive on page 74
File Sanitizer allows you to securely delete data by shredding assets or bleaching the hard drive
(write over data that has been previously deleted but is still present on the hard drive in order to make recovery of the data more difficult).
Privacy Manager allows you to obtain Certificates of Authority when using Microsoft mail, Office
documents, and Live Messenger, making the process of sending and saving important information safe and secure.
Setup procedures on page 72
Setup procedures on page 20
Simple configuration
Setup procedures on page 72

Creating strong password policies

If a mandate goes into effect that requires the use of strong password policy for dozens of Web-based applications and databases, Credential Manager for HP ProtectTools provides a protected repository for passwords and Single Sign On convenience using the following procedures:
Credential Manager “
Using Single Sign On on page 25
For stronger security, Embedded Security for HP ProtectTools then protects that repository of user names and passwords. This allows users to maintain multiple strong passwords without having to write them down or try to remember them. See Embedded Security
6 Chapter 1 Introduction to security ENWW
Setup procedures on page 20
Setup procedures on page 72.

Additional security elements

Assigning security roles

In managing computer security (particularly for large organizations), one important practice is to divide responsibilities and rights among various types of administrators and users.
NOTE: In a small organization or for individual use, these roles may all be held by the same person.
For HP ProtectTools, the security duties and privileges can be divided into the following roles:
Security officer—Defines the security level for the company or network and determines the security
features to deploy, such as Java™ Cards, biometric readers, or USB tokens.
IT administrator—Applies and manages the security features defined by the security officer. Can
also enable and disable some features. For example, if the security officer has decided to deploy Java Cards, the IT administrator can enable Java Card BIOS security mode.
User—Uses the security features. For example, if the security officer and IT administrator have
enabled Java Cards for the system, the user can set the Java Card PIN and use the card for authentication.

Managing HP ProtectTools passwords

Most of the HP ProtectTools Security Manager features are secured by passwords. The following table lists the commonly used passwords, the software module where the password is set, and the password function.
The passwords that are set and used by IT administrators only are indicated in this table as well. All other passwords may be set by regular users or administrators.
HP ProtectTools password Set in this HP ProtectTools
module
Credential Manager logon password
Credential Manager recovery file password
Basic User Key password
NOTE: Also known as:
Embedded Security password
Emergency Recovery Token password
Credential Manager This password offers 2 options:
Credential Manager, by IT administrator
Embedded Security Used to access Embedded Security
Embedded Security, by IT administrator
Function
It can be used in a separate logon to
access Credential Manager after logging on to Windows.
It can be used in place of the Windows
logon process, allowing access to Windows and Credential Manager simultaneously.
Protects access to the Credential Manager recovery file.
features, such as secure e-mail, file, and folder encryption. When used for power-on authentication, also protects access to the computer contents when the computer is turned on, restarted, or restored from hibernation.
Protects access to the Emergency Recovery Token, which is a backup file for the embedded security chip.
ENWW Additional security elements 7
HP ProtectTools password Set in this HP ProtectTools
module
NOTE: Also known as:
Emergency Recovery Token Key password
Function
Owner password Embedded Security, by IT
Java™ Card PIN Java Card Security Protects access to the Java Card contents
Computer Setup password
NOTE: Also known as BIOS
administrator, F10 Setup, or Security Setup password
Power-on password BIOS Configuration Protects access to the computer contents
Windows Logon password Windows Control Panel Can be used for manual logon or saved on
administrator
BIOS Configuration, by IT administrator
Protects the system and the TPM chip from unauthorized access to all owner functions of Embedded Security.
and authenticates users of the Java Card. When used for power-on authentication, the Java Card PIN also protects access to the Computer Setup utility and to the computer contents.
Authenticates users of Drive Encryption, if the Java Card token is selected.
Protects access to the Computer Setup utility.
when the computer is turned on, restarted, or restored from hibernation.
the Java Card.
8 Chapter 1 Introduction to security ENWW
Creating a secure password
When creating passwords, you must first follow any specifications that are set by the program. In general, however, consider the following guidelines to help you create strong passwords and reduce the chances of your password being compromised:
Use passwords with more than 6 characters, preferably more than 8.
Mix the case of letters throughout your password.
Whenever possible, mix alphanumeric characters and include special characters and punctuation
marks.
Substitute special characters or numbers for letters in a key word. For example, you can use the
number 1 for letters I or L.
Combine words from 2 or more languages.
Split a word or phrase with numbers or special characters in the middle, for example,
“Mary2-2Cat45.”
Do not use a password that would appear in a dictionary.
Do not use your name for the password, or any other personal information, such as birth date, pet
names, or mother's maiden name, even if you spell it backwards.
Change passwords regularly. You might change only a couple of characters that increment.
If you write down your password, do not store it in a commonly visible place very close to the
computer.
Do not save the password in a file, such as an e-mail, on the computer.
Do not share accounts or tell anyone your password.

Backing up and restoring HP ProtectTools credentials

To back up and restore credentials from all supported HP ProtectTools modules, reference the following:
Backing up credentials and settings
You can back up credentials in the following ways:
Use Drive Encryption for HP ProtectTools to select and back up HP ProtectTools credentials.
You can also register for Online Drive Encryption Key Recovery Service to store a backup copy of your encryption key, which will enable you to access your computer if you forget your password and do not have access to your local backup.
NOTE: You must be connected to the Internet and have a valid e-mail address to register and to
recover your password through this service.
Use Embedded Security for HP ProtectTools to back up HP ProtectTools credentials.
Use the Backup and Recovery tool in HP ProtectTools Security Manager for Administrators as a
central location from which you can back up and restore security credentials from installed HP ProtectTools modules.
ENWW Additional security elements 9
2 HP ProtectTools Security Manager for
Administrators

About HP ProtectTools Security Manager for Administrators

HP ProtectTools Security Manager for Administrators provides security features that help protect against unauthorized access to the computer, networks, and critical data. Security Manager is extensible and can therefore grow to handle new threats as they emerge and offer new technologies as they become available.
Use the modules HP ProtectTools Security Manager for Administrators for the initial security setup. The Security Manager centralized user interface has the following features:
Getting Started - Setup wizard that guides Windows operating system administrators through the
configuration of levels of security and of the security login methods that are used in a pre-boot environment, Credential Manager, and Drive Encryption. Users also use the setup wizard to configure their security login methods. Refer to
Security Manager for Administrators on page 11 and Getting Started - Configuring user security login methods on page 13 for more information.
Getting Started - Configuring HP ProtectTools
Administrators Tools - Allows Windows administrators to add and remove ProtectTools users
and view user status. Refer to
on page 15 for more information.
Backup and Restore - Backs up and restores security credentials from installed HP ProtectTools
modules. Refer to
Settings - Allows you to customize the behavior of a variety of items. Refer to
on page 19 for more information.
The Security Manager centralized user interface also contains a list of add-on software modules designed to maximize computer security. You can select and configure any number of the available modules.
Backup and Restore on page 16 for more information.
Administrator Tools - Managing users (administrator task)
Settings
10 Chapter 2 HP ProtectTools Security Manager for Administrators ENWW

Getting Started - Configuring HP ProtectTools Security Manager for Administrators

The Getting Started setup wizard allows a Windows administrator to establish and/or update levels of security and security login methods.
Users also use the setup wizard to configure their security logon methods.
NOTE: The Windows administrator can run the setup wizard whenever he or she wants to change the
levels of security or security login methods.
The setup wizard guides the Windows administrator through configuring Security Manager:
1. In HP ProtectTools Security Manager for Administrators, click Getting Started, and then click the
Security Manager Setup button. A demonstration that describes the Security Manager features
may start.
2. On the “Welcome” page, if available, clear the Automatically play video when wizard starts
check box if you want to bypass the demonstration of the Security Manager features the next time you run the setup wizard.
3. Read the page, and then click Next.
4. Choose the levels of security on the “Set Levels of Security” page. You can choose one or more
of the following levels:
HP Credential Manager - Protects your Windows account.
Pre-boot Security (some models) - Protects your computer before Windows starts.
HP Drive Encryption - Protects your computer data by encrypting the hard drive. Selecting
this option will require you to back up the unique encryption key to a removable storage device.
NOTE: The Security meter changes according to your selections. The more levels you select,
the more secure your computer will be.
After selecting the security levels, click Next.
ENWW Getting Started - Configuring HP ProtectTools Security Manager for Administrators 11
5. One or more of the following pages will be displayed, depending on the levels of security you chose
in step 4.
Protect your Windows account - The Windows password is required because Security
Manager must synchronize the password for each level of security.
Enter and confirm a Windows password, or enter your password if one has already been established, and then click Next.
Protect your system before Windows start-up (optional) - If you or the user knows the BIOS
administrator password, the BIOS administrator password can be entered. If the BIOS administrator password is entered, the Windows administrator or user becomes a BIOS administrator.
NOTE: If a BIOS administrator password does not exist, you must establish one before you
can continue. When a BIOS administrator password is entered, you will become a BIOS administrator.
Enter and confirm a BIOS administrator password, or enter the password if one has already been established. Then click Next.
Protect your data by encrypting your hard drive - You must use a USB storage device to save
the encryption key. Select the drive(s) to be encrypted (at least one drive must be selected), insert the storage device into the appropriate slot, select the storage device where the encryption key will be saved, then click Next.
6. Choose one or more security login methods on the “Set Security Login Methods” page.
a. Under Step 1, select one or more security login methods.
NOTE: The selections apply to both administrators and users.
b. Under Step 2, if you want to increase security, select the check box to require all of the security
login methods you selected under Step 1 when logging in to the computer.
If you want any one of the selected security login methods to be permissible when logging in to the computer, do not select the check box.
CAUTION: If you select the check box and a user has not yet configured his or her login
methods (Windows password, fingerprint authentication, and/or the HP ProtectTools Java™ Card), that user will not be able to log in to the computer. It is recommended that all users first configure their login methods before this option is selected.
c. Click Next. A summary page opens, allowing you to review your selections.
7. Click Enable on the “Review and Enable Security Settings” page.
When you click Enable, the computer sets your security choices. You will not be able to return to any of the preceding wizard pages until security setup is complete. After you complete the wizard, you can change your settings by running the wizard again.
12 Chapter 2 HP ProtectTools Security Manager for Administrators ENWW
8. Depending on the security login method(s) you chose in step 6, one or more of the following pages
will be displayed. Follow the on-screen instructions, and then click Next.
“Enroll your fingerprints” - Click the finger on the screen that corresponds to the finger you
want to register (you must register at least 2 fingerprints), slowly swipe your chosen finger over the fingerprint sensor, then continue swiping the same finger over the fingerprint sensor until you have completed the required swipes. Repeat the process to register a second finger then click Finish.
“Register an HP ProtectTools Java Card” - Insert the HP ProtectTools Java Card, enter the
Java Card PIN, then click Finish.
9. On the “Congratulations” page, review your selections, and then click Done.

Getting Started - Configuring user security login methods

After the Windows administrator has configured the levels of security and security login methods, users run the setup wizard to be added as HP ProtectTools users on the computer:
NOTE: Users who run the setup wizard will see most of the wizard pages. However, the “Set Levels
of Security” and “Set Security Login Methods” pages are not configurable because they are administrator tasks only.
1. Log in to the computer.
2. In Security Manager, click Getting Started, and then click the Security Manager Setup button.
3. On the “Welcome” page, clear the Automatically play video when wizard starts check box if you
want to bypass the demonstration of the Security Manager features the next time you run the setup wizard.
4. Read the page, and then click Next.
5. On the “Set Levels of Security” page, click Next.
6. Depending on the levels of security set by the administrator, one or both of the following pages will
be displayed.
Protect your Windows account - The Windows password is required because Security
Manager must synchronize the password for each level of security.
NOTE: If HP Credential Manager is the only level of security selected, you will not be
prompted for your Windows password because Credential Manager already knows your Windows password.
Enter and confirm a Windows password, or enter your password if one has already been established, and then click Next.
Protect your system before Windows start-up (optional) - If you know the BIOS administrator
password, the BIOS administrator password can be entered. If the BIOS administrator password is entered, the Windows administrator or user becomes a BIOS administrator.
NOTE: If a BIOS administrator password does not exist, you must establish one before you
can continue. When a BIOS administrator password is entered, you will become a BIOS administrator.
Enter and confirm a BIOS administrator password, or enter the password if one has already been established. Then click Next.
ENWW Getting Started - Configuring user security login methods 13
7. On the “Set Security Login Methods” page, click Next.
8. On the “Review and Enable Security Settings” page, click Enable.
9. Depending on the security login methods set by the administrator, one or both of the following
pages will be displayed. Follow the on-screen instructions, and then click Next.
“Enroll your fingerprints” - Click the finger on the screen that corresponds to the finger you
want to register (you must register at least 2 fingerprints), slowly swipe your chosen finger over the fingerprint sensor, then continue swiping the same finger over the fingerprint sensor until you have completed the required swipes. Repeat the process to register a second finger then click Finish.
“Register an HP ProtectTools Java Card” - Insert the HP ProtectTools Java Card, enter the
Java Card PIN, then click Finish.
10. On the “Congratulations” page, review your selections, and then click Done.

Logging in after Security Manager is configured

Login scenarios vary, depending on the levels of security and security login methods chosen by the Windows administrator during configuration. Several possible scenarios follow:
If all 3 levels of security have been configured and all security login methods are required, users
must log in using all of the configured methods when the computer is first turned on. This action logs the user in to Windows.
If all 3 levels of security have been configured and any of the security login methods is permissible,
users may log in using any one of the configured security login methods when the computer is first turned on. This action logs the user in to Windows.
If the HP Drive Encryption and the HP Credential Manager levels of security have been configured
and all security login methods are required, users must log in using all of the configured methods when the HP Drive Encryption login screen opens. This action logs the user in to Windows.
If the HP Drive Encryption and the HP Credential Manager levels of security have been configured
and any of the configured security login methods is permissible, users may log in using any one of the security login methods when the HP Drive Encryption login screen opens. This action logs the user in to Windows.
If the HP Credential Manager level of security has been configured and all of the security login
methods are required, users must log in using all of the configured methods when the Credential Manager login screen opens. This action logs the user in to Windows.
If the HP Credential Manager level of security option has been configured and any of the configured
security login methods is permissible, users may log in using any one of the security login methods when the Credential Manager login screen opens. This action logs the user in to Windows.
NOTE: If the HP Credential Manager level of security has not been configured, users must still
enter their Windows password at the Windows login screen, regardless of the security login methods that are required by other levels of security.
14 Chapter 2 HP ProtectTools Security Manager for Administrators ENWW

Administrator Tools - Managing users (administrator task)

Windows administrators can add and remove HP ProtectTools users and view user status using the Administrator Tools feature.
In Administrator Tools, the Administrator and User tabs show the selected security login methods and whether a user can choose to use any one of them or must use all of them. If you want to change levels of security or security login methods, you must run the setup wizard to make those changes.

Adding a user

The Windows administrator can add additional administrators or regular users to the users list. The process is the same for both.
NOTE: Before you add a user, that user must already have a Windows user account on the computer
and must be present during the following procedure to provide the password.
To add a user to the users list:
1. Click Start, click All Programs, and then click HP ProtectTools Security Manager for
Administrators.
2. Click Administrator Tools.
3. Click the Manage Users button.
4. Select the Administrator or User tab.
5. Click Add.
6. Click the user name for the account you want to add or type it in the User Name box, and then
click Next.
NOTE: You must use an existing Windows account and click the name or type it exactly. You
cannot modify or add a Windows user account using this dialog box.
7. Type the Windows password for the selected account, and then click OK.
NOTE: If the user will be logging in with the fingerprint and/or HP ProtectTools Java Card security
login method, he or she must now log in to the computer and run the setup wizard to configure those security login methods.

Removing a user

NOTE: This procedure does not delete the Windows user account. It only removes that account from
Security Manager. To completely remove the user, you must remove the user from both Security Manager and Windows.
To remove a user from the users list:
1. Click Start, click All Programs, and then click HP ProtectTools Security Manager for
Administrators.
2. Click Administrator Tools.
3. Click the Manage Users button.
ENWW Administrator Tools - Managing users (administrator task) 15
4. Select the Administrator or User tab.
5. Click the user name for the account you want to remove, and then click Remove.
NOTE: You cannot remove an administrator if there is only one administrator listed in the
Administrator list.
6. In the confirmation dialog box, click Yes.

Checking user status

In Administrator Tools, the Administrator and User tabs show current status of each user:
Green check mark - Indicates that the user has configured the required security login method(s).
Yellow exclamation point - Indicates that a user has not configured one or more of the required
or permissible security login method(s). For example, if the Windows administrator configures at least 2 required security login methods, and indicates that either of them can be used for logging in to the computer, a user who has already configured one of those methods may log in using that method. The yellow exclamation point indicates to the Windows administrator that the user has not configured the other security login method.
Red X - Indicates that the user has not configured a required security login method and will be
locked out of the computer when trying to log in. The user must run the setup wizard to configure the required login method(s).
Blank - Indicates that a security login method is not required.

Backup and Restore

HP ProtectTools Backup and Restore provides a central location from which you can back up and restore security credentials from installed HP ProtectTools modules.
In Security Manager, click Backup and Restore, and then click the one of the following buttons:
Backup Options button - Allows you to configure backup settings. For details, refer to
Backup wizard on page 17.
Backup button - Allows you to perform an immediate backup of all security credentials.
NOTE: You must configure backup settings using the Backup Options button before you can
perform a backup.
Schedule Backups button - Allows you to set up scheduled backups. If you need help with
scheduling, search for the topic “task scheduling” in Windows Help.
NOTE: You must configure backup settings using the Backup Options button before you can
schedule a backup.
Restore button - Allows you to restore previously backed up security credentials. For details, refer
to
Using the Restore wizard on page 18.
Using the
CAUTION: Backup files created outside of HP ProtectTools Backup and Restore (for example, files
created previously by a specific security module) are not compatible with HP ProtectTools Backup and Restore, and therefore cannot be restored by HP ProtectTools Backup and Restore or by new versions of the security modules themselves. HP recommends that you create a new backup file with HP ProtectTools Backup and Restore.
16 Chapter 2 HP ProtectTools Security Manager for Administrators ENWW

Using the Backup wizard

1. In Security Manager, click Backup and Restore, and then click Backup Options to start the
Backup wizard.
2. Clear the Show Welcome Screen check box if you want to bypass the “Welcome” page the next
time the Backup wizard is run.
3. Click Next. The “Security Modules” page opens.
4. Refer to the following subsections below to continue.

Security Modules

To select modules to back up, follow these steps:
1. Select the check box at the beginning of a row to add the associated module to the backup list.
Click the Select All or Clear All buttons to quickly add or remove all modules from the backup list. Note that the Status column for the module must display “Ready” or “Needs Authentication” before you can select it.
NOTE: The check box is unavailable if the module is not ready. After you update a module's
status, click the Refresh button on the right side of the row to update the Status field. Click the Refresh All button to update the status for all modules.
2. If necessary, type the required value in the Authentication column for each selected module. The
security device may require the entry of authentication values to access the credential data on the device. These values may include passwords, PINs, and so on.
3. Click Next. The ”File Location” page opens.

File Location

The “File Location” page allows you to choose the location of the backup storage file and the security token file.
The security token file securely stores the key used to encrypt the backup storage file. A password encrypts the contents of the security token file. Saving the security token file to an offline location (USB flash drive, disc, or other media) provides a two-factor level of security, because to access the backed­up data in the storage file, you must have the security token file and know the password. Therefore, HP recommends that you store the storage file and the token file on two different removable media that are stored in different locations.
To configure file location:
1. Confirm or change the file name and location where you want to save the storage file and security
token file. To change the location, click the Edit button, and then type the new file name, or click Browse to select a new location. An extension of .ptb is automatically appended to the file name.
NOTE: Only one instance of backup data is allowed for each module in a given storage file. If
you specify an existing storage file, you will be given the option to overwrite the selected module's data within the storage file or to specify a different storage file. If you specify an existing storage file, the entire file is not overwritten, only the backup data for the selected module.
2. To encrypt and protect the storage file with the security token and password, click Password
protect the storage file. Then type and confirm the password with which to encrypt the security
token file.
ENWW Using the Backup wizard 17
3. Click Remember all passwords and authentication values to configure the system to securely
cache (save) passwords, which enables unattended backups. Enabling this feature also caches any authentication values entered in Security Modules.
4. Click Backup Now to start the backup, or click Next to save the backup configuration without
performing a backup at this time.
If you choose to start the backup, the “Backup Complete” page opens at the end of the operation.

Backup Complete

The “Backup Complete” page shows the status of the backup operation.
1. Click View Log to see more details about the backup operation, including any errors.
2. Click Finish to exit the wizard.

Using the Restore wizard

1. In Security Manager, click Backup and Restore, and then click Restore to start the Restore
wizard.
2. Clear the Show Welcome Screen check box if you want to bypass the “Welcome” page the next
time the Restore wizard is run.
3. Click Next. The “File Location” page opens.
4. Refer to the following subsections below to continue.

File Location

The “File Location” page allows you to choose the backup storage file and the security token file (if applicable) that contain the security credentials to restore.
To select the location of the backup files, follow these steps:
1. If the storage file is not displayed on the page, click the Edit button, and then click Browse to
navigate to the file.
2. If the security token file is not displayed on the page, click the Edit button, and then click
Browse to navigate to the security token file location.
3. If necessary, type the password for the file.
4. Click Next. The “Security Modules” page opens.

Security Modules

This page displays all installed modules that have backup data in the file selected in the “File Location” page.
18 Chapter 2 HP ProtectTools Security Manager for Administrators ENWW
To select modules to restore:
1. Select the check box at the beginning of each row to add the associated module to the restore list.
Click the Select All or Clear All buttons to quickly add or remove modules from the restore list. Note that the Status column for the module must display “Ready” or “Needs Authentication” before you can select it.
NOTE: The check box is unavailable if the module is not ready. After you update a module's
status, click the Refresh button on the right side of the row to update the Status field. Click the Refresh All button to update the status for all modules.
2. If necessary, type the required value in the Authentication column for each selected module.
Authentication values may be required to access the security device to restore. These values may include passwords, PINs, and so on. Values typed in these fields are immediately validated.
3. Click Next. The “Confirmation” page opens.

Confirmation

1. If you want to change the restore settings, click Previous to go back to the restore configuration
screens.
2. Confirm that you want to restore the credentials for the listed modules, and then click Restore
Now to begin the restore.
3. Select the files you want to restore and click Finish.
4. Click Yes in the confirmation dialog box
CAUTION: Restoring credentials will overwrite current credentials which could lead to loss of data or
system lockout.

Restore Complete

The “Restore Complete” page shows the status of the restore operation.
Click View Log to see more details about the restore operation, including any errors.
Click Finish to exit the wizard.

Settings

IN HP ProtectTools Security Manager for Administrators, click Settings to change the settings options.
The following Security Manager settings are available:
Select the Show icon on the taskbar check box to display a taskbar icon that allows you to start
the host and activate a specific page and/or launch a specific application.
Select the Show Security Desktop Notifications check box to display notifications generated by
the installed modules.
View or bypass the Backup wizard “Welcome” page.
View or bypass the Restore wizard “Welcome” page.
ENWW Settings 19
3 Credential Manager for
HP ProtectTools
Credential Manager for HP ProtectTools protects against unauthorized access to your computer using the following security features:
Alternatives to passwords when logging on to Windows, such as using a Java Card or biometric
reader to log on to Windows. For additional information, refer to
on page 21.
Single Sign On feature that automatically remembers credentials for Web sites, applications, and
protected network resources.
Support for optional security devices, such as Java Cards and biometric readers.
Support for additional security settings, such as requiring authentication using an optional security
device to unlock the computer.
Registering credentials

Setup procedures

Logging on to Credential Manager

Depending on the configuration, you can log on to Credential Manager in any of the following ways:
HP ProtectTools Security Manager for Administrators icon in the notification area
In Windows Vista®, click Start, click All Programs, and then click HP ProtectTools Security
Manager for Administrators.
In Windows XP, click Start, click All Programs, and then click HP ProtectTools Security
Manager.
NOTE: In Windows Vista, you must launch the HP ProtectTools Security Manager for Administrators
to make changes.
After logging on to Credential Manager, you can register additional credentials, such as a fingerprint or a Java Card. For additional information, refer to
At the next logon, you can select the logon policy and use any combination of the registered credentials.
Registering credentials on page 21.
20 Chapter 3 Credential Manager for HP ProtectTools ENWW
Loading...
+ 80 hidden pages
Buy Points How it Works FAQ Contact Us Questions and Suggestions Privacy Policy Cookie Policy Terms of Use