HP Compaq Presario SG2034IL Getting Started Guide
HP ProtectTools
Getting Started
© Copyright 2012 Hewlett-Packard
Development Company, L.P.
Bluetooth is a trademark owned by its
proprietor and used by Hewlett-Packard
Company under license. Intel is a
trademark of Intel Corporation in the U.S.
and other countries and is used under
license. Microsoft and Windows are U.S.
registered trademarks of Microsoft
Corporation.
The information contained herein is subject
to change without notice. The only
warranties for HP products and services are
set forth in the express warranty statements
accompanying such products and services.
Nothing herein should be construed as
constituting an additional warranty. HP shall
not be liable for technical or editorial errors
or omissions contained herein.
First Edition: August 2012
Document Part Number: 702113-001
Table of contents
1 Introduction to security .................................................................................................................................. 1
HP ProtectTools features ..................................................................................................................... 1
HP ProtectTools security product description and common use examples ......................................... 2
Password Manager .............................................................................................................. 3
Drive Encryption for HP ProtectTools (select models only) ................................................. 3
Device Access Manager for HP ProtectTools (select models only) ..................................... 3
Computrace for HP ProtectTools (formerly LoJack Pro) (purchased separately) ................ 4
Achieving key security objectives ......................................................................................................... 4
Protecting against targeted theft .......................................................................................... 5
Restricting access to sensitive data ..................................................................................... 5
Preventing unauthorized access from internal or external locations ................................... 5
Creating strong password policies ....................................................................................... 5
Additional security elements ................................................................................................................. 6
Assigning security roles ....................................................................................................... 6
Managing HP ProtectTools passwords ................................................................................ 6
Creating a secure password ............................................................................... 7
Backing up credentials and settings .................................................................... 7
2 Getting started ................................................................................................................................................ 8
HP Client Security Setup Wizard .......................................................................................................... 8
HP ProtectTools Security Manager Setup Wizard ............................................................................... 9
HP Client Security Dashboard .............................................................................................................. 9
3 Easy Setup Guide for Small Business ........................................................................................................ 10
Getting started .................................................................................................................................... 10
Password Manager ............................................................................................................................ 10
Viewing and managing the saved authentications in Password Manager ......................... 11
Device Access Manager for HP ProtectTools .................................................................................... 11
Drive Encryption for HP ProtectTools ................................................................................................. 12
4 HP ProtectTools Security Manager Administrative Console .................................................................... 13
Getting started .................................................................................................................................... 13
HP Client Security Setup Wizard ....................................................................................... 13
HP ProtectTools Security Manager Setup Wizard ............................................................. 14
HP Client Security Dashboard ........................................................................................... 14
Opening HP ProtectTools Administrative Console ............................................................................. 15
iii
Using Administrative Console ............................................................................................................ 15
Configuring your system ..................................................................................................................... 16
Setting up authentication for your computer ...................................................................... 16
Logon Policy ...................................................................................................... 16
Session Policy ................................................................................................... 17
Settings .............................................................................................................................. 17
Managing users ................................................................................................................. 17
Credentials ......................................................................................................................... 17
SpareKey .......................................................................................................... 18
Fingerprints ....................................................................................................... 18
Face .................................................................................................................. 19
Smart card ......................................................................................................... 19
Initializing the smart card .................................................................. 19
Registering the smart card ............................................................... 20
Configuring the smart card ............................................................... 20
Contactless card ............................................................................................... 21
Proximity card ................................................................................................... 21
Bluetooth ........................................................................................................... 21
PIN .................................................................................................................... 21
Applications ........................................................................................................................................ 21
General tab ........................................................................................................................ 22
Applications tab ................................................................................................................. 22
Data .................................................................................................................................................... 22
Computer ............................................................................................................................................ 22
5 HP ProtectTools Security Manager ............................................................................................................. 23
Opening Security Manager ................................................................................................................. 23
Using the Security Manager User Console ........................................................................................ 23
Your personal ID card ........................................................................................................................ 24
My Logons .......................................................................................................................................... 24
Password Manager ............................................................................................................ 24
For Web pages or programs where a logon has not yet been created ............. 25
For Web pages or programs where a logon has already been created ............ 25
Adding logons ................................................................................................... 26
Editing logons .................................................................................................... 27
Using the Password Manager Quick Links menu ............................................. 27
Organizing logons into categories ..................................................................... 27
Managing your logons ....................................................................................... 28
Assessing your password strength ................................................................... 28
Password Manager icon settings ...................................................................... 29
Settings ............................................................................................................. 29
iv
Credential Manager ........................................................................................................... 29
Changing your Windows password ................................................................... 30
Setting up your SpareKey ................................................................................. 30
Enrolling your fingerprints ................................................................................. 31
Enrolling scenes for face logon ......................................................................... 31
Authentication ................................................................................... 32
Dark mode ........................................................................................ 32
Learning ............................................................................................ 33
Deleting a scene ............................................................................... 33
Advanced User Settings ................................................................... 33
Setting up a smart card ..................................................................................... 33
Initializing the smart card .................................................................. 33
Registering the smart card ............................................................... 34
Changing the smart card PIN ........................................................... 34
Contactless card ............................................................................................... 34
Proximity card ................................................................................................... 34
Bluetooth ........................................................................................................... 34
PIN .................................................................................................................... 35
Administration .................................................................................................................... 35
Advanced ........................................................................................................................... 35
Setting your preferences ................................................................................... 35
Backing up and restoring your data .................................................................. 36
6 Drive Encryption for HP ProtectTools (select models only) ..................................................................... 38
Opening Drive Encryption .................................................................................................................. 38
General tasks ..................................................................................................................................... 39
Activating Drive Encryption for standard hard drives ......................................................... 39
Activating Drive Encryption for self-encrypting drives ........................................................ 39
Deactivating Drive Encryption ............................................................................................ 41
Logging in after Drive Encryption is activated .................................................................... 41
Protect your data by encrypting your hard drive ................................................................ 42
Advanced tasks .................................................................................................................................. 42
Managing Drive Encryption (administrator task) ................................................................ 42
Using Enhanced Security with TPM (select models only) ................................. 43
Encrypting or decrypting individual drive partitions (software encryption only) . 43
Backup and recovery (administrator task) ......................................................................... 43
Backing up encryption keys .............................................................................. 43
Recovering access to an activated computer using backup keys ..................... 44
Performing an HP SpareKey Recovery ............................................................................. 44
Displaying encryption status ............................................................................................................... 45
v
7 Device Access Manager for HP ProtectTools (select models only) ......................................................... 46
Opening Device Access Manager ...................................................................................................... 46
Setup Procedures ............................................................................................................................... 47
Configuring device access ................................................................................................. 47
Simple Configuration ......................................................................................... 47
Starting the background service ....................................................... 48
Device Class Configuration ............................................................................... 48
Denying access to a user or group ................................................... 49
Allowing access for a user or a group .............................................. 50
Allowing access to a class of devices for one user of a group ......... 50
Allowing access to a specific device for one user of a group ........... 50
Removing settings for a user or a group .......................................... 51
Resetting the configuration ............................................................... 51
JITA Configuration ............................................................................................ 51
Creating a JITA for a user or group .................................................. 52
Creating an extendable JITA for a user or group ............................. 52
Disabling a JITA for a user or group ................................................. 53
Advanced Settings ............................................................................................................................. 53
Device Administrators group .............................................................................................. 54
eSATA Device Support ...................................................................................................... 54
Unmanaged Device Classes ............................................................................................. 54
8 Theft recovery (select models only) ............................................................................................................ 56
9 Localized password exceptions .................................................................................................................. 57
What to do when a password is rejected ............................................................................................ 57
Windows IMEs not supported at the Preboot Security level or the HP Drive Encryption level ........... 57
Password changes using keyboard layout that is also supported ...................................................... 58
Special key handling .......................................................................................................................... 58
Glossary ............................................................................................................................................................. 60
Index ................................................................................................................................................................... 63
vi
1 Introduction to security
HP ProtectTools Security Manager software provides security features that help protect against
unauthorized access to the computer, networks, and critical data.
Application Features
HP ProtectTools Security Manager Administrative Console
(for administrators)
HP ProtectTools Security Manager User Console (for users)
The software modules available for your computer may vary depending on your model.
HP ProtectTools software modules may be preinstalled, preloaded, or available for download from the
HP website. For more information, go to
NOTE: The instructions in this guide are written with the assumption that you have already installed
the applicable HP ProtectTools software modules.
HP ProtectTools features
The following table details the key features of HP ProtectTools modules.
●
Requires Microsoft Windows
access.
Provides access to modules that are configured by an
●
administrator and not available to users.
Allows initial security setup and configures options or
●
requirements for all users.
Allows users to configure options provided by an
●
administrator.
Allows administrators to provide users limited control of
●
some HP ProtectTools modules.
http://www.hp.com.
®
administrator rights to
Module Key features
HP ProtectTools Security Manager Administrative
Console
HP ProtectTools Security Manager User Console General users can perform the following functions:
Administrators can perform the following functions:
Use the Security Manager Setup Wizard to set up and configure
●
levels of security and security logon methods.
Configure options hidden from users.
●
● Activate Drive Encryption and configure user access.
Configure Device Access Manager policies and user access.
●
Use administrator tools to add and remove HP ProtectTools
●
users and view user status.
View settings for Encryption Status and Device Access
●
Manager.
● Activate Computrace for HP ProtectTools.
Configure Preferences and Backup and Restore options.
●
HP ProtectTools features 1
Module Key features
Credential Manager General users can perform the following functions:
Change user names and passwords.
●
Configure and change user credentials such as a Windows
●
password, fingerprint, face images, smart card, proximity card,
or contactless card.
Password Manager General users can perform the following functions:
Organize, and set up user names and passwords.
●
Create stronger passwords for enhanced account security.
●
Password Manager fills in and submits the information
automatically.
Streamline the logon process with the Single Sign On feature,
●
which automatically remembers and applies user credentials.
Drive Encryption for HP ProtectTools (select models
only)
Device Access Manager for HP ProtectTools (select
models only)
Theft Recovery (Computrace for HP ProtectTools,
purchased separately)
● Provides complete, full-volume hard drive encryption.
Forces pre-boot authentication in order to decrypt and access
●
the data.
Offers the option to activate self-encrypting drives (select
●
models only).
Allows IT managers to control access to devices based on user
●
profiles.
Prevents unauthorized users from removing data using external
●
storage media, and from introducing viruses into the system
from external media.
Allows administrators to disable access to communication
●
devices for specific individuals or groups of users.
● Requires separate purchase of tracking and tracing
subscriptions to activate.
Provides secure asset tracking.
●
Monitors user activity, as well as hardware and software
●
changes.
Remains active even if the hard drive is reformatted or replaced.
●
HP ProtectTools security product description and common use examples
Most of the HP ProtectTools security products have both user authentication (usually a password)
and an administrative backup to gain access if passwords are lost, not available, or forgotten, or any
time corporate security requires access.
NOTE: Some of the HP ProtectTools security products are designed to restrict access to data. Data
should be encrypted when it is so important that the user would rather lose the information than have
it compromised. It is recommended that all data be backed up in a secure location.
2 Chapter 1 Introduction to security
Password Manager
Password Manager stores user names and passwords, and can be used to:
Save login names and passwords for Internet access or email.
●
Automatically log the user in to a website or email.
●
● Manage and organize authentications.
Select a Web or network asset and directly access the link.
●
View names and passwords when necessary.
●
Example 1: A purchasing agent for a large manufacturer makes most of her corporate transactions
over the Internet. She also frequently visits several popular websites that require login information.
She is keenly aware of security so does not use the same password on every account. The
purchasing agent has decided to use Password Manager to match Web links with different user
names and passwords. When she goes to a website to log on, Password Manager presents the
credentials automatically. If she wants to view the user names and passwords, Password Manager
can be configured to display them.
Password Manager can also be used to manage and organize the authentications. This tool will allow
a user to select a Web or network asset and directly access the link. The user can also view the user
names and passwords when necessary.
Example 2: A hard-working CPA has been promoted and will now manage the entire accounting
department. The team must log on to a large number of client Web accounts, each of which uses
different login information. This login information needs to be shared with other workers, so
confidentiality is an issue. The CPA decides to organize all the Web links, company user names, and
passwords within Password Manager. Once complete, the CPA deploys Password Manager to the
employees so they can work on the Web accounts and never know the login credentials that they are
using.
Drive Encryption for HP ProtectTools (select models only)
Drive Encryption is used to restrict access to the data on the entire computer hard drive or a
secondary drive. Drive Encryption can also manage self-encrypting drives.
Example 1: A doctor wants to make sure only he can access any data on his computer hard drive.
The doctor activates Drive Encryption, which requires pre-boot authentication before Windows login.
Once set up, the hard drive cannot be accessed without a password before the operating system
starts. The doctor could further enhance drive security by choosing to encrypt the data with the selfencrypting drive option.
Drive Encryption for HP ProtectTools does not allow access to the encrypted data even when the
drive is removed, because they are both bound to the original system board.
Example 2: A hospital administrator wants to ensure only doctors and authorized personnel can
access any data on their local computer without sharing their personal passwords. The IT department
adds the administrator, doctors, and all authorized personnel as Drive Encryption users. Now only
authorized personnel can boot the computer or domain using their personal user name and
password.
Device Access Manager for HP ProtectTools (select models only)
Device Access Manager for HP ProtectTools allows an administrator to restrict and manage access
to hardware. Device Access Manager for HP ProtectTools can be used to block unauthorized access
to USB flash drives where data could be copied. It can also restrict access to CD/DVD drives, control
HP ProtectTools security product description and common use examples 3
of USB devices, network connections, and so on. An example would be a situation where outside
vendors need access to company computers but should not be able to copy the data to a USB drive.
Example 1: A manager of a medical supply company often works with personal medical records
along with his company information. The employees need access to this data, however, it is
extremely important that the data is not removed from the computer by a USB drive or any other
external storage media. The network is secure, but the computers have CD burners and USB ports
that could allow the data to be copied or stolen. The Manager uses Device Access Manager to
disable the USB ports and CD burners so they cannot be used. Even though the USB ports are
blocked, mouse and keyboards will continue to function.
Example 2: An insurance company does not want its employees to install or load personal software
or data from home. Some employees need access to the USB port on all computers. The IT manager
uses Device Access Manager to enable access for some employees while blocking external access
for others.
Computrace for HP ProtectTools (formerly LoJack Pro) (purchased separately)
Computrace for HP ProtectTools (purchased separately) is a service that can track the location of a
stolen computer whenever the user accesses the Internet. Computrace for HP ProtectTools can also
help remotely manage and locate computers, as well as monitor computer usage and applications.
Example 1: A school principal instructed the IT department to keep track of all the computers at his
school. After the inventory of the computers was made, the IT administrator registered all the
computers with Computrace so they could be traced in case they were ever stolen. Recently, the
school realized several computers were missing, so the IT administrator alerted the authorities and
Computrace officials. The computers were located and were returned to the school by the authorities.
Example 2: A real estate company needs to manage and update computers all over the world. They
use Computrace to monitor and update the computers without having to send an IT person to each
computer.
Achieving key security objectives
The HP ProtectTools modules can work together to provide solutions for a variety of security issues,
including the following key security objectives:
Protecting against targeted theft
●
Restricting access to sensitive data
●
● Preventing unauthorized access from internal or external locations
Creating strong password policies
●
4 Chapter 1 Introduction to security
Protecting against targeted theft
An example of targeted theft would be the theft of a computer containing confidential data and
customer information at an airport security checkpoint. The following features help protect against
targeted theft:
The pre-boot authentication feature, if enabled, helps prevent access to the operating system.
●
Security Manager for HP ProtectTools—See
◦
on page 23.
◦ Drive Encryption for HP ProtectTools—See
models only) on page 38.
Encryption helps ensure that data cannot be accessed even if the hard drive is removed and
●
installed into an unsecured system.
Computrace can track the computer's location after a theft.
●
Computrace for HP ProtectTools—See
◦
HP ProtectTools Security Manager
Drive Encryption for HP ProtectTools (select
Theft recovery (select models only) on page 56.
Restricting access to sensitive data
Suppose a contract auditor is working onsite and has been given computer access to review sensitive
financial data; you do not want the auditor to be able to print the files or save them to a writable
device such as a CD. The following feature helps restrict access to data:
Device Access Manager for HP ProtectTools allows IT managers to restrict access to
●
communication devices so that sensitive information cannot be copied from the hard drive. See
Device Class Configuration on page 48.
Preventing unauthorized access from internal or external locations
Unauthorized access to an unsecured business computer presents a very real risk to corporate
network resources such as information from financial services, an executive, or the R&D team, and to
private information such as patient records or personal financial records. The following features help
prevent unauthorized access:
The pre-boot authentication feature, if enabled, helps prevent access to the operating system.:
●
Security Manager for HP ProtectTools—See
◦
on page 23.
Drive Encryption for HP ProtectTools—See
◦
models only) on page 38.
● Security Manager helps ensure that an unauthorized user cannot get passwords or access to
password-protected applications. See
Device Access Manager for HP ProtectTools allows IT managers to restrict access to writable
●
devices so sensitive information cannot be copied from the hard drive. See
Manager for HP ProtectTools (select models only) on page 46.
Creating strong password policies
If a company policy goes into effect that requires the use of strong password policy for dozens of
Web-based applications and databases, Security Manager provides a protected repository for
passwords and Single Sign On convenience. See
HP ProtectTools Security Manager
Drive Encryption for HP ProtectTools (select
HP ProtectTools Security Manager on page 23.
Device Access
HP ProtectTools Security Manager on page 23.
Achieving key security objectives 5
Additional security elements
Assigning security roles
In managing computer security (particularly for large organizations), one important practice is to
divide responsibilities and rights among various types of administrators and users.
NOTE: In a small organization or for individual use, these roles may all be held by the same person.
For HP ProtectTools, the security duties and privileges can be divided into the following roles:
Security officer—Defines the security level for the company or network and determines the
●
security features to deploy, such as Drive Encryption.
NOTE: Many of the features in HP ProtectTools can be customized by the security officer in
cooperation with HP. For more information, go to
IT administrator—Applies and manages the security features defined by the security officer. Can
●
also enable and disable some features. For example, if the security officer has decided to deploy
smart cards, the IT administrator can enable both password and smart card mode.
● User—Uses the security features. For example, if the security officer and IT administrator have
enabled smart cards for the system, the user can set the smart card PIN and use the card for
authentication.
CAUTION: Administrators are encouraged to follow “best practices” in restricting end-user
privileges and restricting user access.
http://www.hp.com.
Unauthorized users should not be granted administrative privileges.
Managing HP ProtectTools passwords
Most of the HP ProtectTools Security Manager features are secured by passwords. The following
table lists the commonly used passwords, the software module where the password is set, and the
password function.
The passwords that are set and used by IT administrators only are indicated in this table as well. All
other passwords may be set by regular users or administrators.
HP ProtectTools password Set in the following
Windows logon password Windows Control Panel or
Security Manager Backup and
Recovery password
Smart card PIN Credential Manager Can be used as multifactor authentication.
module
HP ProtectTools Security
Manager
Security Manager, by
individual user
Function
Can be used for manual logon and for
authentication to access various Security
Manager features.
Protects access to the Security Manager
Backup and Recovery file.
Can be used as Windows authentication.
Authenticates users of Drive Encryption, if
the smart card is selected.
6 Chapter 1 Introduction to security
Creating a secure password
When creating passwords, you must first follow any specifications that are set by the program. In
general, however, consider the following guidelines to help you create strong passwords and reduce
the chances of your password being compromised:
Use passwords with more than 6 characters, preferably more than 8.
●
Mix the case of letters throughout your password.
●
Whenever possible, mix alphanumeric characters and include special characters and
●
punctuation marks.
Substitute special characters or numbers for letters in a key word. For example, you can use the
●
number 1 for letters I or L.
Combine words from 2 or more languages.
●
Split a word or phrase with numbers or special characters in the middle, for example,
●
“Mary2-2Cat45.”
Do not use a password that would appear in a dictionary.
●
Do not use your name for the password, or any other personal information, such as your birth
●
date, pet names, or mother's maiden name, even if you spell it backwards.
Change passwords regularly. You might change only a couple of characters that increment.
●
If you write down your password, do not store it in a commonly visible place very close to the
●
computer.
● Do not save the password in a file, such as an email, on the computer.
Do not share accounts or tell anyone your password.
●
Backing up credentials and settings
You can back up credentials in the following ways:
● Use Drive Encryption for HP ProtectTools to select and back up HP ProtectTools credentials.
Use the Backup and Recovery tool in HP ProtectTools Security Manager as a central location
●
from which you can back up and restore security credentials from some of the installed HP
ProtectTools modules.
Additional security elements 7
2 Getting started
To configure settings for HP ProtectTools, use the HP Client Security Setup Wizard or the HP
ProtectTools Security Manager Setup Wizard.
After you have completed the HP Client Security Setup Wizard, application status is displayed on the
HP Client Security Dashboard.
HP Client Security Setup Wizard
NOTE: Administration of HP ProtectTools requires administrative privileges.
The HP Client Security Setup Wizard guides you through setting up the most commonly used
features of Security Manager. If you have not completed the HP Client Security Setup Wizard
previously, you can launch HP Client Security Setup Wizard in one of the following ways:
From the Start screen, click or tap the HP Client Security app.
▲
– or –
From the Windows desktop, click or tap the HP ProtectTools gadget.
Pages are displayed in the following order:
1. Windows password—Enter your Windows password.
This will protect your Windows account using strong authentication.
2. SpareKey—To enroll the SpareKey option, select three security questions.
3. Enroll fingerprints—If a fingerprint reader and the associated driver are installed, you can
enroll fingerprints. You must select and register at least 2 fingerprints.
4. Drive Encryption—If Drive Encryption for HP ProtectTools is installed, you can activate
encryption on the primary drive:
Software encryption for a traditional hard drive
●
Hardware encryption if a self-encrypting drive is detected.
●
You must save an encryption key on one or more of the following before encryption is enabled:
NOTE: If you cancel the wizard at this time, you will not be able to activate Windows and Drive
Encryption authentication.
● Removable media, such as a USB flash drive with FAT 32 format.
This option is selected by default if a single removable device is detected before the
◦
Drive Encryption page is displayed.
If 2 or more removable devices are detected, select one of the drives displayed.
◦
SkyDrive—This option is available if an Internet connection is detected.
●
A Windows
®
Live ID is required. Enter your ID and password, or sign up for one.
5. The Finish page displays a success notification, and you are prompted to reboot for Drive
Encryption activation.
8 Chapter 2 Getting started
HP ProtectTools Security Manager Setup Wizard
NOTE: Administration of HP ProtectTools requires administrative privileges.
The HP ProtectTools Security Manager Setup Wizard guides you through setting up the features of
Security Manager. Besides the settings found in the wizard, administrators can configure many
additional security features through the Administrative Console. These settings apply to the computer
and all users who share the computer.
To launch the HP ProtectTools Security Manager Setup Wizard:
Click Setup Wizard in the left panel of the Administrative Console, and then follow the on-
▲
screen instructions until setup is complete.
Administrators can launch Administrative Console from HP ProtectTools Security Manager User
Console. For more information, see
on page 13.
Security Manager and its applications are available to all users who share this computer.
HP ProtectTools Security Manager Administrative Console
HP Client Security Dashboard
To open HP Client Security if you have previously completed the HP Client Security Setup Wizard:
From the Start screen, type hp and then select HP Client Security.
▲
The dashboard displays a quick overview of features and related status for each application.
Click or tap an application row to display more information for the selected application:
▲
The Configure Now button indicates an application not yet configured. Click or tap the
●
button to open the application page to configure the application.
The Settings button indicates an application with an OK status. Click or tap the button to
●
access the settings for the application.
The User Console is launched for a user configuration.
●
● The Administrative Console is launched for a configuration requiring administrator
privilege.
The Status Dashboard stays open after the User Console or the Administrative Console is
●
launched, and once you have configured settings and closed the Console, the status is
refreshed.
HP ProtectTools Security Manager Setup Wizard 9
3 Easy Setup Guide for Small Business
This chapter is designed to demonstrate the basic steps to activate the most common and useful
options within HP ProtectTools for Small Business. There are numerous tools and options available in
this software that will allow you to fine-tune your preferences and set your access control. This Easy
Setup Guide will focus on getting each module running with the least amount of setup effort and time.
For additional information, just select the module you are interested in and click the ? or Help button
in the upper right corner. This button will automatically provide information to help you with the
currently displayed window.
Getting started
1. From the Windows desktop, open HP ProtectTools Security Manager by double-clicking the HP
ProtectTools icon in the notification area located at the far right of the taskbar.
2. Enter your Windows password, or create a Windows password.
3. Complete the setup wizard.
NOTE: By default, HP ProtectTools Security Manager is set to Strong Authentication Policy.
This setting is designed to prevent unauthorized access while logged into Windows and should be
used when high security is needed or if users are away from their systems frequently throughout the
day. If you would like to change this setting, click the Session Policy tab, and make your selections.
To have HP ProtectTools Security Manager require authentication only once during the Windows
login, follow this procedure.
1. From the Windows desktop, open HP ProtectTools Security Manager by double-clicking the HP
ProtectTools icon in the notification area located at the far right of the taskbar.
2. In the left pane, click Administration, and then click Administrative Console.
3. In the left pane under System, select Authentication from the Security group.
4. Click the Session Policy tab, and then select the login combination requirements for the
session. To reverse these selections, click Restore Defaults.
5. Click the Apply button when complete.
Password Manager
Passwords! We all have quite a number of them – especially if you regularly access websites or use
applications that require you to log on. The normal user either uses the same password for every
application and website, or gets really creative and promptly forgets which password goes with which
application.
Password Manager can automatically remember your passwords or give you the ability to discern
which sites to remember and which to omit. Once you sign on to the computer, Password Manager
will provide your passwords or credentials for participating applications or websites.
When you access any application or website requiring credentials, Password Manager will
automatically recognize the site, and will ask if you want the software to remember your information. If
you want to exclude certain sites, you can decline the request.
10 Chapter 3 Easy Setup Guide for Small Business
To start saving web locations, user names, and passwords:
1. As an example, navigate to a participating website or application, and then click the Password
Manager icon in the upper-left corner of the Web page to add the web authentication.
2. Name the link (optional) and enter a user name and password into Password Manager.
NOTE: The areas that Password Manager will use now and for subsequent visits are
highlighted.
3. When complete, click the OK button.
4. Password Manager can also save your user name and passwords for network shares or
mapped network drives.
Viewing and managing the saved authentications in Password Manager
Password Manager allows you to view, manage, back up, and launch your authentications from a
central location. Password Manager also supports the launching of saved sites from Windows.
To open Password Manager, use one of the following two methods:
Use the keyboard combination of ctrl+Windows logo key+h to open Password Manager, and
●
then click Open to launch and authenticate the saved shortcut.
– or –
Select the Manage tab in Password Manager to open HP ProtectTools Security Manager to edit
●
the credentials.
Password Manager’s Edit option allows you to view and modify the name, login name, and even
reveal the passwords.
HP ProtectTools for Small Business allows all credentials and settings to be backed up and/or copied
to another computer.
Device Access Manager for HP ProtectTools
Device Access Manager can be used to restrict the use of various internal and external storage
devices so your data will remain secured on the hard drive and not walk out the door of your
business. An example would be to allow a user access to your data but block them from copying it to
a CD, personal music player, or USB memory device. Below is an easy way to set this up.
1. From the Windows desktop, open HP ProtectTools Security Manager User Console by double-
clicking the HP ProtectTools icon in the notification area located at the far right of the taskbar.
2. In the left pane of HP ProtectTools Security Manager, click Administration, and then click
Administrative Console.
3. Click Device Access Manager, and then click Device Class Configuration.
4. The next step is to select who will continue to have access while everyone else is blocked.
5. Select the hardware devices that you want to restrict, and then click the Apply button to finish
the process.
6. Select Add, click Advanced, and then click Find Now.
Device Access Manager for HP ProtectTools 11
7. Select the desired user, and then click OK > OK > Apply.
Your choice is displayed in the Users/Groups box.
8. Select the Device Class that the user will be using, select Allow or Deny, and then click Apply.
Drive Encryption for HP ProtectTools
Drive Encryption for HP ProtectTools is used to protect your data by encrypting the entire hard drive.
The data on your hard drive will stay protected if your PC is ever stolen and/or if the hard drive is
removed from the original computer and placed in a different computer.
An additional security benefit is that Drive Encryption requires you to properly authenticate using your
user name and password before the operating system starts. This process is called pre-boot
authentication.
To make it easy for you, multiple software modules synchronize passwords automatically, including
Windows user accounts, domains, Drive Encryption for HP ProtectTools, Password Manager, and HP
ProtectTools Security Manager.
Use the following simple steps to activate Drive Encryption for HP ProtectTools:
1. From the Windows desktop, open HP ProtectTools Security Manager by double-clicking the HP
ProtectTools icon in the notification area located at the far right of the taskbar.
2. In the left pane, click Administration, and then click Administrative Console.
3. In the left pane, click Setup Wizard.
4. Select Next in the Welcome screen.
5. Enter your Windows password to start the activation wizard, and then click Next.
6. Skip SpareKey if it is not desired.
7. Check the Drive Encryption box, and then click Next.
8. Check the drive to encrypt, and then click Next.
9. The Drive Encryption configuration window requires a USB flash drive or other external device to
store the encryption recovery key. Keep this recovery key safe and secure because it is used to
recover data or access the drive if the pre-boot password is lost or fails.
10. Click Next, complete the process, and then click Finish. Remove the USB flash drive, and then
reboot the computer when ready.
11. When the system starts, Drive Encryption will request your Windows password. Enter the
password, and then click OK.
NOTE: The computer may appear to run slowly while the drive is encrypting. Once totally
encrypted, the performance will return to normal. As data on the drive is accessed, it is
encrypted or decrypted as required by the administrator.
Drive Encryption authentication will “chain” through Windows login directly to the Windows
desktop so that you will not need to enter your password twice.
12 Chapter 3 Easy Setup Guide for Small Business
4 HP ProtectTools Security Manager
Administrative Console
HP ProtectTools Security Manager software provides security features that help protect against
unauthorized access to the computer, networks, and critical data. Administration of HP ProtectTools
Security Manager is provided through the Administrative Console feature.
Additional applications are available in the Security Manager User Console to assist with recovery of
the computer if it is lost or stolen (select models only).
Using the Administrative Console, the local administrator can perform the following tasks:
Enabling or disabling security features
●
Specifying required credentials for authentication
●
Managing users of the computer
●
● Adjusting device-specific parameters
Configuring installed Security Manager applications
●
Getting started
To configure settings for HP ProtectTools, use the HP Client Security Setup Wizard or the HP
ProtectTools Security Manager Setup Wizard.
After you have completed the HP Client Security Setup Wizard, application status is displayed on the
HP Client Security Dashboard.
HP Client Security Setup Wizard
NOTE: Administration of HP ProtectTools requires administrative privileges.
The HP Client Security Setup Wizard guides you through setting up the most commonly used
features of Security Manager. If you have not completed the HP Client Security Setup Wizard
previously, you can launch HP Client Security Setup Wizard in one of the following ways:
From the Start screen, click or tap the HP Client Security app.
▲
– or –
From the Windows desktop, click or tap the HP ProtectTools gadget.
Pages are displayed in the following order:
1. Windows password—Enter your Windows password.
This will protect your Windows account using strong authentication.
2. SpareKey—To enroll the SpareKey option, select three security questions.
3. Enroll fingerprints—If a fingerprint reader and the associated driver are installed, you can
enroll fingerprints. You must select and register at least 2 fingerprints.
Getting started 13
4. Drive Encryption—If Drive Encryption for HP ProtectTools is installed, you can activate
encryption on the primary drive:
Software encryption for a traditional hard drive
●
Hardware encryption if a self-encrypting drive is detected.
●
You must save an encryption key on one or more of the following before encryption is enabled:
NOTE: If you cancel the wizard at this time, you will not be able to activate Windows and Drive
Encryption authentication.
Removable media, such as a USB flash drive with FAT 32 format.
●
This option is selected by default if a single removable device is detected before the
◦
Drive Encryption page is displayed.
If 2 or more removable devices are detected, select one of the drives displayed.
◦
SkyDrive—This option is available if an Internet connection is detected.
●
A Windows
5. The Finish page displays a success notification, and you are prompted to reboot for Drive
Encryption activation.
®
Live ID is required. Enter your ID and password, or sign up for one.
HP ProtectTools Security Manager Setup Wizard
NOTE: Administration of HP ProtectTools requires administrative privileges.
The HP ProtectTools Security Manager Setup Wizard guides you through setting up the features of
Security Manager. Besides the settings found in the wizard, administrators can configure many
additional security features through the Administrative Console. These settings apply to the computer
and all users who share the computer.
To launch the HP ProtectTools Security Manager Setup Wizard:
Click Setup Wizard in the left panel of the Administrative Console, and then follow the on-
▲
screen instructions until setup is complete.
Administrators can launch Administrative Console from HP ProtectTools Security Manager User
Console. For more information, see
on page 13.
Security Manager and its applications are available to all users who share this computer.
HP Client Security Dashboard
To open HP Client Security if you have previously completed the HP Client Security Setup Wizard:
From the Start screen, type hp and then select HP Client Security.
▲
The dashboard displays a quick overview of features and related status for each application.
Click or tap an application row to display more information for the selected application:
▲
The Configure Now button indicates an application not yet configured. Click or tap the
●
button to open the application page to configure the application.
HP ProtectTools Security Manager Administrative Console
● The Settings button indicates an application with an OK status. Click or tap the button to
access the settings for the application.
The User Console is launched for a user configuration.
●
14 Chapter 4 HP ProtectTools Security Manager Administrative Console
The Administrative Console is launched for a configuration requiring administrator
●
privilege.
The Status Dashboard stays open after the User Console or the Administrative Console is
●
launched, and once you have configured settings and closed the Console, the status is
refreshed.
Opening HP ProtectTools Administrative Console
Use the HP ProtectTools Administrative Console for administrative tasks, such as setting system
policies or configuring software. Access the Administrative Console by opening HP ProtectTools
Security Manager:
1. From the Windows desktop, double-click the HP ProtectTools icon in the notification area,
located at the far right of the taskbar.
– or –
From Control Panel, select System and Security, and then select HP ProtectTools Security
Manager.
2. In the left panel of Security Manager User Console, click Administration, and then click
Administrative Console.
Using Administrative Console
HP ProtectTools Administrative Console is the central location for administering HP ProtectTools
Security Manager features and applications.
1. From the Windows desktop, double-click the HP ProtectTools icon in the notification area,
located at the far right of the taskbar.
– or –
From Control Panel, select System and Security, and then select HP ProtectTools Security
Manager.
2. In the left panel of Security Manager User Console, click Administration, and then click
Administrative Console.
The Administrative console displays the following selections under Home in the left panel:
System—Allows you to configure the following security features and authentication for users
●
and devices.
Security
◦
Users
◦
◦ Credentials
Applications—Allows you to configure settings for HP ProtectTools Security Manager and for
●
Security Manager applications.
● Data—allows you to configure settings for Drive Encryption (select models only).
● Computer—allows you to configure settings for Device Access Manager
Setup Wizard—Guides you through setting up HP ProtectTools Security Manager.
●
Opening HP ProtectTools Administrative Console 15
About—Displays information about HP ProtectTools Security Manager, such as the version
●
number and copyright notice.
Main area—Displays application-specific screens.
●
?—Displays the Administrative Console Help. This icon is located at the top right of the window
frame, next to the minimize and maximize icons.
Configuring your system
The System group is accessed from the menu panel on the left side of HP ProtectTools
Administrative Console. You can use the applications in this group to manage the policies and
settings for the computer, its users, and its devices.
The following applications are included in the System group:
● Security—Manage features, authentication, and settings governing how users interact with this
computer.
Users—Set up, manage, and register users of this computer.
●
● Credentials—Manage settings for security devices built into or attached to the computer and
configure settings.
Setting up authentication for your computer
Within the Authentication application, you can set policies governing access to the computer. You can
specify the credentials required to authenticate each class of user when logging on to Windows or
logging on to websites and programs during a user session.
To set up authentication on your computer:
1. In the left panel of Administrative Console, click Security, and then click Authentication.
2. To configure logon authentication, click the Logon Policy tab, make changes, and then click
3. To configure session authentication, click the Session Policy tab, make changes, and then click
Logon Policy
To define policies governing the credentials required to authenticate a user when logging on to
Windows:
1. In the left panel of Administrative Console, click Security, and then click Authentication.
2. On the Logon Policy tab, select a user category, such as Administrators or Standard users.
3. Click an authentication credential to display the edit dialog.
4. To require a combination of two authentication credentials, click the down arrow to select each
5. To remove a credential, click the X, or right-click the credential, and then click Delete.
Apply.
Apply.
credential, and then click OK.
6. Click Yes on the configuration dialog.
7. To confirm whether users can log on, click Check that HP ProtectTools can log on.
16 Chapter 4 HP ProtectTools Security Manager Administrative Console
Loading...