How it Works
HP
Loading...
ProtectTools 5.0
User Manual
77 pgs2.22 Mb0

HP ProtectTools 5.0 User Manual

HP ProtectTools Security Software, Version 5.0
User Guide
© Copyright 2009 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP shall not be liable for technical or editorial errors or omissions contained herein.
This document contains proprietary information that is protected by copyright. No part of this document may be photocopied, reproduced, or translated to another language without the prior written consent of Hewlett-Packard Company.
HP ProtectTools Security Software User Guide
HP Compaq Business PC
First Edition: September 2009
Document Part Number: 581746-001
About This Book
This guide provides basic information for upgrading this computer model.
WARNING! Text set off in this manner indicates that failure to follow directions could result in bodily
harm or loss of life.
CAUTION: Text set off in this manner indicates that failure to follow directions could result in damage
to equipment or loss of information.
NOTE: Text set off in this manner provides important supplemental information.
ENWW iii
iv About This Book ENWW
Table of contents
1 Introduction to security
HP ProtectTools features ..................................................................................................................... 2
Accessing HP ProtectTools Security .................................................................................................... 3
Achieving key security objectives ......................................................................................................... 3
Protecting against targeted theft .......................................................................................... 4
Restricting access to sensitive data ..................................................................................... 4
Preventing unauthorized access from internal or external locations ................................... 5
Creating strong password policies ....................................................................................... 5
Additional security elements ................................................................................................................. 6
Assigning security roles ....................................................................................................... 6
Managing HP ProtectTools passwords ................................................................................ 6
Creating a secure password ............................................................................... 7
Backing up credentials and settings .................................................................................... 8
2 HP ProtectTools Security Manager Administrative Console
About HP ProtectTools Administrative Console ................................................................................... 9
Using the Administrative Console ........................................................................................................ 9
Getting Started - Setup Wizard .......................................................................................................... 10
Configuring your system ..................................................................................................................... 10
Enabling security features ................................................................................................. 11
Defining Security Manager authentication policies ............................................................ 11
Logon tab .......................................................................................................... 11
Session tab ....................................................................................................... 12
Defining Settings ................................................................................................................ 12
Managing Users ................................................................................................................. 12
Adding a user .................................................................................................... 12
Removing a user ............................................................................................... 13
Checking user status ......................................................................................... 13
Specifying device settings ................................................................................................. 13
Configuring Applications Settings ....................................................................................................... 13
Encrypting Drives ............................................................................................................................... 14
Managing Device Access ................................................................................................................... 14
3 HP ProtectTools Security Manager
ENWW v
Logging in after Security Manager is configured ................................................................................ 15
Managing passwords ......................................................................................................................... 16
Setting credentials .............................................................................................................................. 16
Changing your Windows password ................................................................................... 16
Setting up a Smart Card .................................................................................................... 16
Managing communication privacy ...................................................................................................... 17
Shredding or bleaching files ............................................................................................................... 17
Viewing drive encryption status .......................................................................................................... 17
Viewing device access ....................................................................................................................... 17
Activating theft recovery ..................................................................................................................... 18
Adding applications ............................................................................................................................ 18
Setting preferences ............................................................................................................................ 18
Backup and Restore ........................................................................................................................... 18
Backing up your data ......................................................................................................... 19
Restoring your data ........................................................................................................... 19
Changing your Windows user name and picture ................................................................................ 19
4 Password Manager for HP ProtectTools
Adding logons ..................................................................................................................................... 22
Editing logons ..................................................................................................................................... 23
Using the Logons menu ..................................................................................................................... 23
Organizing logons into categories ...................................................................................................... 23
Managing your logons ........................................................................................................................ 24
Assessing your password strength ..................................................................................................... 24
Password Manager Icon settings ....................................................................................................... 24
5 Drive Encryption for HP ProtectTools
Setup procedures ............................................................................................................................... 27
Opening Drive Encryption .................................................................................................. 27
General tasks ..................................................................................................................................... 27
Activating Drive Encryption ................................................................................................ 27
Deactivating Drive Encryption ............................................................................................ 27
Logging in after Drive Encryption is activated .................................................................... 27
Advanced tasks .................................................................................................................................. 28
Managing Drive Encryption (administrator task) ................................................................ 28
Activating a TPM-protected password .............................................................. 28
Encrypting or decrypting individual drives ......................................................... 28
Backup and recovery (administrator task) ......................................................................... 28
Creating backup keys ........................................................................................ 28
6 Privacy Manager for HP ProtectTools
Opening Privacy Manager .................................................................................................................. 30
Setup procedures ............................................................................................................................... 31
vi ENWW
Managing Privacy Manager Certificates ............................................................................ 31
Requesting and installing a Privacy Manager Certificate .................................................. 31
Requesting a Privacy Manager Certificate ........................................................ 31
Installing a Privacy Manager Certificate ............................................................ 31
Viewing Privacy Manager Certificate details ...................................................................... 32
Renewing a Privacy Manager Certificate ........................................................................... 32
Setting a default Privacy Manager Certificate .................................................................... 32
Deleting a Privacy Manager Certificate ............................................................................. 32
Restoring a Privacy Manager Certificate ........................................................................... 33
Revoking your Privacy Manager Certificate ....................................................................... 33
Managing Trusted Contacts ............................................................................................... 33
Adding Trusted Contacts ................................................................................... 34
Adding a Trusted Contact ................................................................. 34
Adding Trusted Contacts using your Microsoft Outlook address
book .................................................................................................. 35
Viewing Trusted Contact details ........................................................................ 35
Deleting a Trusted Contact ............................................................................... 35
Checking revocation status for a Trusted Contact ............................................ 36
General tasks ..................................................................................................................................... 36
Using Privacy Manager in Microsoft Office ........................................................................ 36
Using Privacy Manager in Microsoft Outlook ..................................................................... 39
Using Privacy Manager in Windows Live Messenger ........................................................ 40
Advanced tasks .................................................................................................................................. 45
Migrating Privacy Manager Certificates and Trusted Contacts to a different
computer ............................................................................................................................ 45
Exporting Privacy Manager Certificates and Trusted Contacts ......................... 45
Importing Privacy Manager Certificates and Trusted Contacts ......................... 45
7 File Sanitizer for HP ProtectTools
Setup procedures ............................................................................................................................... 47
Opening File Sanitizer ....................................................................................................... 47
Setting a free space bleaching schedule ........................................................................... 47
Setting a shred schedule ................................................................................................... 47
Selecting or creating a shred profile .................................................................................. 48
Selecting a predefined shred profile .................................................................................. 48
Customizing an advanced security shred profile ............................................................... 48
Customizing a simple delete profile ................................................................................... 49
General tasks ..................................................................................................................................... 49
Using a key sequence to initiate shredding ....................................................................... 49
Using the File Sanitizer icon .............................................................................................. 50
Manually shredding one asset ........................................................................................... 50
Manually shredding all selected items ............................................................................... 51
Manually activating free space bleaching .......................................................................... 51
Aborting a shred or free space bleaching operation .......................................................... 51
ENWW vii
Viewing the log files ........................................................................................................... 51
8 Java Card Security for HP ProtectTools
Assigning a Java Card PIN ................................................................................................................ 52
9 Embedded Security for HP ProtectTools
Setup procedures ............................................................................................................................... 54
Enabling the embedded security chip in Computer Setup ................................................. 54
Installing Embedded Security for HP ProtectTools ............................................................ 54
Initializing the embedded security chip .............................................................................. 55
Setting up the basic user account ...................................................................................... 55
General tasks ..................................................................................................................................... 56
Using the Personal Secure Drive ....................................................................................... 56
Encrypting files and folders ................................................................................................ 56
Sending and receiving encrypted e-mail ............................................................................ 56
Advanced tasks .................................................................................................................................. 57
Backing up and restoring ................................................................................................... 57
Creating a backup file ....................................................................................... 57
Restoring certification data from the backup file ............................................... 57
Changing the owner password .......................................................................................... 57
Resetting a user password ................................................................................................ 57
Migrating keys with the Migration Wizard .......................................................................... 57
10 Device Access Manager for HP ProtectTools
Starting background service ............................................................................................................... 59
Simple configuration ........................................................................................................................... 59
Device class configuration (advanced) ............................................................................................... 60
Adding a user or a group ................................................................................................... 60
Removing a user or a group .............................................................................................. 60
Denying or allowing access to a user or group .................................................................. 60
User access settings (advanced) ....................................................................................................... 61
Adding a user or group ...................................................................................................... 61
Removing a user or group ................................................................................................. 61
Allowing or Denying Permissions ...................................................................................... 61
11 LoJack Pro for HP ProtectTools
Glossary ............................................................................................................................................................. 63
Index ................................................................................................................................................................... 67
viii ENWW
1 Introduction to security
HP ProtectTools security software provides security features that help protect against unauthorized access to the computer, networks, and critical data. Enhanced security functionality is provided by several HP ProtectTools software modules.
HP ProtectTools provides two versions that can be utilized: HP ProtectTools Security Manager Administrative Console and HP ProtectTools Security Manager (for general users). Both Administrator and user versions are available in the Start > All Programs menu.
Function Features
HP ProtectTools Security Manager Administrative Console
Requires Microsoft Windows system administrator rights to access
Access to modules to be configured by an administrator and not available to the general user
Allows initial security setup and configures options or requirements for all users
HP ProtectTools Security Manager (for general users)
Allows users to configure options provided by an administrator
Can restrict access and only allow a user limited controls of some HP ProtectTools modules
NOTE: Password Manager, Java Card Security, and Drive Encryption are configured using the
Security Manager setup wizard. HP Professional Desktop systems do not currently support fingerprint devices.
HP ProtectTools software modules may be preinstalled, preloaded, or available as a configurable option or as an after market option. Visit
http://www.hp.com for more information.
NOTE: The instructions in this guide are written with the assumption that you have already installed
the applicable HP ProtectTools software modules.
ENWW 1
HP ProtectTools features
The following table details the key features of HP ProtectTools modules:
Module Key features
HP ProtectTools Security Manager Administrative Console
The Security Manager setup wizard is used by administrators to set up and configure levels of security and security logon methods.
Configure options hidden from basic users.
Activate Drive Encryption and configure user access.
Configure Device Access Manager configurations and user access.
Administrator tools are used to add and remove HP ProtectTools users and view user status.
HP ProtectTools Security Manager (for general users)
Organize, set up and change user names and passwords.
Configure and change user credentials such as Windows password and Smart Card.
Configure and change File Sanitizer Shred, Bleaching, and Settings.
View settings for Encryption Status and Device Access Manager.
Use Privacy Manager to increase security of e-mails, documents, and instant messaging.
Activate LoJack Pro for HP ProtectTools
Configure Preferences and Backup and Restore options.
Password Manager for HP ProtectTools
Acts as a personal password vault, streamlining the logon process with the Single Sign On feature, which automatically remembers and applies user credentials.
Create and Organize single sign on user names and passwords.
Drive Encryption for HP ProtectTools
Provides complete, full-volume hard drive encryption.
Forces pre-boot authentication in order to decrypt and access the data on the hard drive.
Privacy Manager for HP ProtectTools
Used to obtain Certificates of Authority, which verify the source, integrity, and security of communication when using Microsoft e­mail, Microsoft Office documents, and Instant Messenger.
File Sanitizer for HP ProtectTools
Allows you to securely shred digital assets (securely delete sensitive information including application files, historical or Web­related content, or other confidential data) on your computer and periodically bleach the hard drive (write over data that has been previously deleted but is still present on the hard drive in order to make recovery of the data more difficult).
Java Card Security for HP ProtectTools
Provides a management software interface for Java Card. HP ProtectTools Java Card is a personal security device that protects authentication data requiring both the card and a PIN number to grant access. The Java Card can be used to access Password Manager, Drive Encryption, or any number of third party access points.
Change PIN number.
2 Chapter 1 Introduction to security ENWW
Module Key features
Embedded Security for HP ProtectTools
Uses a Trusted Platform Module (TPM) embedded security chip to help protect against unauthorized access to sensitive user data or credentials stored locally on a PC.
Allows creation of a personal secure drive (PSD), which is useful in protecting user file and folder information.
Supports third-party applications (such as Microsoft Outlook and Internet Explorer) for protected digital certificate operations.
Device Access Manager for HP ProtectTools
Allows IT managers or administrators to control access to devices such as USB ports, optical drives, personal music players, etc. based on user profiles.
Prevents unauthorized users from removing data using external storage media and from introducing viruses into the system from external media.
The administrator can disable access to writeable devices for specific individuals or groups of users.
LoJack Pro for HP ProtectTools
Provides secure asset tracking.
Can monitor user activity along with hardware and software changes.
Remains active even if the hard drive is reformatted or replaced.
Requires separate purchase of tracking and tracing subscription to activate.
Accessing HP ProtectTools Security
To access HP ProtectTools Security Manager from the Windows Start menu:
In Windows, click Start, click All Programs, and then click HP ProtectTools Security Manager.
To access HP ProtectTools Security Manager Administrative Console from the Windows Start menu:
In Windows, click Start, click All Programs, and then click HP ProtectTools Administrative Console.
NOTE: After you have configured the Password Manager module, you can also open HP ProtectTools
by logging on to Password Manager directly from the Windows logon screen.
Achieving key security objectives
The HP ProtectTools modules can work together to provide solutions for a variety of security issues, including the following key security objectives:
Protecting against targeted theft
Restricting access to sensitive data
Preventing unauthorized access from internal or external locations
ENWW Accessing HP ProtectTools Security 3
Creating strong password policies
Addressing regulatory security mandates
Protecting against targeted theft
An example of this type of incident would be the targeted theft of a computer or its confidential data and customer information. This can easily occur in open office environments or in unsecured areas. The following features help protect the data if the computer is stolen:
The pre-boot authentication feature, if enabled, helps prevent access to the operating system. See the following chapters:
Password Manager for HP ProtectTools on page 21
Embedded Security for HP ProtectTools on page 53
Drive Encryption for HP ProtectTools on page 26
DriveLock helps ensure that data cannot be accessed even if the hard drive is removed and installed into an unsecured system.
The Personal Secure Drive feature, provided by the Embedded Security for HP ProtectTools module, encrypts sensitive data to help ensure it cannot be accessed without authentication. See the following chapter:
Embedded Security for HP ProtectTools on page 53
LoJack Pro can track the computer's location after a theft. See the following chapter:
LoJack Pro for HP ProtectTools on page 62
Restricting access to sensitive data
Suppose a contract auditor is working on site and has been given computer access to review sensitive financial data; you do not want the auditor to be able to print the files or save them to a writeable device such as a CD. The following feature helps restrict access to data:
Device Access Manager for HP ProtectTools allows IT managers to restrict access to writeable devices so sensitive information cannot be printed or copied from the hard drive onto removable media. See
Device class configuration (advanced) on page 60.
4 Chapter 1 Introduction to security ENWW
Preventing unauthorized access from internal or external locations
Unauthorized access to an unsecured business PC presents a very tangible risk to critical data such as information from financial services, an executive, or R&D team, and to private information such as patient records or personal financial records. The following features help prevent unauthorized access:
The pre-boot authentication feature, if enabled, helps prevent access to the operating system. See the following chapters:
Password Manager for HP ProtectTools on page 21
Embedded Security for HP ProtectTools on page 53
Drive Encryption for HP ProtectTools on page 26
Embedded Security for HP ProtectTools helps strengthen the protection of sensitive user data or credentials stored locally on a PC. See the following chapter:
Embedded Security for HP ProtectTools on page 53
Password Manager for HP ProtectTools helps ensure that an unauthorized user cannot get passwords or access to password-protected applications. See the following chapter
Password Manager for HP ProtectTools on page 21
Device Access Manager for HP ProtectTools allows IT managers to restrict access to writeable devices so sensitive information cannot be copied from the hard drive. See the following chapter:
Device Access Manager for HP ProtectTools on page 59
The Personal Secure Drive feature encrypts sensitive data to help ensure it cannot be accessed without authentication. See the following section:
Embedded Security for HP ProtectTools on page 53
File Sanitizer allows you to securely delete data by shredding critical files and folders or bleaching the hard drive (write over data that has been previously deleted but is still present on the hard drive in order to make recovery of the data more difficult). See the following chapter:
File Sanitizer for HP ProtectTools on page 46
Privacy Manager allows you to obtain Certificates of Authority when using Microsoft mail, Office documents, and Instant Messenger, making the process of sending and saving important information safe and secure. See the following chapter:
Privacy Manager for HP ProtectTools on page 30
Creating strong password policies
If a mandate goes into effect that requires the use of strong password policy for dozens of Web-based applications and databases, Password Manager for HP ProtectTools provides a protected repository for passwords and Single Sign On convenience. See the following chapter:
Password Manager for HP ProtectTools on page 21
ENWW Achieving key security objectives 5
Additional security elements
Assigning security roles
In managing computer security, one important practice is to divide responsibilities and rights among various types of administrators and users.
NOTE: In a small organization or for individual use, these roles may all be held by the same person.
For HP ProtectTools, the security duties and privileges can be divided into the following roles:
Security officer—Defines the security level for the company or network and determines the security features to deploy, such as Drive Encryption or Java™ Cards.
IT administrator—Applies and manages the security features defined by the security officer. Can also enable and disable some features. For example, if the security officer has decided to deploy Java Cards, the IT administrator can enable Java Card BIOS security mode.
User—Uses the security features. For example, if the security officer and IT administrator have enabled Java Cards for the system, the user can set the Java Card PIN and use the card for authentication.
Managing HP ProtectTools passwords
Most of the HP ProtectTools Security Manager features are secured by passwords. The following table lists the commonly used passwords, the software module where the password is set, and the password function.
The passwords that are set and used by IT administrators only are indicated in this table as well. All other passwords may be set by regular users or administrators.
HP ProtectTools password Set in this HP ProtectTools
module
Function
Password Manager logon password
Password Manager This password offers 2 options:
It can be used in a separate logon to access Password Manager after logging on to Windows.
It can be used in place of the Windows logon process, allowing access to Windows and Password Manager simultaneously.
Basic User Key password
NOTE: Also known as:
Embedded Security password
Embedded Security Used to access Embedded Security
features, such as secure e-mail, file, and folder encryption. When used for power-on authentication, also protects access to the computer contents when the computer is turned on, restarted, or restored from hibernation.
Emergency Recovery Token password
NOTE: Also known as:
Emergency Recovery Token Key password
Embedded Security, by IT administrator
Protects access to the Emergency Recovery Token, which is a backup file for the embedded security chip.
6 Chapter 1 Introduction to security ENWW
HP ProtectTools password Set in this HP ProtectTools
module
Function
Owner password Embedded Security, by IT
administrator
Protects the system and the TPM chip from unauthorized access to all owner functions of Embedded Security.
Java™ Card PIN Java Card Security Can be used as a multifactor authentication
option.
Authenticates users of Drive Encryption, if the Java Card token is selected.
Computer Setup password
NOTE: Also known as BIOS
administrator, F10 Setup, or Security Setup password
BIOS, by IT administrator Protects access to the Computer Setup
utility.
Power-on password BIOS Protects access to the computer contents
when the computer is turned on, restarted, or restored from hibernation.
Windows Logon password Windows Control Panel Can be used for manual logon or saved on
the Java Card.
Creating a secure password
When creating passwords, you must first follow any specifications that are set by the program. In general, however, consider the following guidelines to help you create strong passwords and reduce the chances of your password being compromised:
Use passwords with more than 6 characters, preferably more than 8.
Mix the case of letters throughout your password.
Whenever possible, mix alphanumeric characters and include special characters and punctuation marks.
Substitute special characters or numbers for letters in a key word. For example, you can use the number 1 for letters I or L.
Combine words from 2 or more languages.
Split a word or phrase with numbers or special characters in the middle, for example, “Mary2-2Cat45.”
Do not use a password that would appear in a dictionary.
Do not use your name for the password, or any other personal information, such as birth date, pet names, or mother's maiden name, even if you spell it backwards.
Change passwords regularly. You might change only a couple of characters that increment.
If you write down your password, do not store it in a commonly visible place very close to the computer.
Do not save the password in a file, such as an e-mail, on the computer.
Do not share accounts or tell anyone your password.
ENWW Additional security elements 7
Backing up credentials and settings
You can back up credentials in the following ways:
Use Drive Encryption for HP ProtectTools to select and back up HP ProtectTools credentials.
You can also register for Online Drive Encryption Key Recovery Service to store a backup copy of your encryption key, which will enable you to access your computer if you forget your password and do not have access to your local backup.
Use Embedded Security for HP ProtectTools to back up HP ProtectTools credentials.
Use the Backup and Recovery tool in HP ProtectTools Security Manager as a central location from which you can back up and restore security credentials from installed HP ProtectTools modules.
8 Chapter 1 Introduction to security ENWW
2 HP ProtectTools Security Manager
Administrative Console
About HP ProtectTools Administrative Console
Administration of HP ProtectTools Security Manager is provided through the Administrative Console.
Using the console, the local administrator can:
Enable or disable security features
Manage users of the computer
Adjust device-specific parameters
Configure Security Manager applications
Add additional Security Manager applications
Using the Administrative Console
The Security Manager Administrative Console is the central location for administering HP ProtectTools Security Manager.
To open the console:
Select Start > All Programs > HP ProtectTools Administrative Console, or
Click the Administration link in the lower-left corner of the Security Manager console.
The Administrative Console consists of two panes: a left pane and a right pane. The left pane contains the administrative tools. The right pane contains the working area for configuring the tools.
The Administrative Console left pane consists of the following:
Home - Provides easy access to commonly used tasks, including enabling security features, specifying security credentials, and managing users.
System - Manages configuration of system-wide security features, users, and authentication devices such as smart card readers.
Applications - Includes tools for configuring the behavior of Security Manager and its applications.
Data - Provides tools for managing drive encryptions and backing up and recovering encryption keys.
ENWW About HP ProtectTools Administrative Console 9
Computer - Provides advanced security options to selectively disallow various types of devices that could compromise PC security and set access permissions for various users and groups.
Management Tools - Opens your default browser to a web page where you can discover additional management applications and tools that extend the features of Security Manager as well as a means to stay notified when new applications and updates are available.
Links - Provides the following:
Setup Wizard - Launches the Setup Wizard, which guides you through the initial configuration of Security Manager.
Help - Opens the help file, which provides information about Security Manager and its applications.
About - Displays information about HP ProtectTools Security Manager, including the version number and copyright notice.
Getting Started - Setup Wizard
Administration of HP ProtectTools Security Manager requires administrative privileges.
The HP ProtectTools Security Manager Setup Wizard guides you through setting up the security features of HP ProtectTools. However, there is a wealth of additional functionality available through the HP ProtectTools Security Manager Console. The same settings found in the wizard, as well as additional security features, can be configured through the console, accessed from the Windows Start menu or from a link within the Administrative console. These settings apply to the computer and all users who share the computer.
The first time that you log on to Windows, you will be prompted to set up HP ProtectTools Security Manager. Click OK to launch the Security Manager Setup wizard, which will guide you through the basic steps in configuring the program.
NOTE: You can also launch the Security Wizard by clicking Security Wizard in the bottom section of
the left pane on the Administrative Console.
Follow the on-screen instructions in the Setup Wizard until setup is complete.
If you do not complete the wizard, it will launch automatically until you click Do not show this wizard again.
To use the HP ProtectTools Security Manager applications, launch HP ProtectTools Security Manager from the Start menu or by right-clicking the Security Manager icon in the taskbar notification area (system tray). The Security Manager console and its applications are available to all users who share this computer.
Configuring your system
The System group of applications is accessed from the Tools menu on the left side of the Administrative Console.
By using the applications included in this group, you can configure and manage the policies and settings for this computer, its users and devices.
10 Chapter 2 HP ProtectTools Security Manager Administrative Console ENWW
The following applications are included in the System group.
Security - Manage security features, authentication policies and other settings that govern how users authenticate when logging on to the computer or HP ProtectTools applications.
Users - Set up, manage and enroll users of this computer.
Devices - Manage settings for security devices built-in or connected to the computer.
Enabling security features
The security features enabled here apply to all users of this computer.
1. In the left pane of the Administrative Console, expand Security, and click on Features.
2. To enable a security feature, click the corresponding check box next to Windows Logon
Security and/or Drive Encryption.
Windows Logon Security - protects your Windows account(s) by requiring the use of specific credentials for access.
Drive Encryption - protects your data by encrypting your hard drive(s), making the information unreadable by those without proper authorization.
3. Click the Next button.
4. Click the Apply button.
Defining Security Manager authentication policies
Security Manager authentication policies for this computer are defined on two tabs, Logon and Session, which specify the credentials required to authenticate each class of user when accessing the computer and HP ProtectTools applications during a user session.
Logon tab
To specify the credentials required to access the computer, decrypt the hard drive, and log on to Windows:
1. In the left pane of the Administrative Console, expand Security and click on Authentication.
2. On the Logon tab, select a category of user from the drop-down list.
3. In the Policy section, specify the authentication credential(s) required for the selected category of
user by clicking the check box or boxes next to the listed credentials. You must specify at least one credential.
4. In the Policy section drop-down list, choose whether ANY (only one) of the specified credentials
are required, or if ALL of the specified credentials are required in order to authenticate a user.
5. Click the Apply button.
NOTE: If the Policy is set to “ALL of the specified credentials are required to authenticate” and the
system is configured for both password and Java Card and the Java Card is damaged or lost, all administrators could be locked out of Windows and require special tools to regain access.
ENWW Configuring your system 11
Session tab
To define policies governing the credentials required to authenticate a user when logging on to HP ProtectTools applications during a Windows session:
1. In the left pane of the Administrative Console, expand Security and click on Authentication.
2. On the Session tab, select a category of user.
3. In the Policy section, specify the authentication credential(s) required for the selected category of
user by clicking the check box or boxes next to the listed credentials. You must specify at least one credential.
4. In the Policy section drop-down list, choose whether ANY (only one) of the specified credentials
are required, or if ALL of the specified credentials are required in order to authenticate a user.
5. Click the Apply button.
Defining Settings
You can specify which advanced security settings to allow. To edit the settings:
1. In the left pane of the Administrative Console, expand Security and click on Settings.
2. Click the appropriate check box to enable or disable a specific setting.
3. Click the Apply button to save the changes.
NOTE: The Allow One Step logon setting allows users of this computer to skip Windows logon if
authentication was performed at the BIOS or encrypted disk level.
Managing Users
Within the Users application, Windows administrator can manage this computer's users and the policies that affect them. To access the Users application in the Administrative Console, click on Users.
The HP ProtectTools users are listed and verified against the authentication policies set through Security Manager and against the credentials required to meet those policies.
To view the policies in force for a specific user, select the user from the list and click the View Policies button.
To supervise a users while they enroll credentials, select the user from the list and click the Enroll button.
Adding a user
This process adds users to the Drive Encryption logon list. Before you add a user, that user must already have a Windows user account on the computer and must be present during the following procedure to provide the password.
To add a User to the users list:
1. Click Start, click All Programs, and then click HP ProtectTools Administrative Console.
2. In the Administrative Console left pane, click User.
3. Click the Add button. The Select Users dialog box opens
4. Click the Advanced button and then click the Find Now button to search for users to add.
12 Chapter 2 HP ProtectTools Security Manager Administrative Console ENWW
5. Click a user to be added to the list and then click OK.
6. Click OK in the Select Users dialog box.
7. Type the Windows password for the selected account, and then click Finish.
NOTE: You must use an existing Windows account and type it exactly. You cannot modify or add
a Windows user account using this dialog box.
Removing a user
NOTE: This procedure does not delete the Windows user account. It only removes that account from
Security Manager. To completely remove the user, you must remove the user from both Security Manager and Windows.
1. Click Start, click All Programs, and then click HP ProtectTools Administrative Console.
2. In the Administrative Console left pane, click User.
3. Click the user name for the account you want to remove, and then click Delete.
4. In the confirmation dialog box, click Yes.
Checking user status
The User section of the Administrative Console shows the current status of each user:
Green check mark - Indicates that the user has configured the required security login method(s).
Red X - Indicates that the user has not configured a required security login method and will be locked out of the computer when trying to log in. The user must run the setup wizard to configure the required login method(s).
Blank - Indicates that a security login method is not required.
Specifying device settings
Within the Device application, you can configure the computer to automatically lock when a smart card is removed. However, the computer will lock only if the smart card was used as an authentication credential when logging on to Windows.
1. Click Start, click All Programs, and then click HP ProtectTools Administrative Console.
2. In the Administrative Console left pane, expand Devices and then click Smart Card.
3. Click the check box to enable or disable locking the computer upon smart card removal.
Configuring Applications Settings
The Settings window includes tools for configuring the behavior of Security Manager and its applications. To modify the settings:
1. Click Start, click All Programs, and then click HP ProtectTools Administrative Console.
2. In the Administrative Console left pane, click Settings.
ENWW Configuring Applications Settings 13
3. On the General tab, choose the general settings for HP ProtectTools Security Manager, then click
the Apply button.
4. On the Applications tab, select the applications you want to enable or disable, then click the
Apply button.
NOTE: Enabling or disabling an application may not take effect until the computer is restarted.
Encrypting Drives
Drive Encryption for HP ProtectTools allows you to encrypt computer hard drives, making the hard drive unreadable and inaccessible to any unauthorized person who might try to access it even if the drive has been removed from the computer or sent to a data recovery service.
To enable or disable Drive Encryption, click on the Setup Wizard in the Administrative Console.
For more information on using Drive Encryption for HP ProtectTools, refer to
Drive Encryption for
HP ProtectTools on page 26.
Managing Device Access
Device Access Manager for HP ProtectTools provides advanced security options to selectively disallow various types of devices that can compromise the security of your PC. For more information on using Device Access Manager for HP ProtectTools, refer to
Device Access Manager for HP ProtectTools
on page 59.
14 Chapter 2 HP ProtectTools Security Manager Administrative Console ENWW
3 HP ProtectTools Security Manager
HP ProtectTools Security Manager allows you to significantly increase the security of your computer. Through the use of Security Manager applications, you can:
Manage your logon and passwords
Easily change your Windows password
Set up authentication credentials, including a smart card
Increase the privacy and security of e-mails, documents, and instant messaging
Shred or bleach your hard drive
View drive encryptions status
View device access settings
Activate theft recovery software
Back up and restore Security Manager data
Logging in after Security Manager is configured
Login scenarios vary, depending on the levels of security and security login methods chosen by the Windows administrator during configuration. Several possible scenarios follow:
If all levels of security have been configured and all security login methods are required, users must log in using all of the configured methods when the computer is first turned on. This action logs the user in to Windows.
If all levels of security have been configured and any of the security login methods is permissible, users may log in using any one of the configured security login methods when the computer is first turned on. This action logs the user in to Windows.
If the HP Drive Encryption and the HP Password Manager levels of security have been configured and all security login methods are required, users must log in using all of the configured methods when the HP Drive Encryption login screen opens. This action logs the user in to Windows.
If the HP Drive Encryption and the HP Password Manager levels of security have been configured and any of the configured security login methods is permissible, users may log in using any one of the security login methods when the HP Drive Encryption login screen opens. This action logs the user in to Windows.
ENWW Logging in after Security Manager is configured 15
If the HP Password Manager level of security has been configured and all of the security login methods are required, users must log in using all of the configured methods when the Password Manager login screen opens. This action logs the user in to Windows.
If the HP Password Manager level of security option has been configured and any of the configured security login methods is permissible, users may log in using any one of the security login methods when the Password Manager login screen opens. This action logs the user in to Windows.
NOTE: If the HP Password Manager level of security has not been configured, users must still
enter their Windows password at the Windows login screen, regardless of the security login methods that are required by other levels of security.
Managing passwords
Password Manager for HP ProtectTools creates and manages logons, which allow you to launch and log on to websites and programs by authenticating with your enrolled credentials.
For more information on managing passwords, refer to
Password Manager for HP ProtectTools
on page 21.
Setting credentials
You use your Security Manager Credentials to verify that you are really you. The local administrator of this computer can set up which credentials may be used to prove your identity when logging onto your Windows account, websites, or programs.
Available credentials can vary depending on the security device built in or connected to the computer. Each supported credential will have an entry in the Credentials group.
Changing your Windows password
Security Manager makes changing your Windows password simpler or quicker than doing it through the Windows Control panel.
To change your Windows password:
1. In HP ProtectTools Security Manager, click Credentials in the left pane.
2. Click Windows Password.
3. Type your current password in the Current Windows password box.
4. Type your new password in the New Windows password and Confirm new password boxes.
5. Click Change.
Setting up a Smart Card
A smart card is a plastic card about the size of a credit card with an embedded microchip that can be loaded with information. Smart cards provide protection of information and authentication for individual users. Logging on to a network with a smart card can provide a strong form of authentication when it uses cryptography-based identification and proof of possession when authenticating a user to a domain.
1. In HP ProtectTools Security Manager, click Credentials in the left pane.
2. Click Smart Card.
16 Chapter 3 HP ProtectTools Security Manager ENWW
Loading...
+ 53 hidden pages
Buy Points How it Works FAQ Contact Us Questions and Suggestions Privacy Policy Cookie Policy Terms of Use