HP dc5700 - Microtower PC Manual page 35

Short description
the system becomes
active after Standby status
No password required to
change the Security
Platform Policies.
Microsoft EFS does not
fully work in Windows
2000.
When viewing a
certificate, it shows as
non-trusted.
Intermittent encrypt and
decrypt error occurs: The
process cannot access
the file because it is
being used by another
process.
Data loss in removable
storage occurs if storage
is removed prior to new
data generation or
transfer.
During uninstall, if user
has not initialized the
Basic User and opens the
Administration tool, the
Disable option is not
available and Uninstaller
will not continue until the
Administration tool is
closed.
ENWW
Details
Basic User password. If the user does
not enter the password and the system
goes into Standby, the password dialog
box is no longer available when the user
resumes.
Access to Security Platform Policies
(both Machine and User) does not
require a TPM password for users who
have administrative rights on the system.
An administrator can access encrypted
information on the system without
knowing the correct password. If the
administrator enters an incorrect
password or cancels the password
dialog, the encrypted file will open as if
the administrator had entered the correct
password. This happens regardless of
the security settings used when
encrypting the data. This occurs only in
the first administrator account on
Windows 2000.
After setting up HP ProtectTools and
running the User Initialization Wizard, the
user has the ability to view the certificate
issued; however, when viewing the
certificate, it shows as non-trusted. While
the certificate can be installed at this
point by clicking the install button,
installing it does not make it trusted.
Extremely intermittent error during file
encryption or decryption occurs due to
the file being used by another process,
even though that file or folder is not being
processed by the operating system or
other applications.
Removing storage mediums such as a
MultiBay hard drive still shows PSD
availability and does not generate errors
while adding/modifying data to the PSD.
After system restart, the PSD does not
reflect file changes that occurred while
the removable storage was not available.
The user has the option of uninstalling
either without disabling the TPM or by
first disabling the TPM (through Admin.
tool), then uninstalling. Accessing the
Admin tool requires Basic User Key
initialization. If basic initialization has not
occurred, all options are inaccessible to
the user.
Since the user has explicitly chosen to
open the Admin tool (by clicking Yes in
the dialog box prompting Click Yes to
open Embedded Security
Administration tool), uninstall waits
Solution
The user has to log off and back on to view the PSD
password box again.
This is by design.
Any administrator can modify the Security Platform
Policies with or without TPM user initialization.
The Data Recovery Policy is automatically configured
to designate an administrator as a recovery agent.
When a user key cannot be retrieved (as in the case of
entering the wrong password or canceling the Enter
Password dialog), the file is automatically decrypted
with a recovery key.
This is due to the Microsoft EFS. Please refer to
Microsoft Knowledge Base Technical Article Q257705
at http://www.microsoft.com
The documents cannot be opened by a non-
administrator user
Self-signed certificates are not trusted. In a properly
configured enterprise environment, EFS certificates are
issued by online Certification Authorities and are
trusted.
To resolve the failure:
1. Restart the system.
2. Log off.
3. Log back in.
The issue is only experienced if the user accesses the
PSD, then removes the hard drive before completing
new data generation or transfer. If the user attempts to
access the PSD when the removable hard drive is not
present, an error message is displayed stating that the
device is not ready.
The Admin tool is used for disabling the TPM chip, but
that option is not available unless the Basic User Key
has already been initialized. If it has not, then select
OK or Cancel in order to continue with the
uninstallation process.
Embedded Security for ProtectTools
for more information.
29