HP 6930p - EliteBook - Core 2 Duo 2.8 GHz User Manual
  1. Manuals
  2. Brands
  3. HP Manuals
  4. Laptop
  5. 6930p - EliteBook - Core 2 Duo 2.8 GHz
  6. User manual

HP 6930p - EliteBook - Core 2 Duo 2.8 GHz User Manual

Protecttools (select models only) - windows 7
Hide thumbs Also See for 6930p - EliteBook - Core 2 Duo 2.8 GHz:
Table of Contents

Advertisement

Quick Links

Download this manual See also: Maintenance and Service Manual, Setup Manual
HP ProtectTools
User Guide

Advertisement

Table of Contents
loading

Related Manuals for HP 6930p - EliteBook - Core 2 Duo 2.8 GHz

Summary of Contents for HP 6930p - EliteBook - Core 2 Duo 2.8 GHz

  • Page 1 HP ProtectTools User Guide...
  • Page 2 Microsoft and Windows are U.S. registered trademarks of Microsoft Corporation. Bluetooth is a trademark owned by its proprietor and used by Hewlett-Packard Company under license. Java is a US trademark of Sun Microsystems, Inc. SD Logo is a trademark of its proprietor.

  • Page 3: Table Of Contents

    Table of contents 1 Introduction to security HP ProtectTools features ........................2 Accessing HP ProtectTools Security ....................4 Achieving key security objectives ......................6 Protecting against targeted theft ..................6 Restricting access to sensitive data ..................6 Preventing unauthorized access from internal or external locations ........6 Creating strong password policies ..................
  • Page 4 Exporting an application ..............19 Importing an application ..............20 Modifying credentials ................ 20 Using Application Protection ....................21 Restricting access to an application ..............21 Removing protection from an application ............21 Changing restriction settings for a protected application ........22 Advanced tasks (administrator only) ....................
  • Page 5 Deleting a Trusted Contact ................38 Checking revocation status for a Trusted Contact ..........39 General tasks ............................. 40 Using Privacy Manager in Microsoft Office ................ 40 Using Privacy Manager in Microsoft Outlook ..............43 Using Privacy Manager in Windows Live Messenger ............44 Advanced tasks ..........................
  • Page 6 Advanced tasks ..........................73 Backing up and restoring ....................73 Creating a backup file ..................73 Restoring certification data from the backup file ..........73 Changing the owner password ..................74 Resetting a user password ....................74 Enabling and disabling Embedded Security ..............74 Permanently disabling Embedded Security ............

  • Page 7: Introduction To Security

    Introduction to security HP ProtectTools Security Manager software provides security features that help protect against unauthorized access to the computer, networks, and critical data. Enhanced security functionality is provided by the following software modules: ● Credential Manager for HP ProtectTools ●...

  • Page 8: Hp Protecttools Features

    HP ProtectTools features The following table details the key features of HP ProtectTools modules: Module Key features ● Credential Manager for HP ProtectTools Credential Manager acts as a personal password vault, streamlining the logon process with the Single Sign On feature, which automatically remembers and applies user credentials.
  • Page 9 Module Key features Embedded Security for HP ProtectTools (select ● Embedded Security uses a Trusted Platform Module (TPM) models only) embedded security chip to help protect against unauthorized access to sensitive user data or credentials stored locally on a PC. ●...

  • Page 10: Accessing Hp Protecttools Security

    Accessing HP ProtectTools Security To access HP ProtectTools Security Manager: Click Start, click All Programs, and then click HP ProtectTools Security Manager for Administrators. – or– Click Start, click Control Panel, and then click System and Security. Click HP ProtectTools Security Manager.
  • Page 11 ● The wizard guides Windows® operating system administrators through the configuration of levels of security and of the security logon methods that are used in a pre-boot environment, in Credential Manager, and in Drive Encryption. ● Users also use the setup wizard to configure their security logon methods. NOTE: To access each HP ProtectTools module to set up more powerful features, click the module name.

  • Page 12: Achieving Key Security Objectives

    Achieving key security objectives The HP ProtectTools modules can work together to provide solutions for a variety of security issues, including the following key security objectives: ● Protecting against targeted theft ● Restricting access to sensitive data ● Preventing unauthorized access from internal or external locations ●...

  • Page 13: Creating Strong Password Policies

    information such as patient records or personal financial records. The following features help prevent unauthorized access: ● The pre-boot authentication feature, if enabled, helps prevent access to the operating system. See the following procedures: ◦ Credential Manager ◦ Embedded Security ◦...

  • Page 14: Additional Security Elements

    Additional security elements Assigning security roles In managing computer security (particularly for large organizations), one important practice is to divide responsibilities and rights among various types of administrators and users. NOTE: In a small organization or for individual use, these roles may all be held by the same person. For HP ProtectTools, the security duties and privileges can be divided into the following roles: ●...
  • Page 15 HP ProtectTools password Set in this HP ProtectTools Function module Emergency Recovery Token Embedded Security, by IT Protects access to the Emergency Recovery password administrator Token, which is a backup file for the embedded security chip. NOTE: Also known as: Emergency Recovery Token Key password Owner password...

  • Page 16: Creating A Secure Password

    Creating a secure password When creating passwords, you must first follow any specifications that are set by the program. In general, however, consider the following guidelines to help you create strong passwords and reduce the chances of your password being compromised: ●...

  • Page 17: Credential Manager For Hp Protecttools

    Credential Manager for HP ProtectTools Credential Manager for HP ProtectTools protects against unauthorized access to your computer using the following security features: ● Alternatives to passwords when logging on to Windows, such as using a Java Card or biometric reader to log on to Windows. For additional information, refer to “Registering credentials on page 12.”...

  • Page 18: Setup Procedures

    Setup procedures Logging on to Credential Manager Depending on the configuration, you can log on to Credential Manager in any of the following ways: ● Double-click the HP ProtectTools Security Manager icon in the notification area. ● Click Start, click All Programs, and then select HP ProtectTools Security Manager for Administrators.

  • Page 19: Setting Up The Fingerprint Reader

    Setting up the fingerprint reader In HP ProtectTools Security Manager, click Credential Manager in the left pane. Click My Identity, and then click Register Fingerprints. Follow the on-screen instructions to complete registering your fingerprints and setting up the fingerprint reader. To set up the fingerprint reader for a different Windows user, log on to Windows as that user and then repeat the steps listed above.

  • Page 20: Registering Other Credentials

    Registering other credentials In HP ProtectTools Security Manager, click Credential Manager. Click My Identity, and then click Register Credentials. The Credential Manager Registration Wizard opens. Follow the on-screen instructions. Chapter 2 Credential Manager for HP ProtectTools...

  • Page 21: General Tasks

    General tasks All users have access to the “My Identity” page in Credential Manager. From the “My Identity” page, you can perform the following tasks: ● Change the Windows logon password ● Change a token PIN ● Lock a workstation NOTE: This option is available only if the Credential Manager classic logon prompt is enabled.
  • Page 22 On the Device Type dialog box, click the desired type of device, and then click Next. Select the token for which you want to change the PIN, and then click Next. Follow the on-screen instructions to complete the PIN change. NOTE: If you enter the incorrect PIN for the token several times in sequence, the token gets locked out.

  • Page 23: Locking The Computer (Workstation)

    Locking the computer (workstation) This feature is available if you log on to Windows using Credential Manager. To secure your computer when you are away from your desk, use the Lock Workstation feature. This prevents unauthorized users from gaining access to your computer. Only you and members of the administrators group on your computer can unlock it.

  • Page 24: Using Single Sign On

    Select More, and then click Wizard Options. If you want this to be the default user name the next time that you log on to the computer, select the Use last network account for Windows logon check box. If you want this logon policy to be the default method, select the Use last policy on next logon check box.

  • Page 25: Using Manual (Drag And Drop) Registration

    Using manual (drag and drop) registration In HP ProtectTools Security Manager, click Credential Manager, and then click Services and Applications in the left pane. Click Manage Applications & Credentials. The Credential Manager Single Sign On dialog box is displayed. To modify or remove a previously registered web site or application, select the desired record in the list.

  • Page 26: Importing An Application

    To export an application: In HP ProtectTools Security Manager, click Credential Manager, and then click Services and Applications in the left pane. Click Manage Applications & Credentials. The Credential Manager Single Sign On dialog box is displayed. Click the application entry you want to export, and then click More. Follow the on-screen instructions to complete the export.

  • Page 27: Using Application Protection

    NOTE: You must authenticate your identity before viewing the password. Follow the on-screen instructions. Click OK. Using Application Protection This feature allows you to configure access to applications. You can restrict access based on the following criteria: ● Category of user ●...

  • Page 28: Changing Restriction Settings For A Protected Application

    Changing restriction settings for a protected application Click Manage Protected Applications. Select a category of user whose access you want to manage. NOTE: If the category is not Everyone, you may need to click Override default settings to override the settings for the Everyone category. Click the application you want to change, and then click Properties.

  • Page 29: Advanced Tasks (Administrator Only)

    Advanced tasks (administrator only) The “Authentication and Credentials” page and the “Advanced Settings” page of Credential Manager are available only to those users with administrator rights. From these pages, you can perform the following tasks: ● Specifying how users and administrators log on ●...

  • Page 30: Configuring Credential Manager Settings

    Click the credential type you want to modify. You can modify the credential using one of the following choices: ● To register the credential, click Register, and then follow the on-screen instructions. ● To delete the credential, click Clear, and then click Yes in the confirmation dialog box. ●...
  • Page 31 NOTE: Selecting the Use Credential Manager with classic logon prompt check box allows you to lock your computer. See “Locking the computer (workstation) on page 17.” Advanced tasks (administrator only)

  • Page 32: Example 2-Using The "Advanced Settings" Page To Require User Verification Before Single Sign On

    Example 2—Using the “Advanced Settings” page to require user verification before Single Sign On In HP ProtectTools Security Manager, click Credential Manager, and then click Settings. Click the Single Sign On tab. Under When registered logon dialog or Web page is visited, select the Authenticate user before submitting credentials check box.

  • Page 33: Drive Encryption For Hp Protecttools (Select Models Only)

    Drive Encryption for HP ProtectTools (select models only) CAUTION: If you decide to uninstall the Drive Encryption module, you must first decrypt all encrypted drives. If you do not, you will not be able to access the data on encrypted drives unless you have registered with the Drive Encryption recovery service.

  • Page 34: Setup Procedures

    Setup procedures Opening Drive Encryption Click Start, click All Programs, and then click HP ProtectTools Security Manager for Administrators. Click Drive Encryption. Chapter 3 Drive Encryption for HP ProtectTools (select models only)

  • Page 35: General Tasks

    General tasks Activating Drive Encryption Use the HP ProtectTools Security Manager setup wizard to activate Drive Encryption. Deactivating Drive Encryption Use the HP ProtectTools Security Manager setup wizard to deactivate Drive Encryption. Logging in after Drive Encryption is activated When you turn on the computer after Drive Encryption is activated and your user account is enrolled, you must log in at the Drive Encryption logon screen: NOTE: If the Windows administrator has enabled Pre-boot Security in the HP ProtectTools Security...

  • Page 36: Advanced Tasks

    Advanced tasks Managing Drive Encryption (administrator task) The “Encryption Management” page allows Windows administrators to view and change the status of Drive Encryption (active or inactive) and to view the encryption status of all of the hard drives on the computer.

  • Page 37: Performing A Recovery

    The encryption key is saved on the storage device you selected. Click OK when the confirmation dialog box opens. Performing a recovery Performing a local recovery Turn on the computer. Insert the removable storage device that stores your backup key. When the Drive Encryption for HP ProtectTools logon dialog box opens, click Cancel.

  • Page 38: Privacy Manager For Hp Protecttools (Select Models Only)

    Privacy Manager for HP ProtectTools (select models only) Privacy Manager for HP ProtectTools enables you to use advanced security logon (authentication) methods to verify the source, integrity, and security of communication when using e-mail, Microsoft® Office documents, or instant messaging (IM). Privacy Manager leverages the security infrastructure provided by HP ProtectTools Security Manager, which includes the following security logon methods: ●...

  • Page 39: Opening Privacy Manager

    Opening Privacy Manager To open Privacy Manager: Click Start, click All Programs, and then click HP ProtectTools Security Manager. Click Privacy Manager: Sign and Chat. – or – Right-click the HP ProtectToolsicon in the notification area, at the far right of the taskbar, click Privacy Manager: Sign and Chat, and then click Configuration.

  • Page 40: Setup Procedures

    Setup procedures Managing Privacy Manager Certificates Manager Certificates protect data and messages using a cryptographic technology called public key infrastructure (PKI). PKI requires users to obtain cryptographic keys and a Privacy Manager Certificate issued by a certificate authority (CA). Unlike most data encryption and authentication software that only requires you to authenticate periodically, Privacy Manager requires authentication each time you sign an e-mail message or a Microsoft Office document using a cryptographic key.

  • Page 41: Viewing Privacy Manager Certificate Details

    Authenticate using your chosen security logon method. If you choose to begin the Trusted Contact invitation process, follow the on-screen instructions. – or – If you click Cancel, refer to Managing Trusted Contacts for information on adding a Trusted Contact at a later time.

  • Page 42: Restoring A Privacy Manager Certificate

    To delete a Privacy Manager Certificate: Open Privacy Manager, and click Certificate Manager. Click the Privacy Manager Certificate you want to delete, and then click Advanced. Click Delete. When the confirmation dialog box opens, click Yes. Click Close, and then click Apply. Restoring a Privacy Manager Certificate If you have accidentally deleted a Privacy Manager Certificate, you can restore it using the backup file that you created when you installed or exported the certificate:...

  • Page 43: Adding Trusted Contacts

    Adding Trusted Contacts You send an e-mail invitation to a Trusted Contact recipient. The Trusted Contact recipient responds to the e-mail. You receive the e-mail response from the Trusted Contact recipient, and click Accept. You can send Trusted Contact e-mail invitations to individual recipients or you can send the invitation to all the contacts in your Microsoft Outlook address book.

  • Page 44: Adding Trusted Contacts Using Your Microsoft Outlook Address Book

    Adding Trusted Contacts using your Microsoft Outlook address book Open Privacy Manager, click Trusted Contacts Manager, and then click Invite Contacts. – or – In Microsoft Outlook, click the down arrow next to Send Securely on the toolbar, and then click Invite All My Outlook Contacts.

  • Page 45: Checking Revocation Status For A Trusted Contact

    Checking revocation status for a Trusted Contact Open Privacy Manager, and click Trusted Contacts Manager. Click a Trusted Contact. Click the Advanced button. The Advanced Trusted Contact Management dialog box opens. Click Check Revocation. Click Close. Setup procedures...

  • Page 46: General Tasks

    General tasks Using Privacy Manager in Microsoft Office After you install your Privacy Manager Certificate, a Sign and Encrypt button is displayed on the right side of the toolbar of all Microsoft Word, Microsoft Excel, and Microsoft PowerPoint documents. Configuring Privacy Manager in a Microsoft Office document Right-click the HP ProtectTools icon in the notification area, at the far right of the taskbar, click Privacy Manager, and then click Configuration.
  • Page 47 Click the down arrow next to Sign and Encrypt, and then click Sign Document. Authenticate using your chosen security logon method. Adding suggested signers to a Microsoft Word or Microsoft Excel document You can add more than one signature line to your document by appointing suggested signers. A suggested signer is a user who is designated by the owner of a Microsoft Word or Microsoft Excel document to add a signature line to the document.
  • Page 48 To encrypt a Microsoft Office document: In Microsoft Word, Microsoft Excel, or Microsoft PowerPoint, create and save a document. Click the Home menu. Click the down arrow next to Sign and Encrypt, and then click Encrypt Document. The Select Trusted Contacts dialog box opens. Click the name of a Trusted Contact who will be able to open the document and view its contents.

  • Page 49: Using Privacy Manager In Microsoft Outlook

    NOTE: You do not need to have a Privacy Manager Certificate in order to view a signed Microsoft Office document. When a signed Microsoft Office document is opened, a Signatures dialog box opens next to the document, displaying the name of the user who signed the document and the date it was signed. You can right-click the name to view additional details.

  • Page 50: Using Privacy Manager In Windows Live Messenger

    Click the down arrow next to Send Securely, and then click Seal for Trusted Contacts and Send. Authenticate using your chosen security logon method. Viewing a sealed e-mail message When you open a sealed e-mail message, the security label is displayed in the heading of the e-mail. The security label provides the following information: ●...
  • Page 51 Configuring Privacy Manager Chat for Windows Live Messenger In Privacy Manager Chat, click the Configure Privacy Manager Chat button. – or – In Privacy Manager, click Settings, and then click the Chat tab. – or – In Privacy Manager History Viewer, click theSettings button. To specify the amount of time Privacy Manager Chat waits before locking your session, select a number from the Lock session after _ minutes of inactivity box.
  • Page 52 Starting the Chat History viewer Click Start, click All Programs, and then click HP ProtectTools Security Manager. Click Privacy Manager: Sign and Chat, and then click Chat History Viewer. – or – In a Chat session, click History Viewer or History. ▲...
  • Page 53 You can only search for text in revealed (decrypted) sessions that are displayed in the viewer window. These are the sessions where the Contact Screen Name is shown in plain text. In the Chat History Viewer, click the Search button. Enter the search text, configure any desired search parameters, and then click OK.

  • Page 54: Advanced Tasks

    Advanced tasks Migrating Privacy Manager Certificates and Trusted Contacts to a different computer You can securely migrate your Privacy Manager Certificates and Trusted Contacts to a different computer. To do this, export them as a password-protected file to a network location or any removable storage device, and then import the file to the new computer.

  • Page 55: File Sanitizer For Hp Protecttools

    File Sanitizer for HP ProtectTools File Sanitizer is a tool that allows you to securely shred assets (personal information or files, historical or Web-related data, or other data components) on your computer and periodically bleach your hard drive. NOTE: This version of File Sanitizer supports the system hard drive only. About shredding Deleting an asset in Windows does not completely remove the contents of the asset from your hard drive.

  • Page 56: Setup Procedures

    Setup procedures Opening File Sanitizer To open File Sanitizer: Click Start, click All Programs, and then click HP ProtectTools Security Manager. Click File Sanitizer. – or – ● Double-click the File Sanitizer icon. – or – ● Right-click the HP ProtectTools icon in the notification area, at the far right of the taskbar, click File Sanitizer, and then click Open File Sanitizer.

  • Page 57: Customizing A Shred Profile

    To select a predefined shred profile: Open File Sanitizer, and then click Settings. Click a predefined shred profile. Click View Details to view the list of assets that are selected for shredding. Under Shred the following, select the check box next to each asset that you want to confirm before shredding.

  • Page 58: Setting A Free Space Bleaching Schedule

    NOTE: If you use the simple delete option, free space bleaching can be performed occasionally on the assets that have been deleted manually or by using the Windows Recycle Bin. Open File Sanitizer, click Settings, click Simple Delete Setting, and then click View Details. Select the assets you want to delete: ●...

  • Page 59: General Tasks

    General tasks Using a key sequence to initiate shredding To specify a key sequence, follow these steps: Open File Sanitizer, and click Shred. Select the Key sequence check box. Select either the CTRL box or the ALT box, and then select the SHIFT box. For example, to initiate automatic shredding using the key and ctrl+shift, enter in the box, and...

  • Page 60: Manually Shredding All Selected Items

    – or – Open File Sanitizer, and click Shred. Click the Browse button. When the Browse dialog box opens, navigate to the asset you want to shred, and then click OK. When the confirmation dialog box opens, click Yes. Manually shredding all selected items Right-click the HP ProtectTools icon in the notification area, at the far right of the taskbar, click File Sanitizer, and then click Shred Now.

  • Page 61: Viewing The Log Files

    Files that are successfully shredded or bleached do not appear in the log files. One log file is created for shred operations and another log file is created for free space bleaching operations. Both log files are located on the hard drive at: ● C:\Program Files\Hewlett-Packard\File Sanitizer\[Username]_ShredderLog.txt ● C:\Program Files\Hewlett-Packard\File Sanitizer\[Username]_DiskBleachLog.txt General tasks...

  • Page 62: Bios Configuration For Hp Protecttools

    BIOS Configuration for HP ProtectTools BIOS Configuration for HP ProtectTools provides access to the Computer Setup utility security and configuration settings. This gives users Windows access to system security features that are managed by Computer Setup. With BIOS Configuration, you can accomplish the following objectives: ●...

  • Page 63: General Tasks

    General tasks BIOS Configuration allows you to manage various computer settings that would otherwise be accessible only by pressing at startup to enter Computer Setup. Accessing BIOS Configuration To access BIOS Configuration: Click Start, click Settings, and then click Control Panel. Click HP ProtectTools Security Manager, and then click BIOS Configuration.

  • Page 64: Viewing Or Changing Settings

    Viewing or changing settings To view or change configuration settings: Click one of the BIOS Configuration pages: ● File ● Security ● System Configuration Make your changes, and then click Apply to save your changes and leave the window open. –...

  • Page 65: Viewing System Information

    Viewing system information Use the “File” page to view the following types of information: ● Identification information about the computer (including the serial number) and about batteries in the system ● Specification information about the processor; cache and memory size; video version; keyboard controller version;...

  • Page 66: Advanced Tasks

    Advanced tasks Setting security options Use the “Security” page of BIOS Configuration to enhance the security of your computer. NOTE: Not all options are available on all computers, and additional options may also be included. To set security options: Access BIOS Configuration, and click Security. Select any of the options listed in the table below.

  • Page 67: Setting System Configuration Options

    Option Action Power-On Authentication Support Enable or disable support for smart card power-on authentication. NOTE: This feature is supported only on computers with optional smart card readers. Automatic Drivelock Support Enable or disable. Administrator Tools Option Action HP SpareKey Enable or disable. Always Prompt for HP SpareKey Enrollment Enable or disable.
  • Page 68 To set system configuration options: Access BIOS Configuration, and then click System Configuration. Select one of the following options, as described in the table below: ● Language options ● Port options ● Boot options ● Device configuration options ● Built-in device options ●...

  • Page 69: Boot Options

    Option Action Serial Port Enable or disable. Parallel Port Enable or disable. Flash Media Reader Enable or disable. USB Port Enable or disable. 1394 port Enable or disable. Express Card slot Enable or disable. Smart Card Enable or disable. Boot options Option Action Startup Menu Delay (Sec)
  • Page 70 Option Action UEFI Boot Mode Enable or disable. HDD Translation Mode Select Bit-shift or LBA-assisted. Virtualization technology Enable or disable the option to allow multiple virtual machines to run side by side on the same computer. Built-in device options Option Action Wireless Button State Enable or disable.
  • Page 71 Option Action Serial Port Mode Security Level Change, view, or hide. Parallel Port Mode Security Level Change, view, or hide. CD-ROM Boot Security Level Change, view, or hide. Floppy Boot Security Level Change, view, or hide. Internal Network Adapter Boot Security Level Change, view, or hide.
  • Page 72 Option Action USB Key Provisioning Support Change, view, or hide. Firmware Progress Event Support Security Level Change, view, or hide. Unconfigure AMT Security Level Change, view, or hide. Terminal Emulation Mode Security Level Change, view, or hide. Firmware Progress Event Support Security Level Change, view, or hide.

  • Page 73: Embedded Security For Hp Protecttools (Select Models Only)

    Embedded Security for HP ProtectTools (select models only) NOTE: The integrated Trusted Platform Module (TPM) embedded security chip must be installed in your computer to use Embedded Security for HP ProtectTools. Embedded Security for HP ProtectTools protects against unauthorized access to user data or credentials.

  • Page 74: Setup Procedures

    Setup procedures CAUTION: To reduce security risk, it is highly recommended that your IT administrator immediately initialize the embedded security chip. Failure to initialize the embedded security chip could result in an unauthorized user, a computer worm, or a virus taking ownership of the computer and gaining control over the owner tasks, such as handling the emergency recovery archive, and configuring user access settings.

  • Page 75: Initializing The Embedded Security Chip

    Initializing the embedded security chip In the initialization process for Embedded Security, you will perform the following tasks: ● Set an owner password for the embedded security chip that protects access to all owner functions on the embedded security chip. ●...

  • Page 76: Setting Up The Basic User Account

    Setting up the basic user account Setting up a basic user account in Embedded Security accomplishes the following tasks: ● Produces a Basic User Key that protects encrypted information, and sets a Basic User Key password to protect the Basic User Key. ●...

  • Page 77: General Tasks

    General tasks After the basic user account is set up, you can perform the following tasks: ● Encrypting files and folders ● Sending and receiving encrypted e-mail Using the Personal Secure Drive After setting up the PSD, you are prompted to type the Basic User Key password at the next logon. If the Basic User Key password is entered correctly, you can access the PSD directly from Windows Explorer.

  • Page 78: Changing The Basic User Key Password

    Changing the Basic User Key password To change the Basic User Key password: Click Start , click All Programs, and then click HP ProtectTools Security Manager. In the left pane, click Embedded Security, and then click User Settings. In the right pane, under Basic User Key password, click Change. Type the old password, and then set and confirm the new password.

  • Page 79: Advanced Tasks

    Advanced tasks Backing up and restoring The Embedded Security backup feature creates an archive that contains certification information to be restored in case of emergency. Creating a backup file To create a backup file: Click Start, click All Programs, and then click HP ProtectTools Security Manager. In the left pane, click Embedded Security, and then click Backup.

  • Page 80: Changing The Owner Password

    Changing the owner password To change the owner password: Click Start, click All Programs, and then click HP ProtectTools Security Manager. In the left pane, click Embedded Security, and then click Advanced. In the right pane, under Owner Password, click Change. Type the old owner password, and then set and confirm the new owner password.

  • Page 81: Migrating Keys With The Migration Wizard

    Migrating keys with the Migration Wizard Migration is an advanced administrator task that allows the management, restoration, and transfer of keys and certificates. For details on migration, refer to the Embedded Security software Help. Advanced tasks...

  • Page 82: Device Access Manager For Hp Protecttools (Select Models Only)

    Device Access Manager for HP ProtectTools (select models only) This security tool is available to administrators only. Device Access Manager for HP ProtectTools has the following security features that protect against unauthorized access to devices attached to your computer system: ●...

  • Page 83: Starting Background Service

    Starting background service For device profiles to be applied, the HP ProtectTools Device Locking/Auditing background service must be running. When you first attempt to apply device profiles, HP ProtectTools Security Manager opens a dialog box to ask if you would you like to start the background service. Click Yes to start the background service and set it to start automatically whenever the system boots.

  • Page 84: Simple Configuration

    Simple configuration When Device Access Manager is installed, a Device Administrators group is created, and is then populated by the system administrator. Simple configuration allows you to deny access to the following classes of devices for all non-Device Administrators: ● All removable media (floppy disks, pen drives, etc.) ●...

  • Page 85: Device Class Configuration (Advanced)

    Device class configuration (advanced) More selections are available to allow specific users or groups of users to be granted or denied access to types of devices. Adding a user or a group Click Start, click All Programs, and then click HP ProtectTools Security Manager. In the left pane, click Device Access Manager, and then click Device Class Configuration.

  • Page 86: Allowing Access To A Specific Device For One User Of A Group

    Under User/Groups, add the group to be denied access. Click Deny next to the group to be denied access. Navigate to the folder below that of the required class and add the specific user. Click Allow to grant this user access. Click Apply, and then click OK.

  • Page 87: Troubleshooting

    Troubleshooting Credential Manager for HP ProtectTools Short description Details Solution Using the Credential Using TPM authentication, the user is Using Credential Manager Single Sign On tools allows Manager Network only logged on to the local computer. the user to authenticate other accounts. Accounts option, a user can select which domain account to log on to.

  • Page 88: Chapter 9 Troubleshooting

    Short description Details Solution Windows password from Credential local PC, Credential Manager can only change the Manager, the administrator gets an error password used to log on. logon failure: User account restriction. Credential Manager has If the user logs on to Credential Manager, HP is researching a workaround for future product incompatibility issues with creates a document in WordPerfect, and...
  • Page 89 Short description Details Solution HP is investigating resolution options for future customer software releases. The security Restore When user restores identity, Credential This is currently by design. Identity process loses Manager can lose the association with When uninstalling Credential Manager without keeping association with virtual the location of the virtual token at logon identities, the system (server) part of the token is...

  • Page 90: Embedded Security For Hp Protecttools (Select Models Only)

    Embedded Security for HP ProtectTools (select models only) Short description Details Solution Encrypting folders, If the user copies files and folders to the This is as designed. subfolders, and files on PSD and tries to encrypt folders/files or Moving files/folders to the PSD automatically encrypts PSD causes an error folders/subfolders, the Error Applying them.
  • Page 91 Short description Details Solution Errors occur after a power If there is a power loss during the Perform the following procedure to recover from the loss interrupts Embedded initialization of the Embedded Security power loss: Security initialization. chip, the following issues occur: NOTE: Use the arrow keys to select various menus, ●...
  • Page 92 Short description Details Solution An intermittent encrypt This is an extremely intermittent error To resolve the failure: and decrypt error occurs: during file encryption or decryption which Restart the system. The process cannot occurs because the file is being used by access the file because another process, even though that file or Log off.
  • Page 93 Short description Details Solution Secure e-mail is Embedded security software and the This behavior is as designed. Configuration of TPM e- supported, even when wizard do not control settings of an e- mail settings does not prohibit editing encryption secure e-mail is not mail client (Outlook, Outlook Express, or settings directly in an e-mail client.
  • Page 94 Short description Details Solution and is not accessed by another process. The user must reboot the system in order to delete the PSD and it is not loaded after reboot. An internal error is In Embedded Security, if the user clicks If the user selects SpSystemBackup.xml when the detected when the user is the Restore under Backup option to...
  • Page 95 Short description Details Solution Automatic backup does When an administrator sets up The workaround is to change the NT AUTHORITY not work with the mapped Automatic Backup in Embedded \SYSTEM to (computer name)\(admin name). This is drive. Security, it creates an entry in the default setting if the Scheduled Task is created Windows >...

  • Page 96: Device Access Manager For Hp Protecttools

    Device Access Manager for HP ProtectTools Short description Details Solution Users have been denied Simple Configuration and/or Device Verify that the HP ProtectTools Device Locking service access to devices within Class Configuration have been used has started. Device Access Manager, within Device Access Manager to deny As an administrative user, browse to Control Panel >...

  • Page 97: Miscellaneous

    Miscellaneous Software Impacted— Details Solution Short description Security Manager— All security applications such as The Security Manager software must be installed Warning received: The Embedded Security, Java Card Security, before installing any security plug-in. security application can and biometrics are extendable plug-ins not be installed until the for the Security Manager interface.
  • Page 98 Software Impacted— Details Solution Short description an error is returned when upper right of the screen to close Manager. Since PTHOST.exe is the shell housing the closing the Security Security Manager before all plug-in other applications (plug-ins), it depends on the ability of Manager interface.
  • Page 99 Software Impacted— Details Solution Short description Security Power-On Power-On Authentication prompts the To be able to write to BIOS, the user must type the BIOS Authentication overlaps user to log on to the system using the password instead of the TPM password at the Power- the BIOS Password during TPM password, but, if the user presses on Authentication window.

  • Page 100: Glossary

    Glossary activation The task that must be completed before any of the Drive Encryption features are accessible. Drive Encryption is activated using the HP ProtectTools Security Manager setup wizard. Only an administrator can activate Drive Encryption. The activation process consists of activating the software, encrypting the drive, creating a user account, and creating the initial backup encryption key on a removable storage device.
  • Page 101 digital certificate Electronic credentials that confirm the identity of an individual or a company by binding the identity of the digital certificate owner to a pair of electronic keys that are used to sign digital information. digital signature Data sent with a file that verifies the sender of the material, and that the file has not been modified after it was signed.
  • Page 102 PSD Personal secure drive, which provides a protected storage area for sensitive information. reboot Process of restarting the computer. reveal A task that allows the user to decrypt one or more chat history sessions, displaying the Contact Screen Name(s) in plain text and making the session available for viewing. revocation password A password that is created when a user requests a digital certificate.
  • Page 103 trusted IM communication A communication session during which trusted messages are sent from a trusted sender to a Trusted Contact. trusted message A communication session during which trusted messages are sent from a trusted sender to a Trusted Contact. Trusted Platform Module (TPM) embedded security chip (select models only) The generic term for the HP ProtectTools Embedded Security Chip.

  • Page 104: Index

    Index viewing settings 58 settings, configuring 24 access viewing system information 59 setup procedures 12 controlling 76 BIOS Configuration for HP Single Sign On (SSO) 18 preventing unauthorized 6 ProtectTools 56 SSO application, exporting 19 accessing 57 boot options 61, 63 SSO application, importing 20 accessing HP ProtectTools built-in device options 61, 64...
  • Page 105 user or group, denying access setup procedures 68 HP ProtectTools Security, to 79 troubleshooting 84 accessing 4 user or group, removing 79 emergency recovery 69 device configuration options 61, emergency recovery token initializing embedded security password chip 69 disabling definition 9 Embedded Security 74 setting 69 Embedded Security,...
  • Page 106 adding a signature line when managing Privacy Manager viewing a signed Microsoft signing a Microsoft Word or certificates 34 Office document 42 Microsoft Excel managing trusted contacts 36 viewing an encrypted Microsoft document 40 migrating Privacy Manager Office document 43 adding a suggested signer's Certificates and Trusted viewing chat history 45...
  • Page 107 modifying application properties 19 removing applications 19 system configuration options boot options 61 built-in device options 61 device configuration options 61 port options 61 system configuration options 61 targeted theft, protecting against 6 token, Credential Manager 13 TPM chip enabling 68 initializing 69 troubleshooting Credential Manager 81...

Table of Contents