HP Compaq 2210b User Manual
Protecttools
Hide thumbs
Also See for Compaq 2210b:
- Maintenance and service manual (149 pages) ,
- Multiboot user manual (17 pages) ,
- Network manual (16 pages)
Table of Contents
Advertisement
Advertisement
Table of Contents
Troubleshooting
Related Manuals for HP Compaq 2210b
Summary of Contents for HP Compaq 2210b
- Page 1 ProtectTools User Guide...
- Page 2 Logo is a trademark of its proprietor. The information contained herein is subject to change without notice. The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty.
-
Page 3: Table Of Contents
Additional security elements ... 6 Assigning security roles ... 6 Managing HP ProtectTools passwords ... 6 HP ProtectTools Backup and Restore ... 8 2 Credential Manager for HP ProtectTools Setup procedures ... 12 Logging on to Credential Manger ... 12 Registering credentials ... - Page 4 Resetting a user password ... 34 Enabling and disabling Embedded Security ... 34 Migrating keys with the Migration Wizard ... 35 4 Java Card Security for HP ProtectTools General tasks ... 38 Changing a Java Card PIN ... 38 Selecting the card reader ... 38 Removing an account ...
- Page 5 Managing boot options ... 44 Enabling and disabling system configuration options ... 45 Advanced tasks ... 47 Managing HP ProtectTools add-on module settings ... 47 Managing Computer Setup passwords ... 49 6 Device Access Manager for HP ProtectTools Starting background service ... 54 Simple configuration ...
- Page 6 Glossary ... 77 Index ... 79 ENWW...
-
Page 7: Introduction To Security
Drive Encryption for HP ProtectTools The software modules available for your computer may vary depending on your model. For example, Embedded Security for HP ProtectTools is available only for computers on which the Trusted Platform Module (TPM) embedded security chip is installed. -
Page 8: Hp Protecttools Features
HP ProtectTools features The following table details the key features of HP ProtectTools modules: Module Credential Manager for HP ProtectTools Embedded Security for HP ProtectTools Java Card Security for HP ProtectTools BIOS Configuration for HP ProtectTools Device Access Manager for HP ProtectTools... -
Page 9: Accessing Hp Protecttools Security
Select Start > All Programs > HP ProtectTools Security Manager. ▲ NOTE: After you have configured the Credential Manager module, you can also open HP ProtectTools by logging on to Credential Manager directly from the Windows logon screen. For more information, refer to ENWW “Logging on to Windows with Credential Manager on page... -
Page 10: Achieving Key Security Objectives
Achieving key security objectives The HP ProtectTools modules can work together to provide solutions for a variety of security issues, including the following key security objectives: ● Protecting against targeted theft ● Restricting access to sensitive data ● Preventing unauthorized access from internal or external locations ●... -
Page 11: Preventing Unauthorized Access From Internal Or External Locations
Credential Manager ● “Using Single Sign On on page ● Device Access Manager for HP ProtectTools allows IT managers to restrict access to writeable devices so sensitive information cannot be copied from the hard drive. See configuration on page ●... -
Page 12: Additional Security Elements
In a small organization or for individual use, these roles may all be held by the same person. For HP ProtectTools, the security duties and privileges can be divided into the following roles: ● Security officer—Defines the security level for the company or network and determines the security features to deploy, such as Java™... - Page 13 Also known as BIOS administrator, Setup, or Security Setup password Power-on password Windows Logon password ENWW Set in this HP ProtectTools Function module turned on, restarted, or restored from hibernation. Embedded Security, by IT Protects access to the Emergency Recovery...
-
Page 14: Creating A Secure Password
Do not share accounts or tell anyone your password. HP ProtectTools Backup and Restore HP ProtectTools Backup and Restore provides a convenient and quick way to back up and restore credentials from all supported HP ProtectTools modules. Backing up credentials and settings You can back up credentials in the following ways: ●... - Page 15 Select Start > All Programs > HP ProtectTools Security Manager. In the left pane, click HP ProtectTools, and then click Backup and Restore. In the right pane, click Backup Options. The HP ProtectTools Backup Wizard opens. Follow the on-screen instructions to back up credentials.
-
Page 16: Restoring Credentials
Select Start > All Programs > HP ProtectTools Security Manager. In the left pane, click HP ProtectTools, and then click Backup and Restore. In the right pane, click Restore. The HP ProtectTools Restore Wizard opens. Follow the on-screen instructions. Configuring settings Select Start >... -
Page 17: Credential Manager For Hp Protecttools
Credential Manager for HP ProtectTools Credential Manager for HP ProtectTools protects against unauthorized access to your computer using the following security features: ● Alternatives to passwords when logging on to Windows, such as using a Java Card or biometric reader to log on to Windows. For additional information, refer to on page 13.”... -
Page 18: Setup Procedures
● From the Windows logon screen ● From the notification area, by double-clicking the HP ProtectTools Security Manager icon ● From the “Credential Manager” page of ProtectTools Security Manager, by clicking the Log On link in the upper-right corner of the window Follow the on-screen instructions to log on to Credential Manager. -
Page 19: Logging On For The First Time
Before you begin, you must be logged on to Windows with an administrator account, but not logged on to Credential Manager. Open HP ProtectTools Security Manager by double-clicking the HP ProtectTools Security Manager icon in the notification area. The HP ProtectTools Security Manager window opens. -
Page 20: Setting Up The Fingerprint Reader
15.” Select Start > All Programs > HP ProtectTools Security Manager. In the left pane, click Credential Manager. In the right pane, click Register Smart Card or Token. The Credential Manager Registration Wizard opens. -
Page 21: General Tasks
PIN to complete the authentication. To create a new virtual token: Select Start > All Programs > HP ProtectTools Security Manager. In the left pane, click Credential Manager. In the right pane, click Virtual Token. The Credential Manager Registration Wizard opens. -
Page 22: Managing Identity
Clearing an identity from the system NOTE: This does not affect your Windows user account. Select Start > All Programs > HP ProtectTools Security Manager. In the left pane, click Credential Manager. In the right pane, click Clear Identity for this Account. -
Page 23: Locking The Computer
Credential Manager settings on page To lock the computer: Select Start > All Programs > HP ProtectTools Security Manager. In the left pane, click Credential Manager. In the right pane, click Lock Workstation. The Windows logon screen is displayed. You must use a Windows password or the Credential Manager Logon Wizard to unlock the computer. -
Page 24: Adding An Account
Adding an account Select Start > All Programs > HP ProtectTools Security Manager. In the left pane, click Credential Manager, and then click Services and Applications. In the right pane, click Windows Logon, and then click Add a Network Account. The Add Network Account Wizard opens. -
Page 25: Using Manual (Drag And Drop) Registration
Click Yes to complete the registration. Using manual (drag and drop) registration Select Start > All Programs > HP ProtectTools Security Manager. In the left pane, click Credential Manager, and then click Services and Applications. In the right pane, click Single Sign On, and then click Register New Application. The SSO Application Wizard opens. -
Page 26: Exporting An Application
To export an application: Select Start > All Programs > HP ProtectTools Security Manager. In the left pane, click Credential Manager, and then click Services and Applications. In the right pane, under Single Sign On, click Manage Applications and Credentials. -
Page 27: Using Application Protection
User inactivity Restricting access to an application Select Start > All Programs > HP ProtectTools Security Manager. In the left pane, click Credential Manager, and then click Services and Applications. In the right pane, under Application Protection, click Manage Protected Applications. The Application Protection Service dialog box opens. -
Page 28: Changing Restriction Settings For A Protected Application
Click OK. Changing restriction settings for a protected application Select Start > All Programs > HP ProtectTools Security Manager. In the left pane, click Credential Manager, and then click Services and Applications. In the right pane, under Application Protection, click Manage Protected Applications. The Application Protection Service dialog box opens. -
Page 29: Advanced Tasks (Administrator Only)
To specify how users or administrators log on: Select Start > All Programs > HP ProtectTools Security Manager. In the left pane, click Credential Manager, and then click Authentication and Credentials. In the right pane, click the Authentication tab. -
Page 30: Configuring Custom Authentication Requirements
“Authentication and Credentials” page, you can create custom requirements. To configure custom requirements: Select Start > All Programs > HP ProtectTools Security Manager. In the left pane, click Credential Manager, and then click Authentication and Credentials. In the right pane, click the Authentication tab. -
Page 31: Configuring Credential Manager Settings
To modify Credential Manager settings: Select Start > All Programs > HP ProtectTools Security Manager. In the left pane, click Credential Manager, and then click Settings. In the right pane, click the appropriate tab for the settings you want to modify. -
Page 32: Example 2-Using The "Advanced Settings" Page To Require User Verification Before Single Sign On
Example 2—Using the “Advanced Settings” page to require user verification before Single Sign On Select Start > All Programs > HP ProtectTools Security Manager. In the left pane, click Credential Manager, and then click Settings. In the right pane, click the Single Sign On tab. -
Page 33: Embedded Security For Hp Protecttools
The TPM embedded security chip enhances and enables other HP ProtectTools Security Manager security features. For example, Credential Manager for HP ProtectTools can use the embedded chip as an authentication factor when the user logs on to Windows. On select models, the TPM embedded security chip also enables enhanced BIOS security features accessed through BIOS Configuration for HP ProtectTools. -
Page 34: Setup Procedures
Enabling the embedded security chip The embedded security chip must be enabled in the Computer Setup utility. This procedure cannot be performed in BIOS Configuration for HP ProtectTools. To enable the embedded security chip: Open Computer Setup by turning on or restarting the computer, and then pressing “f10 = ROM Based Setup”... -
Page 35: Initializing The Embedded Security Chip
Basic User Keys for all users. To initialize the embedded security chip: Right-click the HP ProtectTools Security Manager icon in the notification area, at the far right of the taskbar, and then select Embedded Security Initialization. The HP ProtectTools Embedded Security Initialization Wizard opens. -
Page 36: Setting Up The Basic User Account
To set up a basic user account and enable the user security features: If the Embedded Security User Initialization Wizard is not open, select Start > All Programs > HP ProtectTools Security Manager. In the left pane, click Embedded Security, and then click User Settings. -
Page 37: General Tasks
General tasks After the basic user account is set up, you can perform the following tasks: ● Encrypting files and folders ● Sending and receiving encrypted e-mail Using the Personal Secure Drive After setting up the PSD, you are prompted to type the Basic User Key password at the next logon. If the Basic User Key password is entered correctly, you can access the PSD directly from Windows Explorer. -
Page 38: Changing The Basic User Key Password
Changing the Basic User Key password To change the Basic User Key password: Select Start > All Programs > HP ProtectTools Security Manager. In the left pane, click Embedded Security, and then click User Settings. In the right pane, under Basic User Key password, click Change. -
Page 39: Advanced Tasks
Select Start > All Programs > HP ProtectTools Security Manager. In the left pane, click Embedded Security, and then click Backup. In the right pane, click Backup. The HP Embedded Security for ProtectTools Backup Wizard opens. Follow the on-screen instructions. -
Page 40: Changing The Owner Password
Changing the owner password To change the owner password: Select Start > All Programs > HP ProtectTools Security Manager. In the left pane, click Embedded Security, and then click Advanced. In the right pane, under Owner Password, click Change. Type the old owner password, and then set and confirm the new owner password. -
Page 41: Migrating Keys With The Migration Wizard
Migrating keys with the Migration Wizard Migration is an advanced administrator task that allows the management, restoration, and transfer of keys and certificates. For details on migration, refer to the Embedded Security online Help. ENWW Advanced tasks... - Page 42 Chapter 3 Embedded Security for HP ProtectTools ENWW...
-
Page 43: Java Card Security For Hp Protecttools
Java Card Security for HP ProtectTools Java Card Security for HP ProtectTools manages the Java Card setup and configuration for computers equipped with an optional card reader. With Java Card Security, you can accomplish the following tasks: ● Access Java Card Security features ●... -
Page 44: General Tasks
NOTE: The Java Card PIN must be between 4 and 8 numeric characters. Select Start > All Programs > HP ProtectTools Security Manager. In the left pane, click Java Card Security, and then click General. Insert a Java Card (with an existing PIN) into the card reader. -
Page 45: Advanced Tasks (Administrators Only)
NOTE: The Java Card PIN must be between 4 and 8 numeric characters. Select Start > All Programs > HP ProtectTools Security Manager. In the left pane, click Java Card Security, and then click Advanced. Insert a new Java Card into the card reader. -
Page 46: Assigning A Name To A Java Card
You must assign a name to a Java Card before it can be used for power-on authentication. To assign a name to a Java Card: Select Start > All Programs > HP ProtectTools Security Manager. In the left pane, click Java Card Security, and then click Advanced. -
Page 47: Enabling Java Card Power-On Authentication And Creating An Administrator Java Card
When you are prompted to create a recovery file, click Cancel to create a recovery file at a later time or click OK and follow the on-screen instructions in the HP ProtectTools Backup Wizard to create a recovery file now. -
Page 48: Creating A User Java Card
Java Card. To create a user Java Card: Select Start > All Programs > HP ProtectTools Security Manager. In the left pane, click Java Card Security, and then click Advanced. Insert a Java Card that will be used as a user card. -
Page 49: Bios Configuration For Hp Protecttools
BIOS Configuration for HP ProtectTools BIOS Configuration for HP ProtectTools provides access to the Computer Setup utility security and configuration settings. This gives users Windows access to system security features that are managed by Computer Setup. With BIOS Configuration, you can accomplish the following objectives: ●... -
Page 50: General Tasks
If you have enabled MultiBoot, select the boot order by selecting a boot device, and then clicking the up arrow or the down arrow to adjust its order in the list. Click Apply, and then click OK in the HP ProtectTools window. Chapter 5 BIOS Configuration for HP ProtectTools at startup and entering Computer Setup. -
Page 51: Enabling And Disabling System Configuration Options
Some of the items listed below may not be supported by your computer. To enable or disable devices or security options: Select Start > All Programs > HP ProtectTools Security Manager. In the left pane, click BIOS Configuration. Type your Computer Setup administrator password at the BIOS administrator password prompt, and then click OK. - Page 52 Embedded WWAN Device Radio ● Embedded Bluetooth® Device Radio ● LAN/WLAN Switching ● Wake on LAN from Off Click Apply, and then click OK in the HP ProtectTools window to save your changes and exit. Chapter 5 BIOS Configuration for HP ProtectTools ENWW...
-
Page 53: Advanced Tasks
Advanced tasks Managing HP ProtectTools add-on module settings Some of the features of HP ProtectTools Security Manager can be managed in BIOS Configuration. Enabling and disabling smart card power-on authentication support Enabling this option allows you to use a smart card for user authentication when you turn on the computer. -
Page 54: Enabling And Disabling Power-On Authentication Support For Embedded Security
NOTE: To fully enable the power-on authentication feature, you must also configure the TPM embedded security chip using the Embedded Security for HP ProtectTools module. To enable power-on authentication support for embedded security: Select Start > All Programs > HP ProtectTools Security Manager. -
Page 55: Enabling And Disabling Automatic Drivelock Hard Drive Protection
Setup, and also to manage various password settings. CAUTION: saved immediately upon clicking the Apply or OK button in the HP ProtectTools window. Be sure that you remember what password you have set, because you will not be able to undo a password setting without supplying the previous password. -
Page 56: Setting The Power-On Password
Type and confirm the password in the Enter Password and Verify Password boxes. Click OK in the Passwords dialog box. Click Apply, and then click OK in the HP ProtectTools window. Changing the power-on password To change the power-on password: Select Start >... -
Page 57: Changing The Setup Password
Click OK in the Passwords dialog box. Click Apply, and then click OK in the HP ProtectTools window. Setting password options You can use BIOS Configuration for HP ProtectTools to set password options to enhance the security of your system. Enabling and disabling stringent security... - Page 58 In the right pane, under Password Options, enable or disable Require password on restart. Click Apply, and then click OK in the HP ProtectTools window. Chapter 5 BIOS Configuration for HP ProtectTools ENWW...
-
Page 59: Device Access Manager For Hp Protecttools
Device Access Manager for HP ProtectTools This security tool is available to administrators only. Device Access Manager for HP ProtectTools has the following security features that protect against unauthorized access to devices attached to your computer system: ● Device profiles that are created for each user to define device access ●... -
Page 60: Starting Background Service
For device profiles to be applied, the HP ProtectTools Device Locking/Auditing background service must be running. When you first attempt to apply device profiles, HP ProtectTools Security Manager opens a dialog box to ask if you would you like to start the background service. Click Yes to start the background service and set it to start automatically whenever the system boots. -
Page 61: Simple Configuration
All serial and parallel ports for all non-administrators To deny access to a class of device for all non-administrators: Select Start > All Programs > HP ProtectTools Security Manager. In the left pane, click Device Access Manager, and then click Simple Configuration. -
Page 62: Device Class Configuration (Advanced)
Adding a user or a group Select Start > All Programs > HP ProtectTools Security Manager. In the left pane, click Device Access Manager, and then click Device Class Configuration. In the device list, click the device class that you want to configure. -
Page 63: Allowing Access To A Specific Device For One User Of A Group
To allow access to a specific device for one user but not the group: Select Start > All Programs > HP ProtectTools Security Manager. In the left pane, click Device Access Manager, and then click Device Class Configuration. - Page 64 Chapter 6 Device Access Manager for HP ProtectTools ENWW...
-
Page 65: Drive Encryption For Hp Protecttools
Drive Encryption for HP ProtectTools CAUTION: encrypted drives. If you do not, you will not be able to access the data on encrypted drives unless you have registered with the Drive Encryption recovery service (see Reinstalling the Drive Encryption module will not enable you to access the encrypted drives. -
Page 66: Encryption Management
Select Start > All Programs > HP ProtectTools Security Manager. In the left pane, click Drive Encryption, and then click Encryption Management. In the right pane, click Activate. The Drive Encryption for HP ProtectTools Wizard opens. Follow the on-screen instructions to activate encryption. -
Page 67: User Management
User management Add a user Select Start > All Programs > HP ProtectTools Security Manager. In the left pane, click Drive Encryption, and then click User Management. In the right pane, click Add. Click a user name in the User Name list or type a user name in the Username box. -
Page 68: Recovery
In the right pane, click Click here to backup your keys. Select a diskette, flash storage device, or some other USB-connected storage media on which to save the recovery information, and then click Next. The Drive Encryption for HP ProtectTools Wizard opens. -
Page 69: Troubleshooting
Single Sign On, which is available in the Credential Manager online Help files. If a specific Single Sign On cannot be disabled for a given application, call HP technical support and request 3rd-level support through your HP Service contact. The browse option was removed because it allowed non-users to delete and rename files and take control of Windows. -
Page 70: Chapter 8 Troubleshooting
PC, Credential Manager can only change the password used to log on. HP is researching a workaround for future product enhancements. HP is researching a workaround for future product enhancements. - Page 71 Manager has the virtual token registered, the user must reregister the token to restore the association. Solution HP is investigating resolution options for future customer software releases. This is currently by design. When uninstalling Credential Manager without keeping identities, the system (server) part of the token is...
-
Page 72: Embedded Security For Hp Protecttools
Microsoft EFS is supported only on NTFS and does not function on FAT32. This is a feature of Microsoft EFS and is not related to HP ProtectTools software. This is as designed. Users have access rights to an emergency archive so that they can save/update their Basic User Key backup copy. - Page 73 This is as designed. The Computer Setup (f10) Utility password can only be removed by a user who knows the password. However, HP strongly recommends having the Computer Setup (f10) Utility password protected at all times. This is by design.
- Page 74 This is by design—to avoid issues with Microsoft EFS, a 30-second watchdog timer was created to generate the error message). HP will correct this in a future release. The ability to encrypt does not require password authentication, since this is a feature of the Microsoft EFS encryption.
- Page 75 Usage of secure e- mail is set and controlled by 3rd-party applications. The HP wizard allows linkage to the three reference applications for immediate customization. HP is working to resolve the XML-file-overwrite issue and will provide a solution in a future SoftPaq.
- Page 76 The processes are working as designed and function properly; however, the internal Embedded Security error message is not clear and should state a more appropriate message. HP is working to enhance this in future products. The non-selected users can be restored by resetting the TPM, running the restore process, and selecting all users before the next default daily backup runs.
- Page 77 \SYSTEM to (computer name)\(admin name). This is the default setting if the Scheduled Task is created manually. HP is working to provide future product releases with default settings that include computer name\admin name. HP will address this issue in future releases.
-
Page 78: Device Access Manager For Hp Protecttools
If a user is a member of both those groups (e.g., Administrator), which takes precedence? Solution Verify that the HP ProtectTools Device Locking service has started. As an administrative user, browse to Control Panel > Administrative Tools > Services. In the Services window, search for the HP ProtectTools Device Locking/Auditing service. -
Page 79: Miscellaneous
2.0.0.9 (or greater) If the FW version does not match 2.18, download and update the TPM firmware. The TPM Firmware SoftPaq is a support download available on the HP Web site at http://www.hp.com. This is related to a timing dependency on plug-in... - Page 80 Embedded Security Device, which hides the other Embedded Security options (including Power-on authentication support). However, after reenabling Embedded Security Device, Power-on authentication support remains enabled. HP is working on a resolution, which will be provided in future Web-based ROM SoftPaq offerings. ENWW...
- Page 81 Software Impacted— Short description Security Power-On Authentication overlaps the BIOS Password during boot sequence. The BIOS asks for both the old and new passwords through Computer Setup after the Owner password is changed. ENWW Details Power-On Authentication prompts the user to log on to the system using the TPM password, but, if the user presses f10 to access the BIOS, the user is granted Read rights access only.
- Page 82 Chapter 8 Troubleshooting ENWW...
- Page 83 Glossary Authentication Process of verifying whether a user is authorized to perform a task, for example, accessing a computer, modifying settings for a particular program, or viewing secured data. Automatic DriveLock Security feature that causes the DriveLock passwords to be generated and protected by the TPM Embedded Security chip.
- Page 84 Identity In the HP ProtectTools Credential Manager, a group of credentials and settings that is handled like an account or profile for a particular user. Java Card Small piece of hardware, similar in size and shape to a credit card, which stores identifying information about the owner.
- Page 85 Automatic DriveLock 49 background service, Device Access Manager 54 backing up and restoring certification information 33 Embedded Security 33 HP ProtectTools modules 8 Single Sign On data 20 basic user account 30 Basic User Key password changing 32 setting 30...
- Page 86 Windows Logon 17 Windows logon password, changing 15 Windows logon, allow 25 data, restricting access to 4 decrypting a drive 59 Device Access Manager for HP ProtectTools background service 54 device class configuration 56 device class, allowing access to one 56...
- Page 87 34 changing power-on 50 changing setup 51 Computer Setup, managing 49 emergency recovery token 29 guidelines 8 HP ProtectTools 6 managing 6 owner 29 policies, creating 5 resetting user 34 secure, creating 8 setting options 51 setting power-on 50...
- Page 88 Index ENWW...