1. Manuals
  2. Brands
  3. HP Manuals
  4. Software
  5. Brio BA200
  6. User manual

HP Brio BA200 User Manual

Smart card kit
Hide thumbs Also See for Brio BA200:
Table of Contents

Advertisement

Quick Links

Download this manual See also: User Manual, Installation Manual
HP ProtectTools 2000
Smart Card Kit
User's Guide

Advertisement

Table of Contents
loading

Related Manuals for HP Brio BA200

Summary of Contents for HP Brio BA200

  • Page 1 HP ProtectTools 2000 Smart Card Kit User’s Guide...
  • Page 2 Notice The information contained in this document is subject to change without notice. Hewlett-Packard makes no warranty of any kind with regard to this material, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose. Hewlett-Packard shall not be liable for errors contained herein or for incidental or consequential damages in connection with the furnishing, performance, or use of this material.
  • Page 3 Find out where to get more information and support. • HP Custom Security Services HP offers security consulting services and customized security solutions, including the use of this product and other HP security products. For more information, please contact your HP sales representative. Conventions Used in this Manual This document describes the installation of software on a range of Microsoft operating systems.

  • Page 4: Important Information

    To reduce such a risk, HP strongly recommends you prepare in advance a recovery smart card and/or recovery file that will still give you access to such files in case you lose your smart card and/or password.
  • Page 5 This computer system includes HP ProtectTools 2000. HP ProtectTools 2000 is made of a smart card (and associated reader and software driver) and HP Encryption Smart Card Security System software with the following encryption capabilities. 40bit symmetrical encryption algorithm, used for data encryption •...

  • Page 7: Table Of Contents

    Software Compatibility for PCs Running Windows NT 4.0 ... Features of HP ProtectTools 2000 ......
  • Page 8 Uninstalling HP NTLock ........
  • Page 9 Troubleshooting Table ........HP Smart Card Diagnostics Tool ......75 Diagnostics Online Help.
  • Page 10 English...

  • Page 11: Introduction To Hp Protecttools 2000

    Introduction to HP ProtectTools 2000 This chapter introduces the HP ProtectTools 2000 Smart Card Kit and provides information about system requirements and compatibility. It also tells you where you can get more information about ProtectTools 2000 and smart cards.

  • Page 12: Introduction

    1 Introduction to HP ProtectTools 2000 Introduction Introduction The HP ProtectTools 2000 Smart Card Kit can be installed on a range of HP PCs, OmniBook Notebooks and PC Workstations. It provides smart card secured access to Microsoft Windows 95, Windows 98, Windows NT 4.0 and Windows 2000 platforms.

  • Page 13: Gemsafe Smart Cards

    1 Introduction to HP ProtectTools 2000 Introduction GemSAFE Smart Cards If your ProtectTools 2000 Smart Card Kit comes with a pair of GemSAFE GPK 8K smart cards, you can, as well as enjoying secure Web access, send and receive secure e-mail. GemSAFE cards support encryption/decryption and signature functions.
  • Page 14 1 Introduction to HP ProtectTools 2000 Introduction you fail to enter the correct PIN in three successive attempts, you will no longer be able to use the secure e-mail and Web access features. The card can be reactivated with a special unblock code by going to Ö...

  • Page 15: Before You Begin

    Windows NT 4.0 Service Pack 4 or later is required. Windows NT 4.0 • Windows NT 4.0 Service Pack 6a is provided on the ProtectTools 2000 CD-ROM At least 7 megabytes of free hard disk space. • 1 Introduction to HP ProtectTools 2000 Before You Begin...

  • Page 16: Software Compatibility For Pcs Running Windows Nt 4.0

    (MSGINA.DLL). You may experience compatibility problems with software that replaces the same library (for example Novell Netware Client or pcAnywhere 32). In order to have HP ProtectTools 2000 work properly, do NOT install such software along with HP ProtectTools 2000.

  • Page 17: Features Of Hp Protecttools 2000

    Microsoft EFS (Encrypted File System) is the file encryption security system available with Windows 2000. Since file encryption is already part of the operating system, HP ProtectTools does not offer its file encryption feature for the Windows 2000 environment. Note that you must have a Windows 2000 NTFS partition on your hard drive to use Microsoft EFS.

  • Page 18: Contents Of The Hp Protecttools 2000 Cd-Rom

    • Includes the online help and this manual (in PDF format). The online help provides information about HP Smart Card Security Manager. The online help is installed when you install the HP Smart Card Security System. GemSAFE software and documentation.
  • Page 19 Only these versions (and later) will work correctly with the ProtectTools 2000 software. NOTE HP NTLock is NOT supported on HP Vectra VE or VEi series PCs (with the exception of the HP Vectra VE5 series 4). For the latest information on supported utilities for your PC, refer to...
  • Page 20 1 Introduction to HP ProtectTools 2000 Contents of the HP ProtectTools 2000 CD-ROM...

  • Page 21: Installing Hp Protecttools 2000 Software

    Installing HP ProtectTools 2000 Software This chapter describes how to install ProtectTools 2000 software components. This is not necessary for HP Secure Bundle PCs on which the software is preinstalled. This chapter also has information about uninstalling ProtectTools 2000.

  • Page 22: Before Installing The Software

    2 Installing HP ProtectTools 2000 Software Before Installing the Software Before Installing the Software Before installing any software or drivers, ensure that: You have at least one uninitialized smart card ready. Two • uninitialized cards are provided with the smart card reader. Once the installation process is complete, you will be asked to insert a smart card so that you can initialize it.

  • Page 23: Software Installation Procedure

    To install, double-click on the setup program 2 If you are currently using HP NTLock on your PC (and it is older than version 2.2) or you want to use it: a Uninstall the version of HP NTLock currently on the PC using the...

  • Page 24: Preparing A Pc Running Windows Nt 4.0 (Hp Notebook Pcs)

    2 Installing HP ProtectTools 2000 Software Software Installation Procedure 3 If you currently use HP Soft PowerDown (and it is older than version 5.08) or you want to use it: a Uninstall the version of HP Soft PowerDown currently on the PC using the Ö...

  • Page 25: Installing The Drivers, Software And Reader (Hp Desktop Pcs)

    1 If you are installing ProtectTools 2000 on a PC running Windows NT Windows 2000 4.0 or Windows 2000, log on as Administrator. 2 Insert the HP ProtectTools 2000 CD-ROM in your PC’s CD-ROM drive. If your CD-ROM drive is configured to “autorun”, the ProtectTools 2000 installation screen will appear automatically. If this screen does not appear, use Windows Explorer to browse the CD contents and double-click the file setup.exe in the root directory to...
  • Page 26 11 Install the HP Smart Card Security System from the ProtectTools 2000 installation screen. The accompanying documentation (this manual) is installed at the same time. If you want to install the HP Smart Card Security System manually from the CD-ROM, go to the folder, then double-click on the setup program setup.exe.

  • Page 27: Installing The Drivers, Software And Reader (Hp Notebook Pcs)

    8 Install the HP Smart Card Security System from the ProtectTools 2000 installation screen. The accompanying documentation (this manual) is installed at the same time. If you want to install the HP Smart Card Security System manually from the CD-ROM, go to the hpscss 9 Restart the PC.
  • Page 28 6 Install the HP Smart Card Security System from the ProtectTools 2000 installation screen. The accompanying documentation (this manual) is installed at the same time. If you want to install the HP Smart Card Security System manually from the CD-ROM, go to the folder, then double-click on the setup program setup.exe.

  • Page 29: Installing Optional Items

    7 Install the HP Smart Card Security System from the ProtectTools 2000 installation screen. The accompanying documentation (this manual) is installed at the same time. If you want to install the HP Smart Card Security System manually from the CD-ROM, go to the hpscss 8 Restart the PC.
  • Page 30 2 Installing HP ProtectTools 2000 Software Software Installation Procedure 5 Restart your computer.

  • Page 31: Deploying Protecttools 2000 Using A Network

    2000 software on several PCs remotely and automatically. This section provides some basic guidelines for achieving this. NOTE If you are building a disk image that includes HP ProtectTools 2000 software, make sure that the HP Smart Card Security System component is installed last.
  • Page 32 Run “ scbase /q Windows NT 4.0 HP Smart Card Reader Driver, HP Smart Card Security System, HP Smart Card Diagnostics, and HP NTLock (Windows NT 4.0 only) NOTE If you want to use HP NTLock in conjunction with ProtectTools 2000, and you have a version older than 2.2, you should uninstall this version...

  • Page 33: Uninstalling Hp Protecttools 2000

    Windows NT 4.0 NOTE If you want to use HP NTLock in conjunction with ProtectTools 2000, and you have a version older than 2.2, you should uninstall this version and replace it with the version provided on the ProtectTools 2000 CD- ROM.

  • Page 34: Uninstalling Hp Soft Powerdown

    1 Log on as an Administrator. 2 Using Windows NT Explorer, click your CD-ROM drive. 3 Double-click the 4 Double-click the setup program. 5 Choose the option to remove HP NTLock and follow the instructions on your screen. Uninstalling HP Soft PowerDown Windows NT 4.0 To uninstall the HP Soft PowerDown utility, follow this procedure: 1 Log on as an Administrator.

  • Page 35: Setting Up Hp Protecttools 2000

    Setting up HP ProtectTools 2000 This chapter describes how to carry out initial setup of ProtectTools 2000 on your PC. For more detailed information, see chapter 4, Managing Security and Smart Cards.

  • Page 36: Preparing A Smart Card For Use: Overview

    Windows 2000 machines. 4 Create a recovery file on a floppy disk and save it in a safe place (HP strongly recommends you do this). Refer to page 41. 5 If needed, create a backup smart card and store it in a safe place.

  • Page 37: Initializing A Smart Card

    Windows NT 4.0 Click on OK. Windows 2000 The smart card is now ready for use. To initialize further smart cards, refer to “Initializing Further Smart Cards” on page 63. 3 Setting up HP ProtectTools 2000 Initializing a Smart Card...

  • Page 38: Updating The Pc's Bios (Omnibooks Only)

    PC. 4 Follow the displayed instructions to create a BIOS update floppy and update the BIOS. , update the BIOS to support BIOS www.hp.com/omnibook when you see the HP logo—the first screen of setup.exe...

  • Page 39: Enabling Bios Smart Card Security (Omnibooks Only)

    BIOS user password card. You must have the BIOS Administrator card available. 4 If you want to use HP TopTools, install the HP TopTools for Mobiles Agent. At the end of the installation, click Yes to restart the PC.

  • Page 40: Setting Up Folder Encryption Onyour Pc

    Windows NT 4.0 the user smart card. NOTE Since file encryption is already part of the operating system, HP ProtectTools does not offer its file encryption feature for the Windows 2000 environment. You must have a Windows 2000 NTFS partition on your hard drive to use this feature (called Microsoft EFS).

  • Page 41: Creating A Recovery File

    Creating a Recovery File NOTE HP strongly recommends you make a new encrypted recovery file of your smart card data now and also whenever you change the contents of your smart card (for example an encryption key or, where applicable, a password).
  • Page 42 3 Setting up HP ProtectTools 2000 Creating a Recovery File...

  • Page 43: Managing Security And Smart Cards

    All these tasks are carried out using the HP Smart Card Security Manager.

  • Page 44: The Hp Smart Card Security Manager

    You must have a smart card inserted in the smart card reader in order to carry out any of the management tasks described in this chapter. Smart card security management tasks are carried out using the HP Smart Card Security Manager. The Smart Card Security Manager offers...

  • Page 45: For Windows 95 And Windows 98 Users

    Generate encryption key Set encryption behavior Windows 95/98 tab: Enable/disable secure screen saver Set security when docking 4 Managing Security and Smart Cards The HP Smart Card Security Manager User access Administrator access Refer to page 37 page 63 page 41...

  • Page 46: Running The Hp Smart Card Security Manager

    4 Managing Security and Smart Cards The HP Smart Card Security Manager Running the HP Smart Card Security Manager To run the Smart Card Security Manager: Windows NT 4.0 1 Log on as the administrator. Windows 2000 2 Click Start HP Smart Card Security Manager from this if you chose another one during installation.)

  • Page 47: Managing Security: Configuration Settings

    Managing Security: Configuration Settings The Smart Card Security Manager has several configuration options that have an impact on the level of security provided by ProtectTools 2000. NOTE The “security levels” given in this section are provided as a guideline only. Determining the real security levels provided by each option depends on the particular circumstances involved, and is the responsibility of the administrator or security specialist.

  • Page 48: Beep On Smart Card Removal Option

    4 Managing Security and Smart Cards Managing Security: Configuration Settings Beep on Smart Card Removal Option If you click on this checkbox, a beep will be generated every time a smart card is inserted into the reader or removed from the reader. You access this checkbox by clicking on the tab for Windows NT WinNT...

  • Page 49: Win Nt-Logon Policies Options

    Win NT–Logon Policies Options Windows NT 4.0 Windows 2000 To see these options, click the Manager, click the Manual logon for... This option allows you to decide who, if anyone, can log on to the PC by pressing Ctrl The manual logon can only be performed when no one else is logged on to the PC and the smart card has been removed from the reader at startup.
  • Page 50 4 Managing Security and Smart Cards Managing Security: Configuration Settings CAUTION Selecting the option using a manual logon. This means that the administrator must have their smart card (and PIN) to gain access to the PC. Selecting the option little or no improvement to security. This setting is not recommended, except during a deployment phase.
  • Page 51 Security Level Value Provided Logoff Medium Force logoff High Security reader... This option allows you to select the default smart card reader, for use if more than one reader is attached. For example, if you are the system administrator, it may be useful to have two readers connected to your PC.
  • Page 52 4 Managing Security and Smart Cards Managing Security: Configuration Settings Make screen saver secure If you select this option, the PC automatically locks when the screen saver comes on. Default value: Potential security impact: Medium Implications: Security Level Value Provided ON (checked) Higher OFF (unchecked) Lower...
  • Page 53 Security Level Value Provided OFF (unchecked) Higher Display smart card owner’s name on logon banner If you select this option, the smart card owner’s name will be displayed in the banner of the “Enter PIN” dialog box when the user inserts their smart card.

  • Page 54: Win Nt-Logon Text Configuration Options

    4 Managing Security and Smart Cards Managing Security: Configuration Settings Win NT–Logon Text Configuration Options Windows NT 4.0 Windows 2000 To see these options, click the Manager, click the tab. These options allow you to customize the Smart Card Security Manager’s text, in particular the logon text.

  • Page 55: Account Policies

    Account Policies Windows NT 4.0 Windows 2000 To see these options, click the Accounts tab in the Smart Card Security Manager, then click the These options allow you to: Let the user add, remove or modify accounts (refer to page 65). •...
  • Page 56 4 Managing Security and Smart Cards Managing Security: Configuration Settings Value Force CAUTION Selecting the option password manually (by typing it in) during a manual logon. The option Force manual logon for all users of that PC. Furthermore, if the administrator also uses a random password, this will leave no back door to the PC at all;...

  • Page 57: Bios Password Options (Omnibooks Only)

    BIOS Password Options (OmniBooks Only) To see these options, click the Security Manager. This tab appears only on OmniBook Notebook PCs. These options allow you to: Enable or disable BIOS smart card security. This is a BIOS • administrator option. Note that disabling this option clears all BIOS passwords.

  • Page 58: Win 95/98 Options

    4 Managing Security and Smart Cards Managing Security: Configuration Settings Win 95/98 Options Windows 95 Windows 98 To see these options, click the Security Manager. This tab appears only on PCs running Windows 95 or These options allow you to: Enable or disable the secure screen saver.

  • Page 59: Customizing Security For Your Installed Base Of Pcs

    Customizing Security For Your Installed Base of PCs Windows NT 4.0 Windows 2000 These security options can be used to customize the level of security and accessibility provided by each PC, and the installed base as a whole. Each PC can have its own security settings as appropriate. Example 1 You have a shared or communal PC that does not have sensitive data.
  • Page 60 4 Managing Security and Smart Cards Managing Security: Configuration Settings Manual logon for: Nobody create ready-to-use backup smart cards for the administrator and user and take care to remember your PIN.) Random passwords: Force On card removal: Lock Workstation Make screen savers secure …...

  • Page 61: Managing Smart Cards

    Managing Smart Cards This section describes smart card management tasks, not already covered in chapter 3, Setting up HP ProtectTools 2000. These tasks include: Changing a smart card’s PIN • Backing up a smart card • Restoring a smart card from the recovery file •...

  • Page 62: Using Smart Cards Under Windows Nt And Windows 2000

    4 Managing Security and Smart Cards Managing Smart Cards Using Smart Cards under Windows NT and Windows 2000 Windows NT 4.0 Windows 2000 Each authorized user should have their own smart card. When preparing a smart card, you assign a person’s name (or identifier) and a PIN number to the smart card.

  • Page 63: Initializing Further Smart Cards

    PIN. Two blank uninitialized smart cards are provided with ProtectTools 2000. HP recommends that you use the second card to create an exact duplicate of the first (by initializing it in exactly the same way). The duplicate card can then be stored in a safe place and used if the original card is lost or stolen.

  • Page 64: Restoring A Smart Card From A Recovery File

    4 Managing Security and Smart Cards Managing Smart Cards Anyone can change the PIN of their smart card, provided they know the current PIN. Restoring a Smart Card from a Recovery File You can recreate the smart card data from the recovery file. This is especially useful if a card was lost or stolen, if the user forgets their PIN, or if you simply want to create a backup smart card, ready for use.

  • Page 65: Restoring A Smart Card Without The Recovery File

    Restoring a Smart Card Without the Recovery File If you want to restore a smart card and you have no recovery file (or if you have forgotten the recovery file password), you need to prepare a new smart card with a new PIN and (if applicable) all the necessary account information.

  • Page 66: Removing An Account (Windows Nt/Windows 2000)

    4 Managing Security and Smart Cards Managing Smart Cards Removing an Account (Windows NT/Windows 2000) Windows NT 4.0 Windows 2000 You can remove an account or change the password at any time. To remove an account or change the password: 1 With the smart card in the reader, run the Smart Card Security Manager and click the 2 Click the...

  • Page 67: Hp Toptools

    HP TopTools HP TopTools is a powerful hardware management tool for network environments. The latest version of HP TopTools (the TopTools agent for Desktops or OmniBooks is provided on the ProtectTools 2000 CD-ROM) provides full compatibility with your smart card system.
  • Page 68 Hardware and Operating System” report. This is useful for hardware asset management. You can also check whether a smart card is inserted in a smart card reader or not. For more information about HP TopTools, connect to HP’s web site at: www.hp.com/toptools...

  • Page 69: Troubleshooting

    Troubleshooting This chapter can help you solve problems you may have when using HP ProtectTools 2000. You can also consult the HP Smart Card Security Manager online help for troubleshooting information.

  • Page 70: Smart Card Troubleshooting Help Zone

    5 Troubleshooting Smart Card Troubleshooting Help Zone Smart Card Troubleshooting Help Zone NOTE If you are experiencing any problems with a PC running Windows NT4.0 or Windows 2000, do not log off or remove your smart card until the problem has been resolved. If You Disconnect the Smart Card Reader Windows NT 4.0 Windows 2000...

  • Page 71: Wait For Service

    Wait for Service Windows NT 4.0 Windows 2000 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "WaitForService"="240" "SwitchToDefaultOnError"="1" "WaitForService" is the maximum amount of time (in seconds) you wait for a service to start. Typically, the service that could fail to start is the Resource Manager ( working reader attached to the system at boot time.

  • Page 72: Troubleshooting Table

    If you have an OmniBook PC that will not unlock, call HP for assistance in restoring the BIOS password. Then make a new card using the recovery file. If no recovery file is available, encrypted data is not recoverable.
  • Page 73 Problem Access to your Encryption Folder is The Smart Card Security denied (Windows 95, 98 and NT 4.0 Manager is unable to retrieve only). information stored on the smart card. Files copied into the Encryption Folder The smart card you used to don’t seem to be encrypted (Windows move your files into the 95, 98 and NT 4.0 only).
  • Page 74 If another system is available, open Smart Card Security Manager and insert your reader and card. Check whether they are detected properly. Call HP for repair assistance. Check the user name displayed at the PIN prompt. Insert the BIOS administrator card.

  • Page 75: Hp Smart Card Diagnostics Tool

    Diagnostics Online Help Troubleshooter in the HP Smart Card Diagnostics includes an online help. This online Online Help information can help you to troubleshoot problems with your smart card system. To access the online help, click the Card Diagnostics window.
  • Page 76 5 Troubleshooting HP Smart Card Diagnostics Tool If it is not OK, the ProtectTools 2000 software installation for the PC is not working correctly. You should: a Uninstall all ProtectTools 2000 components (refer to page 33). b Verify that the PC is working correctly without ProtectTools 2000.

  • Page 77: Documentation, Help And Support

    Documentation, Help and Support There are several sources of documentation, help and support for HP ProtectTools 2000, smart cards, and support in general: Smart Card Security System online help, which contains information • about using and configuring the Smart Card Security System, as well as troubleshooting information.
  • Page 78 5 Troubleshooting Documentation, Help and Support...
  • Page 80 Created in France 02/00...

This manual is also suitable for:

Brio ba400Brio ba600Kayak xm600Kayak xu800Xm600 - kayak - 128 mb ramProtecttools 2000

Table of Contents