Table of Contents
Advertisement
Quick Links
Advertisement
Table of Contents
Summary of Contents for Check Point Pointsec PC
- Page 1 Pointsec PC Installation Guide Version 6.3.1, B November 5, 2008...
- Page 3 No part of this product or related documentation may be reproduced in any form or by any means without prior written authorization of Check Point. While every precaution has been taken in the preparation of this book, Check Point assumes no responsibility for errors or omissions.
-
Page 5: Table Of Contents
Logging On for the First Time ................34 Accessing Pointsec PC Management Console ............36 Encryption Progress..................36 Installing Pointsec PC in an IBM RRU Environment ..........37 Running Using precheck.txt ................. 37 Running InstallRRU.msi after Installation............37 Log File Created During Installation .............. 38 Booting the System into IBM RRU .............. -
Page 7: Preface
Note - Pointsec PC is designed to be first installed and configured in a test environment comprised of an administrator’s workstation and networked computers. Once the Pointsec PC system has been... -
Page 8: Who Should Read This Guide
Who Should Read This Guide? Who Should Read This Guide? This guide is for IT staff who will work as Pointsec PC administrators. As a Pointsec PC administrator, you should be well acquainted with your organization’s network and operating procedure. -
Page 9: Contact Information
Outside Carrier Delivery In this method of delivery, Pointsec PC is delivered to you directly using a third-party shipper, such as FedEx or DHL. Before you accept delivery of Pointsec PC, always check the credentials of the carrier. -
Page 10: Electronic Download
In this method of delivery, you download Pointsec PC directly from the Internet as an e-package. To access the Pointsec PC e-package, you must register for an account on the Pointsec server site. The server site is protected with a Pointsec certificate. You must accept this certificate to access the site. -
Page 11: Who To Contact In The Case Of An Unsuccessful Delivery
Who To Contact in the Case of an Unsuccessful Delivery If your Pointsec PC delivery shows signs of having been tampered with or the MD5 checksum you generate does not match the checksum in validate.txt , contact your Pointsec representative immediately for advice on how to proceed. - Page 12 Who To Contact in the Case of an Unsuccessful Delivery...
-
Page 13: Chapter 1 Before You Install Pointsec Pc
About Pointsec PC Administrators Pointsec PC administrators control the profiles that are used to install Pointsec PC on client computers. When installing Pointsec PC, you will create two administrator accounts. For more information on Pointsec PC administrators, see the Pointsec PC Administrator’s Guide. -
Page 14: Pointsec Pc System Requirements
Notes. Note - Fragmented Disks To install Pointsec PC, 100 MB of disk space is required, of which 2 MB must be contiguous, free space. If this amount of continuous space is not available, the installation will fail. In general, it is considered good practice to avoid fragmented disks to enhance overall performance. -
Page 15: About Passwords
You can use the following types of passwords when installing Pointsec PC: fixed passwords and dynamic tokens. Fixed Passwords Fixed passwords, as the name implies, do not change. In Pointsec PC, a fixed password must contain at least four characters but no more than 31. For more information, see “Administrator Accounts Using Fixed... -
Page 16: Before Installing
• Pointsec Media Encryption If Pointsec Media Encryption is already installed on the workstation on which you want to install Pointsec PC, Single Sign On (SSO) will not work properly. To fix this, manually insert the string value CompatibleGinas=pme.dll in Windows’ registry. - Page 17 The default value is No. AbortOnDualBoot=Yes The value can be Yes or No . The default value is Yes which will cause Pointsec PC to terminate an installation on a dual boot system. IgnoreOldInstallation=No Set this setting to Yes to enable support for re-installing on selected volumes while keeping old installations on other volumes.
- Page 18 No is the default. Run= Here you can enter a program to run before Pointsec PC is installed. RunAfter= Here you enter the path to scripts or execs that you want run immediately after the user logs on to Windows after the reboot that follows the installation of Pointsec PC.
- Page 19 C:\>pscontrol install-driver hptc1100.bin Drivers= The value of this setting specifies the preboot smart card drivers that will be installed together with the Pointsec PC system. These drivers enable communication between a smart card and Pointsec PC prior to the start of Windows.
- Page 20 The CSP must be installed on a machine’s Windows system prior to Pointsec PC installation. The Pointsec PC installation program will attempt to use the CSP specified in this setting to generate random numbers. The CSP’s random number generation is vendor specific, and it might require the presence of external hardware, for example, a smart card.
- Page 21 CompatibleGinas=xx1.dll; xx2.dll; xx3.dll No value specified is the default. Enter the names of GINAs that you would like Pointsec PC to attempt to perform SSO to. Note: The GINAs may not actually be compatible with Pointsec PC Single Sign-on (SSO). SmartCardDlls= Here you can enter the preferred smart card dll order, separated by semi-colons (;), e.g.
- Page 22 Review precheck.txt General Update Settings These are settings that Pointsec PC will use if no other settings are configured for profile download, Pointsec PC upgrade download, and central log transfer. If a different value is set in one or more of the settings that follow, that value will be used for that setting.
- Page 23 ProfileUpdateInterval= Update interval cycle time. The value is in minutes. Immediately after installation, Pointsec PC checks for update profiles, then it waits 90 minutes before checking for update profiles again (90 minutes is the default if no other value has been set for ProfileFirstDelay).
- Page 24 CentralLogUpdateInterval= Update interval cycle time. The values are in minutes. Immediately after installation, Pointsec PC checks tries to send the local log file to the central log, then it waits 90 minutes before sending the local log file again (90 minutes is the default if no other value has been set for CentralLogFirstDelay).
- Page 25 1 KB of whole log entries. Because only whole log entries are transferred, the transfers might not be exactly 2 KB, but they will not be more than 2 KB. Chapter 1 Before You Install Pointsec PC...
- Page 26 GINA up automatically. Pssogina.dll is always the first GINA. 4 Pointsec PC will not make any changes. If a new GINA is added, this will be the active GINA on the system. If Pssogina.dll is replaced, this option will disable Pointsec PC SSO, password synchronization, and smart card support.
-
Page 27: Changing Graphics Displayed In Preboot And License Text Displayed During Installation
Accessing precheck.txt To use precheck.txt during the installation: 1. Copy the contents of the Pointsec PC directory from the Pointsec PC CD to a directory on your computer. 2. In Windows Explorer, browse to the directory and open precheck.txt in any regular text editor. - Page 28 Changing Graphics Displayed in Preboot and License Text Displayed during Installation 2. Add the relevant files, described below, to the oemvar folder. During installation, the files that have been added to the oemvar folder will be registered as the files to be displayed during preboot. Table 1-8 oemvar files Filename...
-
Page 29: Chapter 2 Installing Pointsec Pc For Administrators
.NET on that machine. Installing Pointsec PC on Windows Vista The installation of Pointsec PC on Windows Vista follows the same steps as the installations on Windows 2000 or Windows XP with one important difference. The Pointsec PC installation on Vista must be run with administrator’s rights in order to... -
Page 30: Registering Pointsec Pc
To start the Pointsec PC installation on Vista: 1. Log on to Windows Vista as administrator. 2. Insert the Pointsec PC CD into your disk drive and browse to the autorun.exe file. 3. Right-click on the autorun.exe file and choose Run as administrator. An User Account Control windows opens and asks for your permission to install the program. - Page 31 Security and clear the Check for publisher’s certificate revocation check box. Click OK. The License Information dialog box opens: 3. Click Accept. (If you do not accept the license agreement, you cannot proceed.) The ReadMe dialog box opens: Chapter 2 Installing Pointsec PC for Administrators...
- Page 32 4. Select Yes, I want to read ReadMe.txt to read the latest information on Pointsec PC before continuing with the installation. When you have read the latest information on Pointsec PC, close the file to continue with the installation process.
-
Page 33: Creating Administrator Accounts
Pointsec PC administrator accounts. Creating Administrator Accounts In this phase of the installation, you create Pointsec PC administrator accounts and specify the types of passwords they use. Administrator Accounts Using Fixed Passwords To create an administrator account that uses a fixed password: 1. - Page 34 Administrator Accounts Using Fixed Passwords Administrators Using Dynamic Tokens Pointsec PC supports any dynamic token that supports the ANSI X.9.9 security standard if the DES algorithm is used together with these tokens. To create an administrator account that uses a dynamic token: 1.
-
Page 35: Administrators Using Smart Cards
Review the location column in the list to determine if the a certificate is listed more than once. Chapter 2 Installing Pointsec PC for Administrators... -
Page 36: Specifying Volumes, Encryption Methods, And The Recovery Path
Recovery Path In this final phase of the installation, you will specify the type of Pointsec PC protection you wish to use and where to store recovery information in the event of a disk crash. 1. In the Protect volumes dialog box:... - Page 37 Table 2-2 Setting Explanation Volumes From the volumes listed, select the volumes you want Pointsec PC to protect; you can select a maximum of twelve volumes. Note: In a Common Criteria validated environment, all volumes must be selected for protection.
- Page 38 Note - Specify a secure location that is regularly backed-up on the network. The following dialog box opens: 4. Click . The Pointsec PC installation program checks the selected Next volumes for integrity, starts installing Pointsec PC, installs the Pointsec PC’s Management Console (PCMC), and creates the...
-
Page 39: Log File Created During Installation
Pointsec PC system code necessary and verifies the volumes available. For example: During every start-up, Pointsec PC runs a suite of self tests to verify that its integrity has not been compromised. Once Pointsec PC is completely installed, you will have to authenticate yourself to access the PC. -
Page 40: Logging On For The First Time
Once Pointsec PC is installed, you must authenticate yourself before you can access the workstation. After restarting and installing the system code, Pointsec PC opens the User Identification dialog box: 1. Enter the name and password of one of the administrator accounts you specified during the installation, see “Creating Administrator... - Page 41 Once Pointsec PC has authenticated you, the operating system starts as usual and you can log in to Windows. Pointsec PC creates and saves the recovery file for the workstation in the location specified when installing Pointsec PC. After that, Pointsec PC starts to encrypt the volumes you selected, the encryption process runs in the background and you can get on with your work.
-
Page 42: Accessing Pointsec Pc Management Console
Console opens: For more information on working in the Management Console, see the Pointsec PC Administrator’s Guide. Encryption Progress The following registry entries for Pointsec PC enable you to determine the encryption status and encryption progress. Table 2-3 Entry Value... -
Page 43: Installing Pointsec Pc In An Ibm Rru Environment
Decrypting Installing Pointsec PC in an IBM RRU Environment To install Pointsec PC in an IBM Rapid Restore Ultra (RRU) environment, you must run the installation package, InstallRRU.msi . You can run InstallRRU.msi by specifying it in precheck.txt before installation or by manually running it after installing Pointsec PC as normal. -
Page 44: Log File Created During Installation
X:\Program Files\Pointsec\P4PC_RRU.log Booting the System into IBM RRU To boot into IBM RRU: 1. Reboot the system, an IBM text is displayed prior to Pointsec PC preboot authentication (PBA), for example: To interrupt normal startup press the blue Access IBM button To boot to the IBM Rescue Recovery Environment, press F11 Note - Leave the system alone at this point.
Need help?
Do you have a question about the Pointsec PC and is the answer not in the manual?
Questions and answers