Table of Contents
Advertisement
Advertisement
Table of Contents
Related Manuals for HP Compaq Elite 8200 AIO
Summary of Contents for HP Compaq Elite 8200 AIO
- Page 1 HP ProtectTools Security Software, Version 6.0 User Guide...
- Page 2 Microsoft, Windows and Windows Vista are either trademarks or registered trademarks of Microsoft Corporation in the United States and/or other countries. The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty.
-
Page 3: About This Book
About This Book This guide provides basic information for upgrading this computer model. WARNING! Text set off in this manner indicates that failure to follow directions could result in bodily harm or loss of life. CAUTION: Text set off in this manner indicates that failure to follow directions could result in damage to equipment or loss of information. - Page 4 About This Book ENWW...
-
Page 5: Table Of Contents
Table of contents 1 Introduction to security ... 1 HP ProtectTools features ... 2 HP ProtectTools security products description and common use examples ... 3 Credential Manager (Password Manager) for HP ProtectTools ... 3 Embedded Security for HP ProtectTools ... 4 Drive Encryption for HP ProtectTools ... - Page 6 Backing up your data ... 22 Restoring your data ... 23 Changing your Windows user name and picture ... 24 4 Password Manager for HP ProtectTools ... 25 Adding logons ... 26 Editing logons ... 26 Using the Logons menu ... 27 Organizing logons into categories ...
- Page 7 Advanced tasks ... 30 Managing Drive Encryption (administrator task) ... 30 Backup and recovery (administrator task) ... 31 6 Privacy Manager for HP ProtectTools ... 32 Opening Privacy Manager ... 32 Setup procedures ... 32 Managing Privacy Manager Certificates ... 32 Requesting and installing a Privacy Manager Certificate ...
- Page 8 Viewing the log files ... 48 8 Embedded Security for HP ProtectTools ... 49 Setup procedures ... 49 Installing Embedded Security for HP ProtectTools (if necessary) ... 49 Enabling the embedded security chip in Computer Setup ... 49 Initializing the embedded security chip ... 50 Setting up the basic user account ...
- Page 9 Creating an extendable JITA for a user or group ... 55 Disabling a JITA for a user or group ... 56 Advanced Settings ... 56 10 Computrace for HP ProtectTools ... 57 Glossary ... 58 Index ... 62 ENWW...
- Page 10 ENWW...
-
Page 11: Introduction To Security
HP ProtectTools provides two versions that can be utilized: HP ProtectTools Security Manager Administrative Console and HP ProtectTools Security Manager (for general users). Both Administrator and user versions are available in the Start > All Programs > HP menu. Function... -
Page 12: Hp Protecttools Features
HP ProtectTools features The following table details the key features of HP ProtectTools modules: Module HP ProtectTools Security Manager Administrative Console HP ProtectTools Security Manager (for general users) Credential Manager for HP ProtectTools (part of Security Manager) Drive Encryption for HP ProtectTools... -
Page 13: Hp Protecttools Security Products Description And Common Use Examples
HP ProtectTools security products description and common use examples Most of the HP ProtectTools security products have both a user authentication (usually a password) and an administrative backup to gain access if passwords are lost, not available, forgotten, or any time corporate security requires access. -
Page 14: Embedded Security For Hp Protecttools
Embedded Security for HP ProtectTools Embedded Security for HP ProtectTools provides the ability to create a Personal Secure Drive. This capability allows the user to create a virtual drive partition on the PC that is completely hidden until accessed. -
Page 15: File Sanitizer For Hp Protecttools
An example would be a situation where outside vendors need access to company computers but should not be able to copy the data to a USB drive. Device Access Manager for HP ProtectTools allows an administrator to restrict and manage access to hardware. -
Page 16: Computrace For Hp Protecttools (Formerly Known As Lojack Pro)
Using this tool, the Stock Broker and his clients must authenticate before the e-mail is exchanged. Privacy Manager for HP ProtectTools makes it easy to send and receive e-mail where the recipient has been verified and authenticated. The mail service can also be encrypted. The encryption process is similar to the one used during general credit card purchases on the Internet. -
Page 17: Protecting Against Targeted Theft
CD. The following feature helps restrict access to data: Device Access Manager for HP ProtectTools allows IT managers to restrict access to writeable devices so sensitive information cannot be printed or copied from the hard drive onto removable media. -
Page 18: Preventing Unauthorized Access From Internal Or External Locations
◦ Drive Encryption for HP ProtectTools on page 29 ● Embedded Security for HP ProtectTools helps strengthen the protection of sensitive user data or credentials stored locally on a PC. See the following chapter: ◦ Embedded Security for HP ProtectTools on page 49 ●... -
Page 19: Additional Security Elements
NOTE: In a small organization or for individual use, these roles may all be held by the same person. For HP ProtectTools, the security duties and privileges can be divided into the following roles: ● Security officer—Defines the security level for the company or network and determines the security features to deploy, such as Drive Encryption or Embedded Security. -
Page 20: Creating A Secure Password
HP ProtectTools password Smart Card PIN Computer Setup password NOTE: Also known as BIOS administrator, Setup, or Security Setup password Power-on password Windows Logon password Creating a secure password When creating passwords, you must first follow any specifications that are set by the program. In... -
Page 21: Backing Up Credentials And Settings
Use Embedded Security for HP ProtectTools to back up HP ProtectTools credentials. ● Use the Backup and Recovery tool in HP ProtectTools Security Manager as a central location from which you can back up and restore security credentials from installed HP ProtectTools modules. -
Page 22: Hp Protecttools Security Manager Administrative Console
HP ProtectTools Security Manager. To open the console: ● Select Start > All Programs > HP > HP ProtectTools Administrative Console, or ● Click the Administration link in the lower-left corner of the Security Manager console. The Administrative Console consists of two panes: a left pane and a right pane. The left pane contains the administrative tools. -
Page 23: Getting Started - Setup Wizard
The first time that you log on to Windows, you will be prompted to set up HP ProtectTools Security Manager. Click OK to launch the Security Manager Setup wizard, which will guide you through the basic steps in configuring the program. -
Page 24: Enabling Security Features
Windows Logon Security - protects your Windows account(s) by requiring the use of specific credentials for access. ● Protect data - protects your data by encrypting your hard drive(s) using Drive Encryption for HP ProtectTools, making the information unreadable by those without proper authorization. Click the Next button. Click the Finish button. -
Page 25: Defining Settings
To access the Users application in the Administrative Console, click on Users. The HP ProtectTools users are listed and verified against the authentication policies set through Security Manager and against the credentials required to meet those policies. -
Page 26: Removing A User
Console. In the Administrative Console left pane, click Settings. On the General tab, choose the general settings for HP ProtectTools Security Manager, then click the Apply button. On the Applications tab, select the applications you want to enable or disable, then click the Apply button. -
Page 27: Encrypting Drives
Encrypting Drives Drive Encryption for HP ProtectTools allows you to encrypt computer hard drives, making the hard drive unreadable and inaccessible to any unauthorized person who might try to access it even if the drive has been removed from the computer or sent to a data recovery service. -
Page 28: Hp Protecttools Security Manager
This action logs the user in to Windows. ● If the HP Password Manager level of security has been configured and all of the security login methods are required, users must log in using all of the configured methods when the Password Manager login screen opens. -
Page 29: Managing Passwords
Smart Card is an integrated part of Security Manager. Smart Card setup and configuration is used with the HP Smart Card keyboard. The Smart Card is a personal security device that protects authentication data requiring both the card and a PIN number to grant access – like using an ATM card with a PIN. -
Page 30: Initializing The Smart Card
Initializing the Smart Card HP ProtectTools Security Manager can support a number of different Smart Cards. The number and type of characters used as PIN numbers may vary. The manufacturer of the Smart Card should provide tools to install a security certificate and management PIN that ProtectTools will use in its security algorithm. -
Page 31: Shredding Or Bleaching Files
Shredding or bleaching files File Sanitizer for HP ProtectTools deletes files by overwriting them with meaningless data. This process, referred to as “shredding,” greatly enhances information security by making the deleted files very difficult to recover. File Sanitizer further enhances information security by overwriting previously used space on the hard drive using a process referred to as “bleaching.”... -
Page 32: Adding Applications
Adding applications Additional applications may be available to add new features to this program. Click Start, click All Programs, click HP, and then click HP ProtectTools Security Manager. In the Security Manager left pane, select the Administration drop-down menu and click Discover More. -
Page 33: Restoring Your Data
Security Manager's Backup and Restore feature. To restore your data: Click Start, click All Programs, click HP, and then click HP ProtectTools Security Manager. In the Security Manager left pane, click Advanced, and then click Backup and Restore. Click Restore data. -
Page 34: Changing Your Windows User Name And Picture
To change your user name, type a name in the Windows user name box. To change your picture, click the Choose Picture button and browse to select a picture. Click the Save button to save your changes. Chapter 3 HP ProtectTools Security Manager ENWW... -
Page 35: Password Manager For Hp Protecttools
Manager will launch the website or program, navigate to the logon screen and log you in automatically. To verify your identity you will use your HP ProtectTools credentials, such as your Windows password or smart card, depending on your computer configuration. This means that you will use the same credentials to log on to all logon screens you have set up. -
Page 36: Adding Logons
Logon fields on the screen, and their corresponding fields on the dialog, are identified with a bold orange border. Enter the Windows password and click the green arrow. Chapter 4 Password Manager for HP ProtectTools ENWW... -
Page 37: Using The Logons Menu
Edit your logon information. ● Click the arrows to the right of a logon field to populate it with one of several preformatted choices. ● Optionally, click Choose other fields to add additional fields from the screen to your logon. ●... -
Page 38: Managing Your Logons
Never prompt - Select this option to ensure that Password Manager never prompts you for logon screens that have not been set up. Additional Privacy Manager settings are available by selecting Password Manager > Windows password > green arrow > Settings in Security Manager. Chapter 4 Password Manager for HP ProtectTools ENWW... -
Page 39: Drive Encryption For Hp Protecttools
Drive Encryption for HP ProtectTools software is the industry’s first full volume encryption capability to be provided out-of-the-box. It provides complete data protection by encrypting your hard drive. When Drive Encryption is activated, you must log in at the Drive Encryption login screen, which is displayed before Windows starts up. -
Page 40: Setup Procedures
Encryption (active or inactive) and to view the encryption status of all of the hard drives on the computer. Activating a TPM-protected password Use Embedded Security for HP ProtectTools to activate the TPM. After activation, logging in at the Drive Encryption logon screen requires the Windows user name and password. NOTE: Because the password is protected by a TPM security chip, if the hard drive is moved to another computer, data cannot be accessed unless the TPM settings are migrated to that computer. -
Page 41: Encrypting Or Decrypting Individual Drives
The encryption key is saved on the storage device you selected. Click OK when the confirmation dialog box opens. NOTE: Refer to the Drive Encryption for HP ProtectTools Help file for information on managing and performing a recovery. ENWW Advanced tasks... -
Page 42: Privacy Manager For Hp Protecttools
In the Security Manager left pane, click Privacy Manager. – or – Right-click the HP ProtectTools icon in the notification area, at the far right of the taskbar, highlight Privacy Manager for HP ProtectTools, and then click Configuration. – or –... -
Page 43: Requesting A Privacy Manager Certificate
set up as an account within Microsoft Outlook on the same computer from which you are requesting the Privacy Manager Certificate. Requesting a Privacy Manager Certificate In the Security Manager left pane, expand Privacy Manager, and click Certificates. Click the Request a Privacy Manager certificate button. On the “Welcome”... -
Page 44: Renewing A Privacy Manager Certificate
If you have accidentally deleted a Privacy Manager Certificate, you can restore it using the backup file that you created when you installed or exported the certificate: In the Security Manager left pane, expand Privacy Manager and click Migration. Click the Restore button. Chapter 6 Privacy Manager for HP ProtectTools ENWW... -
Page 45: Revoking Your Privacy Manager Certificate
On the “Migration File” page, click Browse to search for the .dppsm file that you created when you installed or exported the Privacy Manager Certificate, and then click Next. On the “Migration File Import” page, click Finish. Click Close, and then click Apply. NOTE: Refer to Installing a Privacy Manager Certificate or Exporting Privacy Manager Certificates and Trusted Contacts for more information. -
Page 46: Adding A Trusted Contact
If you have not obtained a Privacy Manager Certificate, a message informs you that you must have a Privacy Manager Certificate in order to send a Trusted Contact request. Click OK to launch the Certificate Request Wizard. Authenticate using your chosen security logon method. Chapter 6 Privacy Manager for HP ProtectTools ENWW... -
Page 47: Viewing Trusted Contact Details
NOTE: When the e-mail is received by the Trusted Contact recipient, the recipient must open the e-mail and click Accept in the lower-right corner of the e-mail, and then click OK when the confirmation dialog box opens. When you receive an e-mail response from a recipient accepting the invitation to become a Trusted Contact, click Accept in the lower-right corner of the e-mail. - Page 48 Configuring Privacy Manager in a Microsoft Office document Right-click the HP ProtectTools icon in the notification area, at the far right of the taskbar, highlight File Sanitizer, and then click Shred Now. When the confirmation dialog box opens, click Yes.
- Page 49 To add a suggested signer to a Microsoft Word or Microsoft Excel document: In Microsoft Word or Microsoft Excel, create and save a document. Click the Insert menu. In the Text group on the toolbar, click the arrow next to Signature Line, and then click Privacy Manager Signature Provider.
- Page 50 A Trusted Contact wanting to view an encrypted Microsoft Office document must have a Privacy Manager Certificate, and Privacy Manager must be installed on his or her computer. In addition, the Trusted Contact must be selected by the owner of the encrypted Microsoft Office document. Chapter 6 Privacy Manager for HP ProtectTools ENWW...
-
Page 51: Using Privacy Manager In Microsoft Outlook
Using Privacy Manager in Microsoft Outlook When Privacy Manager is installed, a Privacy button is displayed on the Microsoft Outlook toolbar, and a Send Securely button is displayed on the toolbar of each Microsoft Outlook e-mail message. NOTE: If you are using Microsoft Office 2007, you must have all the Microsoft updates applied otherwise some signed e-mails will go into the Junk E-mail folder. -
Page 52: Advanced Tasks
Next. On the “Migration File” page, enter a file name or click Browse to search for a location, and then click Next. On the “Migration File Import” page, click Finish. Chapter 6 Privacy Manager for HP ProtectTools ENWW... -
Page 53: File Sanitizer For Hp Protecttools
You can set an automatic free space bleaching schedule or you can manually activate free space bleaching using the HP ProtectTools icon in the notification area, at the far right of the taskbar. Setup procedures Opening File Sanitizer To open File Sanitizer: Click Start, click All Programs, click HP, and then click HP ProtectTools Security Manager. -
Page 54: Setting A Free Space Bleaching Schedule
You can click the View Details button to view the predefined list of assets that are selected for shredding. Chapter 7 File Sanitizer for HP ProtectTools When this option is selected, a dialog box is displayed at shutdown asking if you... -
Page 55: Customizing An Advanced Security Shred Profile
To select a predefined shred profile: In the Security Manager left pane, expand File Sanitizer and click Settings. Click a predefined shred profile. Click View Details to view the list of assets that are selected for shredding. Under Shred the following, select the check box next to each asset that you want to confirm before shredding. -
Page 56: General Tasks
Drag the asset to the File Sanitizer icon on the desktop. When the confirmation dialog box opens, click Yes. Chapter 7 File Sanitizer for HP ProtectTools To delete an asset from the available delete options, click the asset, and then click... -
Page 57: Manually Shredding One Asset
Shredded assets cannot be recovered. Carefully consider which items you select for manual shredding. Right-click the HP ProtectTools icon in the notification area, at the far right of the taskbar, highlight File Sanitizer, and then click Shred One. When the Browse dialog box opens, navigate to the asset you want to shred, and then click Open. -
Page 58: Aborting A Shred Or Free Space Bleaching Operation
When a shred or free space bleaching operation is in progress, a message above the HP ProtectTools Security Manager icon in the notification area is displayed. The message provides details on the shred or free space bleaching process (percentage complete), and gives you the option to abort the operation. -
Page 59: Embedded Security For Hp Protecttools
Embedded Security software The TPM embedded security chip enhances and enables other HP ProtectTools Security Manager security features. For example, Drive Encryption for HP ProtectTools can use the embedded chip as an authentication factor when the user logs on to Windows. -
Page 60: Initializing The Embedded Security Chip
Basic User Keys for all users. To initialize the embedded security chip: Right-click the HP ProtectTools Security Manager icon in the notification area, at the far right of the taskbar, and then select Embedded Security Initialization. The HP ProtectTools Embedded Security Initialization Wizard opens. -
Page 61: General Tasks
NOTE: To use secure e-mail, you must first configure the e-mail client to use a digital certificate that is created with Embedded Security. If a digital certificate is not available, you must obtain one from a certification authority. For instructions on configuring your e-mail and obtaining a digital certificate, refer to the e-mail client software Help. -
Page 62: Advanced Tasks
Click Start, click All Programs, click HP, and then click HP ProtectTools Security Manager. In the left pane, click Embedded Security, and then click Backup. In the right pane, click Restore all. The HP Embedded Security for HP ProtectTools Backup Wizard opens. -
Page 63: Device Access Manager For Hp Protecttools
Device Access Manager for HP ProtectTools This security tool is available to administrators only. Device Access Manager for HP ProtectTools has the following security features that protect against unauthorized access to devices attached to your computer system: ● Device profiles that are created for each user to define device access ●... -
Page 64: Device Class Configuration (Advanced)
More selections are available to allow specific users or groups of users to be granted or denied access to types of devices. Adding a user or a group Click Start, click All Programs, click HP, and then click HP ProtectTools Administrative Console. In the left pane, expand Device Access Manager, and then click Device Class Configuration. -
Page 65: Creating A Jita For A User Or Group
Creating a JITA for a user or group Administrators can allow users or group access to devices using just-in-time authentication. In the left pane of HP ProtectTools Administrative Console, click Device Access Manager, and then click JITA Configuration. From the devices drop-down menu, select either removable media or DVD/CD-ROM drives. -
Page 66: Disabling A Jita For A User Or Group
Disabling a JITA for a user or group Administrators can disable a users or group access to devices using just-in-time authentication. In the left pane of HP ProtectTools Administrative Console, click Device Access Manager, and then click JITA configuration. From the devices drop-down menu, select either removable media or DVD/CD-ROM drives. -
Page 67: 10 Computrace For Hp Protecttools
10 Computrace for HP ProtectTools Computrace for HP ProtectTools is a tool that can remotely monitor, manage, and track your computer. Once activated, Computrace for HP ProtectTools is configured from the Absolute Software Customer Center. From the Customer Center, the administrator can configure Computrace for HP ProtectTools to monitor or manage the computer. -
Page 68: Glossary
The task that must be completed before any of the Drive Encryption features are accessible. Drive Encryption is activated using the HP ProtectTools Security Manager Administrative Console setup wizard. Only an administrator can activate Drive Encryption. The activation process consists of activating the software, encrypting the drive, creating a user account, and creating the initial backup encryption key on a removable storage device. - Page 69 Drive Encryption key recovery service. The SafeBoot Recovery Service. It stores a copy of the encryption key, enabling you to access your computer if you forget your password and do not have access to your local backup key. You must create an account with the service to set up online access to your backup key.
- Page 70 A task that allows the user to decrypt one or more chat history sessions, displaying the Contact Screen Name(s) in plain text and making the session available for viewing. revocation password. A password that is created when a user requests a digital certificate. The password is required when the user wants to revoke his or her digital certificate.
- Page 71 Trusted Platform Module (TPM) embedded security chip. The generic term for the HP ProtectTools Embedded Security Chip. A TPM authenticates a computer, rather than a user, by storing information specific to the host system, such as encryption keys, digital certificates, and passwords.
-
Page 72: Index
6 configuring users 13 controlling device access 53 data, restricting access to 7 decrypting a drive 29 Device Access Manager for HP ProtectTools background service 53 common use examples 5 device class configuration 54 JITA configuration 54... - Page 73 20 managing passwords 19 preferences 22 setting credentials 19 shredding or bleaching files theft recovery 21 HP ProtectTools Security Manager Administrative Console configuring application settings 16 configuring your system 13 disallowing device access 17 drive encryption 17...
- Page 74 viewing Privacy Manager certificate details 33 viewing trusted contact details 37 restricting access to sensitive data 7 device access 53 security key objectives 6 levels 13 logging in 18 login methods 13 roles 9 setup wizard 13 security setup password 10 shred profile customizing 45 predefined 44...