Compaq dc5800 - Microtower PC User Manual
Hp protect tools guide
Hide thumbs
Also See for dc5800 - Microtower PC:
- Reference manual (255 pages) ,
- Troubleshooting manual (70 pages) ,
- Hardware reference manual (62 pages)
Table of Contents
Advertisement
Quick Links
Advertisement
Table of Contents
Troubleshooting
Related Manuals for Compaq dc5800 - Microtower PC
Summary of Contents for Compaq dc5800 - Microtower PC
- Page 1 HP ProtectTools User Guide...
- Page 2 © Copyright 2007 Hewlett-Packard Development Company, L.P. Microsoft and Windows are U.S. registered trademarks of Microsoft Corporation. Intel is a trademark or registered trademark of Intel Corporation or its subsidiaries in the United States and other countries. AMD, the AMD Arrow logo, and combinations thereof are trademarks of Advanced Micro Devices, Inc.
-
Page 3: Table Of Contents
Table of contents 1 Introduction to security HP ProtectTools features ........................2 Accessing HP ProtectTools Security ....................4 Achieving key security objectives ......................5 Protecting against targeted theft ..................5 Restricting access to sensitive data ..................5 Preventing unauthorized access from internal or external locations ........6 Creating and using strong passwords ................. - Page 4 Using manual (drag and drop) registration ........17 Managing applications and credentials ............. 17 Modifying application properties ............17 Removing an application from Single Sign On ......... 17 Exporting an application ..............18 Importing an application ..............18 Modifying credentials ................ 18 Using Application Protection ....................
- Page 5 Disabling Java Card power-on authentication ........... 34 5 BIOS Configuration for HP ProtectTools File ..............................36 Storage ............................... 37 Security .............................. 38 Power ..............................39 Advanced ............................40 6 Device Access Manager for HP ProtectTools Starting background service ....................... 42 Simple configuration ...........................
-
Page 7: Introduction To Security
Module (TPM) embedded security chip is installed. HP ProtectTools software modules may be preinstalled, preloaded, or available for download from the HP Web site. For select HP Compaq Desktops, HP ProtectTools is available as an after market option. Visit http://www.hp.com for more information. -
Page 8: Hp Protecttools Features
HP ProtectTools features The following table details the key features of HP ProtectTools modules: Module Key features ● Credential Manager for HP ProtectTools Credential Manager serves a dual role acting as a personal password vault, providing single sign on capability, and allowing the user to define and deploy more stringent security for user authentication beyond a password. - Page 9 Module Key features ● Drive Encryption for HP ProtectTools Drive Encryption provides complete, full-volume hard drive encryption. ● Drive Encryption utilizes pre-boot authentication to decrypt and access the data. ● Drive Encryption provides an authentication management tool used to encrypt partitions, hard drives, and multiple hard drives. ●...
-
Page 10: Accessing Hp Protecttools Security
Accessing HP ProtectTools Security To access HP ProtectTools Security from Windows® Control Panel: Select Start > All Programs > HP ProtectTools Security Manager (or HP ProtectTools Security ▲ Manager for Administrators In Windows Vista) NOTE: After you have configured the Credential Manager module, you can also open HP ProtectTools by logging on to Credential Manager directly from the Windows logon screen. -
Page 11: Achieving Key Security Objectives
Achieving key security objectives The HP ProtectTools modules can work together to provide solutions for a variety of security issues, including the following key security objectives: ● Protecting against targeted theft ● Restricting access to sensitive data ● Preventing unauthorized access from internal or external locations ●... -
Page 12: Preventing Unauthorized Access From Internal Or External Locations
Preventing unauthorized access from internal or external locations If a PC containing confidential data and customer information is accessed from an internal or external location, unauthorized users may be able to gain entry to corporate network resources or data from financial services, an executive, or R&D team. -
Page 13: Additional Security Elements
Additional security elements Assigning security roles In managing computer security (particularly for large organizations), one important practice is to divide responsibilities and rights among various types of administrators and users. NOTE: In a small organization or for individual use, these roles may all be held by the same person. For HP ProtectTools, the security duties and privileges can be divided into the following roles: ●... -
Page 14: Creating A Secure Password
HP ProtectTools password Set in this HP ProtectTools Function module Owner password Embedded Security, by IT Protects the system and the TPM chip from administrator unauthorized access to all owner functions of Embedded Security. Java™ Card PIN Java Card Security Protects access to the Java Card contents and authenticates users of the Java Card. -
Page 15: Hp Protecttools Backup And Restore
HP ProtectTools Backup and Restore HP ProtectTools Backup and Restore provides a convenient and quick way to back up and restore credentials from all supported HP ProtectTools modules. Backing up credentials and settings You can back up credentials in the following ways: ●... -
Page 16: Restoring Credentials
Click Set Password and type and confirm your password in the Set Password dialog box. Click Click Apply. Click the Schedule tab. Click the Schedule Task arrow and select the automatic backup frequency. Under Start time, use the Start time arrows to select the exact time for the backup to begin. Click Advanced to select a start date, an end date, and recurring task settings. -
Page 17: Credential Manager For Hp Protecttools
Credential Manager for HP ProtectTools Credential Manager serves a dual role in that it allows the user to define and deploy more stringent security for user authentication beyond a password, and it acts as a personal password vault which provides single sign on capability. Credential Manager for HP ProtectTools protects against unauthorized access to your computer using the following security features: ●... -
Page 18: Setup Procedures
Setup procedures Logging on to Credential Manager Depending on the configuration, you can log on to Credential Manager in any of the following ways: ● Credential Manager Logon Wizard (preferred) ● HP ProtectTools Security Manager icon in the notification area ●... -
Page 19: Setting Up The Fingerprint Reader
Setting up the fingerprint reader After logging on to Credential Manager, swipe your finger across the fingerprint reader. The Credential Manager Registration Wizard opens. Follow the on-screen instructions to complete registering your fingerprints and setting up the fingerprint reader. To set up the fingerprint reader for a different Windows user, log on to Windows as that user and then repeat steps 1 and 2. -
Page 20: General Tasks
General tasks All users have access to the “My Identity” page in Credential Manager. From the “My Identity” page, you can perform the following tasks: ● Creating a virtual token ● Changing the Windows logon password ● Managing a token PIN ●... -
Page 21: Managing Identity
Managing identity Clearing an identity from the system NOTE: This does not affect your Windows user account. Select Start > All Programs > HP ProtectTools Security Manager. In the left pane, click Credential Manager. In the right pane, click Clear Identity for this Account. Click Yes in the confirmation dialog box. -
Page 22: Adding An Account
Select More > Wizard Options. If you want this to be the default user name the next time that you log on to the computer, select the Use last user name on next logon check box. If you want this logon policy to be the default method, select the Use last policy on next logon check box. -
Page 23: Using Manual (Drag And Drop) Registration
Type your password for the program or Web site, and then click OK. The Credential Manager Single Sign On dialog box opens. Click More and select from the following options: ● Do not use SSO for this site or application. ●... -
Page 24: Exporting An Application
Exporting an application You can export applications to create a backup copy of the Single Sign On application script. This file can then be used to recover the Single Sign On data. This acts as a supplement to the identity backup file, which contains only the credential information. -
Page 25: Using Application Protection
Follow the on-screen instructions. Click OK. Using Application Protection This feature allows you to configure access to applications. You can restrict access based on the following criteria: ● Category of user ● Time of use ● User inactivity Restricting access to an application Select Start >... - Page 26 NOTE: If the category is not Everyone, you may need to click Override default settings to override the settings for the Everyone category. Click the application you want to change, and then click Properties. The Properties dialog box for that application opens. Click the General tab.
-
Page 27: Advanced Tasks (Administrator Only)
Advanced tasks (administrator only) The “Authentication and Credentials” page and the “Advanced Settings” page of Credential Manager are available only to those users with administrator rights. From these pages, you can perform the following tasks: ● Specifying how users and administrators log on ●... -
Page 28: Configuring Credential Properties
Click OK. Click Apply, and then click OK. Configuring credential properties On the Credentials tab of the “Authentication and Credentials” page, you can view the list of available authentication methods, and modify the settings. To configure the credentials: Select Start > All Programs > HP ProtectTools Security Manager. In the left pane, click Credential Manager, and then click Authentication and Credentials. -
Page 29: Example 1-Using The "Advanced Settings" Page To Allow Windows Logon From Credential Manager
Example 1—Using the “Advanced Settings” page to allow Windows logon from Credential Manager Select Start > All Programs > HP ProtectTools Security Manager. In the left pane, click Credential Manager, and then click Settings. In the right pane, click the General tab. Under Select the way users log on to Windows (requires restart), select the Use Credential Manager with classic logon prompt check box. -
Page 30: Embedded Security For Hp Protecttools
Embedded Security for HP ProtectTools NOTE: The integrated Trusted Platform Module (TPM) embedded security chip must be installed in your computer to use Embedded Security for HP ProtectTools. Embedded Security for HP ProtectTools protects against unauthorized access to user data or credentials. -
Page 31: Setup Procedures
Setup procedures CAUTION: To reduce security risk, it is highly recommended that your IT administrator immediately initialize the embedded security chip. Failure to initialize the embedded security chip could result in an unauthorized user, a computer worm, or a virus taking ownership of the computer and gaining control over the owner tasks, such as handling the emergency recovery archive, and configuring user access settings. -
Page 32: Setting Up The Basic User Account
Setting up the basic user account Setting up a basic user account in Embedded Security accomplishes the following tasks: ● Produces a Basic User Key that protects encrypted information, and sets a Basic User Key password to protect the Basic User Key. ●... -
Page 33: General Tasks
General tasks After the basic user account is set up, you can perform the following tasks: ● Encrypting files and folders ● Sending and receiving encrypted e-mail Using the Personal Secure Drive After setting up the PSD, you are prompted to type the Basic User Key password at the next logon. If the Basic User Key password is entered correctly, you can access the PSD directly from Windows Explorer. -
Page 34: Advanced Tasks
Advanced tasks Backing up and restoring The Embedded Security backup feature creates an archive that contains certification information to be restored in case of emergency. Creating a backup file To create a backup file: Select Start > All Programs > HP ProtectTools Security Manager. In the left pane, click Embedded Security, and then click Backup. -
Page 35: Permanently Disabling Embedded Security
Permanently disabling Embedded Security To permanently disable Embedded Security: Select Start > All Programs > HP ProtectTools Security Manager. In the left pane, click Embedded Security, and then click Advanced. In the right pane, under Embedded Security, click Disable. Type your owner password at the prompt, and then click OK. Enabling Embedded Security after permanent disable To enable Embedded Security after permanently disabling it: Select Start >... -
Page 36: Java Card Security For Hp Protecttools
Java Card Security for HP ProtectTools Java Card Security for HP ProtectTools manages the Java Card setup and configuration for use with the HP Smart Card keyboard. HP's Java Card is a personal security device that protects authentication data requiring both the card and a PIN number to grant access – like using an ATM card with a PIN. The Java Card can be used to access Credential Manager, Drive Encryption, HP BIOS, or any number of third party access points. -
Page 37: General Tasks
General tasks The “General” page allows you to perform the following tasks: ● Change a Java Card PIN ● Select the card reader or smart card keyboard NOTE: The card reader uses both Java Cards and smart cards. This feature is available if you have more than one card reader on the computer. -
Page 38: Advanced Tasks (Administrators Only)
Advanced tasks (administrators only) The “Advanced” page allows you to perform the following tasks: ● Assign a Java Card PIN ● Assign a name to a Java Card ● Set power-on authentication ● Back up and restore Java Cards NOTE: You must have Windows administrator privileges in order to display the "Advanced"... -
Page 39: Enabling Java Card Power-On Authentication And Creating An Administrator Java Card
The process of enabling Java Card power-on authentication involves the following steps: Enable Java Card power-on authentication support in BIOS Configuration or Computer Setup. Enable Java Card power-on authentication in Java Card Security. Create and enable the administrator Java Card. Enabling Java Card power-on authentication and creating an administrator Java Card To enable Java Card power-on authentication: Select Start >... -
Page 40: Disabling Java Card Power-On Authentication
Insert a Java Card that will be used as a user card. In the right pane, under Power-on authentication, click Create next to User card identity. Type a PIN for the user Java Card, and then click OK. Disabling Java Card power-on authentication When you disable Java Card power-on authentication, the use of the Java Card is no longer needed to access the computer. -
Page 41: Bios Configuration For Hp Protecttools
BIOS Configuration for HP ProtectTools BIOS Configuration for HP ProtectTools provides access to the Computer Setup utility security and configuration settings giving users Windows access to system security features that are managed by Computer Setup. The options within BIOS Configuration for HP ProtectTools are: ●... -
Page 42: File
File The File option within BIOS Configuration for HP ProtectTools provides system information such as processor type, system BIOS name and version, chassis, serial number, etc. The only File data that can be edited is the asset tracking number. All other data is read only. Chapter 5 BIOS Configuration for HP ProtectTools... -
Page 43: Storage
Storage The Storage option within BIOS Configuration for HP ProtectTools provides information about all bootable devices configured in the computer system and allows you to specify settings for these devices. The settings accessible in Storage include: ● Device Configuration ● Storage Options ●... -
Page 44: Security
Security The Security option within BIOS Configuration for HP ProtectTools is the central location for all settings related to security and passwords. The settings included are: ● Setup Password ● Power-On Password ● Password Options ● Smart Cover (some models) ●... -
Page 45: Power
Power The Power option within BIOS Configuration for HP ProtectTools provides settings that control power management at a hardware level. Settings included are: ● OS Power Management ● Hardware Power Management ● Thermal Power... -
Page 46: Advanced
Advanced The settings within the Advanced option of BIOS Configuration for HP ProtectTools are intended for advanced users. These settings include: ● Power-On Options ● Execute Memory Test (some models) ● BIOS Power-On ● Onboard Devices ● PCI Devices ● PCI VGA Configuration ●... -
Page 47: Device Access Manager For Hp Protecttools
Device Access Manager for HP ProtectTools This security tool is available to administrators only. Device Access Manager provides customizable control of data storage and transmission hardware (USB, COM & LPT ports, CD drives, network interface cards, personal music players, etc.) Device Access Manager can also manage users and user groups to provide read, write, allow or deny access to data on the hardware. -
Page 48: Starting Background Service
Starting background service For device profiles to be applied, the HP ProtectTools Device Locking/Auditing background service must be running. When you first attempt to apply device profiles, HP ProtectTools Security Manager opens a dialog box to ask if you would like to start the background service. Click Yes to start the background service and set it to start automatically whenever the system boots. -
Page 49: Simple Configuration
Simple configuration This feature allows you to deny access to the following classes of devices: ● All removable media (floppy disks, pen drives, USB, etc.) for all non-administrators ● All DVD/CD-ROM drives for all non-administrators ● All serial and parallel ports for all non-administrators ●... -
Page 50: Device Class Configuration (Advanced)
Device class configuration (advanced) More selections are available to allow specific users or groups of users to be granted or denied access to types of devices. Some classes allow the option to configure Read Only or Write access. Adding a user or a group Select Start >... -
Page 51: Allowing Access To A Specific Device For One User Of A Group
Navigate to the folder below that of the required class and add the specific user. Click Allow to grant this user access. Click Apply, and then click OK. Allowing access to a specific device for one user of a group You can allow one user access to a specific device while denying access to all other members of that user's group for all devices in the class. -
Page 52: Drive Encryption For Hp Protecttools
Drive Encryption for HP ProtectTools Drive encryption for HP ProtectTools can encode every bit of information on a single hard drive, partition or multiple hard drives so that it becomes unreadable to an unauthorized person. CAUTION: If you decide to uninstall the Drive Encryption module, you must first decrypt all encrypted drives. -
Page 53: Encryption Management
Encryption management Encrypting a drive Select Start > All Programs > HP ProtectTools Security Manager. In the left pane, click Drive Encryption, and then click Encryption Management. In the right pane, click Activate. The Drive Encryption for HP ProtectTools Wizard opens. Follow the on-screen instructions to activate encryption. -
Page 54: User Management
User management Add a user Select Start > All Programs > HP ProtectTools Security Manager. In the left pane, click Drive Encryption, and then click User Management. In the right pane, click Add. Click a user name in the User Name list or type a user name in the Username box. -
Page 55: Recovery
Recovery The following two safety measures are available to you: ● If you forget your password, you cannot access your encrypted drives. You may, however, register with the Drive Encryption recovery service to enable you to access your computer if you forget your password. -
Page 56: Troubleshooting
Troubleshooting Credential Manager for HP ProtectTools Short description Details Solution Using Credential Manager Using TPM authentication, the user is Using Credential Manager Single Sign On tools allows Network Accounts option, only logged into the local computer. user to authenticate other accounts. a user can select which domain account to log into. - Page 57 Short description Details Solution Windows password from Credential local PC, Credential Manager can only change the Manager, the administrator gets an error password used to log in. logon failure: User account restriction. Credential Manager Single Sign On default is set to log users HP is researching a workaround for future product Single Sign On default automatically.
-
Page 58: Chapter 8 Troubleshooting
Short description Details Solution Credential Manager not During Windows 2000 install, the logon This is as designed. being set as primary logon policy is set for manual or auto logon If user wishes to modify operating system level settings in Windows 2000. admin. -
Page 59: Embedded Security For Hp Protecttools
Short description Details Solution Restoring Embedded Credential Manager fails to register any The HP Credential Manager for ProtectTools fails to Security causes credentials after the ROM is restored to access the TPM if the ROM was reset to factory settings Credential Manager to fail. - Page 60 Short description Details Solution This is true whether or not an Embedded Security TPM is installed. EFS does not require a If a user sets up the Embedded Security, This is as designed. password to view logs on as an administrator, then logs off It is a feature of EFS in Windows 2000.
- Page 61 Short description Details Solution Errors occur after If there is a power loss while initializing Perform the following procedure to recover from the experiencing a power loss the Embedded Security chip, the power loss: while taking ownership following issues will occur: NOTE: Use the Arrow keys to select various menus, during the Embedded...
- Page 62 Short description Details Solution certificate, it shows as non-trusted. While the certificate can be installed at this point by clicking the install button, installing it does not make it trusted. Intermittent encrypt and Extremely intermittent error during file To resolve the failure: decrypt error occurs: The encryption or decryption occurs due to Restart the system.
- Page 63 Short description Details Solution unchecked in User mail client (Outlook, Outlook Express, or settings directly in e-mail client. Usage of secure e-mail Initialization Wizard or if Netscape) is set and controlled by 3rd party applications. The HP secure e-mail wizard allows linkage to the three reference configuration is disabled in applications for immediate customization.
- Page 64 Short description Details Solution An internal error has been If the user If the user selects SpSystemBackup.xml when the detected restoring from SpBackupArchive.xml is required, Embedded Security ● clicks Restore under Backup Automatic Backup Wizard fails with: An internal Embedded Security option of Embedded Security in Archive.
-
Page 65: Miscellaneous
Miscellaneous Software Impacted— Details Solution Short description HP ProtectTools Security All security applications such as HP ProtectTools Security Manager software must be Manager—Warning Embedded Security, Java Card, and installed before installing any security plug-in. received: The security biometrics are extendable plug-ins for application can not be the HP Security Manager interface. - Page 66 Software Impacted— Details Solution Short description Allow Security Manager to complete services loading message (seen at top of Security Manager window) and all plug-ins listed in left column. To avoid failure, allow a reasonable time for these plug-ins to load. HP ProtectTools * General Numerous risks are possible with Administrators are encouraged to follow “best...
-
Page 67: Glossary
Glossary Authentication Process of verifying whether a user is authorized to perform a task, for example, accessing a computer, modifying settings for a particular program, or viewing secured data. Biometric Category of authentication credentials that use a physical feature, such as a fingerprint, to identify a user. - Page 68 Migration A task that allows the management, restoration, and transfer of keys and certificates. Network account Windows user or administrator account, either on a local computer, in a workgroup, or on a domain. NTFS partition NT File System, a method of indexing storage media. This method is standard with Windows Vista and Windows XP.
-
Page 69: Index
Index Single Sign On (SSO) 16 access Computer Setup SSO application, exporting 18 controlling 41 administrator password 8 SSO application, importing 18 preventing unauthorized 6 controlling device access 41 SSO application, modifying accessing HP ProtectTools Credential Manager properties 17 Security 4 troubleshooting 50 SSO application, removing 17 account... - Page 70 Embedded Security, encrypting a drive 46 permanently 29 encrypting files and folders 27 locking computer 15 Java Card power-on encryption logging on authentication 34 methods 47 Windows 15 Drive Encryption for HP user authentication 48 ProtectTools users 48 network account 16 adding a user 48 changing a token 48 F10 Setup password 8...
- Page 71 security roles 7 security setup password 8 Single Sign On automatic registration 16 exporting applications 18 manual registration 17 modifying application properties 17 removing applications 17 storage BIOS configuration for HP ProtectTools 37 targeted theft, protecting against 5 token, Credential Manager 13 TPM chip enabling 25 initializing 25...