HP 1105 User Manual Download

Page: 1 / 74

HP ProtectTools Security Software,

Version 6.0

User Guide

Summary of Contents for 1105

Page 1: ...HP ProtectTools Security Software Version 6 0 User Guide ...

Page 2: ...ess warranty statements accompanying such products and services Nothing herein should be construed as constituting an additional warranty HP shall not be liable for technical or editorial errors or omissions contained herein This document contains proprietary information that is protected by copyright No part of this document may be photocopied reproduced or translated to another language without ...

Page 3: ...manner indicates that failure to follow directions could result in bodily harm or loss of life CAUTION Text set off in this manner indicates that failure to follow directions could result in damage to equipment or loss of information NOTE Text set off in this manner provides important supplemental information ENWW iii ...

Page 4: ...iv About This Book ENWW ...

Page 5: ...ainst targeted theft 7 Restricting access to sensitive data 7 Preventing unauthorized access from internal or external locations 8 Creating strong password policies 8 Additional security elements 9 Assigning security roles 9 Managing HP ProtectTools passwords 9 Creating a secure password 10 Backing up credentials and settings 11 2 HP ProtectTools Security Manager Administrative Console 12 About HP...

Page 6: ...e encryption status 21 Viewing device access 21 Activating theft recovery 21 Adding applications 22 Setting preferences 22 Backup and Restore 22 Backing up your data 22 Restoring your data 23 Changing your Windows user name and picture 24 4 Password Manager for HP ProtectTools 25 Adding logons 26 Editing logons 26 Using the Logons menu 27 Organizing logons into categories 27 Managing your logons 2...

Page 7: ...34 Deleting a Privacy Manager Certificate 34 Restoring a Privacy Manager Certificate 34 Revoking your Privacy Manager Certificate 35 Managing Trusted Contacts 35 Adding Trusted Contacts 35 Adding a Trusted Contact 36 Adding Trusted Contacts using your Microsoft Outlook address book 36 Viewing Trusted Contact details 37 Deleting a Trusted Contact 37 Checking revocation status for a Trusted Contact ...

Page 8: ...the embedded security chip in Computer Setup 49 Initializing the embedded security chip 50 Setting up the basic user account 50 General tasks 51 Using the Personal Secure Drive 51 Encrypting files and folders 51 Sending and receiving encrypted e mail 51 Advanced tasks 52 Backing up and restoring 52 Creating a backup file 52 Restoring certification data from the backup file 52 Changing the owner pa...

Page 9: ...Creating an extendable JITA for a user or group 55 Disabling a JITA for a user or group 56 Advanced Settings 56 10 Computrace for HP ProtectTools 57 Glossary 58 Index 62 ENWW ix ...

Page 10: ...x ENWW ...

Page 11: ...y an administrator and not available to the general user Allows initial security setup and configures options or requirements for all users HP ProtectTools Security Manager for general users Allows users to configure options provided by an administrator Can restrict access and only allow a user limited controls of some HP ProtectTools modules NOTE Password Manager Smart Card Security Face Recognit...

Page 12: ...words Configure and change user credentials such as Windows password and Smart Card Acts as a personal password vault streamlining the logon process with the Single Sign On feature which automatically remembers and applies user credentials Create and Organize single sign on user names and passwords Drive Encryption for HP ProtectTools Provides complete full volume hard drive encryption Forces pre ...

Page 13: ...ator can disable access to writeable devices for specific individuals or groups of users Allows the administrator to schedule when access is provided to hardware Computrace for HP ProtectTools Provides secure asset tracking Can monitor user activity along with hardware and software changes Remains active even if the hard drive is reformatted or replaced Requires separate purchase of tracking and t...

Page 14: ...The Manager wants to encrypt and hide confidential warehouse data on the computer He wants the data to be so secure that even if someone steals the hard drive they cannot decrypt the data or read it The Warehouse Manager decides to activate Embedded Security and moves the confidential data to the Personal Secure Drive The Warehouse Manager can enter a password and access the confidential data just...

Page 15: ...y custom files to be permanently removed automatically Device Access Manager for HP ProtectTools Device Access Manager for HP ProtectTools can be used to block unauthorized access to USB flash drives where data could be copied It can also restrict access to CD DVD drives control of USB devices network connections etc An administrator can also schedule when or how long drives can be accessed An exa...

Page 16: ... IT Administrator registered all the computers with Computrace so they could be traced in case they were ever stolen Recently the school realized several computers were missing so the IT Administrator alerted authorities and Computrace officials The computers were located and were returned to the school by the authorities Computrace for HP ProtectTools can also help remotely manage and locate comp...

Page 17: ...Personal Secure Drive feature provided by the Embedded Security for HP ProtectTools module encrypts sensitive data to help ensure it cannot be accessed without authentication See the following chapter Embedded Security for HP ProtectTools on page 49 Computrace can track the computer s location after a theft See the following chapter Computrace for HP ProtectTools on page 57 Restricting access to s...

Page 18: ...e devices so sensitive information cannot be copied from the hard drive See the following chapter Device Access Manager for HP ProtectTools on page 53 The Personal Secure Drive feature encrypts sensitive data to help ensure it cannot be accessed without authentication See the following section Embedded Security for HP ProtectTools on page 49 File Sanitizer allows you to securely delete data by shr...

Page 19: ...sswords the software module where the password is set and the password function The passwords that are set and used by IT administrators only are indicated in this table as well All other passwords may be set by regular users or administrators HP ProtectTools password Set in this HP ProtectTools module Function Password Manager logon password Password Manager This password offers 2 options It can ...

Page 20: ...ances of your password being compromised Use passwords with more than 6 characters preferably more than 8 Mix the case of letters throughout your password Whenever possible mix alphanumeric characters and include special characters and punctuation marks Substitute special characters or numbers for letters in a key word For example you can use the number 1 for letters I or L Combine words from 2 or...

Page 21: ...backup copy of your encryption key which will enable you to access your computer if you forget your password and do not have access to your local backup Use Embedded Security for HP ProtectTools to back up HP ProtectTools credentials Use the Backup and Recovery tool in HP ProtectTools Security Manager as a central location from which you can back up and restore security credentials from installed ...

Page 22: ... the administrative tools The right pane contains the working area for configuring the tools The Administrative Console left pane consists of the following Home Provides easy access to commonly used tasks including enabling security features specifying security credentials and managing users System Manages configuration of system wide security features users and authentication devices such as smar...

Page 23: ...d to set up HP ProtectTools Security Manager Click OK to launch the Security Manager Setup wizard which will guide you through the basic steps in configuring the program NOTE You can also launch the Security Wizard by clicking Security Wizard in the bottom section of the left pane on the Administrative Console Follow the on screen instructions in the Setup Wizard until setup is complete If you do ...

Page 24: ...tion 2 On the Logon tab select a category of user from the drop down list 3 In the Policy section specify the authentication credential s required for the selected category of user by clicking the check box or boxes next to the listed credentials You must specify at least one credential 4 In the Policy section drop down list choose whether ANY only one of the specified credentials are required or ...

Page 25: ...Manager and against the credentials required to meet those policies To view the policies in force for a specific user select the user from the list and click the View Policies button To supervise a users while they enroll credentials select the user from the list and click the Enroll button Adding a user This process adds users to the Drive Encryption logon list Before you add a user that user mus...

Page 26: ...thin the Device application you can configure the computer to automatically lock when a smart card is removed However the computer will lock only if the smart card was used as an authentication credential when logging on to Windows 1 Click Start click All Programs click HP and then click HP ProtectTools Administrative Console 2 In the Administrative Console left pane expand Devices and then click ...

Page 27: ...lick on the Setup Wizard in the Administrative Console For more information on using Drive Encryption for HP ProtectTools refer to Drive Encryption for HP ProtectTools on page 29 Managing Device Access Device Access Manager for HP ProtectTools provides advanced security options to selectively disallow various types of devices that can compromise the security of your PC For more information on usin...

Page 28: ...log in using any one of the configured security login methods when the computer is first turned on This action logs the user in to Windows If the HP Drive Encryption and the HP Password Manager levels of security have been configured and all security login methods are required users must log in using all of the configured methods when the HP Drive Encryption login screen opens This action logs the...

Page 29: ...uicker than doing it through the Windows Control panel To change your Windows password 1 In HP ProtectTools Security Manager click Credentials in the left pane 2 Click Windows Password 3 Type your current password in the Current Windows password box 4 Type your new password in the New Windows password and Confirm new password boxes 5 Click Change Setting up a Smart Card Smart Card is an integrated...

Page 30: ...rs can register the card as an authentication method in the Administrative Console or users can register it in Security Manager To register the Smart Card in the Administrative Console 1 In the Administrative Console click the Setup Wizard in the lower left corner 2 In the Welcome screen click Next and enter your Windows password 3 In the SpareKey window click Skip SpareKey Setup unless you want t...

Page 31: ...ick Drive Encryption Encryption Status The Encryption Status page shows if drive encryption is active or inactive and which drives are encrypted or not encrypted Viewing device access Device Access is set up by the Windows Administrator in the Administrative Console Users can view their device access setting in Security Manager To view device access settings 1 Click Start click All Programs click ...

Page 32: ...k Preferences 3 Check or uncheck the Show icon on the taskbar check box and click Apply Backup and Restore It is a good practice to backup your Security Manager data on a regular basis How often you back it up depends on how often the data changes For instance if you regularly add new logons on a daily basis you should probably back up your data daily Backups can also be used to migrate from one c...

Page 33: ... previously created through Security Manager s Backup and Restore feature To restore your data 1 Click Start click All Programs click HP and then click HP ProtectTools Security Manager 2 In the Security Manager left pane click Advanced and then click Backup and Restore 3 Click Restore data 4 Enter the path and name for the storage file or click Browse and select the file 5 Enter the password used ...

Page 34: ...r name and or picture 1 Click on the upper left section of Security Manager with your user name and picture 2 To change your user name type a name in the Windows user name box 3 To change your picture click the Choose Picture button and browse to select a picture 4 Click the Save button to save your changes 24 Chapter 3 HP ProtectTools Security Manager ENWW ...

Page 35: ... whether any of your passwords are a security risk and can automatically generate a strong complex password to use for new sites With Password Manager you can also view your logons including your passwords and edit them at any time Many Password Manager features are also available from the Password Manager icon that displays whenever the focus is on the logon screen of a program that has been set ...

Page 36: ...for displaying this dialog are available such as selecting Add Logon from the Password Manager Manage tab Some options depend on the security devices connected to the computer for example using the Ctrl H Hot Key or inserting a smart card Click the arrows to the right of a logon field to populate it with one of several preformatted choices Optionally click Choose other fields to add additional fie...

Page 37: ...gon it is automatically added to your Password Manager Logons menu To display the Logons menu press the Password Manager Hot Key combination Ctrl Win H is the default but you can change the Hot Key combination from Password Manager Windows password green arrow Settings Organizing logons into categories Use categories to keep your logons in order It s a simple matter of creating one or more categor...

Page 38: ...tity Password Manager makes monitoring and improving your security easy with instant and automated analysis of the strength of each of the passwords used to log on to your to websites and programs You can check the strength of the passwords you use for your logons on the Password Manager Password Strength tab Password Manager Icon settings Password Manager attempts to identify logon screens for we...

Page 39: ...nly NOTE Drive Encryption is not supported on 64 bit operating systems when configured with RAID on systems that use an AMD processor Drive Encryption Allows you to encrypt everything on your internal hard drives Gives you easy password access and pre boot authentication Supports Microsoft Windows XP Windows Vista and Windows 7 Makes use of the Trusted Platform Module TPM embedded security chip if...

Page 40: ...PIN 2 Click OK NOTE If you use a recovery key to log in at the Drive Encryption logon screen you will also be prompted to select your Windows user name and type your password at the Windows logon screen Advanced tasks Managing Drive Encryption administrator task The Drive Encryption window allows Windows administrators to view and change the status of Drive Encryption active or inactive and to vie...

Page 41: ...rogress Backup and recovery administrator task The Drive Encryption Backup and Recovery window allows Windows administrators to back up and recover encryption keys Creating backup keys CAUTION Be sure to keep the storage device containing the backup key in a safe place because if you forget your password or lose your Smart Card this device provides your only access to your hard drive 1 In the Admi...

Page 42: ...urely and then click Certificate Manager or Trusted Contact Manager or On the toolbar of a Microsoft Office document click the down arrow next to Sign and Encrypt and then click Certificate Manager or Trusted Contact Manager Setup procedures Managing Privacy Manager Certificates Manager Certificates protect data and messages using a cryptographic technology called public key infrastructure PKI PKI...

Page 43: ...d click the Setup button in the lower right corner of the message 2 Authenticate using your chosen security logon method 3 On the Certificate Installed page click Next 4 On the Certificate Backup page enter a location and name for the backup file or click Browse to search for a location CAUTION Be sure that you save the file to a location other than your hard drive and put it in a safe place This ...

Page 44: ...Manager 2 Click the Privacy Manager Certificate that you want to use as the default and then click Set default 3 Click OK NOTE You are not required to use your default Privacy Manager Certificate From within the various Privacy Manager functions you can select any of your Privacy Manager Certificates to use Deleting a Privacy Manager Certificate If you delete a Privacy Manager Certificate you cann...

Page 45: ...d then click Revoke 4 When the confirmation dialog box opens click Yes 5 Authenticate using your chosen security logon method 6 Follow the on screen instructions Managing Trusted Contacts Trusted Contacts are users with whom you have exchanged Privacy Manager Certificates enabling you to securely communicate with one another Adding Trusted Contacts 1 You send an e mail invitation to a Trusted Cont...

Page 46: ...ation to become a Trusted Contact click Accept in the lower right corner of the e mail A dialog box opens confirming that the recipient has been successfully added to your Trusted Contacts list 9 Click OK Adding Trusted Contacts using your Microsoft Outlook address book 1 In the Security Manager left pane expand Privacy Manager click Trusted Contacts and then click the Invite Contacts button or In...

Page 47: ...ed Contact 1 In the Security Manager left pane expand Privacy Manager and click Trusted Contacts Manager 2 Click the Trusted Contact you want to delete 3 Click Delete contact 4 When the confirmation dialog box opens click Yes Checking revocation status for a Trusted Contact 1 In the Security Manager left pane expand Privacy Manager and click Trusted Contacts Manager 2 Click a Trusted Contact 3 Cli...

Page 48: ...ing sign the document again Adding a signature line when signing a Microsoft Word or Microsoft Excel document Privacy Manager allows you to add a signature line when you sign a Microsoft Word or Microsoft Excel document 1 In Microsoft Word or Microsoft Excel create and save a document 2 Click the Home menu 3 Click the down arrow next to Sign and Encrypt and then click Add Signature Line Before Sig...

Page 49: ...itle in the signature line even if the suggested signer s document settings are configured to do so 8 Click OK Adding a suggested signer s signature line When suggested signers open the document they will see their name in brackets indicating that their signature is required To sign the document 1 Double click the appropriate signature line 2 Authenticate using your chosen security logon method Th...

Page 50: ...at you encrypt the e mail when attaching a signed or encrypted Microsoft Office document To send a sealed e mail with an attached signed and or encrypted Microsoft Office document follow these steps 1 In Microsoft Outlook click New or Reply 2 Type your e mail message 3 Attach the Microsoft Office document 4 Refer to Sealing and sending an e mail message for further instructions Viewing a signed Mi...

Page 51: ...g and sending an e mail message 1 In Microsoft Outlook click New or Reply 2 Type your e mail message 3 Click the down arrow next to Send Securely and then click Sign and Send 4 Authenticate using your chosen security logon method Sealing and sending an e mail message Sealed e mail messages that are digitally signed and sealed encrypted can only be viewed by people you choose from your Trusted Cont...

Page 52: ...Migration File page enter a file name or click Browse to search for a location and then click Next 5 Enter and confirm a password and then click Next NOTE Store this password in a safe place because you will need it when you import the migration file 6 Authenticate using your chosen security logon method 7 On the Migration File Saved page click Finish Importing Privacy Manager Certificates and Tru...

Page 53: ...ile which allows you to specify the number of shred cycles which assets to include for shredding which assets to confirm before shredding and which assets to exclude from shredding You can set up an automatic shred schedule and you can also manually shred assets whenever you want About free space bleaching Free space bleaching allows you to securely write random data over deleted assets preventing...

Page 54: ... No option must be selected quickly because Windows will close the software in preparation for shutting down and produce an error If you select No in order to continue shredding Windows may produce an error screen indicating that File Sanitizer is not responding Allow File Sanitizer to complete the shred then initiate the shutdown again Web browser open Choose this option to shred all selected Web...

Page 55: ...redding may take a significant length of time however the higher the number of shred cycles you specify the more secure the computer is 3 Select the assets you want to shred a Under Available shred options click an asset and then click Add b To add a custom asset click Add Custom Option enter or browse to a file name or folder name and then click OK Click the custom asset and then click Add NOTE T...

Page 56: ...mple delete profile click Apply General tasks Using a key sequence to initiate shredding To specify a key sequence follow these steps 1 In the Security Manager left pane expand File Sanitizer and click Shred 2 Select the Key sequence check box 3 Enter a character in the available box and then select the CTRL ALT or SHIFT box or select all three For example to initiate automatic shredding using the...

Page 57: ...e Browse button 3 When the Browse dialog box opens navigate to the asset you want to shred and then click Open 4 When the confirmation dialog box opens click Yes Manually shredding all selected items 1 Right click the HP ProtectTools icon in the notification area at the far right of the taskbar highlight File Sanitizer and then click Shred Now 2 When the confirmation dialog box opens click Yes or ...

Page 58: ... Each time a shred or free space bleaching operation is performed log files of any errors or failures are generated The log files are always updated according to the latest shred or free space bleaching operation NOTE Files that are successfully shredded or bleached do not appear in the log files One log file is created for shred operations and another log file is created for free space bleaching ...

Page 59: ...le Drive Encryption for HP ProtectTools can use the embedded chip as an authentication factor when the user logs on to Windows Setup procedures CAUTION To reduce security risk it is highly recommended that your IT administrator immediately initialize the embedded security chip Failure to initialize the embedded security chip could result in an unauthorized user a computer worm or a virus taking ow...

Page 60: ...otected storage area that allows reencryption of the Basic User Keys for all users To initialize the embedded security chip 1 Right click the HP ProtectTools Security Manager icon in the notification area at the far right of the taskbar and then select Embedded Security Initialization The HP ProtectTools Embedded Security Initialization Wizard opens 2 Follow the on screen instructions Setting up t...

Page 61: ...lders on FAT partitions cannot be encrypted System files and compressed files cannot be encrypted and encrypted files cannot be compressed Temporary folders should be encrypted because they are potentially of interest to hackers A recovery policy is automatically set up when you encrypt a file or folder for the first time This policy ensures that if you lose your encryption certificates and privat...

Page 62: ...hen click Backup 3 In the right pane click Restore all The HP Embedded Security for HP ProtectTools Backup Wizard opens 4 Follow the on screen instructions Changing the owner password To change the owner password 1 Click Start click All Programs click HP and then click HP ProtectTools Security Manager 2 In the left pane click Embedded Security and then click Advanced 3 In the right pane under Owne...

Page 63: ...opens a dialog box to ask if you would you like to start the background service Click Yes to start the background service and set it to start automatically whenever the system boots Simple configuration Device Access Manager creates a new User Group during initialization called Device Administrators for accessing or exploring devices as an administrator Place users in this group that you want to h...

Page 64: ...eft pane expand Device Access Manager and then click Device Class Configuration 3 In the device list click the device class that you want to configure 4 Click the user or group you want to remove and then click Remove Denying or allowing access to a user or group 1 Click Start click All Programs click HP and then click HP ProtectTools Administrative Console 2 In the left pane expand Device Access ...

Page 65: ... At present JITA is available for the following device classes DVD CD ROM Removable Media This section provides information about the following topics Creating a JITA for a user or group Creating an extendable JITA for a user or group Disabling a JITA for a User or Group Creating a JITA for a user or group Administrators can allow users or group access to devices using just in time authentication ...

Page 66: ...attempts to access the device they will be denied access Advanced Settings The Advanced Setting page provides the following functionality Management of the Device Administrators group Management of drive letters to which the Device Access Manager never denies access The Device Administrators group is used to exclude trusted users trusted in terms of device access from the restrictions imposed by a...

Page 67: ...trace Activation Wizard click the Activate Now button 5 Enter your contact information along with your credit card payment information or enter a pre purchased Product Key The Activation Wizard securely processes the transaction and sets up your user account on the Absolute Software Customer Center website Once complete you receive a confirmation e mail containing your Customer Center account info...

Page 68: ... remotely at the BIOS level bleaching see free space bleaching certification authority Service that issues the certificates required to run a public key infrastructure credentials Method by which a user proves eligibility for a particular task in the authentication process cryptographic service provider CSP Provider or library of cryptographic algorithms that can be used in a well defined interfac...

Page 69: ...from reading that data There are many types of data encryption and they are the basis of network security Common types include Data Encryption Standard and public key encryption free space bleaching The secure writing of random data over deleted assets on the hard drive to distort the contents of the deleted assets making recovery of the data more difficult key sequence A combination of specific k...

Page 70: ...pt button A software button that is displayed on the toolbar of Microsoft Office applications Clicking the button allows you to sign encrypt or removing encryption in a Microsoft Office document signature line A placeholder for the visual display of a digital signature When a document is signed the signer s name and verification method are displayed The signing date and the signer s title can also...

Page 71: ...isk that information on the computer will be compromised by physical theft or an attack by an external hacker trusted sender A Trusted Contact who sends signed and or encrypted e mails and Microsoft Office documents TXT Trusted Execution Technology Hardware and firmware that provides security against attacks on a computer s software and data user Anyone enrolled in Drive Encryption Non administrat...

Page 72: ... activated 30 managing Drive Encryption 30 opening 30 E Embedded Security for HP ProtectTools backup file creating 52 basic user account 50 Basic User Key 50 certification data restoring 52 common use examples 4 enabling TPM chip 49 encrypted e mail 51 encrypting files and folders 51 initializing chip 50 installing 49 migrating keys 52 owner password changing 52 password 9 Personal Secure Drive 51...

Page 73: ...act 36 Adding suggested signers to a Microsoft Word or Microsoft Excel document 38 adding trusted contacts 35 adding trusted contacts using Microsoft Outlook address book 36 checking revocation status for a trusted contact 37 common use examples 5 configuring Privacy Manager for Microsoft Outlook 41 configuring Privacy Manager in a Microsoft Office document 38 deleting a Privacy Manager certificat...

Page 74: ...ods 13 roles 9 setup wizard 13 security setup password 10 shred profile customizing 45 predefined 44 selecting or creating 44 simple delete profile customizing 45 smart card initializing 20 PIN 10 registering 20 setting up 19 T targeted theft protecting against 7 57 TPM chip enabling 49 initializing 50 tracking a computer 57 U unauthorized access preventing 8 W Windows Logon password 10 64 Index E...

Search results

Summary of Contents for 1105

Reviews:

Related manuals for 1105

Brands by name

Popular brands

HP 1105, User Manual

Search results

Summary of Contents for 1105

Reviews:

Related manuals for 1105

Brands by name

Popular brands