HP 6930p - EliteBook - Core 2 Duo 2.8 GHz User Manual Download Page 1

Page: 1 / 108

HP ProtectTools

User Guide

Summary of Contents for 6930p - EliteBook - Core 2 Duo 2.8 GHz

Page 1: ...HP ProtectTools User Guide ...

Page 2: ...ms Inc SD Logo is a trademark of its proprietor The information contained herein is subject to change without notice The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services Nothing herein should be construed as constituting an additional warranty HP shall not be liable for technical or editorial errors or omissions c...

Page 3: ...p procedures 12 Logging on to Credential Manager 12 Using the Credential Manager Logon Wizard 12 Registering credentials 12 Registering fingerprints 12 Setting up the fingerprint reader 13 Using your registered fingerprint to log on to Windows 13 Registering a Smart Card or Token 13 Registering other credentials 14 General tasks 15 Creating a virtual token 15 Changing the Windows logon password 15...

Page 4: ...tion is activated 29 Advanced tasks 30 Managing Drive Encryption administrator task 30 Activating a TPM protected password select models only 30 Encrypting or decrypting individual drives 30 Backup and recovery administrator task 30 Creating backup keys 30 Performing a recovery 31 4 Privacy Manager for HP ProtectTools select models only Opening Privacy Manager 33 Setup procedures 34 Managing Priva...

Page 5: ...etting a free space bleaching schedule 52 General tasks 53 Using a key sequence to initiate shredding 53 Using the File Sanitizer icon 53 Manually shredding one asset 53 Manually shredding all selected items 54 Manually activating free space bleaching 54 Aborting a shred or free space bleaching operation 54 Viewing the log files 55 6 BIOS Configuration for HP ProtectTools General tasks 57 Accessin...

Page 6: ...ice Access Manager for HP ProtectTools select models only Starting background service 77 Simple configuration 78 Device class configuration advanced 79 Adding a user or a group 79 Removing a user or a group 79 Denying access to a user or group 79 Allowing access to a device class for one user of a group 79 Allowing access to a specific device for one user of a group 80 9 Troubleshooting Credential...

Page 7: ... ProtectTools Embedded Security for HP ProtectTools select models only Device Access Manager for HP ProtectTools select models only The software modules available for your computer may vary depending on your model For example Embedded Security for HP ProtectTools is available only for computers on which the Trusted Platform Module TPM embedded security chip is installed HP ProtectTools software mo...

Page 8: ...cess the data Privacy Manager for HP ProtectTools select models only Privacy Manager utilizes advanced logon techniques to verify the source integrity and security of communication when using e mail Microsoft Office documents or instant messaging IM File Sanitizer for HP ProtectTools File Sanitizer allows you to securely shred digital assets sensitive information including application files histor...

Page 9: ...mbedded Security supports third party applications such as Microsoft Outlook and Internet Explorer for protected digital certificate operations Device Access Manager for HP ProtectTools select models only Device Access Manager allows IT managers to control access to devices based on user profiles Device Access Manager prevents unauthorized users from removing data using external storage media and ...

Page 10: ...ProtectTools Security Manager NOTE If you are not an HP ProtectTools administrator you can run HP ProtectTools in nonadministrator mode to view information but you cannot make changes 2 In the left pane click HP ProtectTools and then click Getting Started 3 Click the Security Manager Setup button located directly below the HP ProtectTools shield icon to launch the Security Manager Wizard The follo...

Page 11: ... setup wizard to configure their security logon methods NOTE To access each HP ProtectTools module to set up more powerful features click the module name NOTE After you have configured the Credential Manager module you can also open HP ProtectTools by logging on to Credential Manager directly from the Windows logon screen For more information refer to Logging on to Windows with Credential Manager ...

Page 12: ...ecurity for HP ProtectTools module encrypts sensitive data to help ensure it cannot be accessed without authentication See the following procedures Embedded Security Setup procedures on page 68 Using the Personal Secure Drive on page 71 Restricting access to sensitive data Suppose a contract auditor is working onsite and has been given computer access to review sensitive financial data you do not ...

Page 13: ...to writeable devices so sensitive information cannot be copied from the hard drive See Simple configuration on page 78 The Personal Secure Drive feature encrypts sensitive data to help ensure it cannot be accessed without authentication using the following procedures Embedded Security Setup procedures on page 68 Using the Personal Secure Drive on page 71 Creating strong password policies If a mand...

Page 14: ...system the user can set the Java Card PIN and use the card for authentication Managing HP ProtectTools passwords Most of the HP ProtectTools Security Manager features are secured by passwords The following table lists the commonly used passwords the software module where the password is set and the password function The passwords that are set and used by IT administrators only are indicated in thi...

Page 15: ...d contents and authenticates users of the Java Card When used for power on authentication the Java Card PIN also protects access to the Computer Setup utility and to the computer contents Authenticates users of Drive Encryption if the Java Card token is selected Computer Setup password NOTE Also known as BIOS administrator f10 Setup or Security Setup password BIOS Configuration by IT administrator...

Page 16: ...sword that would appear in a dictionary Do not use your name for the password or any other personal information such as birth date pet names or mother s maiden name even if you spell it backwards Change passwords regularly You might change only a couple of characters that increment If you write down your password do not store it in a commonly visible place very close to the computer Do not save th...

Page 17: ...rd or biometric reader to log on to Windows For additional information refer to Registering credentials on page 12 Single Sign On feature that automatically remembers credentials for Web sites applications and protected network resources Support for optional security devices such as Java Cards and biometric readers Support for additional security settings such as requiring authentication using an ...

Page 18: ...n of the registered credentials Using the Credential Manager Logon Wizard To log on to Credential Manager using the Credential Manager Logon Wizard use the following steps 1 Open the Credential Manager Logon Wizard in any of the following ways From the Windows logon screen From the notification area by double clicking the HP ProtectTools Security Manager icon From the Credential Manager page of HP...

Page 19: ...oying the smart chip on a plastic credit platform the smart chip is inserted into a plastic token also known as a USB key The major difference between a smart card and a token is in the access interface A card requires a reader while a token plugs directly into any USB port There is no difference in the core functionality of storing and providing credentials A USB token is used for strong authenti...

Page 20: ...ectTools Security Manager click Credential Manager 2 Click My Identity and then click Register Credentials The Credential Manager Registration Wizard opens 3 Follow the on screen instructions 14 Chapter 2 Credential Manager for HP ProtectTools ...

Page 21: ...rt Card or Token 3 On the Device Type dialog box clickVirtual Token and then click Next 4 Specify the token name and location and click Next A new virtual token can be stored either in a file or in the Windows registry database 5 On the Token Properties dialog box specify the Master PIN and User PIN for the newly created virtual token select Register smart card or token for authentication and then...

Page 22: ...u want to change the PIN and then click Next 5 Follow the on screen instructions to complete the PIN change NOTE If you enter the incorrect PIN for the token several times in sequence the token gets locked out You will be unable to use this token until you unlock it 16 Chapter 2 Credential Manager for HP ProtectTools ...

Page 23: ...the computer Using Windows Logon You can use Credential Manager to log on to Windows either at a local computer or on a network domain When you log on to Credential Manager for the first time the system automatically adds your local Windows user account as the account for the Windows Logon service Logging on to Windows with Credential Manager You can use Credential Manager to log on to a Windows n...

Page 24: ...h a Java Card a fingerprint reader or a token before logging on to a secure site or program This is particularly useful when logging on to programs or Web sites that contain personal information such as bank account numbers For more information refer to Configuring Credential Manager settings on page 24 Registering a new application Credential Manager prompts you to register any application that y...

Page 25: ...d then click Properties 4 Click the General tab to modify the application name and description Change the settings by selecting or clearing the check boxes next to the appropriate settings 5 Click the Script tab to view and edit the SSO application script 6 Click OK Removing an application from Single Sign On 1 In HP ProtectTools Security Manager click Credential Manager and then click Services an...

Page 26: ...e 2 Click Manage Applications Credentials The Credential Manager Single Sign On dialog box is displayed 3 Click the application entry you want to import and then click More 4 Follow the on screen instructions to complete the import 5 Click OK Modifying credentials 1 In HP ProtectTools Security Manager click Credential Manager and then click Services and Applications 2 Click Manage Applications Cre...

Page 27: ...anage NOTE If the category is not Everyone you may need to select Override default settings to override the settings for the Everyone category 4 Click Add The Add a Program Wizard opens 5 Follow the on screen instructions Removing protection from an application To remove restrictions from an application 1 In HP ProtectTools Security Manager click Credential Manager in the left pane 2 Click Service...

Page 28: ... that application opens 4 Click the General tab Select one of the following settings Disabled Cannot be used Enabled Can be used without restrictions Restricted Usage depends on settings 5 When you select Restricted the following settings are available a If you want to restrict usage based on time day or date click the Schedule tab and configure the settings b If you want to restrict usage based o...

Page 29: ...the category list 5 Select the authentication methods you want to use 6 Choose the combination of methods by clicking one of the following selections Use ALL of the methods above Users will have to authenticate with all of the methods you checked each time they log on Use ANY of the methods above Users will be able to choose any of the selected methods each time they log on 7 Click Apply and then ...

Page 30: ...tions Allows you to view the available services and modify the settings for those services Security Allows you to select the fingerprint reader software and adjust the security level of the fingerprint reader Smart Cards and Tokens Allows you to view and modify properties for all available Java Cards and tokens To modify Credential Manager settings 1 In HP ProtectTools Security Manager click Crede...

Page 31: ...NOTE Selecting the Use Credential Manager with classic logon prompt check box allows you to lock your computer See Locking the computer workstation on page 17 Advanced tasks administrator only 25 ...

Page 32: ... Manager click Credential Manager and then click Settings 2 Click the Single Sign On tab 3 Under When registered logon dialog or Web page is visited select the Authenticate user before submitting credentials check box 4 Click Apply and then click OK 5 Restart the computer 26 Chapter 2 Credential Manager for HP ProtectTools ...

Page 33: ...e Encryption module you must first decrypt all encrypted drives If you do not you will not be able to access the data on encrypted drives unless you have registered with the Drive Encryption recovery service Reinstalling the Drive Encryption module will not enable you to access the encrypted drives 27 ...

Page 34: ...Opening Drive Encryption 1 Click Start click All Programs and then click HP ProtectTools Security Manager for Administrators 2 Click Drive Encryption 28 Chapter 3 Drive Encryption for HP ProtectTools select models only ...

Page 35: ...t log in at the Drive Encryption logon screen NOTE If the Windows administrator has enabled Pre boot Security in the HP ProtectTools Security Manager you will log in to the computer immediately after the computer is turned on rather than at the Drive Encryption logon screen 1 Select your user name and then type your Windows password or Java Card PIN or swipe a registered finger 2 Click OK NOTE If ...

Page 36: ...ar the check box next to each hard drive you want to encrypt or decrypt and then click OK NOTE When the drive is being encrypted or decrypted the progress bar shows the time remaining to complete the process during the current session If the computer is shut down or initiates Sleep or Hibernation during the encryption process and then restarts the Time Remaining display resets to the beginning but...

Page 37: ...P ProtectTools logon dialog box opens click Cancel 4 Click Options in the lower left corner of the screen and then click Recovery 5 Click Local recovery and then click Next 6 Select the file that contains your backup key or click Browse to search for it and then click Next 7 When the confirmation dialog box opens click OK The recovery process is completed and your computer starts NOTE It is highly...

Page 38: ...n using e mail Microsoft Office documents or instant messaging IM Privacy Manager leverages the security infrastructure provided by HP ProtectTools Security Manager which includes the following security logon methods Fingerprint authentication Windows password HP ProtectTools Java Card You may use any of the above security logon methods in Privacy Manager 32 Chapter 4 Privacy Manager for HP Protec...

Page 39: ...he far right of the taskbar click Privacy Manager Sign and Chat and then click Configuration or On the toolbar of a Microsoft Outlook e mail message click the down arrow next to Send Securely and then click Certificate Manager or Trusted Contact Manager or On the toolbar of a Microsoft Office document click the down arrow next to Sign and Encrypt and then click Certificate Manager or Trusted Conta...

Page 40: ...ick Request a Privacy Manager Certificate 3 On the Welcome page read the text and then click Next 4 On the License Agreement page read the license agreement 5 Be sure that the check box next to Check here to accept the terms of this license agreement is selected and then click Next 6 On the Your Certificate Details page enter the required information and then click Next 7 On the Certificate Reques...

Page 41: ...ficate and install it using the same procedures as in Requesting and installing a Privacy Manager Certificate Setting a default Privacy Manager Certificate Only Privacy Manager Certificates are visible from within Privacy Manager even if additional certificates from other certificate authorities are installed on your computer If you have more than one Privacy Manager Certificate on your computer t...

Page 42: ...en click 5 On the Migration File Import page click Finish NOTE Refer to Installing a Privacy Manager Certificate or Exporting Privacy Manager Certificates and Trusted Contacts for more information Revoking your Privacy Manager Certificate If you feel that the security of your Privacy Manager Certificate has been jeopardized you may revoke your own certificate NOTE A revoked Privacy Manager Certifi...

Page 43: ... dialog box opens click the Privacy Manager Certificate you want to use and then click OK 3 When the Trusted Contact Invitation dialog box opens read the text and then click OK An e mail is automatically generated 4 Enter one or more e mail addresses of the recipients you want to add as Trusted Contacts 5 Edit the text and sign your name optional 6 Click Send NOTE If you have not obtained a Privac...

Page 44: ...icate Request Wizard 6 Authenticate using your chosen security logon method NOTE When the e mail is received by the Trusted Contact recipient the recipient must open the e mail and click Accept in the lower right corner of the e mail and then click OK when the confirmation dialog box opens 7 When you receive an e mail response from a recipient accepting the invitation to become a Trusted Contact c...

Page 45: ...ted Contact 1 Open Privacy Manager and click Trusted Contacts Manager 2 Click a Trusted Contact 3 Click the Advanced button The Advanced Trusted Contact Management dialog box opens 4 Click Check Revocation 5 Click Close Setup procedures 39 ...

Page 46: ...Click the down arrow next to Sign and Encrypt and then click Sign Document 3 Authenticate using your chosen security logon method 4 When the confirmation dialog box opens read the text and then click OK If you later decide to edit the document follow these steps 1 Click the Office button in the upper left corner of the screen 2 Click Prepare and then click Mark as Final 3 When the confirmation dia...

Page 47: ...structions to the signer enter a message for this suggested signer NOTE This message will appear in place of a title and is either deleted or replaced by the user s title when the document is signed 6 Select the Show sign date in signature line check box to show the date 7 Select the Show signer s title in signature line check box to show the title NOTE Because the owner of the document assigns su...

Page 48: ...ntents of the document To remove encryption from a Microsoft Office document 1 Open an encrypted Microsoft Word Microsoft Excel or Microsoft PowerPoint document 2 Authenticate using your chosen security logon method 3 Click the Home menu 4 Click the down arrow next to Sign and Encrypt and then click Remove Encryption Sending an encrypted Microsoft Office document You may attach an encrypted Micros...

Page 49: ...nager is installed a Privacy button is displayed on the Microsoft Outlook toolbar and a Send Securely button is displayed on the toolbar of each Microsoft Outlook e mail message Configuring Privacy Manager for Microsoft Outlook 1 Open Privacy Manager click Settings and then click the E mail tab or On the main Microsoft Outlook toolbar click the down arrow next to Privacy and then click Settings or...

Page 50: ... Privacy Manager Chat and then follow the on screen instructions Starting Privacy Manager Chat NOTE In order to use Privacy Manager Chat both parties must have Privacy Manager and a Privacy Manager Certificate installed For details about installing a Privacy Manager Certificate see Requesting and installing a Privacy Manager Certificate on page 5 1 To start Privacy Manager Chat in Windows Live Mes...

Page 51: ... messages shown in the Secure Communications window You can also hide or show individual messages by clicking the message header Are you there Click this button to request authentication from your contact Lock Click this button to close the Privacy Manager Chat window and return to the Chat Entry window To display the Secure Communications window again click Resume the session and then authenticat...

Page 52: ...l Session 2 Authenticate using your chosen security logon method The Contact Screen Names are decrypted 3 Double click the revealed session to view its content NOTE Additional sessions encrypted with the same certificate will show an unlocked icon indicating that you can view them by double clicking any of those sessions without additional authentication Sessions encrypted with a different certifi...

Page 53: ...he display 1 Right click on any column heading and then select Add Remove Columns 2 Select a column heading in the right panel and then click Remove to move it to the left panel Filter displayed sessions A list of sessions for all of your accounts is displayed in the Chat History Viewer Displaying sessions for a specific account In the Chat History Viewer select an account from the Display history...

Page 54: ... 4 On the Migration File page enter a file name or click Browse to search for a location and then click Next 5 Enter and confirm a password and then click Next NOTE Store this password in a safe place because you will need it when you import the migration file 6 Authenticate using your chosen security logon method 7 On the Migration File Saved page click Finish Importing Privacy Manager Certificat...

Page 55: ...l asset When you choose a shred profile High Security Medium Security or Low Security a predefined list of assets and an erase method are automatically selected for shredding You can also customize a shred profile which allows you to specify the number of shred cycles which assets to include for shredding which assets to confirm before shredding and which assets to exclude from shredding You can s...

Page 56: ...ick Yes to bypass the shred procedure or click No to continue with shredding Web browser open Choose this option to shred all selected Web related assets such as browser URL history when you open a Web browser Web browser quit Choose this option to shred all selected Web related assets such as browser URL history when you close a Web browser Key sequence Select the Key sequence check box enter a k...

Page 57: ...s 3 Select the assets you want to shred a Under Available shred options click an asset and then click Add b To add a custom asset click Add Custom Option Then browse or type the path to a file name or folder and click OK Under Available Shred Options click the custom asset and then click Add NOTE To remove an asset from the available shred options click the asset and then click Delete 4 Under Shre...

Page 58: ... to select the specific assets that you want to exclude from shredding NOTE To remove an asset from the exclusions list click the asset and then click Delete 5 When you finish configuring the simple delete profile click Apply and then click OK Setting a free space bleaching schedule NOTE Free space bleaching is for those assets that you delete using the Windows Recycle Bin or for manually deleted ...

Page 59: ...cannot be recovered Carefully consider which items you select for manual shredding 1 Navigate to the document or folder you want to shred 2 Drag the asset to the File Sanitizer icon on the desktop 3 When the confirmation dialog box opens click Yes Manually shredding one asset CAUTION Shredded assets cannot be recovered Carefully consider which items you select for manual shredding 1 Right click th...

Page 60: ...dialog box opens click Yes Manually activating free space bleaching 1 Right click the HP ProtectTools icon in the notification area at the far right of the taskbar click File Sanitizer and then click Bleach Now 2 When the confirmation dialog box opens click Yes or 1 Open File Sanitizer and click Free Space Bleaching 2 Click Bleach Now 3 When the confirmation dialog box opens click Yes Aborting a s...

Page 61: ...ng operation NOTE Files that are successfully shredded or bleached do not appear in the log files One log file is created for shred operations and another log file is created for free space bleaching operations Both log files are located on the hard drive at C Program Files Hewlett Packard File Sanitizer Username _ShredderLog txt C Program Files Hewlett Packard File Sanitizer Username _DiskBleachL...

Page 62: ... you can accomplish the following objectives Manage administrator passwords Configure other power on authentication features such as embedded security authentication Enable and disable hardware features such as CD ROM boot or hardware ports Configure boot options which includes enabling MultiBoot and changing the boot order NOTE Many of the features in BIOS Configuration for HP ProtectTools are al...

Page 63: ...assword correctly but you are not a BIOS administrator your ability to make changes varies according to the security level settings Refer to Setting system configuration options on page 61 NOTE An HP ProtectTools user may or may not be a BIOS administrator If you enter the Windows password incorrectly you can only view BIOS configuration settings but not change them 4 If you are not an HP ProtectT...

Page 64: ...and then click Apply to save your changes and leave the window open or Make your changes and then click OK to save your changes and close the window 3 Exit and restart the computer Your changes go into effect when the computer restarts NOTE Password changes take effect immediately with no need to restart the computer 58 Chapter 6 BIOS Configuration for HP ProtectTools ...

Page 65: ...er and about batteries in the system Specification information about the processor cache and memory size video version keyboard controller version and system ROM NOTE The File page is for information purposes only None of the displayed information can be modified To view system information Access BIOS Configuration and click File Viewing system information 59 ...

Page 66: ...ck OK to apply the new settings and close the window Security Option Action BIOS Administrator Password NOTE This option may be called Setup Password Click the Set button to set a BIOS administrator password System IDs Option Action Ownership Tag Enter view or change Asset Tracking Number Enter view or change TPM Embedded Security NOTE This feature is supported only on computers equipped with the ...

Page 67: ... required Enable or disable At least one lower case character required Enable or disable Are spaces allowed in password Enable or disable Hard Disk Sanitization Report Option Action Hard Disk Sanitization If hard disk sanitization has been run at least once you can view information about the most recent hard disk sanitization procedures that have been completed on the computer NOTE This option era...

Page 68: ...ect models only Security level options 3 Change the settings as needed 4 Click Apply to apply the new settings to the system and leave the window open or Click OK in the HP ProtectTools Security Manager window to apply the new settings to the system and close the window Language Option Action Language Select a language English Francais Deutsch Espanol Italiano Dansk Nederlands Suomi Japanese Norsk...

Page 69: ...PXE Internal NIC boot Enable or disable Boot Order Set the order in which system devices boot Display Diagnostic URL Enable or disable Device configuration options Option Action USB Legacy Support Enable or disable Parallel port mode Select a parallel port mode standard bidirectional EPP Enhanced Parallel Port or ECP Enhanced Capabilities Port Fan always on while on AC power Enable or disable the ...

Page 70: ...ble Integrated Camera Enable or disable Embedded Bluetooth Device Radio Enable or disable Modem Device Enable or disable Microphone Enable or disable LAN WLAN Switching Enable or disable Wake on LAN Enable or disable the option to turn on the computer remotely from another computer connected to the same network AMT options select models only Option Action Firmware Verbosity Enable or disable AMT S...

Page 71: ...hide Data Execution Prevention Security Level Change view or hide SATA Device Mode Security Level Change view or hide USB Ports Security Level Change view or hide 1394 Port Security Level Change view or hide Express Card Slot Security Level Change view or hide Dual Core CPU Security Level Change view or hide Wake on LAN Security Level Change view or hide Ambient Light Sensor Security Level Change ...

Page 72: ...r hide Custom Logo Policy Change view or hide Unconfigure AMT on next boot Security Level Change view or hide SD Card Boot Security Level Change view or hide HP QuickLook 2 Security Level Change view or hide Wireless Button State Security Level Change view or hide Modem Device Security Level Change view or hide Finger Print reset Security Level Change view or hide HP SpareKey Security Level Change...

Page 73: ...rive PSD for protecting user data Data management functions such as backing up and restoring the key hierarchy Support for third party applications such as Microsoft Outlook and Internet Explorer for protected digital certificate operations when using the Embedded Security software The TPM embedded security chip enhances and enables other HP ProtectTools Security Manager security features For exam...

Page 74: ... security chip 1 Open Computer Setup by turning on or restarting the computer and then pressing f10 while the f10 ROM Based Setup message is displayed in the lower left corner of the screen 2 If you have not set an administrator password use the arrow keys to select Security selectSetup password and then press enter 3 Type your password in the New password and Verify new password boxes and then pr...

Page 75: ...Set up the emergency recovery archive which is a protected storage area that allows reencryption of the Basic User Keys for all users To initialize the embedded security chip 1 Right click the HP ProtectTools Security Manager icon in the notification area at the far right of the taskbar and then select Embedded Security Initialization The HP ProtectTools Embedded Security Initialization Wizard ope...

Page 76: ...zation Wizard is not open clickStart click All Programs and then click HP ProtectTools Security Manager 2 In the left pane click Embedded Security and then click User Settings 3 In the right pane under Embedded Security Features click Configure The Embedded Security User Initialization Wizard opens 4 Follow the on screen instructions NOTE To use secure e mail you must first configure the e mail cl...

Page 77: ...sed Temporary folders should be encrypted because they are potentially of interest to hackers A recovery policy is automatically set up when you encrypt a file or folder for the first time This policy ensures that if you lose your encryption certificates and private keys you will be able to use a recovery agent to decrypt your information To encrypt files and folders 1 Right click the file or fold...

Page 78: ...lick HP ProtectTools Security Manager 2 In the left pane click Embedded Security and then click User Settings 3 In the right pane under Basic User Key password click Change 4 Type the old password and then set and confirm the new password 5 Click OK 72 Chapter 7 Embedded Security for HP ProtectTools select models only ...

Page 79: ...rity and then click Backup 3 In the right pane click Backup The HP Embedded Security for ProtectTools Backup Wizard opens 4 Follow the on screen instructions Restoring certification data from the backup file To restore data from the backup file 1 Click Start click All Programs and then click HP ProtectTools Security Manager 2 In the left pane click Embedded Security and then click Backup 3 In the ...

Page 80: ...Windows restart This option is available to all users by default Permanent disabling With this option the owner password is required to reenable Embedded Security This option is available only to administrators Permanently disabling Embedded Security To permanently disable Embedded Security 1 Click Start click All Programs and then click HP ProtectTools Security Manager 2 In the left pane click Em...

Page 81: ...Migration Wizard Migration is an advanced administrator task that allows the management restoration and transfer of keys and certificates For details on migration refer to the Embedded Security software Help Advanced tasks 75 ...

Page 82: ...tectTools has the following security features that protect against unauthorized access to devices attached to your computer system Device profiles that are created for each user to define device access Device access that can be granted or denied on the basis of group membership 76 Chapter 8 Device Access Manager for HP ProtectTools select models only ...

Page 83: ... service must be running When you first attempt to apply device profiles HP ProtectTools Security Manager opens a dialog box to ask if you would you like to start the background service Click Yes to start the background service and set it to start automatically whenever the system boots Starting background service 77 ...

Page 84: ... All Bluetooth devices All infrared devices All modem devices All PCMCIA devices All 1394 devices To deny access to a class of devices for all non Device Administrators 1 Click Start click All Programs and then click HP ProtectTools Security Manager 2 In the left pane click Device Access Manager and then click Simple Configuration 3 In the right pane select the check box of a device to deny access...

Page 85: ...vice list click the device class that you want to configure 4 Click the user or group you want to remove and then click Remove 5 Click Apply then click OK Denying access to a user or group 1 Click Start click All Programs and then click HP ProtectTools Security Manager 2 In the left pane click Device Access Manager and then click Device Class Configuration 3 In the device list click the device cla...

Page 86: ... then click HP ProtectTools Security Manager 2 In the left pane click Device Access Manager and then click Device Class Configuration 3 In the device list click the device class that you want to configure and then navigate to the folder below that 4 Under User Groups add the group to be denied access 5 Click Deny next to the group to be denied access 6 Navigate to the specific device to be allowed...

Page 87: ...e disabling functionality pattern of Single Sign On For example an in a yellow triangle is observed in Internet Explorer indicating an error has occurred Credential Manager Single Sign On does not support all software Web interfaces Disable Single Sign On support for the specific Web page by turning off Single Sign On support See complete documentation on Single Sign On which is available in the C...

Page 88: ...er is unable to log on to Credential Manager and the Windows logon screen remains displayed no matter which logon credential password fingerprint or Java Card is selected Update Windows to Service Pack 2 via Windows Update Refer to Microsoft knowledge base article 813301 at http www microsoft com for more information on the cause of the issue In order to log on the user must select Credential Mana...

Page 89: ...t logon screen Even though Credential Manager has the virtual token registered the user must reregister the token to restore the association This is currently by design When uninstalling Credential Manager without keeping identities the system server part of the token is destroyed so the token cannot be used anymore for logging on even if the client part of the token is restored through identity r...

Page 90: ...upported only on NTFS and does not function on FAT32 This is a feature of Microsoft EFS and is not related to HP ProtectTools software The user is able to encrypt or delete the recovery archive XML file By design the ACLs for this folder are not set therefore a user can inadvertently or purposely encrypt or delete the file thus making it inaccessible After this file has been encrypted or deleted n...

Page 91: ...anyone with direct access to the system to reset the TPM module and cause possible loss of data This is as designed The Computer Setup f10 Utility password can only be removed by a user who knows the password However HP strongly recommends having the Computer Setup f10 Utility password protected at all times The PSD password box is no longer displayed when the system becomes active after standby s...

Page 92: ... Click Yes to open Embedded Security Administration tool uninstall waits until the Administration tool is closed If the user clicks No in that dialog box the Administration tool does not open at all and uninstall proceeds The Administration tool is used for disabling the TPM chip but that option is not available unless the Basic User Key has already been initialized If it has not been initialized ...

Page 93: ...ger asks if the system can automate the logon to Infineon TPM User Authentication If the user selects Yes the location of SPEmRecToken is automatically displayed in the text box Even though this location is correct the following error message is displayed No Emergency Recovery Token is provided Select the token location the Emergency Recovery Token should be retrieved from Click the Browse button ...

Page 94: ...nd should state a more appropriate message HP is working to enhance this in future products The security system exhibits a restore error with multiple users During the restore process if the administrator selects users to restore the users not selected are not able to restore the keys when trying to restore at a later time A decryption process failed error message is displayed The non selected use...

Page 95: ...cessible Click here if you want to backup to a temporary archive until the Backup Archive is accessible again If the Automatic Backup is scheduled for a specific time however the backup fails without displaying notice of the failure The workaround is to change the NT AUTHORITY SYSTEM to computer name admin name This is the default setting if the Scheduled Task is created manually HP is working to ...

Page 96: ...ce Access Manager and then click Device Class Configuration Expand the levels in the Device Class tree and review the settings applicable to the User Check for any Deny permissions that may be set on the user or any Windows Group of which they may be a member e g Users Administrators Allow or deny which takes precedence Within Device Class Configuration the following configuration has been set The...

Page 97: ... the Embedded Security Software platform and User Initialization Wizard have been configured NOTE A reboot is always recommended after performing a firmware update The firmware version is not identified correctly until after the reboot 1 Reinstall Embedded Security Software 2 Run the Platform and User Configuration Wizard 3 Be sure that the system contains Microsoft NET framework 1 1 installation ...

Page 98: ...assword prompt Only one user can log on to the system after TPM preboot authentication is enabled in BIOS The TPM BIOS PIN is associated with the first user who initializes the user setting If a computer has multiple users the first user is in essence the administrator The first user will have to give his TPM user PIN to other users to use to log on This is functioning as designed HP recommends th...

Page 99: ... the user must type the BIOS password instead of the TPM password at the Power on Authentication window The BIOS asks for both the old and new passwords through Computer Setup after the Owner password is changed The BIOS asks for both the old and new passwords through Computer Setup after the Owner password is changed in Embedded Security Windows software This is as designed This is due to the ina...

Page 100: ...d the BIOS unlocks the hard drive for the user automatic shredding Scheduled shredding that the user sets in File Sanitizer for HP ProtectTools biometric Category of authentication credentials that use a physical feature such as a fingerprint to identify a user BIOS administrator password Computer Setup setup password BIOS profile Group of BIOS configuration settings that can be saved and applied ...

Page 101: ...andard and public key encryption Encryption File System EFS System that encrypts all files and subfolders within the selected folder free space bleaching The secure writing of random data over deleted assets to distort the contents of the deleted asset HP SpareKey Backup copy of drive encryption key identity In the HP ProtectTools Credential Manager a group of credentials and settings that is hand...

Page 102: ...software button that is displayed on the toolbar of Microsoft Office applications Clicking the button allows you to sign encrypt or removing encryption in a Microsoft Office document signature line A placeholder for the visual display of a digital signature When a document is signed the signer s name and verification method are displayed The signing date and the signer s title can also be included...

Page 103: ...t who sends signed and or encrypted e mails and Microsoft Office documents TXT Trusted Execution Technology USB token Security device that stores identifying information about a user Like a Java Card or biometric reader it is used to authenticate the owner to a computer user Anyone enrolled in Drive Encryption Non administrator users have limited rights in Drive Encryption They can only enroll wit...

Page 104: ...g 21 changing application restriction setting 22 credential properties configuring 23 credentials registering 12 fingerprint log on 13 fingerprint reader 13 lock workstation 17 locking computer 17 logging on 12 logon password 8 logon specifications 23 logon wizard 12 recovery file password 8 registering fingerprints 12 registering other credentials 14 registering Smart Card 13 registering token 13...

Page 105: ...ting files and folders 71 F f10 Setup password 9 features HP ProtectTools 2 File Sanitizer setting a shred schedule 50 File Sanitizer for HP ProtectTools aborting a shred or free space bleaching operation 54 free space bleaching 49 manually activating free space bleaching 54 manually shredding all selected items 54 manually shredding one asset 53 opening 50 predefined shred profile 50 setting a fr...

Page 106: ...nager certificate 35 requesting a Privacy Manager certificate 34 restoring a Privacy Manager certificate 36 reveal all sessions 46 reveal sessions for a specific account 46 revoking a Privacy Manager certificate 36 sealing and sending an e mail message 43 search sessions for specific text 46 sending an encrypted Microsoft Office document 42 setting a default Privacy Manager certificate 35 setup pr...

Page 107: ...ions 61 T targeted theft protecting against 6 token Credential Manager 13 TPM chip enabling 68 initializing 69 troubleshooting Credential Manager 81 Device Access Manager 90 Embedded Security 84 miscellaneous 91 U unauthorized access preventing 6 V viewing file options 59 viewing settings 58 virtual token 15 virtual token Credential Manager 13 15 W Windows Logon Credential Manager 17 password 9 In...

Page 108: ......

Search results

Summary of Contents for 6930p - EliteBook - Core 2 Duo 2.8 GHz

Reviews:

Related manuals for 6930p - EliteBook - Core 2 Duo 2.8 GHz

Brands by name

Popular brands

HP 6930p - EliteBook - Core 2 Duo 2.8 GHz, User Manual

Search results

Summary of Contents for 6930p - EliteBook - Core 2 Duo 2.8 GHz

Reviews:

Related manuals for 6930p - EliteBook - Core 2 Duo 2.8 GHz

Brands by name

Popular brands