HP dc5750 - Microtower PC User Manual Download

Page: 1 / 79

ProtectTools

User Guide

Summary of Contents for dc5750 - Microtower PC

Page 1: ...ProtectTools User Guide ...

Page 2: ...ed by its proprietor and used by Hewlett Packard Company under license Java is a US trademark of Sun Microsystems Inc SD Logo is a trademark of its proprietor The information contained herein is subject to change without notice The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services Nothing herein should be construed...

Page 3: ...ools Setup procedures 12 Logging on to Credential Manger 12 Using the Credential Manager Logon Wizard 12 Logging on for the first time 13 Registering credentials 13 Registering fingerprints 13 Setting up the fingerprint reader 14 Using your registered fingerprint to log on to Windows 14 Registering a Java Card USB eToken or virtual token 14 Registering a USB eToken 14 Registering other credentials...

Page 4: ...rotectTools Setup procedures 28 Enabling the embedded security chip 28 Initializing the embedded security chip 29 Setting up the basic user account 30 General tasks 31 Using the Personal Secure Drive 31 Encrypting files and folders 31 Sending and receiving encrypted e mail 31 Changing the Basic User Key password 32 Advanced tasks 33 Backing up and restoring 33 Creating a backup file 33 Restoring c...

Page 5: ...ng DriveLock hard drive protection 48 Using DriveLock 48 DriveLock Applications 48 Managing Computer Setup passwords 49 Setting the power on password 49 Changing the power on password 49 Setting the setup password 49 Changing the setup password 50 Setting password options 50 Enabling and disabling stringent security 50 Enabling and disabling power on authentication on Windows restart 50 6 Drive En...

Page 6: ...vi ENWW ...

Page 7: ... HP ProtectTools Drive Encryption for HP ProtectTools The software modules available for your computer may vary depending on your model For example Embedded Security for HP ProtectTools is available only for computers on which the Trusted Platform Module TPM embedded security chip is installed HP ProtectTools software modules may be preinstalled preloaded or available for download from the HP Web ...

Page 8: ...bedded Security allows creation of a personal secure drive PSD for protecting user data Embedded Security supports third party applications such as Microsoft Outlook and Internet Explorer for protected digital certificate operations Java Card Security for HP ProtectTools Java Card Security configures the HP ProtectTools Java Card for user authentication before the operating system loads Java Card ...

Page 9: ...ProtectTools Security Manager NOTE After you have configured the Credential Manager module you can also open HP ProtectTools by logging on to Credential Manager directly from the Windows logon screen For more information refer to Logging on to Windows with Credential Manager on page 17 ENWW Accessing HP ProtectTools Security 3 ...

Page 10: ...the hard drive is removed and installed into an unsecured system See Enabling and disabling DriveLock hard drive protection on page 48 The Personal Secure Drive feature provided by the Embedded Security for HP ProtectTools module encrypts sensitive data to help ensure it cannot be accessed without authentication See the following procedures Embedded Security Setup procedures on page 28 Using the P...

Page 11: ...annot get passwords or access to password protected applications Credential Manager Setup procedures on page 12 Using Single Sign On on page 18 The Personal Secure Drive feature encrypts sensitive data to help ensure it cannot be accessed without authentication using the following procedures Embedded Security Setup procedures on page 28 Using the Personal Secure Drive on page 31 Creating strong pa...

Page 12: ...of the HP ProtectTools Security Manager features are secured by passwords The following table lists the commonly used passwords the software module where the password is set and the password function The passwords that are set and used by IT administrators only are indicated in this table as well All other passwords may be set by regular users or administrators HP ProtectTools password Set in this...

Page 13: ...cts access to the Computer Setup utility and to the computer contents Authenticates users of Drive Encryption if the Java Card token is selected Computer Setup password NOTE Also known as BIOS administrator F10 Setup or Security Setup password BIOS Configuration by IT administrator Protects access to the Computer Setup utility Power on password BIOS Configuration Protects access to the computer co...

Page 14: ...couple of characters that increment If you write down your password do not store it in a commonly visible place very close to the computer Do not save the password in a file such as an e mail on the computer Do not share accounts or tell anyone your password HP ProtectTools Backup and Restore HP ProtectTools Backup and Restore provides a convenient and quick way to back up and restore credentials ...

Page 15: ...ools Security Manager 2 In the left pane click HP ProtectTools and then click Backup and Restore 3 In the right pane click Schedule Backups 4 On the Task tab select the Enabled check box to enable scheduled backups 5 Click Set Password and type and confirm your password in the Set Password dialog box Click OK 6 Click Apply Click the Schedule tab Click the Schedule Task arrow and select the automat...

Page 16: ...Select Start All Programs HP ProtectTools Security Manager 2 In the left pane click HP ProtectTools and then click Settings 3 In the right pane select your settings and then click OK 10 Chapter 1 Introduction to security ENWW ...

Page 17: ...or biometric reader to log on to Windows For additional information refer to Registering credentials on page 13 Single Sign On feature that automatically remembers credentials for Web sites applications and protected network resources Support for optional security devices such as Java Cards and biometric readers Support for additional security settings such as requiring authentication using an opt...

Page 18: ...ential Manager you can register additional credentials such as a fingerprint or a Java Card For additional information refer to Registering credentials on page 13 At the next logon you can select the logon policy and use any combination of the registered credentials Using the Credential Manager Logon Wizard To log on to Credential Manger using the Credential Manager Logon Wizard use the following ...

Page 19: ...r and then click Log On in the upper right corner of the right pane The Credential Manager Logon Wizard opens 3 Type your Windows password in the Password box and then click Next Registering credentials You can use the My Identity page to register your various authentication methods or credentials After they have been registered you can use these methods to log on to Credential Manager Registering...

Page 20: ...ter a virtual token as described in Creating a virtual token on page 15 1 Select Start All Programs HP ProtectTools Security Manager 2 In the left pane click Credential Manager 3 In the right pane click Register Smart Card or Token The Credential Manager Registration Wizard opens 4 Follow the on screen instructions Registering a USB eToken 1 Be sure that the USB eToken drivers are installed NOTE R...

Page 21: ... All Programs HP ProtectTools Security Manager 2 In the left pane click Credential Manager 3 In the right pane click Virtual Token The Credential Manager Registration Wizard opens NOTE If Virtual Token is not an option use the procedure for Registering other credentials on page 14 4 Follow the on screen instructions Changing the Windows logon password 1 Select Start All Programs HP ProtectTools Se...

Page 22: ...ect Start All Programs HP ProtectTools Security Manager 2 In the left pane click Credential Manager 3 In the right pane click Clear Identity for this Account 4 Click Yes in the confirmation dialog box Your identity is logged off and removed from the system 16 Chapter 2 Credential Manager for HP ProtectTools ENWW ...

Page 23: ...uter or on a network domain When you log on to Credential Manager for the first time the system automatically adds your local Windows user account as the account for the Windows Logon service Logging on to Windows with Credential Manager You can use Credential Manager to log on to a Windows network or local account 1 If you have registered your fingerprint to log on to Windows swipe your finger to...

Page 24: ...validate your authentication credentials with a Java Card a fingerprint reader or a token before logging on to a secure site or program This is particularly useful when logging on to programs or Web sites that contain personal information such as bank account numbers For more information refer to Configuring Credential Manager settings on page 25 Registering a new application Credential Manager pr...

Page 25: ...n script 7 Click OK Removing an application from Single Sign On 1 Select Start All Programs HP ProtectTools Security Manager 2 In the left pane click Credential Manager and then click Services and Applications 3 In the right pane under Single Sign On click Manage Applications and Credentials 4 Click the application entry you want to remove and then click Remove 5 Click Yes in the confirmation dial...

Page 26: ...lick Credential Manager and then click Services and Applications 3 In the right pane under Single Sign On click Manage Applications and Credentials 4 Click the application entry you want to modify and then click More 5 Select any of the following options Applications Add New Remove Properties Import Script Export Script Credentials Create New View Password NOTE You must authenticate your identity ...

Page 27: ...ice dialog box opens 4 Select a category of user whose access you want to manage NOTE If the category is not Everyone you may need to click Override default settings to override the settings for the Everyone category 5 Click the application entry you want to remove and then click Remove 6 Click OK Changing restriction settings for a protected application 1 Select Start All Programs HP ProtectTools...

Page 28: ...on time day or date click the Schedule tab and configure the settings b If you want to restrict usage based on inactivity click the Advanced tab and select the period of inactivity 8 Click OK to close the application Properties dialog box 9 Click OK 22 Chapter 2 Credential Manager for HP ProtectTools ENWW ...

Page 29: ...nd administrators log on On the Authentication and Credentials page you can specify which type or combination of credentials are required of either users or administrators To specify how users or administrators log on 1 Select Start All Programs HP ProtectTools Security Manager 2 In the left pane click Credential Manager and then click Authentication and Credentials 3 In the right pane click the A...

Page 30: ...se OR to require one of two or more authentication methods Users will be able to choose any of the selected methods each time they log on 9 Click OK 10 Click Apply and then click OK Configuring credential properties On the Credentials tab of the Authentication and Credentials page you can view the list of available authentication methods and modify the settings To configure the credentials 1 Selec...

Page 31: ...tial Manager settings 1 Select Start All Programs HP ProtectTools Security Manager 2 In the left pane click Credential Manager and then click Settings 3 In the right pane click the appropriate tab for the settings you want to modify 4 Follow the on screen instructions to modify the settings 5 Click Apply and then click OK Example 1 Using the Advanced Settings page to allow Windows logon from Crede...

Page 32: ...2 In the left pane click Credential Manager and then click Settings 3 In the right pane click the Single Sign On tab 4 Under When registered logon dialog or Web page is visited select the Authenticate user before submitting credentials check box 5 Click Apply and then click OK 6 Restart the computer 26 Chapter 2 Credential Manager for HP ProtectTools ENWW ...

Page 33: ... protecting user data Data management functions such as backing up and restoring the key hierarchy Support for third party applications such as Microsoft Outlook and Internet Explorer for protected digital certificate operations when using the Embedded Security software The TPM embedded security chip enhances and enables other HP ProtectTools Security Manager security features For example Credenti...

Page 34: ...le the embedded security chip 1 Open Computer Setup by turning on or restarting the computer and then pressing F10 while the F10 ROM Based Setup message is displayed in the lower left corner of the screen 2 If you have not set an administrator password use the arrow keys to select Security Setup password and then press enter 3 Type your password in the New password and Verify new password boxes an...

Page 35: ... up the emergency recovery archive which is a protected storage area that allows reencryption of the Basic User Keys for all users To initialize the embedded security chip 1 Right click the HP ProtectTools Security Manager icon in the notification area at the far right of the taskbar and then select Embedded Security Initialization The HP ProtectTools Embedded Security Initialization Wizard opens ...

Page 36: ...ity User Initialization Wizard is not open select Start All Programs HP ProtectTools Security Manager 2 In the left pane click Embedded Security and then click User Settings 3 In the right pane under Embedded Security Features click Configure The Embedded Security User Initialization Wizard opens 4 Follow the on screen instructions NOTE To use secure e mail you must first configure the e mail clie...

Page 37: ...ressed Temporary folders should be encrypted because they are potentially of interest to hackers A recovery policy is automatically set up when you encrypt a file or folder for the first time This policy ensures that if you lose your encryption certificates and private keys you will be able to use a recovery agent to decrypt your information To encrypt files and folders 1 Right click the file or f...

Page 38: ...s HP ProtectTools Security Manager 2 In the left pane click Embedded Security and then click User Settings 3 In the right pane under Basic User Key password click Change 4 Type the old password and then set and confirm the new password 5 Click OK 32 Chapter 3 Embedded Security for HP ProtectTools ENWW ...

Page 39: ...ick Embedded Security and then click Backup 3 In the right pane click Backup The Embedded Security Backup Wizard opens 4 Follow the on screen instructions Restoring certification data from the backup file To restore data from the backup file 1 Select Start All Programs HP ProtectTools Security Manager 2 In the left pane click Embedded Security and then click Backup 3 In the right pane click Restor...

Page 40: ...ly reenabled on Windows restart This option is available to all users by default Permanent disabling With this option the owner password is required to reenable Embedded Security This option is available only to administrators Permanently disabling Embedded Security To permanently disable Embedded Security 1 Select Start All Programs HP ProtectTools Security Manager 2 In the left pane click Embedd...

Page 41: ...igration Wizard Migration is an advanced administrator task that allows the management restoration and transfer of keys and certificates For details on migration refer to the Embedded Security online Help ENWW Advanced tasks 35 ...

Page 42: ...he following tasks Access Java Card Security features Work with the Computer Setup utility to enable Java Card authentication in a power on environment Configure separate Java Cards for an administrator and a user A user must insert the Java Card and type a PIN before the operating system will load Set and change the PIN used to authenticate users of the Java Card 36 Chapter 4 Java Card Security f...

Page 43: ... click Change 5 In the Change PIN dialog box type the current PIN in the Current PIN box 6 Type a new PIN in the New PIN box and then type the PIN again in the Confirm New PIN box 7 Click OK Selecting the card reader Be sure that the correct card reader is selected in Java Card Security before using the Java Card If the correct reader is not selected some of the features may be unavailable or inco...

Page 44: ...Java Card before it can be used in Java Card Security To assign a Java Card PIN NOTE The Java Card PIN must be between 4 and 8 numeric characters 1 Select Start All Programs HP ProtectTools Security Manager 2 In the left pane click Java Card Security and then click Advanced 3 Insert a new Java Card into the card reader 4 When the New Card dialog box opens type a new name in the New display name bo...

Page 45: ...me click Change 5 Type a name for the Java Card in the Name box 6 Type the current Java Card PIN in the PIN box 7 Click OK Setting power on authentication When enabled power on authentication requires you to use a Java Card to start the computer The process of enabling Java Card power on authentication involves the following steps 1 Enable Java Card power on authentication support in BIOS Configur...

Page 46: ... have DriveLock enabled a Click Make Java card identity unique or Click Make the Java card identity the same as the DriveLock password NOTE If DriveLock is enabled on the computer you can set the Java Card identity to be the same as the DriveLock user password which allows you to validate both DriveLock and the Java Card using only the Java Card when starting the computer b If applicable type your...

Page 47: ... click Create next to User card identity 5 Type a PIN for the user Java Card and then click OK Disabling Java Card power on authentication When you disable Java Card power on authentication the use of the Java Card is no longer needed to access the computer 1 Select Start All Programs HP ProtectTools Security Manager 2 In the left pane click Java Card Security and then click Advanced 3 Insert the ...

Page 48: ...owing objectives Manage power on passwords and administrator passwords Configure other power on authentication features such as enabling embedded security authentication support Enable and disable hardware features such as CD ROM boot or different hardware ports Configure boot options which includes enabling MultiBoot and changing the boot order NOTE Many of the features in BIOS Configuration for ...

Page 49: ...IOS administrator password prompt and then click OK NOTE The BIOS administrator password prompt is displayed only if you have already set the Computer Setup password For more information about setting the Computer Setup password refer to Setting the setup password on page 49 4 In the left pane click System Configuration 5 In the right pane select the delays in seconds for F9 F10 and F12 and for Ex...

Page 50: ...disable a system configuration option or configure any of the following system configuration options in the right pane Port Options Serial Port Infrared Port Parallel Port SD Slot USB Port 1394 Port Cardbus Slot ExpressCard slot Boot Options F9 F10 and F12 Delay Sec MultiBoot Express Boot Popup Delay Sec CD ROM Boot Floppy Boot Internal Network Adapter Boot Internal Network Adapter Boot Mode PXE o...

Page 51: ...DMA Data Transfers Intel or AMD PSAE Execution Disable Built In Device Options Embedded WLAN Device Radio Embedded WWAN Device Radio Embedded Bluetooth Device Radio LAN WLAN Switching Wake on LAN from Off 5 Click Apply and then click OK in the HP ProtectTools window to save your changes and exit ENWW General tasks 45 ...

Page 52: ...nfigure a smart card using the Java Card Security for HP ProtectTools module To enable smart card power on authentication support 1 Select Start All Programs HP ProtectTools Security Manager 2 In the left pane click BIOS Configuration 3 Type your Computer Setup administrator password at the BIOS administrator password prompt and then click OK 4 In the left pane click Security 5 Under Smart Card Se...

Page 53: ...HP ProtectTools module To enable power on authentication support for embedded security 1 Select Start All Programs HP ProtectTools Security Manager 2 In the left pane click BIOS Configuration 3 Type your Computer Setup administrator password at the BIOS administrator password prompt and then click OK 4 In the left pane click Security 5 Under Embedded Security click Enable Power on Authentication S...

Page 54: ...t POST will require a password to unlock the device If a power on password is set and it matches the device s user password POST will not prompt the user to re enter the password Otherwise the user will be prompted to enter a DriveLock password On a cold boot either the master or the user password may be used On a warm boot enter the same password used to unlock the drive during the preceding cold...

Page 55: ...fter you have set a setup password the Set button on the Passwords page is replaced by a Change button Setting the power on password To set the power on password 1 Select Start All Programs HP ProtectTools Security Manager 2 In the left pane click BIOS Configuration and then click Security 3 In the right pane next to Power On Password click Set 4 Type and confirm the password in the Enter Password...

Page 56: ...able record your configured setup password power on password or smart card PIN in a safe place away from your computer Without these passwords or PIN the computer cannot be unlocked Enabling stringent security provides enhanced protection for the power on and administrator passwords and other forms of power on authentication To enable or disable stringent security 1 Select Start All Programs HP Pr...

Page 57: ...3 In the right pane under Password Options enable or disable Require password on restart 4 Click Apply and then click OK in the HP ProtectTools window ENWW Advanced tasks 51 ...

Page 58: ...encrypted drives If you do not you will not be able to access the data on encrypted drives unless you have registered with the Drive Encryption recovery service see Recovery on page 55 Reinstalling the Drive Encryption module will not enable you to access the encrypted drives 52 Chapter 6 Drive Encryption for HP ProtectTools ENWW ...

Page 59: ...ected storage media on which the recovery information will be stored Change encryption 1 Select Start All Programs HP ProtectTools Security Manager 2 In the left pane click Drive Encryption and then click Encryption Management 3 In the right pane click Change encryption Select the disks to encrypt in the Change Encryption dialog box and then click OK 4 Click OK again to begin encryption Decrypting...

Page 60: ...rotectTools Security Manager 2 In the left pane click Drive Encryption and then click User Management 3 In the right pane select a user name from the User Name list and then click Change Token 4 Type the user s Windows Password and then click Next 5 Select a new authentication method and then click Finish 6 If you selected a Java Card as the authentication method type the Java Card password when p...

Page 61: ... right pane click Click here to register Type the requested information to complete the security backup procedure Backing up your Drive Encryption keys 1 Select Start All Programs HP ProtectTools Security Manager 2 In the left pane click Drive Encryption and then click Recovery 3 In the right pane click Click here to backup your keys 4 Select a diskette flash storage device or some other USB conne...

Page 62: ...ger Single Sign On does not support all software Web interfaces Disable Single Sign On support for the specific Web page by turning off Single Sign On support Please see complete documentation on Single Sign On which is available in the Credential Manager help files If a specific Single Sign On cannot be disabled for a given application call HP Service and Support and request 3rd level support thr...

Page 63: ...hentication the Back button on screen skips the option to choose another authentication method If user using TPM login authentication for Credential Manager enters his her password the Back button does not work properly but instead immediately displays the Windows login screen HP is researching a workaround for future product enhancements Credential Manager opens out of standby when it is configur...

Page 64: ... alert is to notify the user that fingerprint authentication is available if it is configured Credential Manager logon window for Windows 2000 states insert card when no reader is attached The Windows Credential Manager Welcome screen suggests the user can log on with insert card when no Java Card reader is attached The purpose of the alert is to notify the user that Java Card authentication is av...

Page 65: ...a password 3 Select Embedded Security Device 4 Use the arrow keys to select Embedded Security Device Disable Use the arrow keys to change it to Embedded Security Device Enable 5 Select Enable Save changes and exit HP is investigating resolution options for future customer software releases Security Restore Identity process loses association with virtual token When user restores identity Credential...

Page 66: ...ws XP by default will not let the user open files folders without a password Software should not be installed on a restore with FAT32 partition If the user attempts to restore the hard drive using FAT32 there will be no encrypt options for any files folders using EFS This is as designed Microsoft EFS is supported only on NTFS and will not function on FAT32 This is a feature of Microsoft s EFS and ...

Page 67: ...w keys to select various menus menu items and to change values unless otherwise specified 1 Start or restart the computer 2 Press F10 when the F10 Setup message appears on screen or as soon as the monitor LED turns green 3 Select the appropriate language option 4 Press Enter 5 Select Security Embedded Security 6 Set the Embedded Security Device option to Enable 7 Press F10 to accept the change 8 S...

Page 68: ...ms such as a MultiBay hard drive still shows PSD availability and does not generate errors while adding modifying data to the PSD After system restart the PSD does not reflect file changes that occurred while the removable storage was not available The issue is only experienced if the user accesses the PSD then removes the hard drive before completing new data generation or transfer If the user at...

Page 69: ...yment a second time on the same PC or on a previously initialized PC overwrites Emergency Recovery and Emergency Token files The new files are useless for recovery Running Large Scale Deployment on any previously initialized HP ProtectTools Embedded Security system will render existing Recovery Archives and Recovery Tokens useless by overwriting those xml files HP is working to resolve the xml fil...

Page 70: ... enhance this in future products Security System exhibits a restore error with multiple users During the restore process if the administrator selects users to restore the users not selected are not able to restore the keys when trying to restore at a later time A decryption process failed error message is displayed The non selected users can be restored by resetting the TPM running the restore pro...

Page 71: ...hout displaying notice of the failure Unable to disable Embedded Security State temporarily in Embedded Security GUI The current 4 0 software was designed for HP Notebook 1 1B implementations as well as supporting HP Desktop 1 2 implementations This option to disable is still supported in the software interface for TPM 1 1 platforms HP will address this issue in future releases ENWW Embedded Secur...

Page 72: ...on is not identified correctly until after the reboot 1 Reinstall HP ProtectTools Embedded Security Software 2 Run the Platform and User configuration wizard 3 Ensure that the system contains Microsoft NET framework 1 1 installation a Click Start b Click Control Panel c Click Add or remove programs d Ensure Microsoft NET Framework 1 1 is listed 4 Check the hardware and software configuration a Cli...

Page 73: ... PIN to make TPM preboot work after a TPM factory reset User has to change PIN or create another user to initialize his user setting to make TPM BIOS authentication work after reset There is no option to make TPM BIOS authentication work This is as designed the factory reset clears the Basic User Key The user must change his user PIN or create a new user to re initialize the Basic User Key Power o...

Page 74: ...tronic keys that are used to sign digital information Digital signature Data sent with a file that verifies the sender of the material and that the file has not been modified after it was signed Domain Group of computers that are part of a network and share a common directory database Domains are uniquely named and each has a set of common rules and procedures DriveLock Security feature that links...

Page 75: ...size and shape to a credit card which stores identifying information about the owner Used to authenticate the owner to a computer Stringent security Security feature in BIOS Configuration that provides enhanced protection for the power on and administrator passwords and other forms of power on authentication Trusted Platform Module TPM embedded security chip select models only Integrated security ...

Page 76: ... Manager for HP ProtectTools account adding 17 account removing 18 administrator tasks 23 application protection 20 application protection removing 21 changing application restriction setting 21 credential properties configuring 24 credentials registering 13 custom authentication requirements 24 fingerprint log on 14 fingerprint reader 14 identity 16 identity clearing 16 identity removing 16 locki...

Page 77: ...ion 46 smart card authentication 46 stringent security 50 TPM chip 28 encrypting a drive 52 encrypting files and folders 31 encryption methods 53 user authentication 54 users 54 F F10 Setup password 7 features HP ProtectTools 2 fingerprints Credential Manager 13 H HP ProtectTools Backup and Restore 8 HP ProtectTools features 2 HP ProtectTools Security accessing 3 I identity managing Credential Man...

Page 78: ...egistration 19 modifying application properties 19 removing applications 19 stringent security 50 T targeted theft protecting against 4 token Credential Manager 14 TPM chip enabling 28 initializing 29 troubleshooting Credential Manager for ProtectTools 56 Embedded Security for ProtectTools 60 Miscellaneous 66 U unauthorized access preventing 4 USB eToken Credential Manager 14 V virtual token 15 vi...

Page 79: ......

Search results

Summary of Contents for dc5750 - Microtower PC

Reviews:

Related manuals for dc5750 - Microtower PC

Brands by name

Popular brands

HP dc5750 - Microtower PC, User Manual

Search results

Summary of Contents for dc5750 - Microtower PC

Reviews:

Related manuals for dc5750 - Microtower PC

Brands by name

Popular brands