Technical Reference Guide
www.hp.com
7
HP ProtectTools Troubleshooting Guide
HP ProtectTools Embedded
Security—The PSD
password box is no longer
displayed when the system
becomes active after
Standby status
When a user logs on the
system after creating a PSD,
the TPM asks for the basic
user password. If the user
does not enter the password
and the system goes into
Standby, the password
dialog box is no longer
available when the user
resumes.
This is by design.
The user has to log off and back on to view the
PSD password box again.
HP ProtectTools Embedded
Security—No password
required to change the
Security Platform Policies
Access to Security Platform
Policies (both Machine and
User) does not require a TPM
password for users who have
administrative rights on the
system.
This is by design.
Any administrator can modify the Security
Platform Policies with or without TPM user
initialization.
HP ProtectTools Embedded
Security—Microsoft EFS
does not fully work in
Windows 2000
An administrator can access
encrypted information on the
system without knowing the
correct password. If the
administrator enters an
incorrect password or cancels
the password dialog, the
encrypted file will open as if
the administrator had entered
the correct password. This
happens regardless of the
security settings used when
encrypting the data.
The Data Recovery Policy is automatically
configured to designate an administrator as a
recovery agent. When a user key cannot be
retrieved (as in the case of entering the wrong
password or canceling the
Enter Password
dialog), the file is automatically decrypted with
a recovery key.
This is due to the Microsoft EFS. Please refer to
Microsoft Knowledge Base Technical Article
Q257705 for more information.
The documents cannot be opened by a
non-administrator user.
HP ProtectTools Embedded
Security—When viewing a
certificate, it shows as
non-trusted.
After setting up HP
ProtectTools and running the
User Initialization Wizard,
the user has the ability to
view the certificate issued;
however, when viewing the
certificate, it shows as
non-trusted. While the
certificate can be installed at
this point by clicking the
install button, installing it
does not make it trusted.
Self-signed certificates are not trusted. In a
properly configured enterprise environment, EFS
certificates are issued by online Certification
Authorities and are trusted.
Software
Impacted-Short
description
Details
Solution / Workaround