ProtectTools User Guide
© Copyright 2007 Hewlett-Packard Development Company, L.P. Microsoft and Windows are U.S. registered trademarks of Microsoft Corporation. Intel is a trademark or registered trademark of Intel Corporation or its subsidiaries in the United States and other countries. AMD, the AMD Arrow logo, and combinations thereof are trademarks of Advanced Micro Devices, Inc. Bluetooth is a trademark owned by its proprietor and used by Hewlett-Packard Company under license. Java is a US trademark of Sun Microsystems, Inc.
Table of contents 1 Introduction to security HP ProtectTools features ..................................................................................................................... 2 Accessing HP ProtectTools Security .................................................................................................... 3 Achieving key security objectives ......................................................................................................... 4 Protecting against targeted theft .......
Removing an account ....................................................................................... 18 Using Single Sign On ......................................................................................................... 18 Registering a new application ........................................................................... 18 Using automatic registration ............................................................. 18 Using manual (drag and drop) registration ..........................
Advanced tasks (administrators only) ................................................................................................ 39 Assigning a Java Card PIN ................................................................................................ 39 Assigning a name to a Java Card ...................................................................................... 40 Setting power-on authentication ........................................................................................
Glossary ............................................................................................................................................................. 77 Index ...................................................................................................................................................................
1 Introduction to security HP ProtectTools Security Manager software provides security features that help protect against unauthorized access to the computer, networks, and critical data.
HP ProtectTools features The following table details the key features of HP ProtectTools modules: Module Key features Credential Manager for HP ProtectTools ● Credential Manager acts as a personal password vault. ● Single Sign On remembers multiple passwords for various password-protected Web sites, applications, and network resources.
Accessing HP ProtectTools Security To access HP ProtectTools Security from Windows® Control Panel: ▲ Select Start > All Programs > HP ProtectTools Security Manager. NOTE: After you have configured the Credential Manager module, you can also open HP ProtectTools by logging on to Credential Manager directly from the Windows logon screen. For more information, refer to “Logging on to Windows with Credential Manager on page 17.
Achieving key security objectives The HP ProtectTools modules can work together to provide solutions for a variety of security issues, including the following key security objectives: ● Protecting against targeted theft ● Restricting access to sensitive data ● Preventing unauthorized access from internal or external locations ● Creating strong password policies Protecting against targeted theft An example of this type of incident would be the targeted theft of a computer containing confidential data
Preventing unauthorized access from internal or external locations If a PC containing confidential data and customer information is accessed from an internal or external location, unauthorized users may be able to gain entry to corporate network resources or data from financial services, an executive, or R&D team, or private information such as patient records or personal financial data.
Additional security elements Assigning security roles In managing computer security (particularly for large organizations), one important practice is to divide responsibilities and rights among various types of administrators and users. NOTE: In a small organization or for individual use, these roles may all be held by the same person.
HP ProtectTools password Set in this HP ProtectTools module Function turned on, restarted, or restored from hibernation. Emergency Recovery Token password Embedded Security, by IT administrator Protects access to the Emergency Recovery Token, which is a backup file for the embedded security chip. Owner password Embedded Security, by IT administrator Protects the system and the TPM chip from unauthorized access to all owner functions of Embedded Security.
Creating a secure password When creating passwords, you must first follow any specifications that are set by the program. In general, however, consider the following guidelines to help you create strong passwords and reduce the chances of your password being compromised: ● Use passwords with more than 6 characters, preferably more than 8. ● Mix the case of letters throughout your password. ● Whenever possible, mix alphanumeric characters and include special characters and punctuation marks.
Using the HP ProtectTools Backup Wizard to select and back up HP ProtectTools modules 1. Select Start > All Programs > HP ProtectTools Security Manager. 2. In the left pane, click HP ProtectTools, and then click Backup and Restore. 3. In the right pane, click Backup Options. The HP ProtectTools Backup Wizard opens. Follow the on-screen instructions to back up credentials. Setting backup options 1. Select Start > All Programs > HP ProtectTools Security Manager. 2.
9. Click Settings, and select settings for Scheduled Task Completed, Idle Time, and Power Management. 10. Click Apply, and then click OK to close the dialog box. Restoring credentials 1. Select Start > All Programs > HP ProtectTools Security Manager. 2. In the left pane, click HP ProtectTools, and then click Backup and Restore. 3. In the right pane, click Restore. The HP ProtectTools Restore Wizard opens. Follow the on-screen instructions. Configuring settings 10 1.
2 Credential Manager for HP ProtectTools Credential Manager for HP ProtectTools protects against unauthorized access to your computer using the following security features: ENWW ● Alternatives to passwords when logging on to Windows, such as using a Java Card or biometric reader to log on to Windows. For additional information, refer to “Registering credentials on page 13.” ● Single Sign On feature that automatically remembers credentials for Web sites, applications, and protected network resources.
Setup procedures Logging on to Credential Manger Depending on the configuration, you can log on to Credential Manager in any of the following ways: ● Credential Manager Logon Wizard (preferred) ● HP ProtectTools Security Manager icon in the notification area ● HP ProtectTools Security Manager NOTE: If you use the Credential Manager Logon prompt on the Windows Logon screen to log on to Credential Manager, you are logged on to Windows at the same time.
Logging on for the first time Before you begin, you must be logged on to Windows with an administrator account, but not logged on to Credential Manager. 1. Open HP ProtectTools Security Manager by double-clicking the HP ProtectTools Security Manager icon in the notification area. The HP ProtectTools Security Manager window opens. 2. In the left pane, click Credential Manager, and then click Log On in the upper-right corner of the right pane. The Credential Manager Logon Wizard opens. 3.
Setting up the fingerprint reader 1. After logging on to Credential Manager, swipe your finger across the fingerprint reader. The Credential Manager Registration Wizard opens. 2. Follow the on-screen instructions to complete registering your fingerprints and setting up the fingerprint reader. 3. To set up the fingerprint reader for a different Windows user, log on to Windows as that user and then repeat steps 1 and 2. Using your registered fingerprint to log on to Windows 1.
General tasks All users have access to the “My Identity” page in Credential Manager. From the “My Identity” page, you can perform the following tasks: ● Creating a virtual token ● Changing the Windows logon password ● Managing a token PIN ● Managing identity ● Locking the computer NOTE: This option is available only if the Credential Manager classic logon prompt is enabled. See “Example 1—Using the “Advanced Settings” page to allow Windows logon from Credential Manager on page 25.
3. In the right pane, click Change Token PIN. 4. Select the token for which you want to change the PIN, and then click Next. 5. Follow the on-screen instructions to complete the PIN change. Managing identity Clearing an identity from the system NOTE: 16 This does not affect your Windows user account. 1. Select Start > All Programs > HP ProtectTools Security Manager. 2. In the left pane, click Credential Manager. 3. In the right pane, click Clear Identity for this Account. 4.
Locking the computer This feature is available if you log on to Windows using Credential Manager. To secure your computer when you are away from your desk, use the Lock Workstation feature. This prevents unauthorized users from gaining access to your computer. Only you and members of the administrators group on your computer can unlock it. NOTE: This option is available only if the Credential Manager classic logon prompt is enabled.
Adding an account 1. Select Start > All Programs > HP ProtectTools Security Manager. 2. In the left pane, click Credential Manager, and then click Services and Applications. 3. In the right pane, click Windows Logon, and then click Add a Network Account. The Add Network Account Wizard opens. 4. Follow the on-screen instructions. Removing an account 1. Select Start > All Programs > HP ProtectTools Security Manager. 2.
4. 5. Click More and select from the following options: ● Do not use SSO for this site or application. ● Prompt to select account for this application. ● Fill in credentials but do not submit. ● Authenticate user before submitting credentials. ● Show SSO shortcut for this application. Click Yes to complete the registration. Using manual (drag and drop) registration 1. Select Start > All Programs > HP ProtectTools Security Manager. 2.
Exporting an application You can export applications to create a backup copy of the Single Sign On application script. This file can then be used to recover the Single Sign On data. This acts as a supplement to the identity backup file, which contains only the credential information. To export an application: 1. Select Start > All Programs > HP ProtectTools Security Manager. 2. In the left pane, click Credential Manager, and then click Services and Applications. 3.
● ● Import Script ● Export Script Credentials ● ● Create New View Password NOTE: You must authenticate your identity before viewing the password. 6. Follow the on-screen instructions. 7. Click OK. Using Application Protection This feature allows you to configure access to applications. You can restrict access based on the following criteria: ● Category of user ● Time of use ● User inactivity Restricting access to an application 1.
NOTE: If the category is not Everyone, you may need to click Override default settings to override the settings for the Everyone category. 5. Click the application entry you want to remove, and then click Remove. 6. Click OK. Changing restriction settings for a protected application 1. Select Start > All Programs > HP ProtectTools Security Manager. 2. In the left pane, click Credential Manager, and then click Services and Applications. 3.
Advanced tasks (administrator only) The “Authentication and Credentials” page and the “Advanced Settings” page of Credential Manager are available only to those users with administrator rights.
Configuring custom authentication requirements If the set of authentication credentials you want is not listed on the Authentication tab of the “Authentication and Credentials” page, you can create custom requirements. To configure custom requirements: 1. Select Start > All Programs > HP ProtectTools Security Manager. 2. In the left pane, click Credential Manager, and then click Authentication and Credentials. 3. In the right pane, click the Authentication tab. 4.
Configuring Credential Manager settings From the “Settings” page, you can access and modify various settings using the following tabs: ● General—Allows you to modify the settings for basic configuration. ● Single Sign On—Allows you to modify the settings for how Single Sign On works for the current user, such as how it handles detection of logon screens, automatic logon to registered logon dialogs, and password display.
Example 2—Using the “Advanced Settings” page to require user verification before Single Sign On 26 1. Select Start > All Programs > HP ProtectTools Security Manager. 2. In the left pane, click Credential Manager, and then click Settings. 3. In the right pane, click the Single Sign On tab. 4. Under When registered logon dialog or Web page is visited, select the Authenticate user before submitting credentials check box. 5. Click Apply, and then click OK. 6. Restart the computer.
3 Embedded Security for HP ProtectTools NOTE: The integrated Trusted Platform Module (TPM) embedded security chip must be installed in your computer to use Embedded Security for HP ProtectTools. Embedded Security for HP ProtectTools protects against unauthorized access to user data or credentials.
Setup procedures CAUTION: To reduce security risk, it is highly recommended that your IT administrator immediately initialize the embedded security chip. Failure to initialize the embedded security chip could result in an unauthorized user, a computer worm, or a virus taking ownership of the computer and gaining control over the owner tasks, such as handling the emergency recovery archive, and configuring user access settings.
Initializing the embedded security chip In the initialization process for Embedded Security, you will perform the following tasks: ● Set an owner password for the embedded security chip that protects access to all owner functions on the embedded security chip. ● Set up the emergency recovery archive, which is a protected storage area that allows reencryption of the Basic User Keys for all users. To initialize the embedded security chip: 1.
Setting up the basic user account Setting up a basic user account in Embedded Security accomplishes the following tasks: ● Produces a Basic User Key that protects encrypted information, and sets a Basic User Key password to protect the Basic User Key. ● Sets up a personal secure drive (PSD) for storing encrypted files and folders. CAUTION: Safeguard the Basic User Key password. Encrypted information cannot be accessed or recovered without this password.
General tasks After the basic user account is set up, you can perform the following tasks: ● Encrypting files and folders ● Sending and receiving encrypted e-mail Using the Personal Secure Drive After setting up the PSD, you are prompted to type the Basic User Key password at the next logon. If the Basic User Key password is entered correctly, you can access the PSD directly from Windows Explorer.
Changing the Basic User Key password To change the Basic User Key password: 32 1. Select Start > All Programs > HP ProtectTools Security Manager. 2. In the left pane, click Embedded Security, and then click User Settings. 3. In the right pane, under Basic User Key password, click Change. 4. Type the old password, and then set and confirm the new password. 5. Click OK.
Advanced tasks Backing up and restoring The Embedded Security backup feature creates an archive that contains certification information to be restored in case of emergency. Creating a backup file To create a backup file: 1. Select Start > All Programs > HP ProtectTools Security Manager. 2. In the left pane, click Embedded Security, and then click Backup. 3. In the right pane, click Backup. The HP Embedded Security for ProtectTools Backup Wizard opens. 4. Follow the on-screen instructions.
Changing the owner password To change the owner password: 1. Select Start > All Programs > HP ProtectTools Security Manager. 2. In the left pane, click Embedded Security, and then click Advanced. 3. In the right pane, under Owner Password, click Change. 4. Type the old owner password, and then set and confirm the new owner password. 5. Click OK. Resetting a user password An administrator can help a user to reset a forgotten password. For more information, refer to the online Help.
Migrating keys with the Migration Wizard Migration is an advanced administrator task that allows the management, restoration, and transfer of keys and certificates. For details on migration, refer to the Embedded Security online Help.
36 Chapter 3 Embedded Security for HP ProtectTools ENWW
4 Java Card Security for HP ProtectTools Java Card Security for HP ProtectTools manages the Java Card setup and configuration for computers equipped with an optional card reader. With Java Card Security, you can accomplish the following tasks: ENWW ● Access Java Card Security features ● Work with the Computer Setup utility to enable Java Card authentication in a power-on environment ● Configure separate Java Cards for an administrator and a user.
General tasks The “General” page allows you to perform the following tasks: ● Change a Java Card PIN ● Select the card reader NOTE: The card reader uses both Java Cards and smart cards. This feature is available if you have more than one card reader on the computer. Changing a Java Card PIN To change a Java Card PIN: NOTE: The Java Card PIN must be between 4 and 8 numeric characters. 1. Select Start > All Programs > HP ProtectTools Security Manager. 2.
Advanced tasks (administrators only) The “Advanced” page allows you to perform the following tasks: ● Assign a Java Card PIN ● Assign a name to a Java Card ● Set power-on authentication ● Back up and restore Java Cards NOTE: page. You must have Windows administrator privileges in order to display the "Advanced" Assigning a Java Card PIN You must assign a name and a PIN to a Java Card before it can be used in Java Card Security.
Assigning a name to a Java Card You must assign a name to a Java Card before it can be used for power-on authentication. To assign a name to a Java Card: 1. Select Start > All Programs > HP ProtectTools Security Manager. 2. In the left pane, click Java Card Security, and then click Advanced. 3. Insert the Java Card into the card reader. NOTE: If you have not assigned a PIN to this card, the New Card dialog box opens, allowing you to type a new name and PIN. 4.
Enabling Java Card power-on authentication and creating an administrator Java Card To enable Java Card power-on authentication: 1. Select Start > All Programs > HP ProtectTools Security Manager. 2. In the left pane, click Java Card Security, and then click Advanced. 3. Insert the Java Card into the card reader. NOTE: If you have not assigned a name and PIN to this card, the New Card dialog box opens, allowing you to type a new name and PIN. 4.
Creating a user Java Card NOTE: Power-on authentication and an administrator card must be set up in order to create a user Java Card. To create a user Java Card: 1. Select Start > All Programs > HP ProtectTools Security Manager. 2. In the left pane, click Java Card Security, and then click Advanced. 3. Insert a Java Card that will be used as a user card. 4. In the right pane, under Power-on authentication, click Create next to User card identity. 5.
5 BIOS Configuration for HP ProtectTools BIOS Configuration for HP ProtectTools provides access to the Computer Setup utility security and configuration settings. This gives users Windows access to system security features that are managed by Computer Setup. With BIOS Configuration, you can accomplish the following objectives: ● Manage power-on passwords and administrator passwords. ● Configure other power-on authentication features, such as enabling embedded security authentication support.
General tasks BIOS Configuration allows you to manage various computer settings that would otherwise be accessible only by pressing f10 at startup and entering Computer Setup. Managing boot options You can use BIOS Configuration to manage various settings for tasks that run when you turn on or restart the computer. To manage boot options: 1. Select Start > All Programs > HP ProtectTools Security Manager. 2. In the left pane, click BIOS Configuration. 3.
Enabling and disabling system configuration options NOTE: Some of the items listed below may not be supported by your computer. To enable or disable devices or security options: 1. Select Start > All Programs > HP ProtectTools Security Manager. 2. In the left pane, click BIOS Configuration. 3. Type your Computer Setup administrator password at the BIOS administrator password prompt, and then click OK. 4.
● 5.
Advanced tasks Managing HP ProtectTools add-on module settings Some of the features of HP ProtectTools Security Manager can be managed in BIOS Configuration. Enabling and disabling smart card power-on authentication support Enabling this option allows you to use a smart card for user authentication when you turn on the computer. NOTE: To fully enable the power-on authentication feature, you must also configure a smart card using the Java Card Security for HP ProtectTools module.
Enabling and disabling power-on authentication support for Embedded Security Enabling this option allows the system to use the TPM embedded security chip (if available) for user authentication when you turn on the computer. NOTE: To fully enable the power-on authentication feature, you must also configure the TPM embedded security chip using the Embedded Security for HP ProtectTools module. To enable power-on authentication support for embedded security: 1.
Enabling and disabling Automatic DriveLock hard drive protection When this option is enabled, the DriveLock passwords will be automatically generated and set in the drive, and protected by the TPM embedded security chip. NOTE: The automatically generated passwords will not be set in the drive until the computer is restarted and you successfully type the TPM embedded security password at the password prompt.
NOTE: After you have set a setup password, the Set button on the “Passwords” page is replaced by a Change button. Setting the power-on password To set the power-on password: 1. Select Start > All Programs > HP ProtectTools Security Manager. 2. In the left pane, click BIOS Configuration, and then click Security. 3. In the right pane, next to Power-On Password, click Set. 4. Type and confirm the password in the Enter Password and Verify Password boxes. 5. Click OK in the Passwords dialog box. 6.
Changing the setup password To change the Computer Setup password: 1. Select Start > All Programs > HP ProtectTools Security Manager. 2. In the left pane, click BIOS Configuration, and then click Security. 3. In the right pane, next to Setup Password, click Change. 4. Type the current password in the Old Password box. 5. Type and confirm the new password in the Enter New Password and Verify New Password boxes. 6. Click OK in the Passwords dialog box. 7.
52 3. In the right pane, under Password Options, enable or disable Require password on restart. 4. Click Apply, and then click OK in the HP ProtectTools window.
6 Device Access Manager for HP ProtectTools This security tool is available to administrators only.
Starting background service For device profiles to be applied, the HP ProtectTools Device Locking/Auditing background service must be running. When you first attempt to apply device profiles, HP ProtectTools Security Manager opens a dialog box to ask if you would you like to start the background service. Click Yes to start the background service and set it to start automatically whenever the system boots.
Simple configuration This feature allows you to deny access to the following classes of devices: ● USB devices for all non-administrators ● All removable media (floppy disks, pen drives, etc.) for all non-administrators ● All DVD/CD-ROM drives for all non-administrators ● All serial and parallel ports for all non-administrators To deny access to a class of device for all non-administrators: 1. Select Start > All Programs > HP ProtectTools Security Manager. 2.
Device class configuration (advanced) More selections are available to allow specific users or groups of users to be granted or denied access to types of devices. Adding a user or a group 1. Select Start > All Programs > HP ProtectTools Security Manager. 2. In the left pane, click Device Access Manager, and then click Device Class Configuration. 3. In the device list, click the device class that you want to configure. 4. Click Add. The Select Users or Groups dialog box opens. 5.
4. Under User/Groups, add the group to be denied access. 5. Click Deny next to the group to be denied access. 6. Navigate to the folder below that of the required class and add the specific user. Click Allow to grant this user access. 7. Click Apply, and then click OK. Allowing access to a specific device for one user of a group You can allow one user access to a specific device while denying access to all other members of that user's group for all devices in the class.
58 Chapter 6 Device Access Manager for HP ProtectTools ENWW
7 Drive Encryption for HP ProtectTools CAUTION: If you decide to uninstall the Drive Encryption module, you must first decrypt all encrypted drives. If you do not, you will not be able to access the data on encrypted drives unless you have registered with the Drive Encryption recovery service (see “Recovery on page 62”). Reinstalling the Drive Encryption module will not enable you to access the encrypted drives.
Encryption management Encrypting a drive 1. Select Start > All Programs > HP ProtectTools Security Manager. 2. In the left pane, click Drive Encryption, and then click Encryption Management. 3. In the right pane, click Activate. The Drive Encryption for HP ProtectTools Wizard opens. 4. Follow the on-screen instructions to activate encryption. NOTE: You will need to specify a diskette, flash storage device, or some other USBconnected storage media on which the recovery information will be stored.
User management Add a user 1. Select Start > All Programs > HP ProtectTools Security Manager. 2. In the left pane, click Drive Encryption, and then click User Management. 3. In the right pane, click Add. Click a user name in the User Name list or type a user name in the Username box. Click Next. 4. Type the Windows password for the selected user, and then click Next. 5. Select an authentication method for the new user, and then click Finish. Remove a user 1.
Recovery The following two safety measures are available to you: ● If you forget your password, you cannot access your encrypted drives. You may, however, register with the Drive Encryption recovery service to enable you to access your computer if you forget your password. ● You may back up your Drive Encryption keys on a diskette, flash storage device, or some other USB-connected storage media. Registering with the Drive Encryption recovery service 1.
8 Troubleshooting Credential Manager for HP ProtectTools Short description Details Solution Using the Credential Manager Network Accounts option, a user can select which domain account to log on to. When TPM authentication is used, this option is not available. All other authentication methods work properly. Using TPM authentication, the user is only logged on to the local computer. Using Credential Manager Single Sign On tools allows the user to authenticate other accounts.
Short description Details Solution administrator attempts to change the domain user does not have a physical account on the Windows password from Credential local PC, Credential Manager can only change the Manager, the administrator gets an error password used to log on. logon failure: User account restriction. Credential Manager has incompatibility issues with Corel WordPerfect 12 password GINA.
Short description Details Solution HP is investigating resolution options for future customer software releases. The security Restore Identity process loses association with virtual token. When user restores identity, Credential Manager can lose the association with the location of the virtual token at logon screen. Even though Credential Manager has the virtual token registered, the user must reregister the token to restore the association. This is currently by design.
Embedded Security for HP ProtectTools 66 Short description Details Solution Encrypting folders, subfolders, and files on PSD causes an error message. If the user copies files and folders to the PSD and tries to encrypt folders/files or folders/subfolders, the Error Applying Attributes message is displayed. The user can encrypt the same files on the C: \ drive or an extra installed hard drive. This is as designed. Cannot Take Ownership With Another OS In MultiBoot Platform.
Short description Details Solution Errors occur after a power loss interrupts Embedded Security initialization.
Short description Details Solution An intermittent encrypt and decrypt error occurs: The process cannot access the file because it is being used by another process. This is an extremely intermittent error To resolve the failure: during file encryption or decryption which occurs because the file is being used by 1. Restart the system. another process, even though that file or 2. Log off. folder is not being processed by the operating system or other applications. 3. Log back on.
Short description Details Solution Secure e-mail is supported, even when secure e-mail is not specified in the User Initialization Wizard or when secure e-mail configuration is disabled in user policies. Embedded security software and the wizard do not control settings of an email client (Outlook, Outlook Express, or Netscape). This behavior is as designed. Configuration of TPM email settings does not prohibit editing encryption settings directly in an e-mail client.
Short description Details Solution no open files and is not accessed by another process. The user must reboot the system in order to delete the PSD and it is not loaded after reboot. An internal error is detected when the user is restoring from the Automatic Backup Archive. The security system exhibits a restore error with multiple users. In Embedded Security, if the user clicks the Restore under Backup option to restore from the automatic backup Archive and then selects SPSystemBackup.
Short description Details Solution Automatic backup does not work with the mapped drive. When an administrator sets up Automatic Backup in Embedded Security, it creates an entry in Windows > Tasks > Scheduled Task. This Windows Scheduled Task is set to use NT AUTHORITY\SYSTEM for rights to execute the backup. This works properly to any local drive. The workaround is to change the NT AUTHORITY \SYSTEM to (computer name)\(admin name). This is the default setting if the Scheduled Task is created manually.
Device Access Manager for HP ProtectTools Short description Details Solution Users have been denied access to devices within Device Access Manager, but the devices are still accessible. Simple Configuration and/or Device Class Configuration have been used within Device Access Manager to deny users access to devices. Despite being denied access, users can still access the devices. Verify that the HP ProtectTools Device Locking service has started.
Miscellaneous Software Impacted— Short description Details Solution Security Manager— Warning received: The security application can not be installed until the HP Protect Tools Security Manager is installed. All security applications such as Embedded Security, Java Card Security, and biometrics are extendable plug-ins for the Security Manager interface. Security Manager must be installed before an HP-approved security plug-in can be loaded.
Software Impacted— Short description Details Solution an error is returned when closing the Security Manager interface. upper right of the screen to close Security Manager before all plug-in applications have finished loading. Manager. Since PTHOST.exe is the shell housing the other applications (plug-ins), it depends on the ability of the plug-in to complete its load time (services). Closing the shell before the plug-in has had time to complete loading is the root cause.
ENWW Software Impacted— Short description Details Solution Security Power-On Authentication overlaps the BIOS Password during boot sequence. Power-On Authentication prompts the user to log on to the system using the TPM password, but, if the user presses f10 to access the BIOS, the user is granted Read rights access only. To be able to write to BIOS, the user must type the BIOS password instead of the TPM password at the Poweron Authentication window.
76 Chapter 8 Troubleshooting ENWW
Glossary Authentication Process of verifying whether a user is authorized to perform a task, for example, accessing a computer, modifying settings for a particular program, or viewing secured data. Automatic DriveLock Security feature that causes the DriveLock passwords to be generated and protected by the TPM Embedded Security chip.
Identity In the HP ProtectTools Credential Manager, a group of credentials and settings that is handled like an account or profile for a particular user. Java Card Small piece of hardware, similar in size and shape to a credit card, which stores identifying information about the owner. Used to authenticate the owner to a computer. Migration A task that allows the management, restoration, and transfer of keys and certificates.
Index A access controlling 53 preventing unauthorized 5 accessing HP ProtectTools Security 3 account basic user 30 Credential Manager 13 administrator tasks Credential Manager 23 Java Card 39 advanced tasks BIOS Configuration 47 Credential Manager 23 Device Access Manager 56 Embedded Security 33 Java Card 39 Automatic DriveLock 49 password options, setting 51 power-on authentication 48 power-on authentication on Windows restart 51 power-on password, changing 50 power-on password, setting 50 setup password
USB eToken, registering 14 user verification 26 virtual token, creating 15 Windows Logon 17 Windows logon password, changing 15 Windows logon, allow 25 D data, restricting access to 4 decrypting a drive 59 Device Access Manager for HP ProtectTools background service 54 device class configuration 56 device class, allowing access to one 56 device, allowing access to one 57 simple configuration 55 troubleshooting 72 user or group, adding 56 user or group, denying access to 56 user or group, removing 56 device
owner password changing 34 definition 7 setting 29 P password Basic User Key 32 changing owner 34 changing power-on 50 changing setup 51 Computer Setup, managing 49 emergency recovery token 29 guidelines 8 HP ProtectTools 6 managing 6 owner 29 policies, creating 5 resetting user 34 secure, creating 8 setting options 51 setting power-on 50 setting setup 50 Windows logon 15 personal secure drive (PSD) 31 power-on authentication enabling and disabling 47 on Windows restart 51 power-on password definition 7 set
82 Index ENWW
