HP ProtectTools for Small Business Security Software, Version 5.
© Copyright 2010 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Microsoft, Windows and Windows Vista are either trademarks or registered trademarks of Microsoft Corporation in the United States and/or other countries. The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty.
About This Book This guide provides information on HP ProtectTools for Small Business Security Software. WARNING! Text set off in this manner indicates that failure to follow directions could result in bodily harm or loss of life. CAUTION: Text set off in this manner indicates that failure to follow directions could result in damage to equipment or loss of information. NOTE: Text set off in this manner provides important supplemental information.
iv About This Book ENWW
Table of contents 1 Introduction to security .................................................................................................................................. 1 HP ProtectTools features ..................................................................................................................... 2 2 Easy Setup Guide for the most useful options ............................................................................................ 4 Getting started ..............................
Managing Users ................................................................................................................. 24 Adding a user .................................................................................................... 24 Removing a user ............................................................................................... 25 Checking user status .........................................................................................
8 File Sanitizer for HP ProtectTools ............................................................................................................... 38 Setup procedures ............................................................................................................................... 39 Opening File Sanitizer ....................................................................................................... 39 Setting a free space bleaching schedule ..........................................
viii ENWW
1 Introduction to security HP understands that your time is extremely valuable, and you need to concentrate on running and growing your business – not on worrying about the appropriate security software to protect your PC, your data, and your business. It is important that you proactively consider security solutions that are easy to use but provide strong protection to your business assets.
HP ProtectTools features The following table details the key features of HP ProtectTools for Small Business modules: Module Key features HP ProtectTools Security Manager Administrative Console ● The Security Manager setup wizard is used by administrators to set up and configure levels of security and security logon methods. ● Configure options hidden from basic users. ● Configure Device Access Manager configurations and user access.
Module Key features File Sanitizer for HP ProtectTools ● Deleting data in Windows does not completely remove the contents from your hard drive. Windows only deletes the reference to the data. The data still remains on the hard drive until another file overwrites that same area on the hard drive with new information. However, with File Sanitizer, you can completely and automatically erase documents, web browser history, temp files, etc.
2 Easy Setup Guide for the most useful options This Easy Setup Guide is designed to demonstrate the basic steps to activate the most common and useful options within HP ProtectTools for Small Business. There are numerous tools and options available in this software that will allow you to fine tune your preferences and set your access control. The Easy Setup Guide will focus on getting each module running with the least amount of setup effort and time.
2. Enter your Windows password or create a Windows password. 3. Complete the setup wizard. NOTE: By default, HP ProtectTools Security Manager is set to Strong Authentication Policy. This setting is designed to prevent unauthorized access while logged into Windows and should be used when high security is needed or if users are away from their systems frequently throughout the day. If you would like to change this setting, click on the Session Policy tab, and make your selections.
To have HP ProtectTools Security Manager authenticate only once during the Windows login: 1. Click Start > All Programs > HP > HP ProtectTools Administrative Console. 2. In the left Tools pane, select Authentication from the Security group. 3. Click the Session Policy tab and select Do not require authentication from the drop-down menu under Policy. 4. Click the Apply button when complete.
2. Name the link (optional) and enter a user name and password into Credential Manager. NOTE: The web page will highlight the areas Credential Manager will use now and for subsequent visits. 3. When complete, click the OK button. 4. Credential Manager can also save your user name and passwords for network shares or mapping network drives.
To open Password Manager, use one of the following two methods: ● Use the keyboard combination of Ctrl + Windows + H to open the Password Manager. Selecting Open will quick launch and authenticate the saved shortcut. OR ● 8 Select the Manage tab in Password Manager to open HP ProtectTools Security Manager where the credentials can be edited.
Credential Manager’s Edit option will allow you to view and modify the name, login name, and even reveal the passwords. HP ProtectTools for Small Business will allow all credentials and settings to be backed up and/or copied to another PC.
File Sanitizer for HP ProtectTools File Sanitizer is designed to make it very difficult for an unauthorized person to recover data you have deleted. There are multiple options available to you to manually erase or to establish a regular schedule to erase selected files and folders including browser history. Below are some simple configuration settings. To start permanently erasing your deleted data, select the file or folders you no longer need. 1.
ENWW 2. Select the items on the right side of the Simple Delete Settings window that you want to permanently delete on a regular basis and click the <-Add button to move the selected items to the Delete side. 3. Start with Recycle Bin and add other items you may want to erase by Shredding. 4.
12 5. Navigate to the Shred option and configure when you want the action to take place. The Shred Now button will immediately erase the items selected in the Simple Delete Settings window you just configured. 6. A small popup bubble will appear in the task bar each time the Shred is started and complete.
Device Access Manager for HP ProtectTools Device Access Manager can be used to restrict the use of various internal and external storage devices so your data will remain secured on the hard drive and not walk out the door of your business. An example would be to allow a user access to your data but block them from copying it to a CD, personal music player, or USB memory device. Below is an easy way to set this up. ENWW 1.
6. Under the Member Of tab, click the Add button. 7. In the Select Groups window you can either use the Advanced option or just type in “Device Administrators” group. Click the OK button and finish closing the windows by clicking the OK buttons. You must log off and log back on to get the permissions. Now all the internal and external storage drives including CD drives, USB drives, personal music players, etc. will not function except for the person(s) included in the “Device Administrators” group.
Drive Encryption for HP ProtectTools Drive Encryption for HP ProtectTools is software that is used to protect your data by encrypting the entire hard drive. The data on your hard drive will stay protected if your PC is ever stolen and/or if the hard drive is removed from the original system and placed in a different system. A further security benefit is that Drive Encryption will require you to properly authenticate using your user name and password before the system will boot.
5. The Drive Encryption configuration window below displays the drives available to be encrypted and will require a USB flash drive to store the encryption recovery key. Keep this recovery key safe and secure because it is used to recover data or access the drive if the pre-boot password is lost or fails. 6. Select Next, complete the process, and select Finish. When prompted, remove the USB flash drive and reboot the system when ready. 7.
3 Benefits of HP ProtectTools for Small Business Accessing HP ProtectTools for Small Business Security Software To access HP ProtectTools Security Manager from the Windows Start menu: ▲ In Windows, click Start, click All Programs, and then click HP ProtectTools Security Manager. To access HP ProtectTools Security Manager Administrative Console from the Windows Start menu: ▲ In Windows, click Start, click All Programs, and then click HP ProtectTools Administrative Console.
Preventing unauthorized access from internal or external locations Unauthorized access to an unsecured business PC presents a very tangible risk to critical data such as information from financial services, an executive, or R&D team, and to private information such as patient records or personal financial records. The following features help prevent unauthorized access: ● ● The pre-boot authentication feature, if enabled, helps prevent access to the operating system.
Managing HP ProtectTools passwords Most of the HP ProtectTools Security Manager features are secured by passwords. The following table lists the commonly used passwords, the software module where the password is set, and the password function. The passwords that are set and used by administrators only are indicated in this table as well. All other passwords may be set by regular users.
● Change passwords regularly. You might change only a couple of characters that increment. ● If you write down your password, do not store it in a commonly visible place very close to the computer. ● Do not save the password in a file, such as an e-mail, on the computer. ● Do not share accounts or tell anyone your password.
4 HP ProtectTools Security Manager Administrative Console About HP ProtectTools Administrative Console Administration of HP ProtectTools Security Manager is provided through the Administrative Console.
● Computer - Provides advanced security options to selectively disallow various types of devices that could compromise PC security and set access permissions for various users and groups. ● Management Tools - Opens your default browser to a web page where you can discover additional management applications and tools that extend the features of Security Manager as well as a means to stay notified when new applications and updates are available.
The following applications are included in the System group. ● Security - Manage security features, authentication policies and other settings that govern how users authenticate when logging on to the computer or HP ProtectTools applications. ● Users - Set up, manage and enroll users of this computer. ● Devices - Manage settings for security devices built-in or connected to the computer. Enabling security features The security features enabled here apply to all users of this computer. 1.
3. In the Policy section, specify the authentication credential(s) required for the selected category of user by clicking the check box or boxes next to the listed credentials. You must specify at least one credential. 4. In the Policy section drop-down list, choose whether ANY (only one) of the specified credentials are required, or if ALL of the specified credentials are required in order to authenticate a user. 5. Click the Apply button.
Removing a user NOTE: This procedure does not delete the Windows user account. It only removes that account from Security Manager. To completely remove the user, you must remove the user from both Security Manager and Windows. 1. Click Start, click All Programs, and then click HP ProtectTools Administrative Console. 2. In the Administrative Console left pane, click User. 3. Click the user name for the account you want to remove, and then click Delete. 4. In the confirmation dialog box, click Yes.
Managing Device Access Device Access Manager for HP ProtectTools provides advanced security options to selectively disallow various types of devices that can compromise the security of your PC. For more information on using Device Access Manager for HP ProtectTools, refer to Device Access Manager for HP ProtectTools on page 44.
5 HP ProtectTools Security Manager HP ProtectTools Security Manager allows you to significantly increase the security of your computer.
3. Type your current password in the Current Windows password box. 4. Type your new password in the New Windows password and Confirm new password boxes. 5. Click Change. Shredding or bleaching files File Sanitizer for HP ProtectTools deletes files by overwriting them with meaningless data. This process, referred to as “shredding,” greatly enhances information security by making the deleted files very difficult to recover.
Adding applications Additional applications may be available to add new features to this program. 1. Click Start, click All Programs, and then click HP ProtectTools Security Manager. 2. In the Security Manager left pane, click Discover More. NOTE: If there is no Discover More link, it has been disabled by the administrator of your computer. 3. On the Add Applications tab, browse for additional applications. 4.
4. Select the modules that you want to include in the backup. In most cases, you will want to select them all. Click Next. 5. Enter your password to verify your identity, then click the arrow button. 6. Enter a path and name for the storage file. By default, the file will be saved to your Documents folder. Click Browse to specify a different location. Click Next. 7. Enter and confirm a password to protect the file. 8. Click Finish.
6 Drive Encryption for HP ProtectTools NOTE: Drive Encryption for HP ProtectTools is available on some models only. In today’s world, a computer belonging to you or anyone on your staff could be stolen, and critical information about your company could be seriously compromised. Encrypting everything on your computer hard drive makes it unreadable and inaccessible to any unauthorized person who might try to access it even if the drive has been removed from the computer or sent to a data recovery service.
CAUTION: If you decide to uninstall the Drive Encryption module or if you are using a backup and restore solution, you must first decrypt all encrypted drives. If you do not, you will not be able to access the data on encrypted drives. Reinstalling the Drive Encryption module will not enable you to access the encrypted drives. Setup procedures Opening Drive Encryption 1. Click Start, click All Programs, and then click HP ProtectTools Administrative Console. 2. Click Drive Encryption.
NOTE: When the drive is being encrypted or decrypted, the progress bar shows the time remaining to complete the process during the current session. If the computer is shut down or initiates Sleep or Hibernation during the encryption process and then restarts, the Time Remaining display resets to the beginning, but the actual encryption resumes where it last stopped. The time remaining and progress display will change more quickly to reflect the previous progress.
7 Credential Manager for HP ProtectTools (Password Manager) Logging on to Windows, websites and programs is easier and more secure when you use the Password Manager. Password Manager allows you to set up the logon screens of websites and programs for quick and secure access. First, Password Manager learns about your logons and the specific data as you type in the input boxes of each logon screen.
The following options are shown on the context menu. ● Fill in logon data - places your logon data in the logon fields and then submits the page (if submission was specified when the logon was created or last edited). ● Edit logon - Allows you to edit your logon data for this website. ● Add logon - Use to add another logon for the same website or program. ● Open Password Manager - Launches the Security Manager dashboard on the Password Manager page.
3. 4. Edit your logon information. ● Click the arrows to the right of a logon field to populate it with one of several preformatted choices. ● Optionally, click Choose other fields to add additional fields from the screen to your logon. ● Deselect Submit account data if you want the logon fields filled in but do not want them submitted. ● If you want to view the password for this logon, click Show password. Click OK.
Managing your logons Password Manager makes managing your logon information - user names, passwords and multiple logon accounts - painless and intuitive, from one central location. Your logons are listed on the Manage tab. Whenever multiple logons have been created for the same website, each logon is then listed under the website name and indented in the logon list. To manage your logons: In the Security Manager left pane, select Password Manager and click the Manage tab.
8 File Sanitizer for HP ProtectTools File Sanitizer is a tool that allows you to securely erase critical files and folders (personal information or files, historical or Web-related data, or other data components) on your computer and periodically bleach your hard drive. NOTE: File Sanitizer currently operates only on the hard drive. About shredding Deleting files and/or folders in Windows does not completely remove the contents from your hard drive. Windows only deletes the reference.
Setup procedures Opening File Sanitizer To open File Sanitizer: 1. Click Start, click All Programs, and then click HP ProtectTools Security Manager. 2. In the Security Manager left pane, click File Sanitizer. – or – ● Double-click the File Sanitizer icon. – or – ● Right-click the HP ProtectTools icon in the notification area, at the far right of the taskbar, highlight File Sanitizer, and then click Open File Sanitizer.
3. ● Key sequence — Choose this option to initiate shredding using a key sequence. ● Scheduler — Select the Activate Scheduler check box, enter your Windows password, and then enter a day and time to shred selected files. Click the Save icon. Selecting or creating a shred profile You can specify a method of erasure and select the files and/or folders to shred by selecting a predefined profile or by creating your own profile.
NOTE: To remove a file from the shred list, click the file, and then click Remove. 5. Under Do not shred the following, click Add to select the specific files that you want to exclude from shredding. 6. When you finish configuring the shred profile, click Apply. Customizing a simple delete profile The simple delete profile performs a standard file delete without shredding.
To initiate shredding using a key sequence: 1. Hold down the Ctrl, Alt, or Shift key (or whichever combination you specified) while pressing your chosen character. 2. If a confirmation dialog box opens, click Yes. Using the File Sanitizer icon CAUTION: Shredded files cannot be recovered. Carefully consider which items you select for manual shredding. 1. Navigate to the document or folder you want to shred. 2. Drag the file to the File Sanitizer icon on the desktop. 3.
– or – 1. Right-click the File Sanitizer icon on the desktop, and then click Shred Now. 2. When the confirmation dialog box opens, click Yes. Manually activating free space bleaching 1. Right-click the HP ProtectTools icon in the notification area, at the far right of the taskbar, highlight File Sanitizer, and then click Bleach Now. 2. A notification bubble will appear verifying that a bleach operation has begun. – or – 1.
9 Device Access Manager for HP ProtectTools This security tool is available to administrators only. Device Access Manager for HP ProtectTools has the following security features that protect against unauthorized access to devices attached to your computer system: ● Device profiles that are created for each user to define device access ● Device access that can be granted or denied on the basis of group membership NOTE: Device Access Manager uses Windows Local Users and Groups to manage access.
To deny access to a class of device for all non-Device Administrators: 1. Click Start, click All Programs, and then click HP ProtectTools Administrative Console. 2. In the left pane, click Device Access Manager, and then click Simple Configuration. 3. In the right pane, select the check box of a device to deny access. 4. Click the Save icon. NOTE: If background service is not running, it attempts to start now. Click Yes to allow it. 5. Click OK.
User access settings (advanced) User Access Settings allows administrators to specify which users and groups are allowed to use the Simple Configuration and Device Class Configuration views. A user or group must be granted View (Read-only) Configuration Settings access in order to view the Simple Configuration and Device Class Configuration information. A user or group must be granted Change Configuration Settings access in order to change the Simple Configuration and Device Class Configuration information.
Glossary administrator. See Windows administrator. asset. A data component consisting of personal information or files, historical and Web-related data, and so on, which is located on the hard drive. authentication. Process of verifying whether a user is authorized to perform a task such as accessing a computer, modifying settings for a particular program, or viewing secured data. automatic shredding. Scheduled shredding that the user sets in File Sanitizer for HP ProtectTools.
security logon method. The method used to log in to the computer. shred cycle. The number of times the shred algorithm is executed on each asset. The higher the number of shred cycles you select, the more secure the computer is. shred profile. A specified erasure method and list of assets. Shred. The execution of an algorithm that obscures the data contained in an asset. simple delete. Securely delete sensitive information including files, historical or web-related content, or other confidential data.
Index A access controlling 44 preventing unauthorized 18 accessing HP ProtectTools Security 17 advanced tasks Device Access Manager 45 B background service, Device Access Manager 44 backup and restore 29 BIOS administrator password 19 C changing Windows password 27 Computer Setup administrator password 19 configuring users 22 controlling device access 44 Credential Manager for HP ProtectTools (Password Manager) adding logons 35 easy setup 6 editing logons 35 features 2 icon settings 37 logon categories 36
setting credentials 27 shredding or bleaching files 28 HP ProtectTools Security Manager Administrative Console configuring application settings 25 configuring your system 22 disallowing device access 26 drive encryption 25 features 2 managing users 24 overview 1 HP ProtectTools Security, accessing 17 shred profile customizing 40 predefined 40 selecting or creating simple delete profile customizing 41 40 U unauthorized access, preventing 18 W Windows Logon password 19 I initial setup 22 K key security ob
