HP dc5750 - Microtower PC User Manual
  1. Manuals
  2. Brands
  3. HP Manuals
  4. Software
  5. dc5750 - Microtower PC
  6. User manual
HP dc5750 - Microtower PC User Manual

HP dc5750 - Microtower PC User Manual

Security manager software
Hide thumbs Also See for dc5750 - Microtower PC:
Table of Contents

Quick Links

See also: Troubleshooting Manual, Administrator's Manual
ProtectTools
User Guide
Table of Contents
loading

Related Manuals for HP dc5750 - Microtower PC

Summary of Contents for HP dc5750 - Microtower PC

  • Page 1 ProtectTools User Guide...
  • Page 2 © Copyright 2007 Hewlett-Packard Development Company, L.P. Microsoft and Windows are U.S. registered trademarks of Microsoft Corporation. Intel is a trademark or registered trademark of Intel Corporation or its subsidiaries in the United States and other countries. AMD, the AMD Arrow logo, and combinations thereof are trademarks of Advanced Micro Devices, Inc.

  • Page 3: Table Of Contents

    Table of contents 1 Introduction to security HP ProtectTools features ........................2 Accessing HP ProtectTools Security ....................3 Achieving key security objectives ......................4 Protecting against targeted theft ..................4 Restricting access to sensitive data ..................4 Preventing unauthorized access from internal or external locations ........4 Creating strong password policies ..................
  • Page 4 Using manual (drag and drop) registration ........19 Managing applications and credentials ............. 19 Modifying application properties ............19 Removing an application from Single Sign On ......... 19 Exporting an application ..............19 Importing an application ..............20 Modifying credentials ................ 20 Using Application Protection ....................
  • Page 5 Disabling Java Card power-on authentication ........... 41 5 BIOS Configuration for HP ProtectTools General tasks ............................. 43 Managing boot options ...................... 43 Enabling and disabling system configuration options ............44 Advanced tasks ..........................46 Managing HP ProtectTools add-on module settings ............46 Enabling and disabling smart card power-on authentication support ....
  • Page 6 ENWW...

  • Page 7: Introduction To Security

    Introduction to security HP ProtectTools Security Manager software provides security features that help protect against unauthorized access to the computer, networks, and critical data. Enhanced security functionality is provided by the following software modules: ● Credential Manager for HP ProtectTools ●...

  • Page 8: Hp Protecttools Features

    HP ProtectTools features The following table details the key features of HP ProtectTools modules: Module Key features ● Credential Manager for HP ProtectTools Credential Manager acts as a personal password vault. ● Single Sign On remembers multiple passwords for various password-protected Web sites, applications, and network resources.

  • Page 9: Accessing Hp Protecttools Security

    Accessing HP ProtectTools Security To access HP ProtectTools Security from Windows® Control Panel: Select Start > All Programs > HP ProtectTools Security Manager. ▲ NOTE: After you have configured the Credential Manager module, you can also open HP ProtectTools by logging on to Credential Manager directly from the Windows logon screen. For more information, refer to “Logging on to Windows with Credential Manager on page 17.”...

  • Page 10: Achieving Key Security Objectives

    Achieving key security objectives The HP ProtectTools modules can work together to provide solutions for a variety of security issues, including the following key security objectives: ● Protecting against targeted theft ● Restricting access to sensitive data ● Preventing unauthorized access from internal or external locations ●...

  • Page 11: Creating Strong Password Policies

    financial services, an executive, or R&D team, or private information such as patient records or personal financial data. The following features help prevent unauthorized access: ● The pre-boot authentication feature, if enabled, helps prevent access to the operating system. See the following procedures: ◦...

  • Page 12: Additional Security Elements

    Additional security elements Assigning security roles In managing computer security (particularly for large organizations), one important practice is to divide responsibilities and rights among various types of administrators and users. NOTE: In a small organization or for individual use, these roles may all be held by the same person. For HP ProtectTools, the security duties and privileges can be divided into the following roles: ●...
  • Page 13 HP ProtectTools password Set in this HP ProtectTools Function module Owner password Embedded Security, by IT Protects the system and the TPM chip from administrator unauthorized access to all owner functions of Embedded Security. Java™ Card PIN Java Card Security Protects access to the Java Card contents and authenticates users of the Java Card.

  • Page 14: Creating A Secure Password

    Creating a secure password When creating passwords, you must first follow any specifications that are set by the program. In general, however, consider the following guidelines to help you create strong passwords and reduce the chances of your password being compromised: ●...

  • Page 15: Restoring Credentials

    Setting backup options Select Start > All Programs > HP ProtectTools Security Manager. In the left pane, click HP ProtectTools, and then click Backup and Restore. In the right pane, click Backup Options. The HP ProtectTools Backup Wizard opens. Follow the on-screen instructions. After you set and confirm the Storage File Password, select Remember all passwords and authentication values for future automated backups.

  • Page 16: Configuring Settings

    Configuring settings Select Start > All Programs > HP ProtectTools Security Manager. In the left pane, click HP ProtectTools, and then click Settings. In the right pane, select your settings, and then click OK. Chapter 1 Introduction to security ENWW...

  • Page 17: Credential Manager For Hp Protecttools

    Credential Manager for HP ProtectTools Credential Manager for HP ProtectTools protects against unauthorized access to your computer using the following security features: ● Alternatives to passwords when logging on to Windows, such as using a Java Card or biometric reader to log on to Windows. For additional information, refer to “Registering credentials on page 13.”...

  • Page 18: Setup Procedures

    Setup procedures Logging on to Credential Manger Depending on the configuration, you can log on to Credential Manager in any of the following ways: ● Credential Manager Logon Wizard (preferred) ● HP ProtectTools Security Manager icon in the notification area ●...

  • Page 19: Logging On For The First Time

    Logging on for the first time Before you begin, you must be logged on to Windows with an administrator account, but not logged on to Credential Manager. Open HP ProtectTools Security Manager by double-clicking the HP ProtectTools Security Manager icon in the notification area. The HP ProtectTools Security Manager window opens. In the left pane, click Credential Manager, and then click Log On in the upper-right corner of the right pane.

  • Page 20: Setting Up The Fingerprint Reader

    Setting up the fingerprint reader After logging on to Credential Manager, swipe your finger across the fingerprint reader. The Credential Manager Registration Wizard opens. Follow the on-screen instructions to complete registering your fingerprints and setting up the fingerprint reader. To set up the fingerprint reader for a different Windows user, log on to Windows as that user and then repeat steps 1 and 2.

  • Page 21: General Tasks

    General tasks All users have access to the “My Identity” page in Credential Manager. From the “My Identity” page, you can perform the following tasks: ● Creating a virtual token ● Changing the Windows logon password ● Managing a token PIN ●...

  • Page 22: Managing Identity

    Managing identity Clearing an identity from the system NOTE: This does not affect your Windows user account. Select Start > All Programs > HP ProtectTools Security Manager. In the left pane, click Credential Manager. In the right pane, click Clear Identity for this Account. Click Yes in the confirmation dialog box.

  • Page 23: Locking The Computer

    Locking the computer This feature is available if you log on to Windows using Credential Manager. To secure your computer when you are away from your desk, use the Lock Workstation feature. This prevents unauthorized users from gaining access to your computer. Only you and members of the administrators group on your computer can unlock it.

  • Page 24: Removing An Account

    In the right pane, click Windows Logon, and then click Add a Network Account. The Add Network Account Wizard opens. Follow the on-screen instructions. Removing an account Select Start > All Programs > HP ProtectTools Security Manager. In the left pane, click Credential Manager, and then click Services and Applications. In the right pane, click Windows Logon, and then click Manage Network Accounts.

  • Page 25: Using Manual (Drag And Drop) Registration

    Using manual (drag and drop) registration Select Start > All Programs > HP ProtectTools Security Manager. In the left pane, click Credential Manager, and then click Services and Applications. In the right pane, click Single Sign On, and then click Register New Application. The SSO Application Wizard opens.

  • Page 26: Importing An Application

    Importing an application Select Start > All Programs > HP ProtectTools Security Manager. In the left pane, click Credential Manager, and then click Services and Applications. In the right pane, under Single Sign On, click Manage Applications and Credentials. Click the application entry you want to import. Then select More > Applications > Import Script.

  • Page 27: Restricting Access To An Application

    Restricting access to an application Select Start > All Programs > HP ProtectTools Security Manager. In the left pane, click Credential Manager, and then click Services and Applications. In the right pane, under Application Protection, click Manage Protected Applications. The Application Protection Service dialog box opens.
  • Page 28 When you select Restricted, the following settings are available: If you want to restrict usage based on time, day, or date, click the Schedule tab and configure the settings. If you want to restrict usage based on inactivity, click the Advanced tab and select the period of inactivity.

  • Page 29: Advanced Tasks (Administrator Only)

    Advanced tasks (administrator only) The “Authentication and Credentials” page and the “Advanced Settings” page of Credential Manager are available only to those users with administrator rights. From these pages, you can perform the following tasks: ● Specifying how users and administrators log on ●...

  • Page 30: Configuring Custom Authentication Requirements

    Configuring custom authentication requirements If the set of authentication credentials you want is not listed on the Authentication tab of the “Authentication and Credentials” page, you can create custom requirements. To configure custom requirements: Select Start > All Programs > HP ProtectTools Security Manager. In the left pane, click Credential Manager, and then click Authentication and Credentials.

  • Page 31: Configuring Credential Manager Settings

    Configuring Credential Manager settings From the “Settings” page, you can access and modify various settings using the following tabs: ● General—Allows you to modify the settings for basic configuration. ● Single Sign On—Allows you to modify the settings for how Single Sign On works for the current user, such as how it handles detection of logon screens, automatic logon to registered logon dialogs, and password display.

  • Page 32: Example 2-Using The "Advanced Settings" Page To Require User Verification Before Single Sign On

    Example 2—Using the “Advanced Settings” page to require user verification before Single Sign On Select Start > All Programs > HP ProtectTools Security Manager. In the left pane, click Credential Manager, and then click Settings. In the right pane, click the Single Sign On tab. Under When registered logon dialog or Web page is visited, select the Authenticate user before submitting credentials check box.

  • Page 33: Embedded Security For Hp Protecttools

    Embedded Security for HP ProtectTools NOTE: The integrated Trusted Platform Module (TPM) embedded security chip must be installed in your computer to use Embedded Security for HP ProtectTools. Embedded Security for HP ProtectTools protects against unauthorized access to user data or credentials.

  • Page 34: Setup Procedures

    Setup procedures CAUTION: To reduce security risk, it is highly recommended that your IT administrator immediately initialize the embedded security chip. Failure to initialize the embedded security chip could result in an unauthorized user, a computer worm, or a virus taking ownership of the computer and gaining control over the owner tasks, such as handling the emergency recovery archive, and configuring user access settings.

  • Page 35: Initializing The Embedded Security Chip

    Initializing the embedded security chip In the initialization process for Embedded Security, you will perform the following tasks: ● Set an owner password for the embedded security chip that protects access to all owner functions on the embedded security chip. ●...

  • Page 36: Setting Up The Basic User Account

    Setting up the basic user account Setting up a basic user account in Embedded Security accomplishes the following tasks: ● Produces a Basic User Key that protects encrypted information, and sets a Basic User Key password to protect the Basic User Key. ●...

  • Page 37: General Tasks

    General tasks After the basic user account is set up, you can perform the following tasks: ● Encrypting files and folders ● Sending and receiving encrypted e-mail Using the Personal Secure Drive After setting up the PSD, you are prompted to type the Basic User Key password at the next logon. If the Basic User Key password is entered correctly, you can access the PSD directly from Windows Explorer.

  • Page 38: Changing The Basic User Key Password

    Changing the Basic User Key password To change the Basic User Key password: Select Start > All Programs > HP ProtectTools Security Manager. In the left pane, click Embedded Security, and then click User Settings. In the right pane, under Basic User Key password, click Change. Type the old password, and then set and confirm the new password.

  • Page 39: Advanced Tasks

    Advanced tasks Backing up and restoring The Embedded Security backup feature creates an archive that contains certification information to be restored in case of emergency. Creating a backup file To create a backup file: Select Start > All Programs > HP ProtectTools Security Manager. In the left pane, click Embedded Security, and then click Backup.

  • Page 40: Changing The Owner Password

    Changing the owner password To change the owner password: Select Start > All Programs > HP ProtectTools Security Manager. In the left pane, click Embedded Security, and then click Advanced. In the right pane, under Owner Password, click Change. Type the old owner password, and then set and confirm the new owner password. Click OK.

  • Page 41: Migrating Keys With The Migration Wizard

    Migrating keys with the Migration Wizard Migration is an advanced administrator task that allows the management, restoration, and transfer of keys and certificates. For details on migration, refer to the Embedded Security online Help. ENWW Advanced tasks...

  • Page 42: Java Card Security For Hp Protecttools

    Java Card Security for HP ProtectTools Java Card Security for HP ProtectTools manages the Java Card setup and configuration for computers equipped with an optional card reader. With Java Card Security, you can accomplish the following tasks: ● Access Java Card Security features ●...

  • Page 43: General Tasks

    General tasks The “General” page allows you to perform the following tasks: ● Change a Java Card PIN ● Select the card reader or smart card keyboard NOTE: The card reader uses both Java Cards and smart cards. This feature is available if you have more than one card reader on the computer.

  • Page 44: Advanced Tasks (Administrators Only)

    Advanced tasks (administrators only) The “Advanced” page allows you to perform the following tasks: ● Assign a Java Card PIN ● Assign a name to a Java Card ● Set power-on authentication ● Back up and restore Java Cards NOTE: You must have Windows administrator privileges in order to display the "Advanced"...

  • Page 45: Assigning A Name To A Java Card

    Assigning a name to a Java Card You must assign a name to a Java Card before it can be used for power-on authentication. To assign a name to a Java Card: Select Start > All Programs > HP ProtectTools Security Manager. In the left pane, click Java Card Security, and then click Advanced.

  • Page 46: Enabling Java Card Power-On Authentication And Creating An Administrator Java Card

    Enabling Java Card power-on authentication and creating an administrator Java Card To enable Java Card power-on authentication: Select Start > All Programs > HP ProtectTools Security Manager. In the left pane, click Java Card Security, and then click Advanced. Insert the Java Card into the card reader. NOTE: If you have not assigned a name and PIN to this card, the New Card dialog box opens, allowing you to type a new name and PIN.

  • Page 47: Creating A User Java Card

    Creating a user Java Card NOTE: Power-on authentication and an administrator card must be set up in order to create a user Java Card. To create a user Java Card: Select Start > All Programs > HP ProtectTools Security Manager. In the left pane, click Java Card Security, and then click Advanced.

  • Page 48: Bios Configuration For Hp Protecttools

    BIOS Configuration for HP ProtectTools BIOS Configuration for HP ProtectTools provides access to the Computer Setup utility security and configuration settings. This gives users Windows access to system security features that are managed by Computer Setup. With BIOS Configuration, you can accomplish the following objectives: ●...

  • Page 49: General Tasks

    General tasks BIOS Configuration allows you to manage various computer settings that would otherwise be accessible only by pressing at startup and entering Computer Setup. Managing boot options You can use BIOS Configuration to manage various settings for tasks that run when you turn on or restart the computer.

  • Page 50: Enabling And Disabling System Configuration Options

    Enabling and disabling system configuration options NOTE: Some of the items listed below may not be supported by your computer. To enable or disable devices or security options: Select Start > All Programs > HP ProtectTools Security Manager. In the left pane, click BIOS Configuration. Type your Computer Setup administrator password at the BIOS administrator password prompt, and then click OK.
  • Page 51 ◦ SATA Native Mode ◦ Dual Core CPU ◦ Automatic Intel® SpeedStep Functionality Support ◦ Fan Always on While on AC Power ◦ BIOS DMA Data Transfers ◦ Intel or AMD PSAE Execution Disable ● Built-In Device Options ◦ Embedded WLAN Device Radio ◦...

  • Page 52: Advanced Tasks

    Advanced tasks Managing HP ProtectTools add-on module settings Some of the features of HP ProtectTools Security Manager can be managed in BIOS Configuration. Enabling and disabling smart card power-on authentication support Enabling this option allows you to use a smart card for user authentication when you turn on the computer.

  • Page 53: Enabling And Disabling Power-On Authentication Support For Embedded Security

    Enabling and disabling power-on authentication support for Embedded Security Enabling this option allows the system to use the TPM embedded security chip (if available) for user authentication when you turn on the computer. NOTE: To fully enable the power-on authentication feature, you must also configure the TPM embedded security chip using the Embedded Security for HP ProtectTools module.

  • Page 54: Enabling And Disabling Drivelock Hard Drive Protection

    Enabling and disabling DriveLock hard drive protection DriveLock is an industry-standard security feature that prevents unauthorized access to the data on ATA hard. DriveLock has been implemented as an extension to Computer Setup. It is only available when hard drives that support the ATA Security command set are detected. DriveLock is intended for HP customers for whom data security is the paramount concern.

  • Page 55: Managing Computer Setup Passwords

    Managing Computer Setup passwords You can use BIOS Configuration to set and change the power-on and setup passwords in Computer Setup, and also to manage various password settings. CAUTION: The passwords you set through the “Passwords” page in BIOS Configuration are saved immediately upon clicking the Apply or OK button in the HP ProtectTools window.

  • Page 56: Changing The Setup Password

    In the right pane, next to Setup Password, click Set. Type and confirm the password in the Enter Password and Confirm Password boxes. Click OK in the Passwords dialog box. Click Apply, and then click OK in the HP ProtectTools window. Changing the setup password To change the Computer Setup password: Select Start >...
  • Page 57 In the right pane, under Password Options, enable or disable Require password on restart. Click Apply, and then click OK in the HP ProtectTools window. ENWW Advanced tasks...

  • Page 58: Drive Encryption For Hp Protecttools

    Drive Encryption for HP ProtectTools CAUTION: If you decide to uninstall the Drive Encryption module, you must first decrypt all encrypted drives. If you do not, you will not be able to access the data on encrypted drives unless you have registered with the Drive Encryption recovery service (see “Recovery on page 55”).

  • Page 59: Encryption Management

    Encryption management Encrypting a drive Select Start > All Programs > HP ProtectTools Security Manager. In the left pane, click Drive Encryption, and then click Encryption Management. In the right pane, click Activate. The Drive Encryption for HP ProtectTools Wizard opens. Follow the on-screen instructions to activate encryption.

  • Page 60: User Management

    User management Add a user Select Start > All Programs > HP ProtectTools Security Manager. In the left pane, click Drive Encryption, and then click User Management. In the right pane, click Add. Click a user name in the User Name list or type a user name in the Username box.

  • Page 61: Recovery

    Recovery The following two safety measures are available to you: ● If you forget your password, you cannot access your encrypted drives. You may, however, register with the Drive Encryption recovery service to enable you to access your computer if you forget your password.

  • Page 62: Troubleshooting

    Troubleshooting Credential Manager for ProtectTools Short description Details Solution Using Credential Manager Using TPM authentication, the user is Using Credential Manager Single Sign On tools allows Network Accounts option, only logged into the local computer. user to authenticate other accounts. a user can select which domain account to log into.
  • Page 63 Short description Details Solution Windows password from Credential local PC, Credential Manager can only change the Manager, the administrator gets an error password used to log in. logon failure: User account restriction. Credential Manager Single Sign On default is set to log users HP is researching a workaround for future product Single Sign On default automatically.

  • Page 64: Chapter 7 Troubleshooting

    Short description Details Solution Credential Manager not During Windows 2000 install, the logon This is as designed. being set as primary logon policy is set for manual or auto logon If user wishes to modify operating system level settings in Windows 2000. admin.
  • Page 65 Short description Details Solution Restoring Embedded Credential Manager fails to register any The HP Credential Manager for ProtectTools fails to Security causes credentials after the ROM is restored to access the TPM if the ROM was reset to factory settings Credential Manager to fail.

  • Page 66: Embedded Security For Protecttools

    Embedded Security for ProtectTools Short description Details Solution Encrypting folders, sub If the user copies files and folders to the This is as designed. folders, and files on PSD PSD and tries to encrypt folders/files or Moving files/folders to the PSD automatically encrypts causes error message.
  • Page 67 Short description Details Solution takes longer when Symantec Antivirus or Norton Antivirus is running. Cannot save emergency If the user inserts an MMC or SD card This is as designed. recovery archive to when creating the emergency recovery Storage of the recovery archive on removable media is removable media.
  • Page 68 Short description Details Solution Microsoft EFS does not An administrator can access encrypted The Data Recovery Policy is automatically configured fully work in Windows information on the system without to designate an administrator as a recovery agent. 2000. knowing the correct password. If the When a user key cannot be retrieved (as in the case of administrator enters an incorrect entering the wrong password or canceling the Enter...
  • Page 69 Short description Details Solution does not ship 128-MB configurations by default with security modules). EFS User Authentication The EFS User Authentication password This is by design—to avoid issues with Microsoft EFS, (password request) times reopens after clicking OK or returning a 30-second watchdog timer was created to generate out with access denied.
  • Page 70 Short description Details Solution PSD is disabled and The PSD is disabled and cannot be As designed: If a customer force-deletes or disconnects cannot be deleted after deleted after formatting the secondary from the storage location of the PSD data, the formatting the hard drive hard drive on which the PSD was Embedded Security PSD drive emulation continues to...
  • Page 71 Short description Details Solution Click here if you want to backup to a temporary archive until the Backup Archive is accessible again. If the Automatic Backup is scheduled for a specific time, however, the backup fails without displaying notice of the failure. Unable to disable The current 4.0 software was designed HP will address this issue in future releases.

  • Page 72: Miscellaneous

    Miscellaneous Software Impacted— Details Solution Short description HP ProtectTools Security All security applications such as HP ProtectTools Security Manager software must be Manager—Warning Embedded Security, Java Card, and installed before installing any security plug-in. received: The security biometrics are extendable plug-ins for application can not be the HP Security Manager interface.
  • Page 73 Software Impacted— Details Solution Short description Allow Security Manager to complete services loading message (seen at top of Security Manager window) and all plug-ins listed in left column. To avoid failure, allow a reasonable time for these plug-ins to load. HP ProtectTools * General Numerous risks are possible with Administrators are encouraged to follow “best...

  • Page 74: Glossary

    Glossary Authentication Process of verifying whether a user is authorized to perform a task, for example, accessing a computer, modifying settings for a particular program, or viewing secured data. Biometric Category of authentication credentials that use a physical feature, such as a fingerprint, to identify a user.
  • Page 75 Migration A task that allows the management, restoration, and transfer of keys and certificates. Network account Windows user or administrator account, either on a local computer, in a workgroup, or on a domain. NTFS partition NT File System, a method of indexing storage media. This method is standard with Windows Vista and Windows XP.

  • Page 76: Index

    Index setup password, changing 50 logon specifications 23 access setup password, setting 49 logon wizard 12 preventing unauthorized 4 smart card power-on new account, creating 13 accessing HP ProtectTools authentication 46 recovery file password 6 Security 3 stringent security 50 registering fingerprints 13 account system configuration...
  • Page 77 Embedded Security 34 emergency recovery token PIN, changing 37 Embedded Security, password power-on authentication, permanently 34 definition 6 disabling 41 Java Card power-on setting 29 power-on authentication, authentication 41 enabling enabling 40 power-on authentication 46 device options 44 power-on authentication, smart card authentication 46 DriveLock 48 setting 39...
  • Page 78 properties application 19 Windows Logon authentication 23 Credential Manager 17 credential 24 password 7 Windows network account 17 recovering encrypted data 55 registering application 18 credentials 13 restricting access to sensitive data 4 security key objectives 4 roles 6 security roles 6 security setup password 7 Single Sign On automatic registration 18...

This manual is also suitable for:

Dc7800 - convertible minitower pcDx7400 - microtower pcProtecttools

Table of Contents