HP Compaq NX6315 Getting Started Manual
Protecttools security manager software
Hide thumbs
Also See for Compaq NX6315:
- Getting started (61 pages) ,
- Setup manual (15 pages) ,
- Maintenance and service manual (211 pages)
Table of Contents
Advertisement
Quick Links
Advertisement
Table of Contents
Related Manuals for HP Compaq NX6315
Summary of Contents for HP Compaq NX6315
- Page 1 HP ProtectTools Getting Started...
- Page 2 Logo is a trademark of its proprietor. The information contained herein is subject to change without notice. The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty.
-
Page 3: Table Of Contents
Table of contents 1 Introduction Accessing the HP ProtectTools Security Manager ... 2 Understanding security roles ... 2 Managing HP ProtectTools passwords ... 3 Creating a secure password ... 5 2 Smart Card Security for HP ProtectTools Initializing the smart card ... 7 Smart card BIOS security mode ... - Page 4 4 Embedded Security for HP ProtectTools Setup procedures ... 26 Enabling the embedded security chip ... 26 Initializing the embedded security chip ... 27 Setting up the basic user account ... 28 General tasks ... 29 Using the Personal Secure Drive ... 29 Encrypting files and folders ...
- Page 5 Specifying how users and administrators log on ... 59 Configuring custom authentication requirements ... 60 Configuring credential properties ... 60 Configuring Credential Manager settings ... 61 7 Device Access Manager for HP ProtectTools Starting background service ... 64 Simple configuration ... 65 Device class configuration (advanced) ... 66 Adding a user or a group ...
- Page 6 Denying access to a user or group ... 66 Allowing access to a device class for one user of a group ... 66 Allowing access to a specific device for one user of a group ... 67 Glossary ... 68 Index ...
-
Page 7: Introduction
The software modules available for your computer may vary depending on your model. For example, Embedded Security for HP ProtectTools requires that the Trusted Platform Module (TPM) embedded security chip (select models only) be installed on your computer, and Smart Card Security for HP ProtectTools requires an optional smart card and reader. -
Page 8: Accessing The Hp Protecttools Security Manager
In a small organization or for individual use, these roles may all be held by the same person. For HP ProtectTools, the security duties and privileges can be divided into the following roles: ● Security officer—Defines the security level for the company or network and determines the security features to deploy, such as smart cards, biometric readers, or USB tokens. -
Page 9: Managing Hp Protecttools Passwords
Managing HP ProtectTools passwords Most of the HP ProtectTools Security Manager features are secured by passwords. The following table lists the commonly used passwords, the software module where the password is set, and the password function. The passwords that are set and used by IT administrators only are indicated in this table as well. All other passwords may be set by regular users or administrators. -
Page 10: Chapter 1 Introduction
Credential Manager logon password Credential Manager recovery file password Windows logon password Chapter 1 Introduction Set in this HP ProtectTools Function module Embedded Security, by IT Protects access to the Emergency Recovery administrator Token, which is a backup file for the embedded security chip. -
Page 11: Creating A Secure Password
If you write down your password, do not store it in a commonly visible place very close to the computer. ● Do not save the password in a file, such as an e-mail, on the computer. ● Do not share accounts or tell anyone your password. ENWW Managing HP ProtectTools passwords... -
Page 12: Smart Card Security For Hp Protecttools
● Access smart card security features. ● Initialize a smart card so that it can be used with other HP ProtectTools modules, such as Credential Manager for HP ProtectTools. ● Work with the Computer Setup utility to enable smart card authentication in a power-on environment, and to configure separate smart cards for an administrator and a user. -
Page 13: Initializing The Smart Card
To initialize the smart card: Insert the smart card into the reader. Select Start > All Programs > HP ProtectTools Security Manager. In the left pane, click Smart Card Security, and then click Smart Card. In the right pane, click Initialize. -
Page 14: Smart Card Bios Security Mode
● Create new administrator and user smart cards. ● Create a recovery file to restore either a user or administrator smart card. Chapter 2 Smart Card Security for HP ProtectTools ProtectTools.” “Enabling support,” in Chapter 5, “Enabling smart card BIOS password,”... -
Page 15: Enabling Smart Card Bios Security Mode And Setting The Smart Card Administrator Password
To enable smart card BIOS security mode and set the smart card administrator password: Select Start > All Programs > HP ProtectTools Security Manager. In the left pane, click Smart Card Security, and then click BIOS. In the right pane, under BIOS Security Mode, click Enable. -
Page 16: Changing The Smart Card Administrator Password
Computer Setup. To change the smart card administrator password: Select Start > All Programs > HP ProtectTools Security Manager. In the left pane, click Smart Card Security, and then click BIOS. In the right pane, under BIOS Security Mode, next to BIOS administrator card, click Change. -
Page 17: Setting And Changing The Smart Card User Password
Setting and changing the smart card user password To set or change the smart card user password: Select Start > All Programs > HP ProtectTools Security Manager. In the left pane, click Smart Card Security, and then click BIOS. In the right pane, under BIOS Security Mode, next to BIOS user card, click the Set button. -
Page 18: Storing The Administrator Or User Card Password
To store the administrator or user card password: Insert a smart card into the reader. Select Start > All Programs > HP ProtectTools Security Manager. In the left pane, click Smart Card Security, and then click BIOS. In the right pane, under BIOS Password on Smart Card, click Store. -
Page 19: General Tasks
Updating BIOS smart card settings To require a smart card PIN when you restart the computer: Select Start > All Programs > HP ProtectTools Security Manager. In the left pane, click Smart Card Security, and then click BIOS. In the right pane, under Smart Card BIOS Password Properties, click Settings. -
Page 20: Backing Up And Restoring Smart Cards
Creating a recovery file To create a recovery file: Select Start > All Programs > HP ProtectTools Security Manager. In the left pane, click Smart Card Security, and then click Smart Card. In the right pane, under Recovery, click Create. -
Page 21: Restoring Smart Card Data
Smart card To restore a smart card: Select Start > All Programs > HP ProtectTools Security Manager. In the left pane, click Smart Card Security, and then click Smart Card. Insert the diskette or other media containing the smart card recovery file. -
Page 22: Creating A Backup Smart Card
Store the administrator or user card password on the new smart card. For instructions, refer to “Storing the administrator or user card Chapter 2 Smart Card Security for HP ProtectTools “Restoring smart card data,” earlier in this chapter. password,” earlier in this chapter. -
Page 23: Java Card Security For Hp Protecttools
Java Card Security for HP ProtectTools Java Card Security for HP ProtectTools manages the Java Card setup and configuration for computers equipped with an optional smart card reader. With Java Card Security, you can ● Access Java Card security features. -
Page 24: General Tasks
NOTE The Java Card PIN must be between 4 and 8 numeric characters. Select Start > All Programs > HP ProtectTools Security Manager. In the left pane, click Java Card Security, and then click General. Insert a Java Card (with an existing PIN) into the smart card reader. -
Page 25: Advanced Tasks (Administrators Only)
NOTE The Java Card PIN must be between 4 and 8 numeric characters. Select Start > All Programs > HP ProtectTools Security Manager. In the left pane, click Java Card Security, and then click General. Insert a new Java Card into the smart card reader. -
Page 26: Assigning A Name To A Java Card
You must assign a name to a Java Card before it can be used for power-on authentication. To assign a name to a Java Card: Select Start > All Programs > HP ProtectTools Security Manager. In the left pane, click Java Card Security, and then click Advanced. -
Page 27: Enabling Java Card Power-On Authentication And Creating An Administrator Java Card
Enabling Java Card power-on authentication and creating an administrator Java Card To enable Java Card power-on authentication: Select Start > All Programs > HP ProtectTools Security Manager. In the left pane, click Java Card Security, and then click Advanced. When the Computer Setup Password dialog box displays, enter your Computer Setup setup password, and then click OK. -
Page 28: Creating A User Java Card
Java Card. To create a user Java Card: Select Start > All Programs > HP ProtectTools Security Manager. In the left pane, click Java Card Security, and then click Advanced. When the Setup Password dialog box displays, enter your Computer Setup setup password, and then click OK. -
Page 29: Backing Up And Restoring Java Cards
Creating a recovery file To create a recovery file: Select Start > All Programs > HP ProtectTools Security Manager. In the left pane, click Java Card Security, and then click Advanced. When the Setup Password dialog box displays, enter your Computer Setup setup password, and then click OK. -
Page 30: Restoring Java Card Data
Java Card To restore a Java Card: Select Start > All Programs > HP ProtectTools Security Manager. In the left pane, click Java Card Security, and then click Advanced. When the Setup Password dialog box displays, enter your Computer Setup setup password, and then click OK. -
Page 31: Embedded Security For Hp Protecttools
The TPM embedded security chip enhances and enables other HP ProtectTools Security Manager security features. For example, Credential Manager for HP ProtectTools can use the embedded chip as an authentication factor when the user logs on to Windows. On select models, the TPM embedded security chip also enables enhanced BIOS security features accessed through BIOS Configuration for HP ProtectTools. -
Page 32: Setup Procedures
Enabling the embedded security chip The embedded security chip must be enabled in the Computer Setup utility. This procedure cannot be performed in BIOS Configuration for HP ProtectTools. To enable the embedded security chip: Open Computer Setup by turning on or restarting the computer, and then pressing “f10 = ROM Based Setup”... -
Page 33: Initializing The Embedded Security Chip
Basic User Keys for all users. To initialize the embedded security chip: Right-click the HP ProtectTools Security Manager icon in the notification area, at the far right of the taskbar, and then select Embedded Security Initialization. The HP ProtectTools Embedded Security Initialization Wizard opens. -
Page 34: Setting Up The Basic User Account
To set up a basic user account and enable the user security features: If the Embedded Security User Initialization Wizard is not open, select Start > All Programs > HP ProtectTools Security Manager. In the left pane, click Embedded Security, and then click User Settings. -
Page 35: General Tasks
General tasks After the basic user account is set up, you can perform the following tasks: ● Encrypting files and folders ● Sending and receiving encrypted e-mail Using the Personal Secure Drive After setting up the PSD, you are prompted to enter the Basic User Key password at the next logon. If the Basic User Key password is entered correctly, you can access the PSD directly from Windows Explorer. -
Page 36: Changing The Basic User Key Password
Changing the Basic User Key password To change the Basic User Key password: Select Start > All Programs > HP ProtectTools Security Manager. In the left pane, click Embedded Security, and then click User Settings. In the right pane, under Basic User Key password, click Change. -
Page 37: Advanced Tasks
Creating a backup file To create a backup file: Select Start > All Programs > HP ProtectTools Security Manager. In the left pane, click Embedded Security, and then click Backup. In the right pane, click Backup. -
Page 38: Changing The Owner Password
Changing the owner password To change the owner password: Select Start > All Programs > HP ProtectTools Security Manager. In the left pane, click Embedded Security, and then click Advanced. In the right pane, under Owner Password, click Change. Type the old owner password, and then set and confirm the new owner password. -
Page 39: Migrating Keys With The Migration Wizard
Migrating keys with the Migration Wizard Migration is an advanced administrator task that allows the management, restoration, and transfer of keys and certificates. For details on migration, refer to the Embedded Security online Help. ENWW Advanced tasks... -
Page 40: Bios Configuration For Hp Protecttools
BIOS Configuration for HP ProtectTools BIOS Configuration for HP ProtectTools provides access to the Computer Setup utility security and configuration settings. This gives users Windows access to system security features that are managed by Computer Setup. With BIOS Configuration, you can ●... -
Page 41: General Tasks
If you have enabled MultiBoot, select the boot order by selecting a boot device, and then clicking the up arrow or the down arrow to adjust its order in the list. Click Apply, and then click OK in the HP ProtectTools window to save your changes. ENWW at startup and entering Computer Setup. -
Page 42: Enabling And Disabling System Configuration Options
Some of the items listed below may not be supported by your computer. To enable or disable devices or security options: Select Start > All Programs > HP ProtectTools Security Manager. In the left pane, click BIOS Configuration. Enter your Computer Setup administrator password at the BIOS administrator password prompt, and then click OK. - Page 43 Embedded WLAN Device Radio ● Embedded WWAN Device Radio ● Embedded Bluetooth® Device Radio ● LAN/WLAN Switching ● Wake on LAN from Off Click Apply, and then click OK in the HP ProtectTools window to save your changes and exit. ENWW General tasks...
-
Page 44: Advanced Tasks
NOTE To fully enable the power-on authentication feature, you must also configure the smart card using the Smart Card Security for HP ProtectTools or Java Card Security for HP ProtectTools module. To enable smart card power-on authentication support: Select Start >... -
Page 45: Enabling And Disabling Power-On Authentication Support For Embedded Security
In the left pane, click Security. Under Embedded Security, click Enable Power-on Authentication Support. NOTE Click Apply, and then click OK in the HP ProtectTools window to save your changes. ENWW To disable power-on authentication for Embedded Security, click Disable. -
Page 46: Enabling And Disabling Automatic Drivelock Hard Drive Protection
NOTE To disable automatic DriveLock protection for Embedded Security, click Disable. Click Apply, and then click OK in the HP ProtectTools window to save your changes. Managing Computer Setup passwords You can use BIOS Configuration to set and change the power-on and setup passwords in Computer Setup, and also to manage various password settings. -
Page 47: Setting The Power-On Password
Type and confirm the password in the Enter Password and Verify Password boxes. Click OK in the Passwords dialog box. Click Apply, and then click OK in the HP ProtectTools window to save your changes. Changing the power-on password To change the power-on password: Select Start >... -
Page 48: Changing The Setup Password
Click Apply, and then click OK in the HP ProtectTools window to save your changes. Setting password options You can use BIOS Configuration for HP ProtectTools to set password options to enhance the security of your system. Enabling and disabling stringent security... - Page 49 In the right pane, under Password Options, enable or disable Require password on restart. Click Apply, and then click OK in the HP ProtectTools window to save your changes. ENWW Advanced tasks...
-
Page 50: Credential Manager For Hp Protecttools
Credential Manager for HP ProtectTools Credential Manager for HP ProtectTools has security features that provide protection against unauthorized access to your computer. These features include the following: ● Alternatives to passwords when logging on to Windows, such as using a smart card or biometric reader to log on to Windows. -
Page 51: Setup Procedures
● From the Windows logon screen ● From the notification area, by double-clicking the HP ProtectTools Security Manager icon ● From the “Credential Manager” page of ProtectTools Security Manager, by clicking the Log On link in the upper-right corner of the window Click Next. -
Page 52: Logging On For The First Time
Before you begin, you must be logged on to Windows with an administrator account, but not logged on to Credential Manager. Open HP ProtectTools Security Manager by double-clicking the HP ProtectTools Security Manager icon in the notification area. The HP ProtectTools Security Manager window opens. -
Page 53: Setting Up The Fingerprint Reader
You must have a smart card reader configured for this procedure. If you do not have a reader installed, you can register a virtual token as described in Select Start > All Programs > HP ProtectTools Security Manager. In the left pane, click Credential Manager. -
Page 54: Registering A Usb Etoken
NOTE Refer to the USB eToken user guide for more information. Select Start > All Programs > HP ProtectTools Security Manager. In the left pane, click Credential Manager. In the right pane, click Register Smart Card or Token. The Credential Manager Registration Wizard opens. -
Page 55: General Tasks
PIN to complete the authentication. To create a new virtual token: Select Start > All Programs > HP ProtectTools Security Manager. In the left pane, click Credential Manager. In the right pane, click Virtual Token. The Credential Manager Registration Wizard opens. -
Page 56: Changing A Token Pin
Type your new password in the New password and Confirm password boxes. Click Finish. Changing a token PIN Select Start > All Programs > HP ProtectTools Security Manager. In the left pane, click Credential Manager. In the right pane, click Change Token PIN. -
Page 57: Restoring An Identity
Restoring an Identity To restore an identity: Select Start > All Programs > HP ProtectTools Security Manager. In the left pane, click Credential Manager. In the right pane, click Restore Identity. On the “Device Type” page, select the device type where the backup is stored, and then click Next. -
Page 58: Locking The Computer
For more information, refer to Credential Manager To lock the computer: Select Start > All Programs > HP ProtectTools Security Manager. In the left pane, click Credential Manager. In the right pane, click Lock Workstation. The Windows logon screen is displayed. You must use a Windows password or the Credential Manager Logon Wizard to unlock the computer. -
Page 59: Adding An Account
Adding an account Select Start > All Programs > HP ProtectTools Security Manager. In the left pane, click Credential Manager, and then click Services and Applications. In the right pane, click Windows Logon, and then click Add a Network Account. The Add Network Account Wizard opens. -
Page 60: Using Automatic Registration
Click Yes to complete the registration. Using manual (drag and drop) registration Select Start > All Programs > HP ProtectTools Security Manager. In the left pane, click Credential Manager, and then click Services and Applications. In the right pane, click Single Sign On, and then click Register New Application. The SSO Application Wizard opens. -
Page 61: Managing Applications And Credentials
Managing applications and credentials Modifying application properties Select Start > All Programs > HP ProtectTools Security Manager. In the left pane, click Credential Manager, and then click Services and Applications. In the right pane, under Single Sign On, click Manage Applications and Credentials. -
Page 62: Importing An Application
Importing an application Select Start > All Programs > HP ProtectTools Security Manager. In the left pane, click Credential Manager, and then click Services and Applications. In the right pane, under Single Sign On, click Manage Applications and Credentials. Click the application entry you want to import. Then select More > Applications > Import Script. -
Page 63: Using Application Protection
User inactivity Restricting access to an application Select Start > All Programs > HP ProtectTools Security Manager. In the left pane, click Credential Manager, and then click Services and Applications. In the right pane, under Application Protection, click Manage Protected Applications. The Application Protection Service dialog box opens. -
Page 64: Changing Restriction Settings For A Protected Application
Click OK. Changing restriction settings for a protected application Select Start > All Programs > HP ProtectTools Security Manager. In the left pane, click Credential Manager, and then click Services and Applications. In the right pane, under Application Protection, click Manage Protected Applications. The Application Protection Service dialog box opens. -
Page 65: Advanced Tasks (Administrator Only)
To specify how users or administrators log on: Select Start > All Programs > HP ProtectTools Security Manager. In the left pane, click Credential Manager, and then click Authentication and Credentials. In the right pane, click the Authentication tab. -
Page 66: Configuring Custom Authentication Requirements
“Authentication and Credentials” page, you can create custom requirements. To configure custom requirements: Select Start > All Programs > HP ProtectTools Security Manager. In the left pane, click Credential Manager, and then click Authentication and Credentials. In the right pane, click the Authentication tab. -
Page 67: Configuring Credential Manager Settings
To modify Credential Manager settings: Select Start > All Programs > HP ProtectTools Security Manager. In the left pane, click Credential Manager, and then click Settings. In the right pane, click the appropriate tab for the settings you want to modify. -
Page 68: Example 2-Using The "Advanced Settings" Page To Require User Verification Before Single Sign On
Example 2—Using the “Advanced Settings” page to require user verification before Single Sign On Select Start > All Programs > HP ProtectTools Security Manager. In the left pane, click Credential Manager, and then click Settings. In the right pane, click the Single Sign On tab. -
Page 69: Device Access Manager For Hp Protecttools
Device Access Manager for HP ProtectTools This security tool is available to administrators only. Device Access Manager for HP ProtectTools has security features that provide protection against unauthorized access to devices attached to your computer system. These features include the following: ●... -
Page 70: Starting Background Service
For device profiles to be applied, the HP ProtectTools Device Locking/Auditing background service must be running. When you first attempt to apply device profiles, HP ProtectTools Security Manager opens a dialog box to ask if you would you like to start the background service. Click Yes to start the background service and set it to start automatically whenever the system boots. -
Page 71: Simple Configuration
All serial and parallel ports for all non-administrators To deny access to a class of device for all non-administrators: Select Start > All Programs > HP ProtectTools Security Manager. In the left pane, click Device Access Manager, and then click Simple Configuration. -
Page 72: Device Class Configuration (Advanced)
Adding a user or a group Select Start > All Programs > HP ProtectTools Security Manager. In the left pane, click Device Access Manager, and then click Device Class Configuration. In the device list, click the device class that you want to configure. -
Page 73: Allowing Access To A Specific Device For One User Of A Group
To allow access to a specific device for one user but not the group: Select Start > All Programs > HP ProtectTools Security Manager. In the left pane, click Device Access Manager, and then click Device Class Configuration. -
Page 74: Glossary
Glossary Authentication Process of verifying whether a user is authorized to perform a task, for example, accessing a computer, modifying settings for a particular program, or viewing secured data. Automatic DriveLock Security feature that causes the DriveLock passwords to be generated and protected by the TPM Embedded Security chip. - Page 75 Identity In the HP ProtectTools Credential Manager, a group of credentials and settings that is handled like an account or profile for a particular user. Java Card Small piece of hardware, similar in size and shape to a credit card, which stores identifying information about the owner.
-
Page 76: Index
Basic User Key password changing 30 setting 28 biometric readers 47 BIOS administrator card password changing 10 definition 3 BIOS administrator password 3 BIOS Configuration for HP ProtectTools Automatic DriveLock 40 boot options 35 HP ProtectTools settings, managing 38 Index Java Card power-on... - Page 77 Credential Manager 46 HP ProtectTools Security Manager, accessing 2 initializing embedded security chip 27 smart card 7 Java Card Security for HP ProtectTools administrator tasks 19 advanced tasks 19 assigning name 20 backing up and restoring 23 creating administrator 21...
- Page 78 54 modifying application properties 55 removing applications 55 Index smart card recovery file password definition 3 Smart Card Security for HP ProtectTools administrator password 9 administrator password, changing 10 administrator password, definition 3 backing up and restoring 14...