HP Dc5700 HP ProtectTools Security Manager Guide

HP Dc5700 - Compaq Business Desktop Manual

Get HP Dc5700 - Compaq Business Desktop PDF manuals and user guides
UPC - 882780819535
View all HP Dc5700 manuals
Add to My Manuals
Save this manual to your list of manuals

HP Dc5700 manual content summary:

  • HP Dc5700 | HP ProtectTools Security Manager Guide - Page 1
    HP ProtectTools Security Manager Guide HP Compaq Business Desktops
  • HP Dc5700 | HP ProtectTools Security Manager Guide - Page 2
    by copyright. No part of this document may be photocopied, reproduced, or translated to another language without the prior written consent of Hewlett-Packard Company. HP ProtectTools Security Manager Guide HP Compaq Business Desktops First Edition (August 2006) Document Part Number: 431330-001
  • HP Dc5700 | HP ProtectTools Security Manager Guide - Page 3
    About This Book This guide provides instructions for configuring and using HP ProtectTools Security Manager. WARNING! Text set off in this manner indicates that failure to follow directions could result in bodily harm or loss of life.
  • HP Dc5700 | HP ProtectTools Security Manager Guide - Page 4
    iv About This Book ENWW
  • HP Dc5700 | HP ProtectTools Security Manager Guide - Page 5
    Configuration for ProtectTools Basic Concepts ...11 Changing BIOS Settings ...11 3 HP Embedded Security for ProtectTools Basic Concepts ...13 Setup Procedures ...14 4 HP Credential Manager for ProtectTools Basic Concepts ...15 Launch Procedure ...15 Logging On for the First Time 16 5 HP Java Card
  • HP Dc5700 | HP ProtectTools Security Manager Guide - Page 6
    6 Third-Party Solutions 7 HP Client Manager for Remote Deployment Background ...21 Initialization ...21 Maintenance ...21 8 Troubleshooting Credential Manager for ProtectTools 23 Embedded Security for ProtectTools 27 Miscellaneous ...33 Glossary ...37 Index ...41 vi ENWW
  • HP Dc5700 | HP ProtectTools Security Manager Guide - Page 7
    functionality is provided by the following modules: ● HP BIOS Configuration for ProtectTools ● HP Embedded Security for ProtectTools ● HP Credential Manager for ProtectTools ● HP Java Card Security for ProtectTools The modules available for the computer may vary, depending on the model. ProtectTools
  • HP Dc5700 | HP ProtectTools Security Manager Guide - Page 8
    features to deploy, such as Java Cards, biometric readers, or USB tokens. NOTE BIOS Computer Setup utility and security settings. NOTE Also known as BIOS administrator, F10 Setup, or Security Setup password Power-On password BIOS Configuration HP ProtectTools Power-On Authentication Support
  • HP Dc5700 | HP ProtectTools Security Manager Guide - Page 9
    . When enabled as the BIOS Power-On Authentication support password, protects access to the computer contents when computer is turned on, restarted, : ● It can be used in place of the Windows logon process, allowing access to Windows and Credential Manager simultaneously. ● It can be used
  • HP Dc5700 | HP ProtectTools Security Manager Guide - Page 10
    Card. Backup scheduler password NOTE A Windows user password is used to configure the backup scheduler for embedded security. Embedded Security, by IT administrator Sets backup scheduler for embedded Security PKCS #12 Import password NOTE Each imported certificate has a password specific /support/
  • HP Dc5700 | HP ProtectTools Security Manager Guide - Page 11
    Windows accounts with the same set of credentials. Multifactor user authentication supports any combination of user passwords, dynamic or single-use passwords, TPM, Java Cards any specifications that the case of letters computer. ● Do not save the password in a file, such as an e-mail, on the computer
  • HP Dc5700 | HP ProtectTools Security Manager Guide - Page 12
    must also configure the Java Card using the Java Card Security for ProtectTools module. To enable Java Card Power-On Authentication support: 1. Select Start > All Programs > HP ProtectTools Security Manager. 2. In the left pane, select BIOS Configuration. 3. Enter your Computer Setup administrator
  • HP Dc5700 | HP ProtectTools Security Manager Guide - Page 13
    the power-on and setup passwords in Computer Setup, and also to manage various password settings. CAUTION The passwords you set through the Passwords page in BIOS Configuration are saved immediately upon clicking the Apply or OK button in the ProtectTools window. Make sure you remember what password
  • HP Dc5700 | HP ProtectTools Security Manager Guide - Page 14
    computer. Once Power-On Authentication Support is functioning, the option to enter the BIOS Setup is no longer seen. If the user enters the Setup password at the Power-On Authentication Support window, the user enters the BIOS new password three times will flash a new window stating that the
  • HP Dc5700 | HP ProtectTools Security Manager Guide - Page 15
    OK in the ProtectTools window to save your changes. Changing the Computer Setup Administrator Password To change the Computer Setup administrator password: 1. Select Start > All Programs > HP ProtectTools Security Manager. 2. In the left pane, select BIOS Configuration, and then select Security
  • HP Dc5700 | HP ProtectTools Security Manager Guide - Page 16
    will double the last timeout. Additional documentation on this process is located in the Embedded Security Help. Click Welcome to the HP Embedded Security for ProtectTools Solution > Advanced Embedded Security Operation > Dictionary Attack Defense. NOTE Normally, a user receives warnings that their
  • HP Dc5700 | HP ProtectTools Security Manager Guide - Page 17
    Guide on the Documentation and Diagnostics CD that shipped with the computer for information on settings and features. To access the Help files for BIOS Configuration, click Security Manager > BIOS Configuration > Help. NOTE Refer to the ProtectTools Help screens for specific instructions for
  • HP Dc5700 | HP ProtectTools Security Manager Guide - Page 18
    12 Chapter 2 HP BIOS Configuration for ProtectTools ENWW
  • HP Dc5700 | HP ProtectTools Security Manager Guide - Page 19
    for ProtectTools can use the TPM embedded chip as an authentication factor when the user logs on to Windows. On some models, the TPM embedded security chip also enables enhanced BIOS security features accessed through BIOS Configuration for ProtectTools. The hardware consists of a TPM that meets the
  • HP Dc5700 | HP ProtectTools Security Manager Guide - Page 20
    be enabled in the BIOS Computer Setup utility, BIOS Configuration for ProtectTools, or HP Client Manager. To enable the TPM embedded security chip: 1. Open Computer Setup by turning on or restarting the computer, and then pressing F10 while the F10 = ROM Based Setup message is displayed in the lower
  • HP Dc5700 | HP ProtectTools Security Manager Guide - Page 21
    , and protected network resources ● Support for optional security devices, such as Java Cards and biometric readers ● Support for additional security settings, such as requiring authentication with an optional security device to unlock the computer and access applications ● Enhanced encryption
  • HP Dc5700 | HP ProtectTools Security Manager Guide - Page 22
    as a fingerprint or a Java Card. At the next logon, you can select the logon policy and use any combination of the registered credentials. NOTE Refer to the ProtectTools Help screens for specific instructions for ProtectTools Security Manager. 16 Chapter 4 HP Credential Manager for ProtectTools
  • HP Dc5700 | HP ProtectTools Security Manager Guide - Page 23
    to authenticate users of the Java Card ● If available, back up and restore Java Card BIOS passwords stored on the Java Card ● If available, save the BIOS password on the Java Card NOTE Refer to the ProtectTools Help screens for specific instructions for ProtectTools Security Manager. ENWW Basic
  • HP Dc5700 | HP ProtectTools Security Manager Guide - Page 24
    18 Chapter 5 HP Java Card Security for ProtectTools ENWW
  • HP Dc5700 | HP ProtectTools Security Manager Guide - Page 25
    . All models provide the TSS; embedded security software must be purchased separately for some models. For those models, an NTRU TSS is provided to support customer third-party purchase of embedded security software. We recommend third-party solutions such as Wave Embassy Trust Suite. ENWW 19
  • HP Dc5700 | HP ProtectTools Security Manager Guide - Page 26
    20 Chapter 6 Third-Party Solutions ENWW
  • HP Dc5700 | HP ProtectTools Security Manager Guide - Page 27
    HP BIOS-enforced policies. The administrator must be present to enter BIOS configuration options (F10 options) to enable the TPM. Furthermore, the Trusted Computing Group (TCG) specifications on the remote system. During this reboot, the BIOS, by default, displays a prompt; in response, the end user
  • HP Dc5700 | HP ProtectTools Security Manager Guide - Page 28
    22 Chapter 7 HP Client Manager for Remote Deployment ENWW
  • HP Dc5700 | HP ProtectTools Security Manager Guide - Page 29
    login operation functions normally. This only occurs with Windows XP Service Pack 1; update Windows version to Service Pack 2 via Windows Update to correct. To work around if retaining Service Pack 1, re-log back into Windows using another credential (Windows password) in order to log off and re
  • HP Dc5700 | HP ProtectTools Security Manager Guide - Page 30
    enters his/her password, the Back button does not work properly, but instead immediately displays the Windows login screen. HP is researching a workaround for future product enhancements. Credential Manager opens out of standby when it is configured not to. When use Credential Manager log on to
  • HP Dc5700 | HP ProtectTools Security Manager Guide - Page 31
    hibernation on Windows XP Service Pack 1 only. After allowing system to transition into hibernation and sleep mode, Administrator or user is unable to log into Credential Manager and the Windows logon screen remains displayed no matter which logon credential (password, finger print or Java Card) is
  • HP Dc5700 | HP ProtectTools Security Manager Guide - Page 32
    by turning on or restarting the computer, and then pressing F10 while the F10 = ROM Based Setup message is displayed in the lower-left corner of the screen. 2. Use the arrow keys to select Security > Setup Password. Set a password. 3. Select Embedded Security Device. 4. Use the arrow keys to
  • HP Dc5700 | HP ProtectTools Security Manager Guide - Page 33
    is a feature of EFS in Windows 2000. EFS in Windows XP, by default, will not supported only on NTFS and will not function on FAT32. This is a feature of Microsoft's EFS and is not related to HP ProtectTools software. Windows the To reduce the time required to scan HP ProtectTools Embedded Security
  • HP Dc5700 | HP ProtectTools Security Manager Guide - Page 34
    the password. However, HP strongly recommends having the Computer Setup (F10) Utility password protected at all times. The PSD password box is When a user logs on the system after no longer displayed when creating a PSD, the TPM asks for the This is by design. 28 Chapter 8 Troubleshooting ENWW
  • HP Dc5700 | HP ProtectTools Security Manager Guide - Page 35
    configured to designate an administrator as a recovery agent. When a user key cannot be retrieved (as in the case as non-trusted. After setting up HP ProtectTools and running the User Initialization not present, an error message is displayed stating that the device is not ready. During uninstall,
  • HP Dc5700 | HP ProtectTools Security Manager Guide - Page 36
    minimal RAM. Root Cause suspicion is a timing issue in low memory configurations. Integrated graphics uses UMA architecture taking 8 MB of memory, BIOS. ● Reboots the computer. ● Begins to restore Embedded Security. During the restore process, Credential Manager asks 30 Chapter 8 Troubleshooting
  • HP Dc5700 | HP ProtectTools Security Manager Guide - Page 37
    message is not clear and should state a more appropriate message. HP is working to enhance this in future products. Security System exhibits the keys when trying to restore at a later time. A decryption process failed error message is displayed. The non-selected users can be restored by resetting
  • HP Dc5700 | HP ProtectTools Security Manager Guide - Page 38
    a specific time, however, the backup fails without displaying notice of the failure. Unable to disable Embedded Security State temporarily in Embedded Security GUI. The current 4.0 software was designed for HP Notebook 1.1B implementations, as well as supporting HP Desktop 1.2 implementations. HP
  • HP Dc5700 | HP ProtectTools Security Manager Guide - Page 39
    Spec. Version = 1.2 ● Vendor = Broadcom Corporation ● FW Version = 2.18 (or greater) ● TPM Device driver library version 2.0.0.9 (or greater) 5. If the FW version does not match 2.18, download and update the TPM firmware. The TPM Firmware SoftPaq is a support download available at http://www.hp
  • HP Dc5700 | HP ProtectTools Security Manager Guide - Page 40
    services loading message (seen at top of Security Manager window) and all plug-ins listed in left column. To avoid failure, allow a reasonable time for these plug-ins to load. HP in BIOS. The TPM BIOS PIN is associated with the first user who initialize the user setting. If a computer has multiple
  • HP Dc5700 | HP ProtectTools Security Manager Guide - Page 41
    Software Impacted- Short description changing the Owner password in Embedded Security Windows software. Details Solution ENWW Miscellaneous 35
  • HP Dc5700 | HP ProtectTools Security Manager Guide - Page 42
    36 Chapter 8 Troubleshooting ENWW
  • HP Dc5700 | HP ProtectTools Security Manager Guide - Page 43
    BIOS profile Group of BIOS configuration settings that can be saved and applied to other accounts. BIOS security mode Setting in Java Card by specific individuals after it was signed. Domain Group of computers that are part of a network and encryption service provided by Microsoft for Windows 2000
  • HP Dc5700 | HP ProtectTools Security Manager Guide - Page 44
    Java Card with the computer in Computer Setup for identification at startup or restart. This password can be set manually by the administrator or randomly generated. Low Pin Count (LPC) Defines an interface used by the HP ProtectTools Embedded Security device to connect with the platform chipset
  • HP Dc5700 | HP ProtectTools Security Manager Guide - Page 45
    as a Cryptographic Service Provider (CSP). Keys and certificates are generated and/or supported by the TPM hardware, providing significantly greater security than software-only implementations. USB token Security device that stores identifying information about a user. Like a Java Card or biometric
  • HP Dc5700 | HP ProtectTools Security Manager Guide - Page 46
    40 Glossary ENWW
  • HP Dc5700 | HP ProtectTools Security Manager Guide - Page 47
    4 Basic User password, definition 3 BIOS administrator card password, definition 3 administrator password, definition 2 changing settings 11 user card password, definition 3 BIOS Configuration for ProtectTools 11 C Client Manager 21 Computer Setup administrator password, changing 9 administrator
  • HP Dc5700 | HP ProtectTools Security Manager Guide - Page 48
    2 Security Manager access 1 Security Manager modules 1 Virtual Token User PIN 4 W Windows logon password 4 R remote deployment, Client Manager 21 S security embedded for ProtectTools 13 Java Card 17 roles 2 setup password 2 Security Manager, ProtectTools 1 Security Recovery Agent password
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
HP ProtectTools Security Manager Guide
HP Compaq Business Desktops