HP Dc5700 HP ProtectTools Security Manager Guide - Page 35

open Embedded Security, Click Yes

Get HP Dc5700 - Compaq Business Desktop PDF manuals and user guides
UPC - 882780819535
View all HP Dc5700 manuals
Add to My Manuals
Save this manual to your list of manuals

Page 35 highlights

Short description Details Solution the system becomes active after Standby status Basic User password. If the user does not enter the password and the system goes into Standby, the password dialog box is no longer available when the user resumes. The user has to log off and back on to view the PSD password box again. No password required to change the Security Platform Policies. Access to Security Platform Policies (both Machine and User) does not require a TPM password for users who have administrative rights on the system. This is by design. Any administrator can modify the Security Platform Policies with or without TPM user initialization. Microsoft EFS does not fully work in Windows 2000. An administrator can access encrypted information on the system without knowing the correct password. If the administrator enters an incorrect password or cancels the password dialog, the encrypted file will open as if the administrator had entered the correct password. This happens regardless of the security settings used when encrypting the data. This occurs only in the first administrator account on Windows 2000. The Data Recovery Policy is automatically configured to designate an administrator as a recovery agent. When a user key cannot be retrieved (as in the case of entering the wrong password or canceling the Enter Password dialog), the file is automatically decrypted with a recovery key. This is due to the Microsoft EFS. Please refer to Microsoft Knowledge Base Technical Article Q257705 at http://www.microsoft.com for more information. The documents cannot be opened by a nonadministrator user When viewing a certificate, it shows as non-trusted. After setting up HP ProtectTools and running the User Initialization Wizard, the user has the ability to view the certificate issued; however, when viewing the certificate, it shows as non-trusted. While the certificate can be installed at this point by clicking the install button, installing it does not make it trusted. Self-signed certificates are not trusted. In a properly configured enterprise environment, EFS certificates are issued by online Certification Authorities and are trusted. Intermittent encrypt and decrypt error occurs: The process cannot access the file because it is being used by another process. Extremely intermittent error during file encryption or decryption occurs due to the file being used by another process, even though that file or folder is not being processed by the operating system or other applications. To resolve the failure: 1. Restart the system. 2. Log off. 3. Log back in. Data loss in removable storage occurs if storage is removed prior to new data generation or transfer. Removing storage mediums such as a MultiBay hard drive still shows PSD availability and does not generate errors while adding/modifying data to the PSD. After system restart, the PSD does not reflect file changes that occurred while the removable storage was not available. The issue is only experienced if the user accesses the PSD, then removes the hard drive before completing new data generation or transfer. If the user attempts to access the PSD when the removable hard drive is not present, an error message is displayed stating that the device is not ready. During uninstall, if user has not initialized the Basic User and opens the Administration tool, the Disable option is not available and Uninstaller will not continue until the Administration tool is closed. The user has the option of uninstalling either without disabling the TPM or by first disabling the TPM (through Admin. tool), then uninstalling. Accessing the Admin tool requires Basic User Key initialization. If basic initialization has not occurred, all options are inaccessible to the user. Since the user has explicitly chosen to open the Admin tool (by clicking Yes in the dialog box prompting Click Yes to open Embedded Security Administration tool), uninstall waits The Admin tool is used for disabling the TPM chip, but that option is not available unless the Basic User Key has already been initialized. If it has not, then select OK or Cancel in order to continue with the uninstallation process. ENWW Embedded Security for ProtectTools 29

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
Short description
Details
Solution
the system becomes
active after Standby status
Basic User password. If the user does
not enter the password and the system
goes into Standby, the password dialog
box is no longer available when the user
resumes.
The user has to log off and back on to view the PSD
password box again.
No password required to
change the Security
Platform Policies.
Access to Security Platform Policies
(both Machine and User) does not
require a TPM password for users who
have administrative rights on the system.
This is by design.
Any administrator can modify the Security Platform
Policies with or without TPM user initialization.
Microsoft EFS does not
fully work in Windows
2000.
An administrator can access encrypted
information on the system without
knowing the correct password. If the
administrator enters an incorrect
password or cancels the password
dialog, the encrypted file will open as if
the administrator had entered the correct
password. This happens regardless of
the security settings used when
encrypting the data. This occurs only in
the first administrator account on
Windows 2000.
The Data Recovery Policy is automatically configured
to designate an administrator as a recovery agent.
When a user key cannot be retrieved (as in the case of
entering the wrong password or canceling the Enter
Password dialog), the file is automatically decrypted
with a recovery key.
This is due to the Microsoft EFS. Please refer to
Microsoft Knowledge Base Technical Article Q257705
at
for more information.
The documents cannot be opened by a non-
administrator user
When viewing a
certificate, it shows as
non-trusted.
After setting up HP ProtectTools and
running the User Initialization Wizard, the
user has the ability to view the certificate
issued; however, when viewing the
certificate, it shows as non-trusted. While
the certificate can be installed at this
point by clicking the install button,
installing it does not make it trusted.
Self-signed certificates are not trusted. In a properly
configured enterprise environment, EFS certificates are
issued by online Certification Authorities and are
trusted.
Intermittent encrypt and
decrypt error occurs:
The
process cannot access
the file because it is
being used by another
process.
Extremely intermittent error during file
encryption or decryption occurs due to
the file being used by another process,
even though that file or folder is not being
processed by the operating system or
other applications.
To resolve the failure:
1.
Restart the system.
2.
Log off.
3.
Log back in.
Data loss in removable
storage occurs if storage
is removed prior to new
data generation or
transfer.
Removing storage mediums such as a
MultiBay hard drive still shows PSD
availability and does not generate errors
while adding/modifying data to the PSD.
After system restart, the PSD does not
reflect file changes that occurred while
the removable storage was not available.
The issue is only experienced if the user accesses the
PSD, then removes the hard drive before completing
new data generation or transfer. If the user attempts to
access the PSD when the removable hard drive is not
present, an error message is displayed stating that
the
device is not ready
.
During uninstall, if user
has not initialized the
Basic User and opens the
Administration tool, the
Disable
option is not
available and Uninstaller
will not continue until the
Administration tool is
closed.
The user has the option of uninstalling
either without disabling the TPM or by
first disabling the TPM (through Admin.
tool), then uninstalling. Accessing the
Admin tool requires Basic User Key
initialization. If basic initialization has not
occurred, all options are inaccessible to
the user.
Since the user has explicitly chosen to
open the Admin tool (by clicking
Yes
in
the dialog box prompting
Click Yes to
open Embedded Security
Administration tool
), uninstall waits
The Admin tool is used for disabling the TPM chip, but
that option is not available unless the Basic User Key
has already been initialized. If it has not, then select
OK
or
Cancel
in order to continue with the
uninstallation process.
ENWW
Embedded Security for ProtectTools
29