HP ProBook 4436s HP ProtectTools Getting Started - Windows 7 and Windows Vista
HP ProBook 4436s Manual
View all HP ProBook 4436s manuals
Add to My Manuals
Save this manual to your list of manuals |
HP ProBook 4436s manual content summary:
- HP ProBook 4436s | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 1
HP ProtectTools Getting Started - HP ProBook 4436s | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 2
countries and is used under license. Microsoft, Windows, and Windows Vista are U.S. registered trademarks of Microsoft Corporation. The information contained herein is subject to change without notice. The only warranties for HP products and services are set forth in the express warranty statements - HP ProBook 4436s | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 3
to security ...1 HP ProtectTools features ...2 HP ProtectTools security product description and common use examples 4 Credential Manager for HP ProtectTools 4 Drive Encryption for HP ProtectTools 4 File Sanitizer for HP ProtectTools 5 Device Access Manager for HP ProtectTools 5 Privacy - HP ProBook 4436s | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 4
tab ...22 Applications tab ...22 Central Management ...22 4 HP ProtectTools Security Manager ...23 Opening Security Manager ...24 Using 32 Settings ...33 Credential Manager ...33 Changing your Windows password 33 Setting up your SpareKey 34 Enrolling your fingerprints restoring your data 40 iv - HP ProBook 4436s | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 5
Drive Encryption for HP ProtectTools (select models only 42 Opening Drive Encryption ...43 General tasks ...44 Activating Drive Encryption for standard hard drives 44 Activating Drive Encryption for self-encrypting drives 44 Deactivating Drive Encryption 46 Logging in after Drive 56 Restoring a - HP ProBook 4436s | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 6
a Microsoft Office document 63 Removing encryption from a Microsoft Office and Trusted Contacts 66 Restoring Privacy Manager Certificates 67 7 File Sanitizer for HP ProtectTools ...68 Shredding ...69 77 Manually shredding one asset 77 Manually shredding all selected items 77 Manually activating - HP ProBook 4436s | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 7
or group 87 Disabling a JITA for a user or group 88 Advanced Settings ...89 Device Administrators group 89 eSATA Support ...90 Unmanaged Device Classes 90 9 Theft recovery ...92 10 Embedded Security for HP ProtectTools (select models only 93 Setup procedures ...94 Enabling the embedded security - HP ProBook 4436s | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 8
with the Migration Wizard 101 11 Localized password exceptions ...102 Windows IMEs not supported at the Preboot Security level or the HP Drive Encryption level ......... 102 Password changes using keyboard layout that is also supported 103 Special key handling ...104 What to do when a password - HP ProBook 4436s | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 9
your computer may vary depending on your model. HP ProtectTools software modules may be preinstalled, preloaded, or available for download from the HP Web site. For more information, visit http://www.hp.com. NOTE: The instructions in this guide are written with the assumption that you have already - HP ProBook 4436s | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 10
the hard drive. Device Access Manager for HP ProtectTools (select ● Allows IT managers to control access to devices based on user models only) profiles. ● Prevents unauthorized users from removing data using external storage media, and from introducing viruses into the system from external media - HP ProBook 4436s | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 11
HP ProtectTools (purchased separately) ● Provides secure asset tracking. ● Monitors user activity, as well as hardware and software changes. ● Remains active even if the hard drive is reformatted or replaced drive (PSD), which is useful in protecting user file and folder information. ● Supports - HP ProBook 4436s | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 12
This tool will allow a for HP ProtectTools. hard drive. The doctor activates Drive Encryption, which requires pre-boot authentication before Windows login. Once set up, the hard drive cannot be accessed without a password before the operating system starts. The doctor could further enhance drive - HP ProBook 4436s | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 13
important that the data is not removed from the computer by a USB drive or any other external storage media. The network is secure, but the computers have CD burners and USB ports that could allow the data to be copied or stolen. The Manager uses Device Access Manager to disable the USB ports and CD - HP ProBook 4436s | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 14
. They use Computrace to monitor and update the computers without having to send an IT person to each computer. Embedded Security for HP ProtectTools (select models only) Embedded Security for HP ProtectTools provides the ability to create a personal secure drive. This capability allows the user - HP ProBook 4436s | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 15
the drive, even if the password is compromised. The stock broker uses Embedded Security TPM migration to allow a second computer to have the necessary encryption keys to decrypt the data. During the transport process, even with the password, only the two physical computers can decrypt the data. HP - HP ProBook 4436s | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 16
feature helps restrict access to data: ● Device Access Manager for HP ProtectTools allows IT managers to restrict access to writable devices so sensitive information cannot be printed or copied from the hard drive onto removable media. Preventing unauthorized access from internal or external - HP ProBook 4436s | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 17
access: ● The pre-boot authentication feature, if enabled, helps prevent access to the operating system. Refer to the following chapters: ◦ Password Manager for HP ProtectTools ◦ Embedded Security for HP ProtectTools ◦ Drive Encryption for HP ProtectTools ● Password Manager helps ensure that - HP ProBook 4436s | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 18
customized by the security officer in cooperation with HP. For more information, see the HP Web site at http://www.hp.com. ● IT administrator-Applies and manages the security features defined by the security officer. Can also enable and disable some features. For example, if the security officer has - HP ProBook 4436s | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 19
password Owner password BIOS Administrator password Set in the following module Embedded Security, by IT administrator Computer Setup, by IT administrator Function Protects the system and the TPM chip from unauthorized access to all owner functions of Embedded Security. Protects access - HP ProBook 4436s | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 20
e-mail, on the computer. ● Do not share accounts or tell anyone your password. Backing up and restoring HP ProtectTools credentials You can use the Backup and Restore feature of HP ProtectTools to select and back up HP ProtectTools credentials data and settings. 12 Chapter 1 Introduction to security - HP ProBook 4436s | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 21
2 Getting started with the Setup Wizard The Security Manager Setup Wizard guides you through enabling available security features that are applied to all users of this computer. You can also manage these features on the Security Features page of Administrative Console. To set up security features - HP ProBook 4436s | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 22
by encrypting your hard drives, making the information unreadable by those without proper authorization. ● Pre-Boot Security-Protects your computer by prohibiting access by unauthorized persons prior to Windows startup. NOTE: Pre-Boot Security is not available if the BIOS does not support it. 6. The - HP ProBook 4436s | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 23
critical data. Administration of HP ProtectTools Security Manager is provided through the Administrative Console feature. Additional applications are Enabling or disabling security features ● Specifying required credentials for authentication ● Managing users of the computer ● Adjusting device - HP ProBook 4436s | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 24
ProtectTools Administrative Console For administrative tasks, such as setting system policies or configuring software, open the console as follows: ▲ Click Start, click All Programs, click HP, and then click HP ProtectTools Administrative Console. - or - In the left panel of Security Manager, click - HP ProBook 4436s | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 25
◦ See how you can centrally manage HP ProtectTools ● System-Allows you to configure the following security features and authentication for users and devices: ◦ Security ◦ Users ◦ Credentials ● Applications-Allows you to configure settings for HP ProtectTools Security Manager and for Security Manager - HP ProBook 4436s | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 26
HP ProtectTools Administrative Console. You can use the applications in this group to manage the policies and settings for the computer, its users, and its devices. The following applications are included in the System group: ● Security-Manage features user when logging on to Windows: 1. In the left - HP ProBook 4436s | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 27
4. Click Apply. Settings 1. Select the check box to enable the following setting, or clear the check box to disable it: Allow One Step logon-Allows users of this computer to skip Windows logon if authentication was performed at the BIOS or encrypted disk level. 2. Click Apply. Managing users Within - HP ProBook 4436s | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 28
by HP ProtectTools Security Manager. SpareKey You can configure whether or not to allow SpareKey authentication for Windows logon, and manage the security questions that will be presented to users during their SpareKey enrollment. 1. Select the check box to enable or clear it to disable the - HP ProBook 4436s | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 29
Windows. Removing a smart card that was not used to log on to Windows HP ProtectTools or any other applications. NOTE: Features that are not supported by your smart card are not available. ▲ Click Apply. Face If a webcam Start, click All Programs, click HP, and then click HP lighting conditions - HP ProBook 4436s | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 30
. To return all applications to their factory settings, click the Restore Defaults button. Central Management Additional applications may be available for adding new management tools to Security Manager. The administrator of this computer may disable this feature on the Settings page. The Central - HP ProBook 4436s | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 31
well as additional applications available for immediate download from the Web: ● Manage your logon and passwords. ● Easily change your Windows® operating system password. ● Set program preferences. ● Use fingerprints for extra security and convenience. ● Enroll one or more scenes for authentication - HP ProBook 4436s | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 32
area, at the far right of the taskbar. ● Right-click the HP ProtectTools icon, and click Open HP ProtectTools Security Manager. ● Click the HP ProtectTools desktop gadget icon. ● Press the hotkey combination ctrl+Windows logo key+h to open the Security Manager Quick Links menu. For information - HP ProBook 4436s | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 33
up or restore data. ◦ About-Displays information about HP ProtectTools Security Manager, such as the version number and copyright notice. ● Main area-Displays application-specific screens. ● ?-Displays the Security Manager software Help. This icon is located at the top right of the window, next to - HP ProBook 4436s | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 34
applications in two locations: ● HP ProtectTools desktop gadget The banner color at the top of the HP ProtectTools gadget icon changes to icon to run the Security Manager Getting Started Wizard to enroll authentication credentials. The Getting Started Wizard is displayed in the Security Manager - HP ProBook 4436s | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 35
log on easily and quickly with a fingerprint, smart card, or your Windows password. Password Manager offers the following options: ● Add, edit, or is displayed in the upper-left corner of a Web page or application logon screen. When a logon has not yet been created for that Web site or application - HP ProBook 4436s | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 36
add a logon: 1. Open the logon screen for a Web site or program. 2. Click devices connected to the computer-for example, using the ctrl+Windows logo data check box. d. To enable VeriSign VIP security, select the (VIP) is available. When supported by the site, you can HP ProtectTools Security Manager - HP ProBook 4436s | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 37
removed from the Password Manager icon to notify you that the logon has been created. f. If Password Manager does not detect the future. NOTE: The manual mode of entering logon data logon. Logon fields on the screen, and their corresponding fields is available. When supported by the site, you - HP ProBook 4436s | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 38
menu, or from the Manage tab in Password Manager, to open the logon screen, and then fill in your logon data. When you create a logon, Press the Password Manager hotkey combination (ctrl+Windows logo key+h is the factory setting). To change the hotkey combination, on HP ProtectTools Security Manager - HP ProBook 4436s | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 39
makes monitoring and improving your security easy with instant and automated analysis of the strength of each of the passwords used to log on to your Web sites and programs. Password Manager icon settings Password Manager attempts to identify logon screens for Web sites and programs. When it detects - HP ProBook 4436s | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 40
logon screens or manually entered into specified fields. You can enable VeriSign VIP and create a token from the Security Manager dashboard or at any VeriSign VIP-enabled Web site. In order to use the token, you must register it on each Web site where it will be used. After registration and first - HP ProBook 4436s | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 41
HP ProtectTools Security Manager: 1. Prompt to add logons for logon screens-The Password Manager icon with a plus sign is displayed whenever a Web site or program logon screen is detected, indicating that you can add a logon for this screen to the password vault. To disable this feature - HP ProBook 4436s | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 42
or the Windows Welcome screen. Enrolling your fingerprints If your computer has a fingerprint reader built in or connected, HP ProtectTools Security Manager prompts you to set up or "enroll" your fingerprints during initial setup in the Getting Started Wizard. You can also enroll your fingerprints - HP ProBook 4436s | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 43
Setup Wizard. 2. On the Welcome! page, click Next, and then enter your Windows password. 3. On the SpareKey page, click Skip SpareKey Setup (unless you want to update the SpareKey information). 4. On the Enable security features page, click Next. 5. On the Choose your credentials page, be sure that - HP ProBook 4436s | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 44
Features that are not supported by your smart card are not available. ▲ Click Apply. Enrolling scenes for face logon If your computer has a webcam built in or connected, HP ProtectTools Security Manager prompts you to set up or "enroll" your scenes during initial setup in the Getting Started Wizard - HP ProBook 4436s | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 45
Start, or if you have enrolled scenes previously, click Enroll a new scene. 6. If you did not select any additional security options, you are prompted to select an additional security option. Follow the on-screen instructions ◦ Enter your Windows password. ◦ Enter the new PIN, and then confirm the - HP ProBook 4436s | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 46
can use your normal Windows password to log on. ◦ Click Add. ◦ When your Bluetooth device is displayed, select it, and then click Next. Click OK. b. Other Settings tab-Select the check boxes to enable one or more of the following options, or clear the check box to disable an option. These settings - HP ProBook 4436s | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 47
corner of the dashboard. 3. Click the box displaying your Windows user name for this account, type the new name, and preferences You can personalize settings for HP ProtectTools Security Manager. From the To enable displaying the icon on the taskbar, select the check box. ● To disable displaying - HP ProBook 4436s | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 48
the correct driver is fingerprint. ◦ Enable sound feedback-Security tab in Windows Control Panel, or disable sound feedback this feature. HP ProtectTools Security Manager must be Restore. 3. Click Back up data. 4. Select the modules that you want to include in the backup. In most cases, you will - HP ProBook 4436s | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 49
the path in the field provided, or click Browse. 5. Enter the password used to protect the file. 6. Select the modules for which you want to restore data. In most cases, you will select all of the modules listed. 7. Verify your Windows password. 8. Click Finish. My Logons 41 - HP ProBook 4436s | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 50
your computer hard drive. When Drive Encryption is activated, you must log in at the Drive Encryption login screen, which is displayed before the Windows® operating system starts. The HP ProtectTools Security Manager Setup Wizard allows Windows administrators to activate Drive Encryption, back - HP ProBook 4436s | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 51
Opening Drive Encryption Administrators can access Drive Encryption from HP ProtectTools Administrative Console. 1. Click Start, click All Programs, click HP, and then click HP ProtectTools Administrative Console. 2. In the left pane, click Drive Encryption. Opening Drive Encryption 43 - HP ProBook 4436s | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 52
for standard hard drives Standard hard drives are encrypted using software encryption. Follow these steps to activate Drive Encryption: 1. Use the HP ProtectTools Security Manager Setup Wizard to activate Drive Encryption. 2. Follow the on-screen instructions until the Enable security features page - HP ProBook 4436s | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 53
storage device where the encryption key will be saved. 8. Click Apply. NOTE: The computer will restart. Drive Encryption has been activated. Encryption of the drive might take a number of hours, depending on the size of the drive. Hardware encryption 1. Click Start, click All Programs, click HP, and - HP ProBook 4436s | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 54
Drive Encryption. Refer to the HP ProtectTools Security Manager software Help for more information. ▲ Follow the on-screen instructions until the Enable security features page is displayed, and then continue with step 4 below. - or - 1. Click Start, click All Programs, click HP, and then click HP - HP ProBook 4436s | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 55
pre-boot authentication is displayed. NOTE: If the Windows administrator has enabled pre-boot Security in HP ProtectTools Security Manager, you can log in to the computer immediately after the computer is turned on, rather than at the Drive Encryption login screen. 1. Click your user name, and then - HP ProBook 4436s | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 56
of the following status codes is displayed under Drive Status: ● Enabled ● Disabled ● Not encrypted ● Encrypted ● Encrypting ● Decrypting In a hardware encryption scenario, the following status code is displayed under Drive Status: ● Encrypted If the hard drive is in the process of being encrypted - HP ProBook 4436s | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 57
page. ● If the status is Disabled, Drive Encryption has not yet been activated by the Windows administrator and is not protecting the hard drive. Use the HP ProtectTools Security Manager Setup Wizard to activate Drive Encryption. ● If the status is Enabled, Drive Encryption has been activated and - HP ProBook 4436s | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 58
keys Administrators can recover an encryption key from the removable storage device where it was saved previously: 1. Turn on the computer. 2. Insert the removable storage device that contains your backup key. 3. When the Drive Encryption for HP ProtectTools login dialog box opens, click Options - HP ProBook 4436s | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 59
(select models only) Privacy Manager for HP ProtectTools enables you to use advanced security login (authentication) security infrastructure provided by HP ProtectTools Security Manager, which includes the following security login methods: ● Fingerprint authentication ● Windows® password ● Smart - HP ProBook 4436s | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 60
documents, click Sign and Encrypt in the Privacy group on the Home tab. ● To access additional features, access the HP ProtectTools Security Manager dashboard. ◦ Click Start, click All Programs, click HP, click HP ProtectTools Security Manager, and then click Privacy Manager. - or - ◦ Click the - HP ProBook 4436s | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 61
a Privacy Manager Certificate on page 56 ● Restoring a Privacy Manager Certificate on page 56 ● Manager Certificate Before you can use the Privacy Manager features, you must request and install a Privacy Manager page, click Finish. You will receive an e-mail in Microsoft Outlook with your - HP ProBook 4436s | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 62
-party certificate into Privacy Manager through the Certificate Import Wizard. To use this feature, the Allow use of third-party certificates setting in HP ProtectTools Administrative Console must have been enabled on the Settings page under Privacy Manager. 1. Open Privacy Manager, and then click - HP ProBook 4436s | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 63
up your certificate to a location other than your computer's hard drive. Viewing Privacy Manager Certificate details 1. Open Privacy Manager, and the on-screen instructions to obtain a new Privacy Manager Certificate. NOTE: The Privacy Manager Certificate renewal process does not replace your old - HP ProBook 4436s | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 64
the confirmation dialog box opens, click Yes. 5. Click Close, and then click Apply. Restoring a Privacy Manager Certificate During installation of your Privacy Manager Certificate, you are required to create box opens, click Yes. 56 Chapter 6 Privacy Manager for HP ProtectTools (select models only) - HP ProBook 4436s | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 65
5. Authenticate using your chosen security login method. 6. Follow the on-screen instructions. Managing Trusted Contacts Trusted Contacts are users with whom you have exchanged Privacy Manager Certificates, enabling you to securely communicate with one another. Trusted Contacts Manager allows you to - HP ProBook 4436s | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 66
the e-mail. A dialog box opens, confirming that the recipient has been successfully added to your Trusted Contacts list. 8. Click OK. 58 Chapter 6 Privacy Manager for HP ProtectTools (select models only) - HP ProBook 4436s | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 67
Viewing Trusted Contact details 1. Open Privacy Manager, and then click Trusted Contacts. 2. Click a Trusted Contact. 3. Click Contact details. 4. When you have finished viewing the details, click OK. Deleting a Trusted Contact 1. Open Privacy Manager, and then click Trusted Contacts. 2. Click the - HP ProBook 4436s | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 68
then click OK. Signing and sending an e-mail message 1. In Microsoft Outlook, click New or Reply. 2. Type your e-mail message. 60 Chapter 6 Privacy Manager for HP ProtectTools (select models only) - HP ProBook 4436s | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 69
and Microsoft Excel only)-By default, a signature line is added when a Microsoft Word or Microsoft Excel document is signed or encrypted. To turn this option off, click Add Signature Line to remove the check mark. ● Encrypt Document-This option adds your digital signature and encrypts the document - HP ProBook 4436s | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 70
1. Click the Office button in the upper-left corner of the screen. 2. Click Prepare, and then click Mark as Final. 3. When this option is selected. By default, this option is enabled. 4. Click the down arrow next to Sign and instructions to sign by a specific date. 62 Chapter 6 Privacy Manager for - HP ProBook 4436s | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 71
Instructions to the signer, enter a message for this suggested signer. NOTE: This message will appear in place of a title, and is either deleted or replaced signer's signature line When suggested signers open the document, they will see their name in brackets, indicating that their signature is - HP ProBook 4436s | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 72
will be able to open the document and view its contents. NOTE: To select multiple Trusted Contact names, hold down the ctrl key, and then click the individual names. 5. Click OK. If you later decide to edit the document, follow the steps in Removing remove Remove for further instructions. Viewing - HP ProBook 4436s | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 73
icon is displayed in the status bar at the bottom of the document window. 1. Click the Digital Signatures icon to toggle display of the Signatures dialog , in order to view an encrypted Microsoft Office document, you must restore the Privacy Manager Certificate that was used to encrypt the file. A - HP ProBook 4436s | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 74
or any removable storage device, and then restore the file to safe place, because you will need it when you restore the migration file. 6. Authenticate Restoring Privacy Manager Certificates and Trusted Contacts To restore , and then click Migration. 2. Click Restore. 3. On the Migration File page, - HP ProBook 4436s | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 75
Privacy Manager may be part of a centralized installation that has been customized by your administrator. One or more of the following features may be either enabled or disabled: ● Certificate use policy-You may be restricted to the use of Privacy Manager Certificates issued by Comodo, or you may be - HP ProBook 4436s | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 76
for HP ProtectTools File Sanitizer allows you to securely shred assets (for example: personal information or files, historical or Web-related data, or other data components) on your computer and to periodically bleach deleted assets on your hard drive. NOTE: This version of File Sanitizer supports - HP ProBook 4436s | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 77
HP ProtectTools icon in the notification area, at the far right of the taskbar. For more information, refer to Setting a shred schedule on page 72, Manually shredding one asset on page 77, or Manually shredding all selected items on page 77. NOTE: A .dll file is shredded and removed from the system - HP ProBook 4436s | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 78
Deleting an asset in Windows does not completely remove the contents of the asset from your hard drive. Windows only deletes the reference to the asset. The content of the asset still remains on the hard drive until another asset overwrites that same area on the hard drive with new information. Free - HP ProBook 4436s | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 79
Opening File Sanitizer 1. Click Start, click All Programs, click HP, and then click HP ProtectTools Security Manager. 2. Click File Sanitizer. - or - ▲ Double-click the File Sanitizer icon on your desktop. - or - ▲ Right-click the HP ProtectTools icon in the notification area, at the far right of - HP ProBook 4436s | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 80
removed from the system starts at a specific time. If the system is turned off or is in Sleep/Standby at the scheduled time, File Sanitizer will not attempt to relaunch the task. 1. Open File Sanitizer, and then click Bleaching. 2. To schedule a future time to bleach deleted assets on your hard drive - HP ProBook 4436s | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 81
Settings, click Advanced Security Settings, and then click View Details. 2. Select the number of shred cycles. NOTE: The selected number of shred cycles will be performed for each asset. For example, if you choose 3 shred cycles, an algorithm that obscures the data is executed 3 separate times. If - HP ProBook 4436s | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 82
will be shredded. To remove an asset from the shred list, click the asset, and then click Remove and then click OK. To remove an asset from the exclusions list, deleted manually or by using the Windows Recycle will be shredded, and a confirmation message will be displayed. Unselected items will - HP ProBook 4436s | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 83
not delete the following, click Add, and then browse or type the path to the file or folder. b. Click Open, and then click OK. To remove an asset from the exclusions list, click the asset, and then click Delete. 5. Click Apply. Setup procedures 75 - HP ProBook 4436s | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 84
feature is similar to the drag-and-drop feature in Windows. For details, refer to Using the File Sanitizer icon on page 77. ● Manually shred a specific asset or all selected assets-These features allows you to manually dialog box opens, click Yes. 76 Chapter 7 File Sanitizer for HP ProtectTools - HP ProBook 4436s | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 85
, navigate to the asset you want to shred, and then click OK. 4. When the confirmation dialog box opens, click Yes. Manually shredding all selected items 1. Right-click the HP ProtectTools icon in the notification area, at the far right of the taskbar, click File Sanitizer, and then click Shred Now - HP ProBook 4436s | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 86
is in progress, a message is displayed above the HP ProtectTools Security Manager icon in the notification area, at or failures are generated. The log files are always updated according to the latest shred or free space bleaching 64-bit systems, the log files are located on the hard drive: ● - HP ProBook 4436s | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 87
by disabling data transfer devices. NOTE: Some human interface/input devices, such as a mouse, keyboard, TouchPad, and fingerprint reader, are not controlled by Device Access Manager. For more information, refer to Unmanaged Device Classes on page 90. Windows® operating system administrators use HP - HP ProBook 4436s | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 88
in as an administrator. 2. Click Start, click All Programs, click HP, and then click HP ProtectTools Administrative Console. 3. In the left pane, click Device Access Manager. Users can view the HP ProtectTools Device Access Manager policy using HP ProtectTools Security Manager. This console provides - HP ProBook 4436s | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 89
selected users access to DVD/CD-ROM drives or removable media by authenticating themselves. ● Advanced Settings-Configure a list of drive letters for which Device Access Manager will not restrict access, such as the C or system drive. Membership in the Device Administrators group can also be managed - HP ProBook 4436s | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 90
and then click System and Maintenance. - or - In Windows XP, click Start, click Control Panel, and then click Performance and Maintenance. 2. Click Administrative Tools, and then click Services. 3. Select the HP ProtectTools Device Locking/Auditing service. 4. To start the service, click Start. - or - HP ProBook 4436s | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 91
or that may have been installed on the system previously. ◦ Protection is usually applied for a device class. A selected user or group will be able to access any device in the device class. ◦ Protection may also be applied to specific devices. ● User List-Shows all users and groups that are allowed - HP ProBook 4436s | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 92
group to access a device or a class of devices: 1. In the left pane of HP ProtectTools Administrative Console, click Device Access Manager, and then click Device Class Configuration. 2. In the device list, click one of the following: ● Device class ● All devices ● Individual device 3. Click Add. The - HP ProBook 4436s | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 93
to all other members of that user's group for all devices in the class: 1. In the left pane of HP ProtectTools Administrative Console, click Device Access Manager, and then click Device Class Configuration. 2. In the device list, click the device class that you want to configure, and then navigate - HP ProBook 4436s | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 94
/CD-ROM drive. The JITA period can be authorized for a set number of minutes or 0 minutes. A JITA period of 0 minutes will not expire. Users will have access to the device from the time they authenticate until the time they log off the system. 86 Chapter 8 Device Access Manager for HP ProtectTools - HP ProBook 4436s | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 95
logs off the system or another user logs in, the JITA period expires. The next time the user logs in and attempts to access a JITA-enabled device, a prompt to enter credentials is displayed. JITA is available for the following device classes: ● DVD/CD-ROM drives ● Removable media Creating a JITA - HP ProBook 4436s | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 96
the left pane of HP ProtectTools Administrative Console, click Device Access Manager, and then click JITA Configuration. 2. From the device's drop-down menu, select either removable media or DVD/CD-ROM drives. 3. Select the user or group whose JITA you wish to disable. 4. Clear the Enabled check box - HP ProBook 4436s | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 97
services are started, the drive list can be edited. Enter the drive letters of devices that you do not want Device Access Manager to control. The drive letters are displayed for physical hard disks or partitions. NOTE: Whether or not the system drive (typically C) is in this list, access to it will - HP ProBook 4436s | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 98
Support In order for Device Access Manager to control eSATA devices, the following must be configured: 1. The drive must be connected when the system starts up. 2. Using the Advanced Settings view, ensure that the eSATA drive letter is not in the list of drives for which Device Access Manager will - HP ProBook 4436s | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 99
(HID) class ● Power ◦ Battery ◦ Advanced power management (APM) support ● Miscellaneous ◦ Computer ◦ Decoder ◦ Display ◦ Processor ◦ System ◦ Unknown ◦ Volume ◦ Volume snapshot ◦ Security devices ◦ Security accelerator ◦ Intel® unified display driver ◦ Media driver ◦ Medium changer ◦ Multifunction - HP ProBook 4436s | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 100
Computrace for HP ProtectTools to monitor or manage the computer. If the system is misplaced or stolen, the Customer Center can assist local authorities in locating and recovering the computer. If configured, Computrace can continue to function even if the hard drive is erased or replaced. To - HP ProBook 4436s | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 101
provides the following security features: ● Enhanced Microsoft® Encryption File System (EFS) file and folder encryption ● Creation of a personal secure drive (PSD) for protecting user data ● Data management functions, such as backing up and restoring the key hierarchy ● Support for third-party - HP ProBook 4436s | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 102
or in the Computer Setup utility. To enable the embedded security chip in Computer Setup: 1. Open Computer Setup by turning on or restarting the computer, and then pressing f10 while the "f10 = ROM Based Setup" message is displayed in the lower-left corner of the screen. 2. If you have not set an - HP ProBook 4436s | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 103
Embedded Security, you will perform the following HP ProtectTools Security Manager icon in the notification area, at the far right of the taskbar, and then select Embedded Security Initialization. The HP ProtectTools Embedded Security Initialization Wizard opens. 2. Follow the on-screen instructions - HP ProBook 4436s | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 104
without this password. To set up a basic user account and enable the user security features: 1. If the Embedded Security User Initialization Wizard is not open, click Start, click All Programs, click HP, and then click HP ProtectTools Security Manager. 2. In the left pane, click Embedded Security - HP ProBook 4436s | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 105
e-mail Using the personal secure drive After setting up the PSD, the PSD directly from Windows Explorer. Encrypting files and encrypted. ● System files and compressed certificates and private keys, you will be able to use a recovery encrypted e-mail Embedded Security enables you to send and receive - HP ProBook 4436s | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 106
Changing the Basic User Key password To change the Basic User Key password: 1. Click Start, click All Programs, click HP, and then click HP ProtectTools Security Manager. 2. In the left pane, click Embedded Security, and then click User Settings. 3. In the right pane, under Basic User password, - HP ProBook 4436s | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 107
Security for ProtectTools Backup Wizard opens. 4. Follow the on-screen instructions. Restoring certification data from the backup file To restore data from the backup file: 1. Click Start, click All Programs, click HP, and then click HP ProtectTools Administrative Console. 2. In the left pane, click - HP ProBook 4436s | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 108
Changing the owner password Administrators can change the owner password: 1. Click Start, click All Programs, click HP, and then click HP ProtectTools Administrative Console. 2. In the left pane, click Embedded Security, and then click Advanced. 3. In the right pane, under Owner Password, click - HP ProBook 4436s | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 109
Migrating keys with the Migration Wizard Migration is an advanced administrator task that allows the management, restoration, and transfer of keys and certificates. For details on migration, refer to the Embedded Security software Help. Advanced tasks 101 - HP ProBook 4436s | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 110
or Chinese characters, by using a standard western keyboard. IMEs are not supported at the Preboot Security or HP Drive Encryption level. A Windows password cannot be entered with an IME at the Preboot Security or HP Drive Encryption login screen, and doing so may result in a lockout situation - HP ProBook 4436s | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 111
not in the former (for example, ē). NOTE: Administrators can resolve this problem by using the HP ProtectTools Manage Users feature to remove the user from HP ProtectTools, selecting the desired keyboard layout in the operating system, and then running the Security Manager Setup Wizard again for the - HP ProBook 4436s | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 112
. BIOS Preboot Security. Drive Encryption. 40a is not supported. It n/a n/a nevertheless works because the software converts it to c0a. However, because of subtle differences between the keyboard layouts, it is recommended that Spanish-speaking users change their Windows keyboard - HP ProBook 4436s | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 113
żŻ key is rejected in and n/a Windows, and the alt key Š keys are rejected in the generates a dead key in the BIOS. BIOS. For Windows XP only, the n/a n/a standard Japanese keyboard layout, 411, is fully supported. One IME, commonly represented in Windows XP as Microsoft Standard IME 2002 - HP ProBook 4436s | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 114
Language). 5. Set the supported keyboard for default input. 6. Restart HP ProtectTools, and then enter the password again. ● A user is using a character that is not supported. To resolve this issue: 1. Change the Windows password so that it uses only supported characters. Unsupported characters are - HP ProBook 4436s | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 115
the initial backup encryption key on a removable storage device. administrator See Windows administrator. asset A data component consisting of personal information or files, historical and Web-related data, and so on, which is located on the hard drive. ATM Automatic Technology Manager, which allows - HP ProBook 4436s | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 116
without having to log on again at the Windows logon screen. DriveLock A security feature that links the hard drive to a user and requires the user to correctly type the DriveLock password when the computer starts up. emergency recovery archive A protected storage area that allows the reencryption - HP ProBook 4436s | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 117
of access or denial to a device class or a specific device. HP SpareKey A backup copy of the drive encryption key. ID card A Windows desktop gadget that serves to visually feature that requires some form of authentication, such as a smart card, security chip, or password, when the computer is turned - HP ProBook 4436s | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 118
device mode A data transfer mode between a computer and mass storage devices, such as hard drives and optical drives or remove encryption Windows reference to an asset. The asset content remains on the hard drive until obscuring data is written over it by free space bleaching. Single Sign On A feature - HP ProBook 4436s | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 119
. They can only enroll (with administrator approval) and log on. virtual token A security feature that works very much like a smart card and card reader. The token is saved either on the computer hard drive or in the Windows registry. When you log on with a virtual token, you are asked for a user - HP ProBook 4436s | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 120
restoring 40 restricting access to 8 deactivating Drive Encryption 46 decrypting drives 42 decrypting hard drive 49 defining assets to confirm before deleting 74 before shredding 74 denying 84 Device Access Manager for HP ProtectTools 79 Device Access Manager for HP ProtectTools, opening 80 device - HP ProBook 4436s | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 121
94 emergency recovery 95 emergency recovery token password, setting 95 enabling TPM chip 94 encrypted documents, e-mailing 64 encrypting drives 42 encrypting files and folders 97 encrypting hard drive 48, 49 encryption hardware 44, 46 removing 64 software 44, 46, 49 encryption key backing up 50 - HP ProBook 4436s | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 122
50 removing access 86 removing encryption from Microsoft Office document 64 requesting digital certificate 53 resetting 86 restoring data 40 restoring HP ProtectTools credentials 12 restoring Privacy Manager Certificates and Trusted Contacts 66 restricting access to sensitive data 8 device access - HP ProBook 4436s | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 123
54 TPM chip enabling 94 initializing 95 Trusted Contacts adding 57 backing up 66 checking revocation status 59 deleting 59 restoring 66 viewing details 59 U unauthorized access, preventing 8 unmanaged device classes 90 updates 22 user allowing access 84 denying access 84 removing 86 V VeriSign - HP ProBook 4436s | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 124
HP ProtectTools
Getting Started