HP ProBook 6360b HP ProtectTools Getting Started - Windows 7 and Windows Vista
HP ProBook 6360b Manual
View all HP ProBook 6360b manuals
Add to My Manuals
Save this manual to your list of manuals |
HP ProBook 6360b manual content summary:
- HP ProBook 6360b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 1
HP ProtectTools Getting Started - HP ProBook 6360b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 2
Copyright 2011 Hewlett-Packard Development Company, L.P. Bluetooth is a trademark owned by its proprietor and used by Hewlett-Packard Company under license. Intel is a trademark of Intel Corporation in the U.S. and other countries and is used under license. Microsoft, Windows, and Windows Vista are - HP ProBook 6360b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 3
secure password 12 Backing up and restoring HP ProtectTools credentials 12 2 Getting started with the Setup Wizard ...13 3 HP ProtectTools Security Manager Administrative Console 15 Opening HP ProtectTools Administrative Console 16 Using Administrative Console ...17 Configuring your system ...18 - HP ProBook 6360b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 4
users ...19 Credentials ...20 SpareKey ...20 Fingerprints ...20 Smart card ...21 Face ...21 Configuring your applications ...22 General tab ...22 Applications tab ...22 Central Management ...22 4 HP your Windows password 33 Setting up your SpareKey 34 Enrolling your fingerprints 34 Setting - HP ProBook 6360b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 5
5 Drive Encryption for HP ProtectTools (select models only 42 Opening Drive Encryption ...43 General tasks ...44 Activating Drive Encryption for standard hard drives 44 Activating Drive Encryption for self-encrypting drives 44 Deactivating Drive Encryption 46 Logging in after Drive Encryption is - HP ProBook 6360b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 6
's signature line 63 Encrypting a Microsoft Office document 63 Removing encryption from a Microsoft Office document 64 Sending an encrypted key sequence to initiate shredding 76 Using the File Sanitizer icon 77 Manually shredding one asset 77 Manually shredding all selected items 77 Manually - HP ProBook 6360b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 7
87 Disabling a JITA for a user or group 88 Advanced Settings ...89 Device Administrators group 89 eSATA Support ...90 Unmanaged Device Classes 90 9 Theft recovery ...92 10 Embedded Security for HP ProtectTools (select models only 93 Setup procedures ...94 Enabling the embedded security chip in - HP ProBook 6360b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 8
Wizard 101 11 Localized password exceptions ...102 Windows IMEs not supported at the Preboot Security level or the HP Drive Encryption level ......... 102 Password changes using keyboard layout that is also supported 103 Special key handling ...104 What to do when a password is rejected 106 - HP ProBook 6360b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 9
your computer may vary depending on your model. HP ProtectTools software modules may be preinstalled, preloaded, or available for download from the HP Web site. For more information, visit http://www.hp.com. NOTE: The instructions in this guide are written with the assumption that you have already - HP ProBook 6360b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 10
on the hard drive. Device Access Manager for HP ProtectTools (select ● Allows IT managers to control access to devices based on user models only) profiles. ● Prevents unauthorized users from removing data using external storage media, and from introducing viruses into the system from external - HP ProBook 6360b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 11
and Microsoft Office documents. Computrace for HP ProtectTools (purchased separately) ● Provides secure asset tracking. ● Monitors user activity, as well as hardware and software changes. ● Remains active even if the hard drive is reformatted or replaced. ● Requires separate purchase of tracking - HP ProBook 6360b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 12
data on his computer hard drive. The doctor activates Drive Encryption, which requires pre-boot authentication before Windows login. Once set up, the hard drive cannot be accessed without a password before the operating system starts. The doctor could further enhance drive security by choosing to - HP ProBook 6360b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 13
adds the administrator, doctors, and all authorized personnel as Drive Encryption users. Now only authorized personnel can boot the computer or domain using their personal user name and password. File Sanitizer for HP ProtectTools File Sanitizer for HP ProtectTools is used to permanently delete data - HP ProBook 6360b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 14
data just like another hard drive. When he logs off or reboots the personal secure drive, it cannot be seen or opened without the proper password. The workers never see the confidential data when they access the computer. Embedded Security protects encryption keys within a hardware TPM (Trusted - HP ProBook 6360b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 15
two computers can open the drive, even if the password is compromised. The stock broker uses Embedded Security TPM migration to allow a second computer to have the necessary encryption keys to decrypt the data. During the transport process, even with the password, only the two physical computers - HP ProBook 6360b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 16
: ● The pre-boot authentication feature, if enabled, helps prevent access to the operating system. Refer to the following chapters: ◦ Security Manager for HP ProtectTools ◦ Embedded Security for HP ProtectTools ◦ Drive Encryption for HP ProtectTools ● The Personal Secure Drive feature, provided by - HP ProBook 6360b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 17
pre-boot authentication feature, if enabled, helps prevent access to the operating system. Refer to the following chapters: ◦ Password Manager for HP ProtectTools ◦ Embedded Security for HP ProtectTools ◦ Drive Encryption for HP ProtectTools ● Password Manager helps ensure that an unauthorized user - HP ProBook 6360b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 18
may be set by regular users or administrators. HP ProtectTools password Windows Logon password Security Manager Backup and Recovery password Smart card PIN Emergency Recovery Token password Set in the following module Function Windows® Control Panel or Can be used for manual logon and for - HP ProBook 6360b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 19
HP ProtectTools password Owner password BIOS Administrator password Set in the following module Embedded Security, by IT administrator Computer Setup, by IT administrator Function Protects the system and the TPM chip from unauthorized access to all owner functions of Embedded Security. Protects - HP ProBook 6360b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 20
e-mail, on the computer. ● Do not share accounts or tell anyone your password. Backing up and restoring HP ProtectTools credentials You can use the Backup and Restore feature of HP ProtectTools to select and back up HP ProtectTools credentials data and settings. 12 Chapter 1 Introduction to security - HP ProBook 6360b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 21
the Setup Wizard The Security Manager Setup Wizard guides you through enabling available security features that are applied to all users of this computer. You can also manage these the Security Applications Status page. NOTE: The HP ProtectTools desktop gadget icon is not available in Windows XP. 13 - HP ProBook 6360b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 22
startup. NOTE: Pre-Boot Security is not available if the BIOS does not support it. 6. The Setup Wizard prompts you to register, or "enroll", credentials. If neither a fingerprint reader, a smart card, nor a webcam is available, you are prompted to enter your Windows password. After enrolling, you - HP ProBook 6360b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 23
to the computer, networks, and critical data. Administration of HP ProtectTools Security Manager is provided through the Administrative Console feature Enabling or disabling security features ● Specifying required credentials for authentication ● Managing users of the computer ● Adjusting device- - HP ProBook 6360b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 24
ProtectTools Administrative Console For administrative tasks, such as setting system policies or configuring software, open the console as follows: ▲ Click Start, click All Programs, click HP, and then click HP ProtectTools Administrative Console. - or - In the left panel of Security Manager, click - HP ProBook 6360b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 25
◦ See how you can centrally manage HP ProtectTools ● System-Allows you to configure the following security features and authentication for users and devices: ◦ Security ◦ Users ◦ Credentials ● Applications-Allows you to configure settings for HP ProtectTools Security Manager and for Security Manager - HP ProBook 6360b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 26
HP ProtectTools Administrative Console. You can use the applications in this group to manage the policies and settings for the computer, its users, and its devices. The following applications are included in the System required to authenticate a user when logging on to Windows: 1. In the left - HP ProBook 6360b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 27
Step logon-Allows users of this computer to skip Windows logon if authentication was performed at the BIOS or encrypted disk level. 2. Click Apply. Managing users Within the Users application, you can monitor and manage this computer's HP ProtectTools users. All HP ProtectTools users are listed and - HP ProBook 6360b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 28
security devices recognized by HP ProtectTools Security Manager. SpareKey You can configure whether or not to allow SpareKey authentication for Windows logon, and manage the security questions that will be presented to users during their SpareKey enrollment. 1. Select the check box to enable or - HP ProBook 6360b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 29
card reader is installed or connected to the computer, the Smart card page has two tabs: ● Settings-Configure the computer to automatically lock when a smart card is removed. NOTE: The computer locks only if the smart card was used as an authentication credential when logging on to Windows. Removing - HP ProBook 6360b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 30
for all applications. ● Password Manager-Enables Password Manager for all users of the computer. ● Privacy Manager-Enables Privacy Manager for all users of the computer. ● Enable the Central Management link-Allows all users of this computer to add applications to HP ProtectTools Security Manager by - HP ProBook 6360b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 31
additional applications available for immediate download from the Web: ● Manage your logon and passwords. ● Easily change your Windows® operating system password. ● Set program preferences. ● Use fingerprints for extra security and convenience. ● Enroll one or more scenes for authentication. ● Set - HP ProBook 6360b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 32
area, at the far right of the taskbar. ● Right-click the HP ProtectTools icon, and click Open HP ProtectTools Security Manager. ● Click the HP ProtectTools desktop gadget icon. ● Press the hotkey combination ctrl+Windows logo key+h to open the Security Manager Quick Links menu. For information on - HP ProBook 6360b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 33
Manager, Credential Manager, Password, SpareKey, Smart Card, Face, and Fingerprint. ● My Data-Manage the security of your data with Drive Encryption and File Sanitizer. ● My Computer-Manage the security of your computer with Device Access Manager. ● My Communications-Manage the security of your - HP ProBook 6360b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 34
security applications in two locations: ● HP ProtectTools desktop gadget The banner color at the top of the HP ProtectTools gadget icon changes to reflect the . The Setup Wizard is an independent application. ◦ Enroll now-A user must click the gadget icon to run the Security Manager Getting Started - HP ProBook 6360b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 35
that you do not have to write down or remember, and then log on easily and quickly with a fingerprint, smart card, or your Windows password. Password Manager offers the following options: ● Add, edit, or delete logons from the Manage tab. ● Use Quick Links to launch your default browser and - HP ProBook 6360b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 36
display this dialog box by clicking Add Logon from the Password Manager Manage tab. Some options depend on the security devices connected to the computer-for example, using the ctrl+Windows logo key+h hotkey, swiping your fingerprint, or inserting a smart card. a. To populate a logon field with one - HP ProBook 6360b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 37
manual Password logon field with one of the preformatted choices, click the down arrow to the right of the field. ● To enable VeriSign VIP security, select the I want VIP security on this site check box. This option appears only for sites where VeriSign VIP security is available. When supported - HP ProBook 6360b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 38
(ctrl+Windows logo key+h is the factory setting). To change the hotkey combination, on the Security Manager dashboard, click Password Manager, and then click Settings. 2. Swipe your fingerprint (on computers with a built-in or connected fingerprint reader), or enter your Windows password. Organizing - HP ProBook 6360b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 39
Open the logon screen for the Web site or program. 2. Click the Password Manager icon to display its context menu. 3. Click Add Logon, and then follow the on-screen instructions. Assessing your password strength Using strong passwords for logon to your Web sites and programs is an important aspect - HP ProBook 6360b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 40
for use with VeriSign VIP-enabled Web sites. These tokens are used by Password Manager to create automated logons that incorporate use of the tokens dragged and dropped into VeriSign VIP-enabled logon screens or manually entered into specified fields. You can enable VeriSign VIP and create a token - HP ProBook 6360b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 41
, and may include the following: ● Password ● SpareKey ● Fingerprints ● Smart card ● Face To enroll or change a credential, click the link and follow the on-screen instructions. Changing your Windows password Security Manager makes changing your Windows password simpler and quicker than doing it - HP ProBook 6360b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 42
your SpareKey is set up, you can access your computer using your SpareKey from a Pre-Boot logon screen or the Windows Welcome screen. Enrolling your fingerprints If your computer has a fingerprint reader built in or connected, HP ProtectTools Security Manager prompts you to set up or "enroll" your - HP ProBook 6360b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 43
in HP ProtectTools Administrative Console: 1. Under Central Management, click Setup Wizard. 2. On the Welcome! page, click Next, and then enter your Windows password. 3. On the SpareKey page, click Skip SpareKey Setup (unless you want to update the SpareKey information). 4. On the Enable security - HP ProBook 6360b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 44
a new scene. 4. If you did not select any additional security options, you are prompted to select an additional security option. Follow the on-screen instructions, and then click Next. For more information, refer to Advanced User Settings on page 37. 36 Chapter 4 HP ProtectTools Security Manager - HP ProBook 6360b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 45
security option. Follow the on-screen instructions, and then click Next. For more information, refer to Advanced User Settings on page 37. 7. security-Select this option to require a user-specific PIN for face logon. ◦ Click Create PIN. ◦ Enter your Windows password. ◦ Enter the new PIN, and then - HP ProBook 6360b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 46
is paused. To initiate the logon process, click the Camera icon. If the Bluetooth-enabled phone is not present, you can use your normal Windows password to log on. ◦ Click Add. ◦ When your Bluetooth device is displayed, select it, and then click Next. Click OK. b. Other Settings tab-Select the - HP ProBook 6360b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 47
corner of the dashboard. 3. Click the box displaying your Windows user name for this account, type the new name, and preferences You can personalize settings for HP ProtectTools Security Manager. From the and Fingerprint. General tab Appearance-Show icon in taskbar notification area ● To enable - HP ProBook 6360b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 48
listed keys, click a (Key) + Fingerprint option, and then select one of the available tasks from the menu. ● Fingerprint Scan Feedback-Displayed only when a fingerprint reader is available. Use this setting to adjust the feedback that occurs when you swipe your fingerprint. ◦ Enable sound feedback - HP ProBook 6360b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 49
Backup and Restore. 3. Click Restore data. 4. Select the previously created storage file. Enter the path in the field provided, or click Browse. 5. Enter the password used to protect the file. 6. Select the modules for which you want to restore data. In most cases, you will select all of the modules - HP ProBook 6360b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 50
SATA and external eSATA hard drives can be encrypted. ● Creating backup keys ● Recovering a Drive Encryption key ● Enabling Drive Encryption pre-boot authentication using a password, registered fingerprint, or smart card PIN 42 Chapter 5 Drive Encryption for HP ProtectTools (select models only - HP ProBook 6360b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 51
Opening Drive Encryption Administrators can access Drive Encryption from HP ProtectTools Administrative Console. 1. Click Start, click All Programs, click HP, and then click HP ProtectTools Administrative Console. 2. In the left pane, click Drive Encryption. Opening Drive Encryption 43 - HP ProBook 6360b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 52
Drive Encryption for standard hard drives Standard hard drives are encrypted using software encryption. Follow these steps to activate Drive Encryption: 1. Use the HP ProtectTools Security Manager Setup Wizard to activate Drive Encryption. 2. Follow the on-screen instructions until the Enable - HP ProBook 6360b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 53
box for the hard drive that you want to encrypt, and then click Next. 6. To back up the encryption key, insert the storage device into the appropriate slot. NOTE: To save the encryption key, you must use a USB storage device with the FAT32 format. A floppy disk, USB memory stick, Secure Digital - HP ProBook 6360b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 54
box for the hard drive that you want to encrypt, and then click Next. 7. To back up the encryption key, insert the storage device into the appropriate slot. NOTE: To save the encryption key, you must use a USB storage device with the FAT32 format. A floppy disk, USB memory stick, Secure Digital - HP ProBook 6360b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 55
: If the Windows administrator has enabled pre-boot Security in HP ProtectTools Security Manager, you can log in to the computer immediately after the computer is turned on, rather than at the Drive Encryption login screen. 1. Click your user name, and then enter your Windows password or smart card - HP ProBook 6360b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 56
or more standard hard drives and one or more self-encrypting drives are present. - or - ▲ For hardware-encrypted drives, select the drive(s) to be encrypted. At least one drive must be selected. Displaying encryption status Users can display encryption status from HP ProtectTools Security Manager - HP ProBook 6360b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 57
Windows administrator and is not protecting the hard drive. Use the HP ProtectTools Security Manager Setup Wizard to activate Drive Encryption. ● If the status is Enabled, Drive Encryption has been activated and configured. The drive time remaining on the progress bar resets to the beginning, but the - HP ProBook 6360b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 58
an encrypted drive on a removable storage device. CAUTION: Be sure to keep the storage device containing the backup key in a safe place, because if you forget your password, lose your smart card, or do not have a finger registered, this device provides your only access to your hard drive. 1. Open HP - HP ProBook 6360b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 59
(select models only) Privacy Manager for HP ProtectTools enables you to use advanced security login (authentication) infrastructure provided by HP ProtectTools Security Manager, which includes the following security login methods: ● Fingerprint authentication ● Windows® password ● Smart card - HP ProBook 6360b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 60
documents, click Sign and Encrypt in the Privacy group on the Home tab. ● To access additional features, access the HP ProtectTools Security Manager dashboard. ◦ Click Start, click All Programs, click HP, click HP ProtectTools Security Manager, and then click Privacy Manager. - or - ◦ Click the - HP ProBook 6360b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 61
Manager Certificates Privacy Manager Certificates protect data and messages using a cryptographic technology called public key infrastructure (PKI). PKI requires users to obtain cryptographic keys and a Privacy Manager Certificate issued by a certificate authority (CA). Unlike most data encryption - HP ProBook 6360b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 62
hard drive and put it in a safe place. This file should be for your use only, and is required in case you need to restore your Privacy Manager Certificate and associated keys. 5. Enter and confirm a password setting in HP ProtectTools Administrative Console must have been enabled on the Settings - HP ProBook 6360b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 63
Next. Type the PFX file password, and then click Next. 4. When the import process is complete, click Next. 5. You are given the option to back up the imported certificate. It is recommended that you back up your certificate to a location other than your computer's hard drive. Viewing Privacy Manager - HP ProBook 6360b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 64
the .dppsm file that you created during the backup process, and then click Next. 4. Enter the password you used when you created the backup, and then click Next. 5. Click Finish. Refer to Setting up dialog box opens, click Yes. 56 Chapter 6 Privacy Manager for HP ProtectTools (select models only) - HP ProBook 6360b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 65
5. Authenticate using your chosen security login method. 6. Follow the on-screen instructions. Managing Trusted Contacts Trusted Contacts are users with whom you have exchanged Privacy Manager Certificates, enabling you to securely communicate with one another. Trusted Contacts Manager allows you to - HP ProBook 6360b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 66
the e-mail. A dialog box opens, confirming that the recipient has been successfully added to your Trusted Contacts list. 8. Click OK. 58 Chapter 6 Privacy Manager for HP ProtectTools (select models only) - HP ProBook 6360b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 67
Viewing Trusted Contact details 1. Open Privacy Manager, and then click Trusted Contacts. 2. Click a Trusted Contact. 3. Click Contact details. 4. When you have finished viewing the details, click OK. Deleting a Trusted Contact 1. Open Privacy Manager, and then click Trusted Contacts. 2. Click the - HP ProBook 6360b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 68
then click OK. Signing and sending an e-mail message 1. In Microsoft Outlook, click New or Reply. 2. Type your e-mail message. 60 Chapter 6 Privacy Manager for HP ProtectTools (select models only) - HP ProBook 6360b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 69
the check mark. ● Encrypt Document-This option adds your digital signature and encrypts the document. ● Remove Encryption-This option removes encryption from the document. ● Open the Privacy Manager software-Certificates, Trusted Contacts, and Settings options allow you to open the Privacy Manager - HP ProBook 6360b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 70
opens, click Yes, and continue working. 4. When you have completed your selected. By default, this option is enabled. 4. Click the down arrow next . A suggested signer is a user who is designated by the owner users at the bottom of the final page of the document, with instructions to sign by - HP ProBook 6360b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 71
, enter the name of the suggested signer. 5. In the box under Instructions to the signer, enter a message for this suggested signer. NOTE: This message will appear in place of a title, and is either deleted or replaced by the user's title when the document is signed. 6. Select the Show sign date - HP ProBook 6360b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 72
the ctrl key, and then click the individual names. 5. Click OK. If you later decide to edit the document, follow the steps in Removing encryption from to Sealing and sending an e-mail message on page 61 for further instructions. Viewing a signed Microsoft Office document NOTE: You do not need to - HP ProBook 6360b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 73
in the status bar at the bottom of the document window. 1. Click the Digital Signatures icon to toggle display of the Signatures dialog box, which displays the name of all users who signed the document and the date each user signed it. 2. To view additional details about each signature, right - HP ProBook 6360b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 74
removable storage device , and then restore the file to the new computer. Backing up Privacy Manager Certificates and Trusted Contacts To back up your Privacy Manager Certificates and Trusted Contacts to a password password, and then click Next. NOTE: Store this password Enter the password you - HP ProBook 6360b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 75
Manager may be part of a centralized installation that has been customized by your administrator. One or more of the following features may be either enabled or disabled: ● Certificate use policy-You may be restricted to the use of Privacy Manager Certificates issued by Comodo, or you may be allowed - HP ProBook 6360b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 76
example: personal information or files, historical or Web-related data, or other data components) on your computer and to periodically bleach deleted assets on your hard drive. NOTE: This version of File Sanitizer supports the computer hard drive only. 68 Chapter 7 File Sanitizer for HP ProtectTools - HP ProBook 6360b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 77
HP ProtectTools icon in the notification area, at the far right of the taskbar. For more information, refer to Setting a shred schedule on page 72, Manually shredding one asset on page 77, or Manually shredding all selected items on page 77. NOTE: A .dll file is shredded and removed from the system - HP ProBook 6360b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 78
drive. Windows only deletes the reference to the asset. The content of the asset still remains on the hard drive until another asset overwrites that same area on the hard drive with new information. Free space bleaching allows you to securely write random data over deleted assets, preventing users - HP ProBook 6360b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 79
Security Manager. 2. Click File Sanitizer. - or - ▲ Double-click the File Sanitizer icon on your desktop. - or - ▲ Right-click the HP ProtectTools icon in the notification area, at the far right of the taskbar, click File Sanitizer, and then click Open File Sanitizer. Opening File Sanitizer - HP ProBook 6360b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 80
to Using a key sequence to initiate shredding on page 76. NOTE: A .dll file is shredded and removed from the system only if it has been moved to the Recycle Bin. 3. To schedule a future time to shred selected assets, select the Activate Scheduler check box, enter your Windows password, and then - HP ProBook 6360b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 81
Selecting or creating a shred profile You can specify an erasure method and select the assets to shred by selecting a predefined profile or by creating your own profile. Selecting a predefined shred profile When you choose a predefined shred profile, a predefined erasure method and list of assets - HP ProBook 6360b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 82
remove To remove an asset from the shred list, click the asset, and then click Remove. 5. Open, and then click OK. To remove an asset from the exclusions list, click been deleted manually or by using the Windows Recycle Bin. remove an asset from the delete list, click the asset, and then click - HP ProBook 6360b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 83
not delete the following, click Add, and then browse or type the path to the file or folder. b. Click Open, and then click OK. To remove an asset from the exclusions list, click the asset, and then click Delete. 5. Click Apply. Setup procedures 75 - HP ProBook 6360b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 84
. For details, refer to Using a key sequence to initiate shredding on page 76. ● Use the File Sanitizer icon to initiate shredding-This feature is similar to the drag-and-drop feature in Windows. For details, refer to Using the File Sanitizer icon on page 77. ● Manually shred a specific asset or all - HP ProBook 6360b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 85
, navigate to the asset you want to shred, and then click OK. 4. When the confirmation dialog box opens, click Yes. Manually shredding all selected items 1. Right-click the HP ProtectTools icon in the notification area, at the far right of the taskbar, click File Sanitizer, and then click Shred Now - HP ProBook 6360b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 86
on the hard drive: ● C:\Program Files\Hewlett-Packard\File Sanitizer\[Username]_ShredderLog.txt ● C:\Program Files\Hewlett-Packard\File Sanitizer\[Username]_DiskBleachLog.txt For 64-bit systems, the log files are located on the hard drive: ● C:\Program Files (x86)\Hewlett-Packard\File Sanitizer - HP ProBook 6360b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 87
as a mouse, keyboard, TouchPad, and fingerprint reader, are not controlled by Device Access Manager. For more information, refer to Unmanaged Device Classes on page 90. Windows® operating system administrators use HP ProtectTools Device Access Manager to control access to the devices on a system and - HP ProBook 6360b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 88
administrator. 2. Click Start, click All Programs, click HP, and then click HP ProtectTools Administrative Console. 3. In the left pane, click Device Access Manager. Users can view the HP ProtectTools Device Access Manager policy using HP ProtectTools Security Manager. This console provides a read - HP ProBook 6360b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 89
JITA), allowing selected users access to DVD/CD-ROM drives or removable media by authenticating themselves. ● Advanced Settings-Configure a list of drive letters for which Device Access Manager will not restrict access, such as the C or system drive. Membership in the Device Administrators group can - HP ProBook 6360b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 90
the background service is running, open a command prompt window, and then type sc query flcdlock. To determine whether the device driver is running, open a command prompt window, and then type sc query damdrv. Device Class Configuration Administrators can view and modify lists of users and groups - HP ProBook 6360b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 91
that may have been installed on the system previously. ◦ Protection is usually applied for a device class. A selected user or group will be able to access any device in the device class. ◦ Protection may also be applied to specific devices. ● User List-Shows all users and groups that are allowed or - HP ProBook 6360b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 92
the left pane of HP ProtectTools Administrative Console, click Device Access Manager, and then click Device Class Configuration. 2. In the device list, click the device class that you want to configure. ● Device class ● All devices ● Individual device 3. Under User/Groups, click the user or group to - HP ProBook 6360b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 93
1. In the left pane of HP ProtectTools Administrative Console, click Device Access Manager, and then click Device Class Configuration. 2. In the device list, click the device class that you want to configure. ● Device class ● All devices ● Individual device 3. Under User/Groups, select the group to - HP ProBook 6360b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 94
/CD-ROM drive. The JITA period can be authorized for a set number of minutes or 0 minutes. A JITA period of 0 minutes will not expire. Users will have access to the device from the time they authenticate until the time they log off the system. 86 Chapter 8 Device Access Manager for HP ProtectTools - HP ProBook 6360b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 95
logs off the system or another user logs in, the JITA period expires. The next time the user logs in and attempts to access a JITA-enabled device, a prompt to enter credentials is displayed. JITA is available for the following device classes: ● DVD/CD-ROM drives ● Removable media Creating a JITA - HP ProBook 6360b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 96
, select either removable media or DVD/CD-ROM drives. 3. Select the user or group whose JITA you wish to disable. 4. Clear the Enabled check box. 5. Click Apply. When the user logs in and attempts to access the device, access is denied. 88 Chapter 8 Device Access Manager for HP ProtectTools (select - HP ProBook 6360b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 97
any user. NOTE: The Device Access Manager background services must be running when the list of drive letters is configured. To start these services: 1. Apply a Simple Configuration policy, such as denying all non-device administrators access to removable media. - or - Open a command prompt window - HP ProBook 6360b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 98
Device Classes HP ProtectTools Device Access Manager does not manage the following device classes: ● Input/output devices ◦ Biometric ◦ Mouse ◦ Keyboard ◦ Printer ◦ Plug and play (PnP) printers ◦ Printer upgrade ◦ Infrared human interface devices ◦ Smart card reader ◦ Multi-port serial ◦ Disk drive - HP ProBook 6360b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 99
(HID) class ● Power ◦ Battery ◦ Advanced power management (APM) support ● Miscellaneous ◦ Computer ◦ Decoder ◦ Display ◦ Processor ◦ System ◦ Unknown ◦ Volume ◦ Volume snapshot ◦ Security devices ◦ Security accelerator ◦ Intel® unified display driver ◦ Media driver ◦ Medium changer ◦ Multifunction - HP ProBook 6360b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 100
the computer. If the system is misplaced or stolen, the Customer Center can assist local authorities in locating and recovering the computer. If configured, Computrace can continue to function even if the hard drive is erased or replaced. To activate Computrace for HP ProtectTools: 1. Connect to the - HP ProBook 6360b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 101
security features: ● Enhanced Microsoft® Encryption File System (EFS) file and folder encryption ● Creation of a personal secure drive (PSD) for protecting user data ● Data management functions, such as backing up and restoring the key hierarchy ● Support for third-party applications (such as - HP ProBook 6360b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 102
user, password boxes, and then press f10. 4. In the Security menu, use the arrow keys to select TPM Embedded Security, and then press enter. 5. Under Embedded Security, if the device is hidden, select Available. 6. Select Embedded security device state, and then change the setting to Enable - HP ProBook 6360b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 103
, you will perform the following tasks: ● Set an owner password for the embedded security chip that protects access to all owner that allows reencryption of the Basic User Keys for all users. To initialize the embedded security chip: 1. Right-click the HP ProtectTools Security Manager icon in the - HP ProBook 6360b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 104
Key password to protect the Basic User Key. ● Sets up a personal secure drive (PSD) for storing encrypted files and folders. CAUTION: Safeguard the Basic User Key password. Encrypted information cannot be accessed or recovered without this password. To set up a basic user account and enable the user - HP ProBook 6360b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 105
drive After setting up the PSD, you are prompted to type the Basic User Key password at the next logon. If the Basic User Key password is entered correctly, you can access the PSD directly from Windows Explorer. Encrypting files and folders When working e-mail Embedded Security enables you to send - HP ProBook 6360b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 106
the Basic User Key password To change the Basic User Key password: 1. Click Start, click All Programs, click HP, and then click HP ProtectTools Security Manager. 2. In the left pane, click Embedded Security, and then click User Settings. 3. In the right pane, under Basic User password, click Change - HP ProBook 6360b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 107
Personal Secure Drives ● Changing the owner password ● Resetting a user password ● Securely migrating user security credentials from right pane, click Configure. The HP Embedded Security for ProtectTools Backup Wizard opens. 4. Follow the on-screen instructions. Restoring certification data from the - HP ProBook 6360b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 108
Type the old owner password, and then set and confirm the new owner password. 5. Click OK. Resetting a user password An administrator can help a user to reset a forgotten password. For more information, refer to the software Help. 100 Chapter 10 Embedded Security for HP ProtectTools (select models - HP ProBook 6360b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 109
Migrating keys with the Migration Wizard Migration is an advanced administrator task that allows the management, restoration, and transfer of keys and certificates. For details on migration, refer to the Embedded Security software Help. Advanced tasks 101 - HP ProBook 6360b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 110
Drive Encryption level In Windows, the user can choose an IME (input method editor) to enter complex characters and symbols, such as Japanese or Chinese characters, by using a standard western keyboard. IMEs are not supported at the Preboot Security or HP Drive Encryption level. A Windows password - HP ProBook 6360b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 111
keyboard layout that is also supported, such as Latin American (080A), the password change will work in HP Drive Encryption, but it will fail in the BIOS if the user uses characters that exist in the latter but not in the former (for example, ē). NOTE: Administrators can resolve this problem - HP ProBook 6360b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 112
and é in HP Windows. BIOS Preboot Security. Drive Encryption. 40a is not supported. It n/a n/a nevertheless works because the software converts it to c0a. However, because of subtle differences between the keyboard layouts, it is recommended that Spanish-speaking users change their - HP ProBook 6360b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 113
switches this IME to keyboard layout 411 when securing the BIOS and HP Drive Encryption with localized Japanese passwords. When available, Microsoft Office 2007 IME is a better choice. Despite the IME name, it is actually keyboard layout 411, which is supported. Special key handling 105 - HP ProBook 6360b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 114
to add a supported keyboard (add U.S. keyboards under Chinese Input Language). 5. Set the supported keyboard for default input. 6. Restart HP ProtectTools, and then enter the password again. ● A user is using a character that is not supported. To resolve this issue: 1. Change the Windows password so - HP ProBook 6360b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 115
drive, creating a user account, and creating the initial backup encryption key on a removable storage device. administrator See Windows administrator. asset A data component consisting of personal information or files, historical and Web-related data, and so on, which is located on the hard drive - HP ProBook 6360b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 116
again at the Windows logon screen. DriveLock A security feature that links the hard drive to a user and requires the user to correctly type the DriveLock password when the computer starts up. emergency recovery archive A protected storage area that allows the reencryption of Basic User Keys from one - HP ProBook 6360b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 117
to distort the contents of the deleted asset. group A group of users that have the same level of access or denial to a device class or a specific device. HP SpareKey A backup copy of the drive encryption key. ID card A Windows desktop gadget that serves to visually identify your desktop with your - HP ProBook 6360b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 118
password is required when the user wants to revoke his or her digital certificate. This ensures that only the user may revoke the certificate. SATA device mode A data transfer mode between a computer and mass storage devices, such as hard drives and optical drives. scene A photo of an enrolled user - HP ProBook 6360b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 119
A security feature that works very much like a smart card and card reader. The token is saved either on the computer hard drive or in the Windows registry. When you log on with a virtual token, you are asked for a user PIN to complete the authentication. Windows administrator A user with full rights - HP ProBook 6360b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 120
96 Basic User Key password changing 98 setting 96 bleaching aborting 78 activating 78 cancelling 78 manual 78 schedule 72 C cancelling a shred or bleach operation 78 central administration 67 Central Management 22 certificate, preassigned 54 Computrace 92 configuration device class 82 resetting 86 - HP ProBook 6360b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 121
drive 97 resetting user password 100 setup procedures 94 emergency recovery 95 emergency recovery token password, setting 95 enabling TPM chip 94 encrypted documents, e-mailing 64 encrypting drives 42 encrypting files and folders 97 encrypting hard drive 48, 49 encryption hardware 44, 46 removing - HP ProBook 6360b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 122
token 95 guidelines 12 HP ProtectTools 10 managing 10 owner 95 policies 9 resetting user 100 secure 12 password changes using different keyboard layouts 103 password exceptions 102 Password Manager 22, 27, 28 password rejected 106 password strength 31 personal secure drive (PSD) 97 preassigned - HP ProBook 6360b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 123
device classes 90 updates 22 user allowing access 84 denying access 84 removing 86 V VeriSign Identity Protection (VIP) 32 viewing encrypted Microsoft Office document 65 sealed e-mail message 61 signed Microsoft Office document 64 viewing the log files 78 W Windows Logon password 10 wizard, HP - HP ProBook 6360b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 124
HP ProtectTools
Getting Started