HP ProBook 6565b HP ProtectTools Getting Started - Windows 7 and Windows Vista
HP ProBook 6565b Manual
View all HP ProBook 6565b manuals
Add to My Manuals
Save this manual to your list of manuals |
HP ProBook 6565b manual content summary:
- HP ProBook 6565b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 1
HP ProtectTools Getting Started - HP ProBook 6565b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 2
Copyright 2011 Hewlett-Packard Development Company, L.P. Bluetooth is a trademark owned by its proprietor and used by Hewlett-Packard Company under license. Intel is a trademark of Intel Corporation in the U.S. and other countries and is used under license. Microsoft, Windows, and Windows Vista are - HP ProBook 6565b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 3
roles ...10 Managing HP ProtectTools passwords 10 Creating a secure password 12 Backing up and restoring HP ProtectTools credentials 12 2 Getting started with the Setup Wizard ...13 3 HP ProtectTools Security Manager Administrative Console 15 Opening HP ProtectTools Administrative Console 16 - HP ProBook 6565b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 4
icon settings 31 VeriSign Identity Protection (VIP 32 Settings ...33 Credential Manager ...33 Changing your Windows password 33 Setting up your SpareKey 34 Enrolling your fingerprints 34 Setting up a smart card 35 Initializing the smart card 35 Registering the smart card 35 Configuring - HP ProBook 6565b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 5
5 Drive Encryption for HP ProtectTools (select models only 42 Opening Drive Encryption ...43 General tasks ...44 Activating Drive Encryption for standard hard drives 44 Activating Drive Encryption for self-encrypting drives 44 Deactivating Drive Encryption 46 Logging in after Drive Encryption is - HP ProBook 6565b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 6
Contacts 66 Restoring Privacy Manager 7 File Sanitizer for HP ProtectTools ...68 Shredding ... delete profile 74 General tasks ...76 Using a key sequence to initiate shredding 76 Using the File Sanitizer icon 77 Manually shredding one asset 77 Manually shredding all selected items 77 Manually - HP ProBook 6565b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 7
tasks ...97 Using the personal secure drive 97 Encrypting files and folders 97 Sending and receiving encrypted e-mail 97 Changing the Basic User Key password 98 Advanced tasks ...99 Backing up and restoring 99 Creating a backup file 99 Restoring certification data from the backup file 99 - HP ProBook 6565b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 8
Wizard 101 11 Localized password exceptions ...102 Windows IMEs not supported at the Preboot Security level or the HP Drive Encryption level ......... 102 Password changes using keyboard layout that is also supported 103 Special key handling ...104 What to do when a password is rejected 106 - HP ProBook 6565b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 9
your computer may vary depending on your model. HP ProtectTools software modules may be preinstalled, preloaded, or available for download from the HP Web site. For more information, visit http://www.hp.com. NOTE: The instructions in this guide are written with the assumption that you have already - HP ProBook 6565b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 10
change user credentials such as a Windows password, fingerprint, and smart card. ● Configure and change File Sanitizer Shredding, Bleaching, and other settings. ● View settings for Device Access Manager. ● Configure Computrace for HP ProtectTools. ● Configure preferences and Backup and Restore - HP ProBook 6565b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 11
and Microsoft Office documents. Computrace for HP ProtectTools (purchased separately) ● Provides secure asset tracking. ● Monitors user activity, as well as hardware and software changes. ● Remains active even if the hard drive is reformatted or replaced. ● Requires separate purchase of tracking - HP ProBook 6565b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 12
all the Web links, company user names, and passwords within Credential Manager for HP ProtectTools. Once complete, the CPA hard drive. The doctor activates Drive Encryption, which requires pre-boot authentication before Windows login. Once set up, the hard drive cannot be accessed without a password - HP ProBook 6565b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 13
, and all authorized personnel as Drive Encryption users. Now only authorized personnel can boot the computer or domain using their personal user name and password. File Sanitizer for HP ProtectTools File Sanitizer for HP ProtectTools is used to permanently delete data, including Internet browser - HP ProBook 6565b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 14
data just like another hard drive. When he logs off or reboots the personal secure drive, it cannot be seen or opened without the proper password. The workers never see the confidential data when they access the computer. Embedded Security protects encryption keys within a hardware TPM (Trusted - HP ProBook 6565b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 15
two computers can open the drive, even if the password is compromised. The stock broker uses Embedded Security TPM migration to allow a second computer to have the necessary encryption keys to decrypt the data. During the transport process, even with the password, only the two physical computers - HP ProBook 6565b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 16
such as a CD. The following feature helps restrict access to data: ● Device Access Manager for HP ProtectTools allows IT managers to restrict access to writable devices so sensitive information cannot be printed or copied from the hard drive onto removable media. Preventing unauthorized access - HP ProBook 6565b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 17
an unauthorized user cannot get passwords or access to password-protected applications. ● Device Access Manager for HP ProtectTools allows IT managers to restrict access to writable devices so sensitive information cannot be copied from the hard drive. ● File Sanitizer allows secure deletion of data - HP ProBook 6565b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 18
PIN Emergency Recovery Token password Set in the following module Function Windows® Control Panel or Can be used for manual logon and for HP ProtectTools Security authentication to access various Security Manager Manager features. Security Manager, by individual user Protects access to the - HP ProBook 6565b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 19
HP ProtectTools password Owner password BIOS Administrator password Set in the following module Embedded Security, by IT administrator Computer Setup, by IT administrator Function Protects the system and the TPM chip from unauthorized access to all owner functions of Embedded Security. Protects - HP ProBook 6565b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 20
e-mail, on the computer. ● Do not share accounts or tell anyone your password. Backing up and restoring HP ProtectTools credentials You can use the Backup and Restore feature of HP ProtectTools to select and back up HP ProtectTools credentials data and settings. 12 Chapter 1 Introduction to security - HP ProBook 6565b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 21
to all users of this computer. You can also manage these features on the Security Features page of Administrative Console. To set up security features through the Security Manager Setup Wizard: 1. Open HP ProtectTools Security Manager from the HP ProtectTools desktop gadget icon in Windows Sidebar - HP ProBook 6565b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 22
by encrypting your hard drives, making the information unreadable by those without proper authorization. ● Pre-Boot Security-Protects your computer by prohibiting access by unauthorized persons prior to Windows startup. NOTE: Pre-Boot Security is not available if the BIOS does not support it. 6. The - HP ProBook 6565b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 23
critical data. Administration of HP ProtectTools Security Manager is provided through the Administrative Console feature. Additional applications are available tasks: ● Enabling or disabling security features ● Specifying required credentials for authentication ● Managing users of the computer ● - HP ProBook 6565b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 24
, such as setting system policies or configuring software, open the console as follows: ▲ Click Start, click All Programs, click HP, and then click HP ProtectTools Administrative Console. - or - In the left panel of Security Manager, click Administration, and then click Administrative Console. 16 - HP ProBook 6565b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 25
data. ● Central Management-Displays tabs for accessing additional solutions, product updates, and messages. ● Setup Wizard-Guides you through setting up HP ProtectTools Security Manager. ● About-Displays information about HP ProtectTools Security Manager, such as the version number and copyright - HP ProBook 6565b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 26
HP ProtectTools Administrative Console. You can use the applications in this group to manage the policies and settings for the computer, its users, and its devices. The following applications are included in the System group: ● Security-Manage features a user when logging on to Windows: 1. - HP ProBook 6565b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 27
following setting, or clear the check box to disable it: Allow One Step logon-Allows users of this computer to skip Windows logon if authentication was performed at the BIOS or encrypted disk level. 2. Click Apply. Managing users Within the Users application, you can monitor and manage this computer - HP ProBook 6565b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 28
HP ProtectTools Security Manager. SpareKey You can configure whether or not to allow SpareKey authentication for Windows logon, and manage the security questions that will be presented to users during their SpareKey enrollment. 1. Select the check box to enable or clear it to disable fingerprint - HP ProBook 6565b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 29
card can no longer be used with HP ProtectTools or any other applications. NOTE: Features that are not supported by your smart card are not available Accuracy-To make it more difficult for a user to gain access if enrolled scenes or current lighting conditions are below normal and less likely that - HP ProBook 6565b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 30
. To return all applications to their factory settings, click the Restore Defaults button. Central Management Additional applications may be available for adding new management tools to Security Manager. The administrator of this computer may disable this feature on the Settings page. The Central - HP ProBook 6565b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 31
Manager applications, as well as additional applications available for immediate download from the Web: ● Manage your logon and passwords. ● Easily change your Windows® operating system password. ● Set program preferences. ● Use fingerprints for extra security and convenience. ● Enroll one or more - HP ProBook 6565b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 32
area, at the far right of the taskbar. ● Right-click the HP ProtectTools icon, and click Open HP ProtectTools Security Manager. ● Click the HP ProtectTools desktop gadget icon. ● Press the hotkey combination ctrl+Windows logo key+h to open the Security Manager Quick Links menu. For information on - HP ProBook 6565b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 33
security and users. ◦ Central Management-Allows administrators to access additional solutions, product updates, and messages. ● Advanced-Displays commands for accessing additional features, including: ◦ Preferences-Allows you to personalize Security Manager settings. ◦ Backup and Restore-Allows you - HP ProBook 6565b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 34
security applications in two locations: ● HP ProtectTools desktop gadget The banner color at the top of the HP ProtectTools gadget icon changes to reflect the . The Setup Wizard is an independent application. ◦ Enroll now-A user must click the gadget icon to run the Security Manager Getting Started - HP ProBook 6565b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 35
you do not have to write down or remember, and then log on easily and quickly with a fingerprint, smart card, or your Windows password. Password Manager offers the following options: ● Add, edit, or delete logons from the Manage tab. ● Use Quick Links to launch your default browser and log on to - HP ProBook 6565b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 36
Password the Password Manager orange border. You can also display this dialog box by clicking Add Logon from the Password Manager Manage tab. Some options depend on the security devices connected to the computer-for example, using the ctrl+Windows logo key+h hotkey, swiping your fingerprint supported - HP ProBook 6565b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 37
required for logon. ● If Password Manager cannot detect all of the logon fields, in the future. NOTE: The manual mode of entering logon data orange border. You can also display this dialog box by clicking Edit for the desired logon on the Password security is available. When supported by the site, you - HP ProBook 6565b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 38
display the Logons menu: 1. Press the Password Manager hotkey combination (ctrl+Windows logo key+h is the factory setting). To change the hotkey combination, on the Security Manager dashboard, click Password Manager, and then click Settings. 2. Swipe your fingerprint (on computers with a built-in or - HP ProBook 6565b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 39
Open the logon screen for the Web site or program. 2. Click the Password Manager icon to display its context menu. 3. Click Add Logon, and then follow the on-screen instructions. Assessing your password strength Using strong passwords for logon to your Web sites and programs is an important aspect - HP ProBook 6565b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 40
instructions. For more information, refer to Adding logons on page 28. ◦ The Password Manager icon is displayed whenever this Web site logon or program screen is opened. 2. To disable token, you can drag and drop or manually enter the token information. To enable HP ProtectTools Security Manager - HP ProBook 6565b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 41
to the password vault. To disable this feature, in the Icon Settings dialog box, clear the check box beside Prompt to add logons for logon screens. 2. Open Password Manager with ctrl+win+h-The default hotkey that opens the Password Manager Quick Links menu is ctrl+Windows logo key+h. To change - HP ProBook 6565b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 42
in the New Windows password text box, and then type it again in the Confirm new password text box. 4. Click Change to immediately change your current password to the new one that you entered. Setting up your SpareKey The SpareKey allows you to gain access to your computer (on supported platforms) by - HP ProBook 6565b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 43
HP ProtectTools Security Manager can support key is used to unlock the card. 5. Click Start, click All Programs, click HP, and then click HP Windows password. 3. On the SpareKey page, click Skip SpareKey Setup (unless you want to update the SpareKey information). 4. On the Enable security features - HP ProBook 6565b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 44
The card can no longer be used with HP ProtectTools or any other applications. NOTE: Features that are not supported by your smart card are not available. -screen instructions, and then click Next. For more information, refer to Advanced User Settings on page 37. 36 Chapter 4 HP ProtectTools - HP ProBook 6565b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 45
security option. Follow the on-screen instructions, and then click Next. For more information, refer to Advanced User Settings on page 37. 7. security-Select this option to require a user-specific PIN for face logon. ◦ Click Create PIN. ◦ Enter your Windows password. ◦ Enter the new PIN, and then - HP ProBook 6565b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 46
can use your normal Windows password to log on. ◦ Click Add. ◦ When your Bluetooth device is displayed, select it, and then click Next. Click OK. b. Other Settings tab-Select the check boxes to enable one or more of the following options, or clear the check box to disable an option. These settings - HP ProBook 6565b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 47
this Windows account, full Windows user name and the picture you selected during Windows setup dashboard. 3. Click the box displaying your Windows user name for this account, type the new personalize settings for HP ProtectTools Security Manager. tabs: General and Fingerprint. General tab Appearance - HP ProBook 6565b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 48
. ◦ Enable sound feedback-Security Manager gives you audio feedback when a fingerprint has been swiped, playing different sounds for specific program events. You may assign new sounds to these events through the Sounds tab in Windows Control Panel, or disable sound feedback by clearing this option - HP ProBook 6565b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 49
storage file. Enter the path in the field provided, or click Browse. 5. Enter the password used to protect the file. 6. Select the modules for which you want to restore data. In most cases, you will select all of the modules listed. 7. Verify your Windows password. 8. Click Finish. My Logons 41 - HP ProBook 6565b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 50
SATA and external eSATA hard drives can be encrypted. ● Creating backup keys ● Recovering a Drive Encryption key ● Enabling Drive Encryption pre-boot authentication using a password, registered fingerprint, or smart card PIN 42 Chapter 5 Drive Encryption for HP ProtectTools (select models only - HP ProBook 6565b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 51
Opening Drive Encryption Administrators can access Drive Encryption from HP ProtectTools Administrative Console. 1. Click Start, click All Programs, click HP, and then click HP ProtectTools Administrative Console. 2. In the left pane, click Drive Encryption. Opening Drive Encryption 43 - HP ProBook 6565b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 52
for standard hard drives Standard hard drives are encrypted using software encryption. Follow these steps to activate Drive Encryption: 1. Use the HP ProtectTools Security Manager Setup Wizard to activate Drive Encryption. 2. Follow the on-screen instructions until the Enable security features page - HP ProBook 6565b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 53
to display the available options. 3. Click Features. 4. Select the Drive Encryption check box, and then click Next. 5. Under Drives to be encrypted, select the check box for the hard drive that you want to encrypt, and then click Next. 6. To back up the encryption key, insert the storage device into - HP ProBook 6565b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 54
box for the hard drive that you want to encrypt, and then click Next. 7. To back up the encryption key, insert the storage device into the appropriate slot. NOTE: To save the encryption key, you must use a USB storage device with the FAT32 format. A floppy disk, USB memory stick, Secure Digital - HP ProBook 6565b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 55
computer is turned on, rather than at the Drive Encryption login screen. 1. Click your user name, and then enter your Windows password or smart card PIN, or swipe a registered finger. NOTE: The following smart cards are supported: Smart cards ● ● ● ActivIdentity 64K V2C Smart Card ActivIdentity - HP ProBook 6565b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 56
or more standard hard drives and one or more self-encrypting drives are present. - or - ▲ For hardware-encrypted drives, select the drive(s) to be encrypted. At least one drive must be selected. Displaying encryption status Users can display encryption status from HP ProtectTools Security Manager - HP ProBook 6565b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 57
page. ● If the status is Disabled, Drive Encryption has not yet been activated by the Windows administrator and is not protecting the hard drive. Use the HP ProtectTools Security Manager Setup Wizard to activate Drive Encryption. ● If the status is Enabled, Drive Encryption has been activated and - HP ProBook 6565b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 58
NOTE: Dynamic partitions are not supported. If a partition is displayed as available, but it cannot be encrypted key in a safe place, because if you forget your password, lose your smart card, or do not have a finger registered, this device provides your only access to your hard drive. 1. Open HP - HP ProBook 6565b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 59
mail or Microsoft® Office documents. Privacy Manager leverages the security infrastructure provided by HP ProtectTools Security Manager, which includes the following security login methods: ● Fingerprint authentication ● Windows® password ● Smart card ● Face recognition You may use any of the above - HP ProBook 6565b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 60
documents, click Sign and Encrypt in the Privacy group on the Home tab. ● To access additional features, access the HP ProtectTools Security Manager dashboard. ◦ Click Start, click All Programs, click HP, click HP ProtectTools Security Manager, and then click Privacy Manager. - or - ◦ Click the - HP ProBook 6565b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 61
cryptographic technology called public key infrastructure (PKI). PKI requires users to obtain cryptographic keys and a Privacy Manager a default Privacy Manager Certificate on page 55 ● Deleting a Privacy Manager Certificate on page 56 ● Restoring a Privacy Manager Certificate on page 56 ● Revoking - HP ProBook 6565b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 62
hard drive and put it in a safe place. This file should be for your use only, and is required in case you need to restore your Privacy Manager Certificate and associated keys. 5. Enter and confirm a password use this feature, the Allow use of third-party certificates setting in HP ProtectTools - HP ProBook 6565b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 63
Next. Type the PFX file password, and then click Next. 4. When the import process is complete, click Next. 5. You are given the option to back up the imported certificate. It is recommended that you back up your certificate to a location other than your computer's hard drive. Viewing Privacy Manager - HP ProBook 6565b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 64
Privacy Manager functions, you can select any of your Privacy Manager Certificates to use. Deleting a Privacy Manager Certificate If you delete a installed the certificate. Refer to Restoring a Privacy Manager Certificate on page 56 for more information. To delete a Privacy Manager Certificate: 1. - HP ProBook 6565b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 65
method. 6. Follow the on-screen instructions. Managing Trusted Contacts Trusted Contacts are users with whom you have exchanged Privacy Manager , access the DigitalPersona Web site at http://digitalpersona.com/privacymanager/download. Adding a Trusted Contact 1. Open Privacy Manager, click Trusted - HP ProBook 6565b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 66
the e-mail. A dialog box opens, confirming that the recipient has been successfully added to your Trusted Contacts list. 8. Click OK. 58 Chapter 6 Privacy Manager for HP ProtectTools (select models only) - HP ProBook 6565b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 67
a Trusted Contact 1. Open Privacy Manager, and then click Trusted Contacts. 2. Click the Trusted Contact you want to delete. 3. Click Delete contact. 4. When the confirmation dialog box opens, click Yes. Checking revocation status for a Trusted Contact To see if a Trusted Contact has revoked - HP ProBook 6565b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 68
then click OK. Signing and sending an e-mail message 1. In Microsoft Outlook, click New or Reply. 2. Type your e-mail message. 60 Chapter 6 Privacy Manager for HP ProtectTools (select models only) - HP ProBook 6565b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 69
3. Click the down arrow next to Send Securely (Privacy in Outlook 2003), and then click Sign and Send. 4. Authenticate using your chosen security login method. Sealing and sending an e-mail message Sealed e-mail messages that are digitally signed and sealed (encrypted) can only be viewed by people - HP ProBook 6565b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 70
to your document by appointing suggested signers. A suggested signer is a user who is designated by the owner of a Microsoft Word or Microsoft can include signature lines for those users at the bottom of the final page of the document, with instructions to sign by a specific date. 62 Chapter - HP ProBook 6565b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 71
, enter the name of the suggested signer. 5. In the box under Instructions to the signer, enter a message for this suggested signer. NOTE: This message will appear in place of a title, and is either deleted or replaced by the user's title when the document is signed. 6. Select the Show sign date - HP ProBook 6565b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 72
its contents. NOTE: To select multiple Trusted Contact names, hold down the ctrl key, and then click the individual names. 5. Click OK. If you later decide to Sealing and sending an e-mail message on page 61 for further instructions. Viewing a signed Microsoft Office document NOTE: You do not need to - HP ProBook 6565b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 73
window. 1. Click the Digital Signatures icon to toggle display of the Signatures dialog box, which displays the name of all users who signed the document and the date each user to view an encrypted Microsoft Office document, you must restore the Privacy Manager Certificate that was used to encrypt - HP ProBook 6565b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 74
storage device, and then restore the file to the new Trusted Contacts to a password-protected file, follow these password, and then click Next. NOTE: Store this password in a safe place, because you will need it when you restore Restoring Privacy Manager Certificates and Trusted Contacts To restore - HP ProBook 6565b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 75
Privacy Manager may be part of a centralized installation that has been customized by your administrator. One or more of the following features may be either enabled or disabled: ● Certificate use policy-You may be restricted to the use of Privacy Manager Certificates issued by Comodo, or you may be - HP ProBook 6565b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 76
example: personal information or files, historical or Web-related data, or other data components) on your computer and to periodically bleach deleted assets on your hard drive. NOTE: This version of File Sanitizer supports the computer hard drive only. 68 Chapter 7 File Sanitizer for HP ProtectTools - HP ProBook 6565b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 77
to retrieve the original asset. A Windows simple delete may leave the file (or asset) intact on the hard drive or in a state where forensic methods You can set an automatic shred schedule, or you can manually activate shredding using the HP ProtectTools icon in the notification area, at the far right - HP ProBook 6565b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 78
drive. Windows only deletes the reference to the asset. The content of the asset still remains on the hard drive until another asset overwrites that same area on the hard drive with new information. Free space bleaching allows you to securely write random data over deleted assets, preventing users - HP ProBook 6565b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 79
Security Manager. 2. Click File Sanitizer. - or - ▲ Double-click the File Sanitizer icon on your desktop. - or - ▲ Right-click the HP ProtectTools icon in the notification area, at the far right of the taskbar, click File Sanitizer, and then click Open File Sanitizer. Opening File Sanitizer - HP ProBook 6565b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 80
on page 73. You can also shred assets manually at any time. For more information, refer to Using a key sequence to initiate shredding on page 76. a future time to bleach deleted assets on your hard drive, select the Activate Scheduler check box, enter your Windows password, and then select a day - HP ProBook 6565b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 81
Selecting or creating a shred profile You can specify an erasure method and select the assets to shred by selecting a predefined profile or by creating your own profile. Selecting a predefined shred profile When you choose a predefined shred profile, a predefined erasure method and list of assets - HP ProBook 6565b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 82
occasionally on the assets that have been deleted manually or by using the Windows Recycle Bin. 1. Open File Sanitizer, click Settings, click Simple Delete Settings, and then click View Details. 2. Select the assets you want to delete: a. Under Available delete options, click an asset, and then - HP ProBook 6565b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 83
To protect assets from automatic deleting: a. Under Do not delete the following, click Add, and then browse or type the path to the file or folder. b. Click Open, and then click OK. To remove an asset from the exclusions list, click the asset, and then click Delete. 5. Click Apply. Setup procedures - HP ProBook 6565b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 84
. For details, refer to Using a key sequence to initiate shredding on page 76. ● Use the File Sanitizer icon to initiate shredding-This feature is similar to the drag-and-drop feature in Windows. For details, refer to Using the File Sanitizer icon on page 77. ● Manually shred a specific asset or all - HP ProBook 6565b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 85
, navigate to the asset you want to shred, and then click OK. 4. When the confirmation dialog box opens, click Yes. Manually shredding all selected items 1. Right-click the HP ProtectTools icon in the notification area, at the far right of the taskbar, click File Sanitizer, and then click Shred Now - HP ProBook 6565b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 86
, click Yes. Manually activating free space bleaching 1. Right-click the HP ProtectTools icon in generated. The log files are always updated according to the latest shred or free hard drive: ● C:\Program Files\Hewlett-Packard\File Sanitizer\[Username]_ShredderLog.txt ● C:\Program Files\Hewlett-Packard - HP ProBook 6565b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 87
by disabling data transfer devices. NOTE: Some human interface/input devices, such as a mouse, keyboard, TouchPad, and fingerprint reader, are not controlled by Device Access Manager. For more information, refer to Unmanaged Device Classes on page 90. Windows® operating system administrators use HP - HP ProBook 6565b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 88
administrator. 2. Click Start, click All Programs, click HP, and then click HP ProtectTools Administrative Console. 3. In the left pane, click Device Access Manager. Users can view the HP ProtectTools Device Access Manager policy using HP ProtectTools Security Manager. This console provides a read - HP ProBook 6565b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 89
/CD-ROM drives ● All serial and parallel ports ● All Bluetooth® devices ● All modem devices ● All PCMCIA/ExpressCard devices ● All 1394 devices To allow or deny access to a class of devices for all non-device administrators, follow these steps: 1. In the left pane of HP ProtectTools Administrative - HP ProBook 6565b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 90
the background service is running, open a command prompt window, and then type sc query flcdlock. To determine whether the device driver is running, open a command prompt window, and then type sc query damdrv. Device Class Configuration Administrators can view and modify lists of users and groups - HP ProBook 6565b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 91
and write access rights can be inherited. For example, read access may be inherited from a higher class, but write access may be specifically denied for a user or group. NOTE: If the Read check box is cleared, the access control entry has no effect on read access to the device, but read - HP ProBook 6565b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 92
for a device below this device in the device hierarchy. Denying access to a user or group To prevent a user or group from accessing a device or a class of devices: 1. In the left pane of HP ProtectTools Administrative Console, click Device Access Manager, and then click Device Class Configuration - HP ProBook 6565b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 93
Administrators can allow access to a specific device while denying access to all other members of that user's group for all devices in the class: 1. In the left pane of HP ProtectTools Administrative Console, click Device Access Manager, and then click Device Class Configuration. 2. In the device - HP ProBook 6565b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 94
factory. To reset the configuration settings to the factory values: 1. In the left pane of HP drive. ● Result-A JITA-enabled user who attempts to access the DVD/CD-ROM drive receives the same "access denied" message as a non-JITA-enabled user. Then a balloon message is displayed, asking if the user - HP ProBook 6565b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 95
it expires. 1. In the left pane of HP ProtectTools Administrative Console, click Device Access Manager, and then click JITA Configuration. 2. From the device's drop-down menu, select either removable media or DVD/CD-ROM drives. 3. Click + to add a user or group to the JITA configuration. 4. Select - HP ProBook 6565b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 96
In the left pane of HP ProtectTools Administrative Console, click Device Access Manager, and then click JITA Configuration. 2. From the device's drop-down menu, select either removable media or DVD/CD-ROM drives. 3. Select the user or group whose JITA you wish to disable. 4. Clear the Enabled check - HP ProBook 6565b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 97
non-device administrators access to removable media. - or - Open a command prompt window with Administrator privileges, and then type: sc start flcdlock Press enter. 2. When the services are started, the drive list can be edited. Enter the drive letters of devices that you do not want Device Access - HP ProBook 6565b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 98
/output devices ◦ Biometric ◦ Mouse ◦ Keyboard ◦ Printer ◦ Plug and play (PnP) printers ◦ Printer upgrade ◦ Infrared human interface devices ◦ Smart card reader ◦ Multi-port serial ◦ Disk drive ◦ Floppy disk controller (FDC) 90 Chapter 8 Device Access Manager for HP ProtectTools (select models only) - HP ProBook 6565b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 99
support ● Miscellaneous ◦ Computer ◦ Decoder ◦ Display ◦ Processor ◦ System ◦ Unknown ◦ Volume ◦ Volume snapshot ◦ Security devices ◦ Security accelerator ◦ Intel® unified display driver ◦ Media driver ◦ Medium changer ◦ Multifunction ◦ Legacard ◦ Net client ◦ Net service ◦ Net trans ◦ SCSI adapter - HP ProBook 6565b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 100
function even if the hard drive is erased or replaced. To activate Computrace for HP ProtectTools: 1. Connect to the Internet. 2. Click Start, click All Programs, click HP, and then click HP Product Key. The Activation Wizard securely processes the transaction and sets up your user account - HP ProBook 6565b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 101
provides the following security features: ● Enhanced Microsoft® Encryption File System (EFS) file and folder encryption ● Creation of a personal secure drive (PSD) for protecting user data ● Data management functions, such as backing up and restoring the key hierarchy ● Support for third-party - HP ProBook 6565b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 102
user password, use the arrow keys to select Security, select Setup password, and then press enter. 3. Type your password in the New password and Verify new password keys to select File, select Save Changes and Exit, and then follow the on-screen instructions. 94 Chapter 10 Embedded Security for HP - HP ProBook 6565b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 103
: ● Set an owner password for the embedded security chip that protects access to all owner functions on the embedded security chip. ● Set up the emergency recovery archive, which is a protected storage area that allows reencryption of the Basic User Keys for all users. To initialize the embedded - HP ProBook 6565b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 104
Basic User Key. ● Sets up a personal secure drive (PSD) for storing encrypted files and folders. CAUTION: Safeguard the Basic User Key password. Encrypted information cannot be accessed or recovered without this password. To set up a basic user account and enable the user security features: 1. If - HP ProBook 6565b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 105
receiving encrypted e-mail Using the personal secure drive After setting up the PSD, you are prompted to type the Basic User Key password at the next logon. If the Basic User Key password is entered correctly, you can access the PSD directly from Windows Explorer. Encrypting files and folders When - HP ProBook 6565b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 106
the Basic User Key password To change the Basic User Key password: 1. Click Start, click All Programs, click HP, and then click HP ProtectTools Security Manager. 2. In the left pane, click Embedded Security, and then click User Settings. 3. In the right pane, under Basic User password, click Change - HP ProBook 6565b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 107
Security settings, and Personal Secure Drives ● Changing the owner password ● Resetting a user password ● Securely migrating user security credentials from a source platform to a destination platform Backing up and restoring The Embedded Security backup feature creates an archive that contains - HP ProBook 6565b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 108
Type the old owner password, and then set and confirm the new owner password. 5. Click OK. Resetting a user password An administrator can help a user to reset a forgotten password. For more information, refer to the software Help. 100 Chapter 10 Embedded Security for HP ProtectTools (select models - HP ProBook 6565b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 109
Migrating keys with the Migration Wizard Migration is an advanced administrator task that allows the management, restoration, and transfer of keys and certificates. For details on migration, refer to the Embedded Security software Help. Advanced tasks 101 - HP ProBook 6565b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 110
Drive Encryption level In Windows, the user can choose an IME (input method editor) to enter complex characters and symbols, such as Japanese or Chinese characters, by using a standard western keyboard. IMEs are not supported at the Preboot Security or HP Drive Encryption level. A Windows password - HP ProBook 6565b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 111
keyboard layout that is also supported, such as Latin American (080A), the password change will work in HP Drive Encryption, but it will fail in the BIOS if the user uses characters that exist in the latter but not in the former (for example, ē). NOTE: Administrators can resolve this problem - HP ProBook 6565b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 112
case and the shift key and caps lock key for upper case in BIOS Preboot Security and HP Drive Encryption. Numeric passwords must be entered using the numeric keypad. ● Korean When a user selects a supported Korean keyboard layout and then enters a password, the same password must be entered while - HP ProBook 6565b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 113
switches this IME to keyboard layout 411 when securing the BIOS and HP Drive Encryption with localized Japanese passwords. When available, Microsoft Office 2007 IME is a better choice. Despite the IME name, it is actually keyboard layout 411, which is supported. Special key handling 105 - HP ProBook 6565b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 114
supported keyboard for default input. 6. Restart HP ProtectTools, and then enter the password again. ● A user is using a character that is not supported. To resolve this issue: 1. Change the Windows password so that it uses only supported characters. Unsupported characters are listed in Special key - HP ProBook 6565b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 115
for restoring the information at a later date to the same computer or another one. biometric Category of authentication credentials that use a physical feature, such as a fingerprint, to identify a user. certification authority (CA) A service that issues the certificates required to run a public key - HP ProBook 6565b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 116
again at the Windows logon screen. DriveLock A security feature that links the hard drive to a user and requires the user to correctly type the DriveLock password when the computer starts up. emergency recovery archive A protected storage area that allows the reencryption of Basic User Keys from one - HP ProBook 6565b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 117
writing of random data over deleted assets to distort the contents of the deleted asset. group A group of users that have the same level of access or denial to a device class or a specific device. HP SpareKey A backup copy of the drive encryption key. ID card A Windows desktop gadget that serves to - HP ProBook 6565b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 118
and the signer's title can also be included. simple delete Deletion of the Windows reference to an asset. The asset content remains on the hard drive until obscuring data is written over it by free space bleaching. Single Sign On A feature that stores authentication information and allows you to use - HP ProBook 6565b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 119
token A security feature that works very much like a smart card and card reader. The token is saved either on the computer hard drive or in the Windows registry. When you log on with a virtual token, you are asked for a user PIN to complete the authentication. Windows administrator A user with full - HP ProBook 6565b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 120
service 82 backing up and restoring certification information 99 Embedded Security 99 backing up data 40 backing up encryption key 50 backing up HP ProtectTools credentials 12 backing up Privacy Manager Certificates and Trusted Contacts 66 basic user account 96 Basic User Key password changing - HP ProBook 6565b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 121
account 96 Basic User Key 96 Basic User Key password, changing 98 certification data, restoring 99 enabling TPM chip 94 encrypted e-mail 97 encrypting files and folders 97 initializing chip 95 migrating keys 101 owner password, changing 100 personal secure drive 97 resetting user password 100 setup - HP ProBook 6565b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 122
token 95 guidelines 12 HP ProtectTools 10 managing 10 owner 95 policies 9 resetting user 100 secure 12 password changes using different keyboard layouts 103 password exceptions 102 Password Manager 22, 27, 28 password rejected 106 password strength 31 personal secure drive (PSD) 97 preassigned - HP ProBook 6565b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 123
classes 90 updates 22 user allowing access 84 denying access 84 removing 86 V VeriSign Identity Protection (VIP) 32 viewing encrypted Microsoft Office document 65 sealed e-mail message 61 signed Microsoft Office document 64 viewing the log files 78 W Windows Logon password 10 wizard, HP ProtectTools - HP ProBook 6565b | HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 124
HP ProtectTools
Getting Started