HP 5850 HP Protect Tools Guide - Page 60

Short description Details Solution This is true whether or not an Embedded Security TPM is installed. EFS does not require a password to view encrypted files in Windows 2000. If a user sets up the Embedded Security, logs on as an administrator, then logs off and back on as the administrator, the user can subsequently see files/folders in Windows 2000 without a password. This occurs only in the first administrator account on Windows 2000. If a secondary administrator account is being logged into, this does not occur. This is as designed. It is a feature of EFS in Windows 2000. EFS in Windows XP, by default, will not let the user open files/folders without a password. Software should not be installed on a restore with FAT32 partition. If the user attempts to restore the hard drive using FAT32, there will be no encrypt options for any files/folders using EFS. This is as designed. Microsoft EFS is supported only on NTFS and will not function on FAT32. This is a feature of Microsoft's EFS and is not related to HP ProtectTools software. Windows 2000 User can share to the network any PSD with the hidden ($) share. Windows 2000 User can share to the network any PSD with the hidden ($) share. The hidden share can be accessed over the network using the hidden ($) share. The PSD is not normally shared on the network, but it can be through the hidden ($) share in Windows 2000 only. HP recommends always having the built-in Administrator account password-protected. User is able to encrypt or delete the recovery archive XML file. By design, the ACLs for this folder is not set; therefore, a user can inadvertently or purposely encrypt or delete the file, making it inaccessible. Once this file has been encrypted or deleted, no one can use the TPM software. This is as designed. Users have access rights to an emergency archive in order to save/update their Basic User Key backup copy. Customers should adopt a 'best practices' security approach and instruct users never to encrypt or delete the recovery archive files. HP ProtectTools Embedded Security EFS interaction with Symantec Antivirus or Norton Antivirus produces longer encryption/decryption and scan times. Encrypted files interfere with Symantec Antivirus or Norton Antivirus 2005 virus scan. During the scan process, the Basic User password prompt asks the user for a password every 10 files or so. If the user does not enter a password, the Basic User password prompt times out, allowing NAV2005 to continue with the scan. Encrypting files using HP ProtectTools Embedded Security EFS takes longer when Symantec Antivirus or Norton Antivirus is running. To reduce the time required to scan HP ProtectTools Embedded Security EFS files, the user can either enter the encryption password before scanning or decrypt before scanning. To reduce the time required to encrypt/decrypt data using HP ProtectTools Embedded Security EFS, the user should disable Auto-Protect on Symantec Antivirus or Norton Antivirus. Cannot save emergency recovery archive to removable media. If the user inserts an MMC or SD card when creating the emergency recovery archive path during Embedded Security Initialization, an error message is displayed. This is as designed. Storage of the recovery archive on removable media is not supported. The recovery archive can be stored on a network drive or another local drive other than the C drive. Cannot encrypt any data in the Windows 2000 French (France) environment. There is no Encrypt selection when right-clicking a file icon. This is a Microsoft operating system limitation. If the locale is changed to anything else (French (Canada), for example), then the Encrypt selection will appear. To work around the problem, encrypt the file as follows: right-click the file icon and select Properties > Advanced > Encrypt Contents. 54 Chapter 8 Troubleshooting