HP 5850 HP Protect Tools Guide - Page 61

Save Changes and Exit, Embedded Security Device

Page 61 highlights

Short description Details Solution Errors occur after experiencing a power loss while taking ownership during the Embedded Security Initialization. If there is a power loss while initializing the Embedded Security chip, the following issues will occur: ● When attempting to launch the Embedded Security Initialization Wizard, the following error is displayed: The Embedded security cannot be initialized since the Embedded Security chip has already an Embedded Security owner. Perform the following procedure to recover from the power loss: NOTE: Use the Arrow keys to select various menus, menu items, and to change values (unless otherwise specified). 1. Start or restart the computer. 2. Press F10 when the F10=Setup message appears on screen (or as soon as the monitor LED turns green). ● When attempting to launch the User 3. Select the appropriate language option. Initialization Wizard, the following error is displayed: The Embedded 4. Press Enter. security is not initialized. To use the wizard, the Embedded 5. Select Security > Embedded Security. Security must be initialized first. 6. Set the Embedded Security Device option to Enable. 7. Press F10 to accept the change. 8. Select File > Save Changes and Exit. 9. Press ENTER. 10. Press F10 to save the changes and exit the F10 Setup utility. Computer Setup (F10) Utility password can be removed after enabling TPM Module. Enabling the TPM module requires a Computer Setup (F10) Utility password. Once the module has been enabled, the user can remove the password. This allows anyone with direct access to the system to reset the TPM module and cause possible loss of data. This is as designed. The Computer Setup (F10) Utility password can only be removed by a user who knows the password. However, HP strongly recommends having the Computer Setup (F10) Utility password protected at all times. The PSD password box is no longer displayed when the system becomes active after Standby status When a user logs on the system after creating a PSD, the TPM asks for the Basic User password. If the user does not enter the password and the system goes into Standby, the password dialog box is no longer available when the user resumes. This is by design. The user has to log off and back on to view the PSD password box again. No password required to change the Security Platform Policies. Access to Security Platform Policies (both Machine and User) does not require a TPM password for users who have administrative rights on the system. This is by design. Any administrator can modify the Security Platform Policies with or without TPM user initialization. Microsoft EFS does not fully work in Windows 2000. An administrator can access encrypted information on the system without knowing the correct password. If the administrator enters an incorrect password or cancels the password dialog, the encrypted file will open as if the administrator had entered the correct password. This happens regardless of the security settings used when encrypting the data. This occurs only in the first administrator account on Windows 2000. The Data Recovery Policy is automatically configured to designate an administrator as a recovery agent. When a user key cannot be retrieved (as in the case of entering the wrong password or canceling the Enter Password dialog), the file is automatically decrypted with a recovery key. This is due to the Microsoft EFS. Please refer to Microsoft Knowledge Base Technical Article Q257705 at http://www.microsoft.com for more information. The documents cannot be opened by a nonadministrator user When viewing a certificate, it shows as non-trusted. After setting up HP ProtectTools and running the User Initialization Wizard, the user has the ability to view the certificate issued; however, when viewing the Self-signed certificates are not trusted. In a properly configured enterprise environment, EFS certificates are issued by online Certification Authorities and are trusted. Embedded Security for HP ProtectTools 55

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72

Short description
Details
Solution
Errors occur after
experiencing a power loss
while taking ownership
during the Embedded
Security Initialization.
If there is a power loss while initializing
the Embedded Security chip, the
following issues will occur:
When attempting to launch the
Embedded Security Initialization
Wizard, the following error is
displayed:
The Embedded
security cannot be initialized
since the Embedded Security
chip has already an Embedded
Security owner.
When attempting to launch the User
Initialization Wizard, the following
error is displayed:
The Embedded
security is not initialized. To use
the wizard, the Embedded
Security must be initialized first.
Perform the following procedure to recover from the
power loss:
NOTE:
Use the Arrow keys to select various menus,
menu items, and to change values (unless otherwise
specified).
1.
Start or restart the computer.
2.
Press
F10
when the
F10=Setup
message
appears on screen (or as soon as the monitor LED
turns green).
3.
Select the appropriate language option.
4.
Press
Enter
.
5.
Select
Security
>
Embedded Security
.
6.
Set the
Embedded Security Device
option to
Enable
.
7.
Press
F10
to accept the change.
8.
Select
File
>
Save Changes and Exit
.
9.
Press
ENTER
.
10.
Press
F10
to save the changes and exit the F10
Setup utility.
Computer Setup (F10)
Utility password can be
removed after enabling
TPM Module.
Enabling the TPM module requires a
Computer Setup (F10) Utility password.
Once the module has been enabled, the
user can remove the password. This
allows anyone with direct access to the
system to reset the TPM module and
cause possible loss of data.
This is as designed.
The Computer Setup (F10) Utility password can only be
removed by a user who knows the password. However,
HP strongly recommends having the Computer Setup
(F10) Utility password protected at all times.
The PSD password box is
no longer displayed when
the system becomes
active after Standby status
When a user logs on the system after
creating a PSD, the TPM asks for the
Basic User password. If the user does
not enter the password and the system
goes into Standby, the password dialog
box is no longer available when the user
resumes.
This is by design.
The user has to log off and back on to view the PSD
password box again.
No password required to
change the Security
Platform Policies.
Access to Security Platform Policies
(both Machine and User) does not
require a TPM password for users who
have administrative rights on the system.
This is by design.
Any administrator can modify the Security Platform
Policies with or without TPM user initialization.
Microsoft EFS does not
fully work in Windows
2000.
An administrator can access encrypted
information on the system without
knowing the correct password. If the
administrator enters an incorrect
password or cancels the password
dialog, the encrypted file will open as if
the administrator had entered the correct
password. This happens regardless of
the security settings used when
encrypting the data. This occurs only in
the first administrator account on
Windows 2000.
The Data Recovery Policy is automatically configured
to designate an administrator as a recovery agent.
When a user key cannot be retrieved (as in the case of
entering the wrong password or canceling the Enter
Password dialog), the file is automatically decrypted
with a recovery key.
This is due to the Microsoft EFS. Please refer to
Microsoft Knowledge Base Technical Article Q257705
at
for more information.
The documents cannot be opened by a non-
administrator user
When viewing a
certificate, it shows as
non-trusted.
After setting up HP ProtectTools and
running the User Initialization Wizard, the
user has the ability to view the certificate
issued; however, when viewing the
Self-signed certificates are not trusted. In a properly
configured enterprise environment, EFS certificates are
issued by online Certification Authorities and are
trusted.
Embedded Security for HP ProtectTools
55