HP 5850 HP Protect Tools Guide - Page 61

Short description Details Solution Errors occur after experiencing a power loss while taking ownership during the Embedded Security Initialization. If there is a power loss while initializing the Embedded Security chip, the following issues will occur: ● When attempting to launch the Embedded Security Initialization Wizard, the following error is displayed: The Embedded security cannot be initialized since the Embedded Security chip has already an Embedded Security owner. Perform the following procedure to recover from the power loss: NOTE: Use the Arrow keys to select various menus, menu items, and to change values (unless otherwise specified). 1. Start or restart the computer. 2. Press F10 when the F10=Setup message appears on screen (or as soon as the monitor LED turns green). ● When attempting to launch the User 3. Select the appropriate language option. Initialization Wizard, the following error is displayed: The Embedded 4. Press Enter. security is not initialized. To use the wizard, the Embedded 5. Select Security > Embedded Security. Security must be initialized first. 6. Set the Embedded Security Device option to Enable. 7. Press F10 to accept the change. 8. Select File > Save Changes and Exit. 9. Press ENTER. 10. Press F10 to save the changes and exit the F10 Setup utility. Computer Setup (F10) Utility password can be removed after enabling TPM Module. Enabling the TPM module requires a Computer Setup (F10) Utility password. Once the module has been enabled, the user can remove the password. This allows anyone with direct access to the system to reset the TPM module and cause possible loss of data. This is as designed. The Computer Setup (F10) Utility password can only be removed by a user who knows the password. However, HP strongly recommends having the Computer Setup (F10) Utility password protected at all times. The PSD password box is no longer displayed when the system becomes active after Standby status When a user logs on the system after creating a PSD, the TPM asks for the Basic User password. If the user does not enter the password and the system goes into Standby, the password dialog box is no longer available when the user resumes. This is by design. The user has to log off and back on to view the PSD password box again. No password required to change the Security Platform Policies. Access to Security Platform Policies (both Machine and User) does not require a TPM password for users who have administrative rights on the system. This is by design. Any administrator can modify the Security Platform Policies with or without TPM user initialization. Microsoft EFS does not fully work in Windows 2000. An administrator can access encrypted information on the system without knowing the correct password. If the administrator enters an incorrect password or cancels the password dialog, the encrypted file will open as if the administrator had entered the correct password. This happens regardless of the security settings used when encrypting the data. This occurs only in the first administrator account on Windows 2000. The Data Recovery Policy is automatically configured to designate an administrator as a recovery agent. When a user key cannot be retrieved (as in the case of entering the wrong password or canceling the Enter Password dialog), the file is automatically decrypted with a recovery key. This is due to the Microsoft EFS. Please refer to Microsoft Knowledge Base Technical Article Q257705 at http://www.microsoft.com for more information. The documents cannot be opened by a nonadministrator user When viewing a certificate, it shows as non-trusted. After setting up HP ProtectTools and running the User Initialization Wizard, the user has the ability to view the certificate issued; however, when viewing the Self-signed certificates are not trusted. In a properly configured enterprise environment, EFS certificates are issued by online Certification Authorities and are trusted. Embedded Security for HP ProtectTools 55