Home » HP Manuals » Laptops » HP 6910p » Manual Viewer

HP 6910p ProtectTools - Windows Vista and Windows XP - Page 12

Additional security elements, Assigning security roles, Managing HP ProtectTools passwords - biometric

UPC - 883585172306

Add to My Manuals
Save this manual to your list of manuals

Page 12 highlights

Additional security elements Assigning security roles In managing computer security (particularly for large organizations), one important practice is to divide responsibilities and rights among various types of administrators and users. NOTE: In a small organization or for individual use, these roles may all be held by the same person. For HP ProtectTools, the security duties and privileges can be divided into the following roles: ● Security officer-Defines the security level for the company or network and determines the security features to deploy, such as Java™ Cards, biometric readers, or USB tokens. NOTE: Many of the features in HP ProtectTools can be customized by the security officer in cooperation with HP. For more information, see the HP Web site at http://www.hp.com. ● IT administrator-Applies and manages the security features defined by the security officer. Can also enable and disable some features. For example, if the security officer has decided to deploy Java Cards, the IT administrator can enable Java Card BIOS security mode. ● User-Uses the security features. For example, if the security officer and IT administrator have enabled Java Cards for the system, the user can set the Java Card PIN and use the card for authentication. Managing HP ProtectTools passwords Most of the HP ProtectTools Security Manager features are secured by passwords. The following table lists the commonly used passwords, the software module where the password is set, and the password function. The passwords that are set and used by IT administrators only are indicated in this table as well. All other passwords may be set by regular users or administrators. HP ProtectTools password Set in this HP ProtectTools Function module Credential Manager logon password Credential Manager Credential Manager recovery file Credential Manager, by IT password administrator This password offers 2 options: ● It can be used in a separate logon to access Credential Manager after logging on to Windows. ● It can be used in place of the Windows logon process, allowing access to Windows and Credential Manager simultaneously. Protects access to the Credential Manager recovery file. Basic User Key password Embedded Security NOTE: Also known as: Embedded Security password Used to access Embedded Security features, such as secure e-mail, file, and folder encryption. When used for power-on authentication, also protects access to the computer contents when the computer is 6 Chapter 1 Introduction to security ENWW

Section	Page
Introduction to security	7
HP ProtectTools features	8
Accessing HP ProtectTools Security	9
Achieving key security objectives	10
Protecting against targeted theft	10
Restricting access to sensitive data	10
Preventing unauthorized access from internal or external locations	11
Creating strong password policies	11
Additional security elements	12
Assigning security roles	12
Managing HP ProtectTools passwords	12
Creating a secure password	14
HP ProtectTools Backup and Restore	14
Backing up credentials and settings	14
Restoring credentials	16
Configuring settings	16
Credential Manager for HP ProtectTools	17
Setup procedures	18
Logging on to Credential Manger	18
Using the Credential Manager Logon Wizard	18
Logging on for the first time	19
Registering credentials	19
Registering fingerprints	19
Setting up the fingerprint reader	20
Using your registered fingerprint to log on to Windows	20
Registering a Java Card, USB eToken, or virtual token	20
Registering a USB eToken	20
Registering other credentials	20
General tasks	21
Creating a virtual token	21
Changing the Windows logon password	21
Changing a token PIN	21
Managing identity	22
Clearing an identity from the system	22
Locking the computer	23
Using Windows Logon	23
Logging on to Windows with Credential Manager	23
Adding an account	24
Removing an account	24
Using Single Sign On	24
Registering a new application	24
Using automatic registration	24
Using manual (drag and drop) registration	25
Managing applications and credentials	25
Modifying application properties	25
Removing an application from Single Sign On	25
Exporting an application	26
Importing an application	26
Modifying credentials	26
Using Application Protection	27
Restricting access to an application	27
Removing protection from an application	27
Changing restriction settings for a protected application	28
Advanced tasks (administrator only)	29
Specifying how users and administrators log on	29
Configuring custom authentication requirements	30
Configuring credential properties	30
Configuring Credential Manager settings	31
Example 1—Using the “Advanced Settings” page to allow Windows logon from Credential Manager	31
Example 2—Using the “Advanced Settings” page to require user verification before Single Sign On	32
Embedded Security for HP ProtectTools	33
Setup procedures	34
Enabling the embedded security chip	34
Initializing the embedded security chip	35
Setting up the basic user account	36
General tasks	37
Using the Personal Secure Drive	37
Encrypting files and folders	37
Sending and receiving encrypted e-mail	37
Changing the Basic User Key password	38
Advanced tasks	39
Backing up and restoring	39
Creating a backup file	39
Restoring certification data from the backup file	39
Changing the owner password	40
Resetting a user password	40
Enabling and disabling Embedded Security	40
Permanently disabling Embedded Security	40
Enabling Embedded Security after permanent disable	40
Migrating keys with the Migration Wizard	41
Java Card Security for HP ProtectTools	43
General tasks	44
Changing a Java Card PIN	44
Selecting the card reader	44
Advanced tasks (administrators only)	45
Assigning a Java Card PIN	45
Assigning a name to a Java Card	46
Setting power-on authentication	46
Enabling Java Card power-on authentication and creating an administrator Java Card	47
Creating a user Java Card	48
Disabling Java Card power-on authentication	48
BIOS Configuration for HP ProtectTools	49
General tasks	50
Managing boot options	50
Enabling and disabling system configuration options	51
Advanced tasks	53
Managing HP ProtectTools add-on module settings	53
Enabling and disabling smart card power-on authentication support	53
Enabling and disabling power-on authentication support for Embedded Security	54
Enabling and disabling Automatic DriveLock hard drive protection	55
Managing Computer Setup passwords	55
Setting the power-on password	56
Changing the power-on password	56
Setting the setup password	56
Changing the setup password	57
Setting password options	57
Enabling and disabling stringent security	57
Enabling and disabling power-on authentication on Windows restart	57
Device Access Manager for HP ProtectTools	59
Starting background service	60
Simple configuration	61
Device class configuration (advanced)	62
Adding a user or a group	62
Removing a user or a group	62
Denying access to a user or group	62
Allowing access to a device class for one user of a group	62
Allowing access to a specific device for one user of a group	63
Drive Encryption for HP ProtectTools	65
Encryption management	66
User management	67
Recovery	68
Troubleshooting	69
Credential Manager for HP ProtectTools	69
Embedded Security for HP ProtectTools	72
Device Access Manager for HP ProtectTools	78
Miscellaneous	79
Glossary	83

Match case Limit results 1 per page

Additional security elements

Assigning security roles

In managing computer security (particularly for large organizations), one important practice is to divide

responsibilities and rights among various types of administrators and users.

NOTE:

In a small organization or for individual use, these roles may all be held by the same

person.

For HP ProtectTools, the security duties and privileges can be divided into the following roles:

●

Security officer—Defines the security level for the company or network and determines the security

features to deploy, such as Java™ Cards, biometric readers, or USB tokens.

NOTE:

Many of the features in HP ProtectTools can be customized by the security officer

in cooperation with HP. For more information, see the HP Web site at

http://www.hp.com

●

IT administrator—Applies and manages the security features defined by the security officer. Can

also enable and disable some features. For example, if the security officer has decided to deploy

Java Cards, the IT administrator can enable Java Card BIOS security mode.

●

User—Uses the security features. For example, if the security officer and IT administrator have

enabled Java Cards for the system, the user can set the Java Card PIN and use the card for

authentication.

Managing HP ProtectTools passwords

Most of the HP ProtectTools Security Manager features are secured by passwords. The following table

lists the commonly used passwords, the software module where the password is set, and the password

function.

The passwords that are set and used by IT administrators only are indicated in this table as well. All

other passwords may be set by regular users or administrators.

HP ProtectTools password

Set in this HP ProtectTools

module

Function

Credential Manager logon

password

Credential Manager

This password offers 2 options:

●

It can be used in a separate logon to

access Credential Manager after

logging on to Windows.

●

It can be used in place of the Windows

logon process, allowing access to

Windows and Credential Manager

simultaneously.

Credential Manager recovery file

password

Credential Manager, by IT

administrator

Protects access to the Credential Manager

recovery file.

Basic User Key password

NOTE:

Also known as:

Embedded Security

password

Embedded Security

Used to access Embedded Security

features, such as secure e-mail, file, and

folder encryption. When used for power-on

authentication, also protects access to the

computer contents when the computer is

Chapter 1

Introduction to security

ENWW