Home » HP Manuals » Laptops » HP 8530w » Manual Viewer

HP 8530w HP ProtectTools - Windows Vista and Windows XP - Page 85

Troubleshooting, Credential Manager for HP ProtectTools

UPC - 884420318132

Add to My Manuals
Save this manual to your list of manuals

Page 85 highlights

9 Troubleshooting Credential Manager for HP ProtectTools Short description Details Solution Using the Credential Manager Network Accounts option, a user can select which domain account to log on to. When TPM authentication is used, this option is not available. All other authentication methods work properly. Using TPM authentication, the user is only logged on to the local computer. Using Credential Manager Single Sign On tools allows the user to authenticate other accounts. Smart cards and USB tokens are not available in Credential Manager if installed after the Credential Manager installation. In order to use smart cards or USB tokens in Credential Manager, the supporting software (drivers, PKCS#11 providers, etc.) must be installed prior to Credential Manager installation. If you already have the Credential Manager installed do the following steps after installing smart card or token supporting software: Log on to Credential Manager. In HP ProtectTools Security Manager, click Credential Manager, click Advanced Settings, and then click the Smart Cards and Tokens tab. A list of available tokens is displayed under Local Tokens. Access a popup menu by right-clicking the Local Tokens node, and then select Scan for New Smart Cards and Tokens. Restart your computer if prompted. Some application Web pages create errors that prevent the user from performing or completing tasks. Some Web-based applications stop functioning and report errors due to the disabling functionality pattern of Single Sign On. For example, an ! in a yellow triangle is observed in Internet Explorer, indicating an error has occurred. Credential Manager Single Sign On does not support all software Web interfaces. Disable Single Sign On support for the specific Web page by turning off Single Sign On support. See complete documentation on Single Sign On, which is available in the Credential Manager software Help files. If a specific Single Sign On cannot be disabled for a given application, call HP technical support and request 3rd-level support through your HP Service contact. The option to Browse for Virtual Token is not displayed during the logon process. The user cannot move the location of a registered virtual token in Credential Manager because the option to browse was removed to reduce security risks. The browse option was removed because it allowed non-users to delete and rename files and take control of Windows. Domain administrators cannot change Windows password even with authorization. This happens after a domain administrator logs on to a domain and registers the domain identity with Credential Manager using an account with Administrator's rights on the domain and the local PC. When the domain administrator attempts to change the Credential Manager cannot change a domain user's account password through Change Windows password. Credential Manager can only change the local PC account passwords. The domain user can change his/her password through the Change password option of Windows security, but since the domain user does not have a physical account on the Credential Manager for HP ProtectTools 79

Section	Page
Introduction to security	7
HP ProtectTools features	8
Accessing HP ProtectTools Security	10
Achieving key security objectives	12
Protecting against targeted theft	12
Restricting access to sensitive data	12
Preventing unauthorized access from internal or external locations	12
Creating strong password policies	13
Additional security elements	14
Assigning security roles	14
Managing HP ProtectTools passwords	14
Creating a secure password	16
Backing up and restoring HP ProtectTools credentials	16
Backing up credentials and settings	16
Credential Manager for HP ProtectTools	17
Setup procedures	17
Logging on to Credential Manager	17
Using the Credential Manager Logon Wizard	18
Registering credentials	18
Registering fingerprints	18
Setting up the fingerprint reader	19
Using your registered fingerprint to log on to Windows	19
Registering a Smart Card or Token	19
Registering other credentials	20
General tasks	21
Creating a virtual token	21
Changing the Windows logon password	21
Changing a token PIN	21
Locking the computer (workstation)	22
Using Windows Logon	22
Logging on to Windows with Credential Manager	22
Using Single Sign On	23
Registering a new application	23
Using automatic registration	23
Using manual (drag and drop) registration	24
Managing applications and credentials	24
Modifying application properties	24
Removing an application from Single Sign On	24
Exporting an application	24
Importing an application	25
Modifying credentials	25
Using Application Protection	26
Restricting access to an application	26
Removing protection from an application	26
Changing restriction settings for a protected application	27
Advanced tasks (administrator only)	28
Specifying how users and administrators log on	28
Configuring custom authentication requirements	29
Configuring credential properties	29
Configuring Credential Manager settings	30
Example 1—Using the “Advanced Settings” page to allow Windows logon from Credential Manager	30
Example 2—Using the “Advanced Settings” page to require user verification before Single Sign On	31
Drive Encryption for HP ProtectTools (select models only)	32
Setup procedures	32
Opening Drive Encryption	32
General tasks	33
Activating Drive Encryption	33
Deactivating Drive Encryption	33
Logging in after Drive Encryption is activated	33
Advanced tasks	34
Managing Drive Encryption (administrator task)	34
Activating a TPM-protected password (select models only)	34
Encrypting or decrypting individual drives	34
Backup and recovery (administrator task)	34
Creating backup keys	34
Registering for online recovery	35
Managing an existing online recovery account	36
Performing a recovery	36
Privacy Manager for HP ProtectTools (select models only)	38
Opening Privacy Manager	39
Setup procedures	40
Managing Privacy Manager Certificates	40
Requesting and installing a Privacy Manager Certificate	40
Requesting a Privacy Manager Certificate	40
Installing a Privacy Manager Certificate	40
Viewing Privacy Manager Certificate details	41
Renewing a Privacy Manager Certificate	41
Setting a default Privacy Manager Certificate	41
Deleting a Privacy Manager Certificate	41
Restoring a Privacy Manager Certificate	42
Revoking your Privacy Manager Certificate	42
Managing Trusted Contacts	42
Adding Trusted Contacts	43
Adding a Trusted Contact	43
Adding Trusted Contacts using your Microsoft Outlook address book	44
Viewing Trusted Contact details	44
Deleting a Trusted Contact	44
Checking revocation status for a Trusted Contact	45
General tasks	46
Using Privacy Manager in Microsoft Office	46
Using Privacy Manager in Microsoft Outlook	49
Using Privacy Manager in Windows Live Messenger	50
Advanced tasks	54
Migrating Privacy Manager Certificates and Trusted Contacts to a different computer	54
Exporting Privacy Manager Certificates and Trusted Contacts	54
Importing Privacy Manager Certificates and Trusted Contacts	54
File Sanitizer for HP ProtectTools	55
Setup procedures	56
Opening File Sanitizer	56
Setting a shred schedule	56
Setting a free space bleaching schedule	57
Selecting or creating a shred profile	57
Selecting a predefined shred profile	57
Customizing a shred profile	57
Customizing a simple delete profile	58
Setting a shred schedule	59
Setting a free space bleaching schedule	59
Selecting or creating a shred profile	60
Selecting a predefined shred profile	60
Customizing a shred profile	60
Customizing a simple delete profile	61
General tasks	62
Using a key sequence to initiate shredding	62
Using the File Sanitizer icon	62
Manually shredding one asset	62
Manually shredding all selected items	63
Manually activating free space bleaching	63
Aborting a shred or free space bleaching operation	63
Viewing the log files	64
BIOS Configuration for HP ProtectTools	65
General tasks	66
Accessing BIOS Configuration	66
Viewing or changing settings	67
Viewing system information	67
Advanced tasks	68
Setting security options	68
Setting system configuration options	69
Embedded Security for HP ProtectTools (select models only)	74
Setup procedures	75
Enabling the embedded security chip	75
Initializing the embedded security chip	76
Setting up the basic user account	76
General tasks	77
Using the Personal Secure Drive	77
Encrypting files and folders	77
Sending and receiving encrypted e-mail	77
Changing the Basic User Key password	78
Advanced tasks	78
Backing up and restoring	78
Creating a backup file	78
Restoring certification data from the backup file	78
Changing the owner password	79
Resetting a user password	79
Enabling and disabling Embedded Security	79
Permanently disabling Embedded Security	79
Enabling Embedded Security after permanent disable	79
Migrating keys with the Migration Wizard	80
Device Access Manager for HP ProtectTools (select models only)	81
Starting background service	81
Simple configuration	82
Device class configuration (advanced)	83
Adding a user or a group	83
Removing a user or a group	83
Denying access to a user or group	83
Allowing access to a device class for one user of a group	83
Allowing access to a specific device for one user of a group	84
Troubleshooting	85
Credential Manager for HP ProtectTools	85
Embedded Security for HP ProtectTools (select models only)	88
Device Access Manager for HP ProtectTools	94
Miscellaneous	95
Glossary	98

Match case Limit results 1 per page

Troubleshooting

Credential Manager for HP ProtectTools

Short description

Details

Solution

Using the Credential

Manager Network

Accounts option, a user

can select which domain

account to log on to. When

TPM authentication is

used, this option is not

available. All other

authentication methods

work properly.

Using TPM authentication, the user is

only logged on to the local computer.

Using Credential Manager Single Sign On tools allows

the user to authenticate other accounts.

Smart cards and USB

tokens are not available in

Credential Manager if

installed after the

Credential Manager

installation.

In order to use smart cards or USB

tokens in Credential Manager, the

supporting software (drivers, PKCS#11

providers, etc.) must be installed prior to

Credential Manager installation.

If you already have the Credential

Manager installed do the following steps

after installing smart card or token

supporting software:

Log on to Credential Manager.

In HP ProtectTools Security Manager, click

Credential

Manager

, click

Advanced Settings

, and then click the

Smart Cards and Tokens

tab. A list of available tokens

is displayed under Local Tokens.

Access a popup menu by right-clicking the Local

Tokens node, and then select Scan for New Smart

Cards and Tokens.

Restart your computer if prompted.

Some application Web

pages create errors that

prevent the user from

performing or completing

tasks.

Some Web-based applications stop

functioning and report errors due to the

disabling functionality pattern of Single

Sign On. For example, an

in a yellow

triangle is observed in Internet Explorer,

indicating an error has occurred.

Credential Manager Single Sign On does not support

all software Web interfaces. Disable Single Sign On

support for the specific Web page by turning off Single

Sign On support. See complete documentation on

Single Sign On, which is available in the Credential

Manager software Help files.

If a specific Single Sign On cannot be disabled for a

given application, call HP technical support and request

3rd-level support through your HP Service contact.

The option to

Browse for

Virtual Token

is not

displayed during the logon

process.

The user cannot move the location of a

registered virtual token in Credential

Manager because the option to browse

was removed to reduce security risks.

The browse option was removed because it allowed

non-users to delete and rename files and take control

of Windows.

Domain administrators

cannot change Windows

password even with

authorization.

This happens after a domain

administrator logs on to a domain and

registers the domain identity with

Credential Manager using an account

with Administrator's rights on the domain

and the local PC. When the domain

administrator attempts to change the

Credential Manager cannot change a domain user's

account password through

Change Windows

password

. Credential Manager can only change the

local PC account passwords. The domain user can

change his/her password through the

Change

password

option of

Windows security

, but since the

domain user does not have a physical account on the

Credential Manager for HP ProtectTools