HP Brio ba200 hp brio ba200, ba400, ba600, hp kayak xu800, xm600, ProtectTools - Page 49

4 Managing Security and Smart Cards Managing Security: Configuration Settings Windows NT 4.0 Windows 2000 Win NT-Logon Policies Options To see these options, click the Win NT tab in the Smart Card Security Manager, click the Options... button then the Policies tab. ; Manual logon for... This option allows you to decide who, if anyone, can log on to the PC by pressing Ctrl + Alt + Del and entering their usual Windows password. The manual logon can only be performed when no one else is logged on to the PC and the smart card has been removed from the reader at startup. Default value: Administrators Potential security impact: High Implications: Value Security Level Provided Implications Administrators Medium Nobody High Everybody Low The PC can be accessed in two ways only: with a correct smart card and PIN, or with the administrator password. This setting is recommended since it allows a "back door" entry onto the PC. A back door entry makes it easy for the administrator to gain access to the PC (with the administrator password), without needing a valid smart card. The PC can only be accessed with a correct smart card and PIN. This setting is recommended for very high security environments. Using this option ensures that only bearers of a smart card and the correct pin (administrator included) can gain access to the system. This option leaves no "back door entry" (see above): access can only be obtained with a valid smart card. If you use this option, it is strongly recommended that you have valid, up to date backup smart cards stored in a safe place, and ready for use. Any valid Windows user can log on to the PC manually. Essentially, this means that the user does not need a smart card to get access to the PC. With this setting, the smart card provides little or no improvement to security. This setting is not recommended. It could however be useful during the deployment phase. 49