HP Brio ba200 hp brio ba200, ba400, ba600, hp kayak xu800, xm600, ProtectTools - Page 50

CAUTION 4 Managing Security and Smart Cards Managing Security: Configuration Settings Selecting the option Nobody leaves no "back door" entry to that PC using a manual logon. This means that the administrator must have their smart card (and PIN) to gain access to the PC. Selecting the option Everybody means that the smart card provides little or no improvement to security. This setting is not recommended, except during a deployment phase. ; On card removal... This option tells the PC what to do when the smart card is removed from the reader. Default value: Lock workstation Potential security impact: High Implications: Value Security Level Provided Implications Continue Low Lock High workstation Nothing will happen when the smart card is removed from the reader - the user will still be logged on and the PC can be used as normal. In this case, the smart card is required only for logging on to the PC and, after that, it is no longer needed. The danger with this setting is that the user may forget to lock their PC, leaving access open to intruders. This setting is not recommended for normal or high security use. The PC automatically locks when the smart card is removed from the reader. In the Windows NT or Windows 2000 environment, the user will still be regarded as logged on, even though they are not accessing their PC. In this case, no other valid smart-card bearing user can access the PC. The previous user must insert their smart card, enter their PIN, then manually log off to allow another user to access that PC. (Alternatively, you can access the PC by using another smart card containing the same Windows NT account username and password, such as an administrator smart card created specially for this purpose.) 50