HP Brio ba200 hp brio ba200, ba400, ba600, hp kayak xu800, xm600, ProtectTools - Page 51

51

4

Managing Security and Smart Cards

Managing Security: Configuration Settings

Security reader...

This option allows you to select the default smart card reader, for use if

more than one reader is attached.

For example, if you are the system administrator, it may be useful to

have two readers connected to your PC. You can use the first reader for

securing access to your PC (with the

On card removal

option set to

Lock workstation

,

Logoff

or

Force Logoff

), and a second reader

for smart card management (that is, initializing smart cards for users,

managing account information on user smart cards, and so on).

To do this, select the reader you want to use for accessing your PC in

the

Security reader

option, and select the reader you want to use

for user smart card management in the

Smart Card Reader

option of

the

General

page.

You can use a single reader for both securing access to your PC and

smart card management; however, you must set

On card removal

to

Continue

(refer to page 50). This will allow you to remove your own

smart card after logging on, then insert a user smart card for

initialization or modification.

Potential security impact: None

Logoff

Medium

The PC automatically logs off the user when the smart card is removed from

the reader. Another valid smart-card bearing user can then access the PC.

If there are any open applications with unsaved data when the smart card is

removed, the user will be prompted to save the data before the PC logs off.

This, however, can be a security weak point: if the user forgets or does not

see the

“

Save data?

”

dialog box (or if the user presses the Cancel button at

this point), then the PC will continue to work as normal, leaving it open to

intruders.

Force logoff

High

The PC automatically logs off the user when the smart card is removed from

the reader. Another valid smart-card bearing user can then access the PC.

However, if there are any open applications with unsaved data when the

smart card is removed, then all this data will be lost. Although the user can

lose data, this option is more secure than the Logoff option above, since the

PC cannot be unintentionally left accessible when the smart card is removed.

This is ideal for shared PCs with high security requirements.

Value

Security Level

Provided

Implications

;

Section	Page
1 Introduction to HP ProtectTools 2000	11
Introduction	12
What is a Smart Card?	12
Smart Card Kit Contents	12
GemSAFE Smart Cards	13
PIN Numbers	13
Before You Begin	15
System Requirements (HP Desktop PCs)	15
System Requirements (OmniBook Notebook PCs)	15
Software Compatibility for PCs Running Windows NT 4.0	16
Features of HP ProtectTools 2000	17
Features on Desktop PCs	17
Features on OmniBook Notebook PCs	17
Contents of the HP ProtectTools 2000 CD-ROM	18
2 Installing HP ProtectTools 2000 Software	21
Before Installing the Software	22
Software Installation Procedure	23
Preparing a PC Running Windows NT 4.0 (HP Desktop PCs)	23
Preparing a PC Running Windows NT 4.0 (HP Notebook PCs)	24
Installing the Drivers, Software and Reader (HP Desktop PCs)	25
Installing the Drivers, Software and Reader (HP Notebook PCs)	27
Installation on Windows 95 and Windows 98 Systems	27
Installation on Windows 2000 Systems	27
Installation on Windows NT 4.0 Systems	28
Installing Optional Items	29
Install Top Tools	29
Install Acrobat Reader	29
Deploying ProtectTools 2000 Using a Network	31
Remote Installation Using a Deployment Tool	31
Automatic Installation of ProtectTools 2000	31
Microsoft Windows NT 4.0 Service Pack 6a	32
Microsoft Smart Card Base Components	32
HP Smart Card Reader Driver, HP Smart Card Security System, HP Smart Card Diagnostics, and HP NTL...	32
HP Soft PowerDown	32
HP TopTools for Desktops Agent	33
Uninstalling HP ProtectTools 2000	33
Uninstalling HP NTLock	33
Uninstalling HP Soft PowerDown	34
3 Setting up HP ProtectTools 2000	35
Preparing a Smart Card for Use: Overview	36
Initializing a Smart Card	37
Updating the PC’s BIOS (OmniBooks Only)	38
Enabling BIOS Smart Card Security (OmniBooks Only)	39
Setting Up a BIOS User Password Card	39
Setting Up Folder Encryption on Your PC	40
Creating a Recovery File	41
4 Managing Security and Smart Cards	43
The HP Smart Card Security Manager	44
For Windows NT 4.0 and Windows 2000 Users	44
For Windows 95 and Windows 98 Users	45
Running the HP Smart Card Security Manager	46
Accessing the Online Help	46
Managing Security: Configuration Settings	47
Smart Card–Allow Initialization Option	47
Beep on Smart Card Removal Option	48
Win NT–Logon Policies Options	49
Manual logon for...	49
On card removal...	50
Security reader...	51
Make screen saver secure	52
Allow unauthenticated shutdown	52
Display smart card owner’s name on logon banner	53
Display last username on logon prompt	53
Win NT–Logon Text Configuration Options	54
Win NT–Logon Power Management Options	54
Account Policies	55
BIOS Password Options (OmniBooks Only)	57
Win 95/98 Options	58
Customizing Security For Your Installed Base of PCs	59
Managing Smart Cards	61
Using Smart Cards under Windows NT and Windows 2000	62
Initializing Further Smart Cards	63
Changing a Smart Card’s PIN	63
Restoring a Smart Card from a Recovery File	64
Restoring a Smart Card Without the Recovery File	65
Adding an Account to a Smart Card (Windows NT/Windows 2000)	65
Removing an Account (Windows NT/Windows 2000)	66
Changing an Account Password (Windows NT/Windows 2000)	66
HP TopTools	67
5 Troubleshooting	69
Smart Card Troubleshooting Help Zone	70
If You Disconnect the Smart Card Reader	70
If the PC Freezes After You Restart It	70
If the Smart Card’s Password is Not Up To Date	70
Wait for Service	71
Troubleshooting Table	72
HP Smart Card Diagnostics Tool	75
Diagnostics Online Help	75
Using HP Smart Card Diagnostics	75

HP Brio ba200 hp brio ba200, ba400, ba600, hp kayak xu800, xm600, ProtectTools - Page 51

Security reader..., for user smart card management in

Page 51 highlights