Home » HP Manuals » Laptops » HP EliteBook 8470p » Manual Viewer

HP EliteBook 8470p HP ProtectTools Getting Started - Page 19

Additional security elements, Assigning security roles, Managing HP ProtectTools passwords, CAUTION

Add to My Manuals
Save this manual to your list of manuals

Page 19 highlights

Additional security elements Assigning security roles In managing computer security (particularly for large organizations), one important practice is to divide responsibilities and rights among various types of administrators and users. NOTE: In a small organization or for individual use, these roles may all be held by the same person. For HP ProtectTools, the security duties and privileges can be divided into the following roles: ● Security officer-Defines the security level for the company or network and determines the security features to deploy, such as Drive Encryption or Embedded Security. NOTE: Many of the features in HP ProtectTools can be customized by the security officer in cooperation with HP. For more information, go to http://www.hp.com. ● IT administrator-Applies and manages the security features defined by the security officer. Can also enable and disable some features. For example, if the security officer has decided to deploy smart cards, the IT administrator can enable both password and smart card mode. ● User-Uses the security features. For example, if the security officer and IT administrator have enabled smart cards for the system, the user can set the smart card PIN and use the card for authentication. CAUTION: Administrators are encouraged to follow "best practices" in restricting end-user privileges and restricting user access. Unauthorized users should not be granted administrative privileges. Managing HP ProtectTools passwords Most of the HP ProtectTools Security Manager features are secured by passwords. The following table lists the commonly used passwords, the software module where the password is set, and the password function. The passwords that are set and used by IT administrators only are indicated in this table as well. All other passwords may be set by regular users or administrators. HP ProtectTools password Windows Logon password Security Manager Backup and Recovery password Smart card PIN Set in the following module Function Windows® Control Panel or Can be used for manual logon and for HP ProtectTools Security authentication to access various Security Manager Manager features. Security Manager, by individual user Protects access to the Security Manager Backup and Recovery file. Credential Manager Can be used as multifactor authentication. Can be used as Windows authentication. Authenticates users of Drive Encryption, if the smart card is selected. Additional security elements 9

Section	Page
Introduction to security	11
HP ProtectTools features	12
HP ProtectTools security product description and common use examples	14
Password Manager	14
Embedded Security for HP ProtectTools (select models only)	14
Drive Encryption for HP ProtectTools (select models only)	15
File Sanitizer for HP ProtectTools (select models only)	15
Device Access Manager for HP ProtectTools (select models only)	16
Privacy Manager for HP ProtectTools (select models only)	16
Computrace for HP ProtectTools (formerly LoJack Pro) (purchased separately)	16
Achieving key security objectives	17
Protecting against targeted theft	17
Restricting access to sensitive data	18
Preventing unauthorized access from internal or external locations	18
Creating strong password policies	18
Additional security elements	19
Assigning security roles	19
Managing HP ProtectTools passwords	19
Creating a secure password	20
Backing up credentials and settings	21
Getting started with the Setup Wizard	23
Easy Setup Guide for Small Business	25
Getting started	26
Password Manager	27
Viewing and managing the saved authentications in Password Manager	27
File Sanitizer for HP ProtectTools	28
Device Access Manager for HP ProtectTools	29
Drive Encryption for HP ProtectTools	30
HP ProtectTools Security Manager Administrative Console	31
Opening HP ProtectTools Administrative Console	32
Using Administrative Console	32
Configuring your system	33
Setting up authentication for your computer	33
Logon Policy	33
Session Policy	34
Settings	34
Managing users	34
Credentials	35
SpareKey	35
Fingerprints	35
Face	36
Smart card	36
Initializing the smart card	36
Registering the smart card	37
Configuring the smart card	38
Contactless card	38
Proximity card	38
Bluetooth	38
PIN	39
Applications	39
General tab	39
Applications tab	39
Antimalware Central	40
Data	40
Computer	40
Communications	41
Central Management	41
HP ProtectTools Security Manager	43
Opening Security Manager	43
Using the Security Manager dashboard	44
Your personal ID card	45
Security Applications Status	45
My Logons	46
Password Manager	46
For Web pages or programs where a logon has not yet been created	47
For Web pages or programs where a logon has already been created	47
Adding logons	47
Editing logons	49
Using the Password Manager Quick Links menu	49
Organizing logons into categories	49
Managing your logons	50
Assessing your password strength	51
Password Manager icon settings	51
Settings	52
DigitalPass	52
Credential Manager	53
Changing your Windows password	53
Setting up your SpareKey	53
Enrolling your fingerprints	54
Enrolling scenes for face logon	54
Authentication	55
Dark mode	56
Learning	56
Deleting a scene	56
Advanced User Settings	56
Setting up a smart card	56
Initializing the smart card	57
Registering the smart card	57
Changing the smart card PIN	57
Contactless card	57
Proximity card	57
Bluetooth	58
PIN	58
Antimalware Central	58
Administration	58
Central Management	59
Advanced	59
Setting your preferences	59
Backing up and restoring your data	60
Drive Encryption for HP ProtectTools (select models only)	63
Opening Drive Encryption	64
General tasks	64
Activating Drive Encryption for standard hard drives	64
Activating Drive Encryption for self-encrypting drives	65
Deactivating Drive Encryption	66
Logging in after Drive Encryption is activated	67
Protect your data by encrypting your hard drive	68
Displaying encryption status	68
Advanced tasks	69
Managing Drive Encryption (administrator task)	69
Using Enhanced Security with TPM (select models only)	70
Encrypting or decrypting individual drive partitions (software encryption only)	71
Performing an HP SpareKey Recovery	71
Backup and recovery (administrator task)	71
Backing up encryption keys	71
Recovering access to an activated computer using backup keys	72
Recovering encryption keys	73
Privacy Manager for HP ProtectTools (select models only)	75
Opening Privacy Manager	75
Setup procedures	76
Managing Privacy Manager Certificates	76
Installing a Privacy Manager Certificate	76
Requesting a Privacy Manager Certificate	76
Obtaining a preassigned Corporate Privacy Manager Certificate	77
Setting up a Privacy Manager Certificate	77
Importing a third-party certificate	77
Viewing Privacy Manager Certificate details	78
Renewing a Privacy Manager Certificate	78
Setting a default Privacy Manager Certificate	78
Deleting a Privacy Manager Certificate	79
Restoring a Privacy Manager Certificate	79
Revoking your Privacy Manager Certificate	79
Managing Trusted Contacts	80
Adding Trusted Contacts	80
Adding a Trusted Contact	80
Adding Trusted Contacts using Microsoft Outlook contacts	81
Viewing Trusted Contact details	82
Deleting a Trusted Contact	82
Checking revocation status for a Trusted Contact	82
General tasks	83
Using Privacy Manager in Microsoft Outlook	83
Configuring Privacy Manager for Microsoft Outlook	83
Signing and sending an email message	83
Sealing and sending an email message	84
Viewing a sealed email message	84
Using Privacy Manager in a Microsoft Office document	84
Configuring Privacy Manager for Microsoft Office	85
Signing a Microsoft Office document	85
Adding a signature line when signing a Microsoft Word or Microsoft Excel document	85
Adding suggested signers to a Microsoft Word or Microsoft Excel document	85
Adding a suggested signer's signature line	86
Encrypting a Microsoft Office document	86
Removing encryption from a Microsoft Office document	87
Sending an encrypted Microsoft Office document	87
Viewing a signed Microsoft Office document	87
Viewing an encrypted Microsoft Office document	88
Advanced tasks	88
Migrating Privacy Manager Certificates and Trusted Contacts to a different computer	88
Backing up Privacy Manager Certificates and Trusted Contacts	88
Restoring Privacy Manager Certificates and Trusted Contacts	88
Central administration of Privacy Manager	89
File Sanitizer for HP ProtectTools (select models only)	91
Shredding	91
Free space bleaching	91
Opening File Sanitizer	92
Setup procedures	92
Setting a shred schedule	92
Setting a free space bleaching schedule	93
Selecting or creating a shred profile	93
Selecting a predefined shred profile	93
Customizing a shred profile	94
Customizing a simple delete profile	95
General tasks	96
Using a key sequence to initiate shredding	96
Using the File Sanitizer icon	97
Manually shredding one asset	97
Manually shredding all selected items	97
Manually activating free space bleaching	98
Aborting a shred or free space bleaching operation	98
Viewing the log files	98
Device Access Manager for HP ProtectTools (select models only)	99
Opening Device Access Manager	99
Setup Procedures	100
Configuring device access	100
Simple Configuration	100
Starting the background service	101
Device Class Configuration	101
Denying access to a user or group	103
Allowing access for a user or a group	103
Allowing access to a class of devices for one user of a group	104
Allowing access to a specific device for one user of a group	104
Removing settings for a user or a group	105
Resetting the configuration	105
JITA Configuration	105
Creating a JITA for a user or group	106
Creating an extendable JITA for a user or group	106
Disabling a JITA for a user or group	107
Advanced Settings	108
Device Administrators group	108
eSATA Device Support	109
Unmanaged Device Classes	109
Theft recovery (select models only)	111
Embedded Security for HP ProtectTools (select models only)	113
Setup procedures	113
Enabling the embedded security chip in Computer Setup	113
Initializing the embedded security chip	114
Setting up the basic user account	114
General tasks	115
Using the personal secure drive	115
Encrypting files and folders	115
Sending and receiving encrypted email	116
Changing the Basic User Key password	116
Advanced tasks	116
Backing up and restoring	116
Creating a backup file	116
Restoring certification data from the backup file	117
Changing the owner password	117
Resetting a user password	117
Migrating keys with the Migration Wizard	117
Localized password exceptions	119
Windows IMEs not supported at the Preboot Security level or the HP Drive Encryption level	119
Password changes using keyboard layout that is also supported	120
Special key handling	121
What to do when a password is rejected	123
Related documentation	125
Glossary	127

Match case Limit results 1 per page

Additional security elements

Assigning security roles

In managing computer security (particularly for large organizations), one important practice is to

divide responsibilities and rights among various types of administrators and users.

NOTE:

In a small organization or for individual use, these roles may all be held by the same person.

For HP ProtectTools, the security duties and privileges can be divided into the following roles:

●

Security officer—Defines the security level for the company or network and determines the

security features to deploy, such as Drive Encryption or Embedded Security.

NOTE:

Many of the features in HP ProtectTools can be customized by the security officer in

cooperation with HP. For more information, go to

http://www.hp.com

●

IT administrator—Applies and manages the security features defined by the security officer. Can

also enable and disable some features. For example, if the security officer has decided to deploy

smart cards, the IT administrator can enable both password and smart card mode.

●

User—Uses the security features. For example, if the security officer and IT administrator have

enabled smart cards for the system, the user can set the smart card PIN and use the card for

authentication.

CAUTION:

Administrators are encouraged to follow “best practices” in restricting end-user

privileges and restricting user access.

Unauthorized users should not be granted administrative privileges.

Managing HP ProtectTools passwords

Most of the HP ProtectTools Security Manager features are secured by passwords. The following

table lists the commonly used passwords, the software module where the password is set, and the

password function.

The passwords that are set and used by IT administrators only are indicated in this table as well. All

other passwords may be set by regular users or administrators.

HP ProtectTools password

Set in the following

module

Function

Windows Logon password

Windows® Control Panel or

HP ProtectTools Security

Manager

Can be used for manual logon and for

authentication to access various Security

Manager features.

Security Manager Backup and

Recovery password

Security Manager, by

individual user

Protects access to the Security Manager

Backup and Recovery file.

Smart card PIN

Credential Manager

Can be used as multifactor authentication.

Can be used as Windows authentication.

Authenticates users of Drive Encryption, if

the smart card is selected.

Additional security elements