HP EliteDesk 800 G1 Ultra-slim PC Client Security Commercial Managed IT Softwa
HP EliteDesk 800 G1 Ultra-slim PC Manual
View all HP EliteDesk 800 G1 Ultra-slim PC manuals
Add to My Manuals
Save this manual to your list of manuals |
HP EliteDesk 800 G1 Ultra-slim PC manual content summary:
- HP EliteDesk 800 G1 Ultra-slim PC | Client Security Commercial Managed IT Softwa - Page 1
Supported operating systems 3 Supported hardware options 3 Pre-requisites ...4 Introduction ...5 HP Security Strategy ...5 HP HP Client Security Technology 10 HP Client Security Technology ...10 Security and Encryption Strength 10 Design and Services...11 HP Client Security - Setup Wizard...11 HP - HP EliteDesk 800 G1 Ultra-slim PC | Client Security Commercial Managed IT Softwa - Page 2
27 Technical Details ...28 Pre-boot Authentication ...29 Manageability / Upgradeability to Premium Solutions 30 Infineon Trusted Platform Module 31 HP Computrace and HP Absolute Data Protect 32 Absolute Data Protect (ADP 32 How It Works ...33 Appendix A - Frequently Asked Questions 34 Appendix - HP EliteDesk 800 G1 Ultra-slim PC | Client Security Commercial Managed IT Softwa - Page 3
so the user can set up and modify all the configurable HP security features available on their HP Business PC. A high level overview of the software applications HP uses to support this strategy An in-depth look at the HP Client Security features. Overview on how you can manage certain - HP EliteDesk 800 G1 Ultra-slim PC | Client Security Commercial Managed IT Softwa - Page 4
Bluetooth phone o iOS o Microsoft Windows o Android DigitalPersona Fingerprint sensor integrated on Elitepad Security Jacket o FIPS 201 certified o HP ProtectTools Security Manager V8.0 or greater required. Pre-requisites Microsoft .Net Framework 3.5, 4.5 Windows Installer MSI 4.5 Microsoft - HP EliteDesk 800 G1 Ultra-slim PC | Client Security Commercial Managed IT Softwa - Page 5
DriveLock1 HP Automatic DriveLock2 HP Disk Sanitizer3 HP Drive Encryption 4 (See HP File Sanitizeron page 134) Description Protects your hard drive data by not allowing it to operate unless you enter the appropriate password when the system is turned on. DriveLock supports both Self-Encrypting and - HP EliteDesk 800 G1 Ultra-slim PC | Client Security Commercial Managed IT Softwa - Page 6
user set up. 3. For the use cases outlined in the DOD 5220.22-M Supplement. Not supported on HP Business Desktops. HP Business Desktops support HP Disk Sanitizer External Edition available from hp.com. 4. Requires Windows. Data is protected prior to Drive Encryption login. Turning the PC off - HP EliteDesk 800 G1 Ultra-slim PC | Client Security Commercial Managed IT Softwa - Page 7
year of service included. For users without HP Privacy Manager, G1 support with BIOS F.03 and higher. Table 2 Device Protection Security Features Layer BIOSphere Software-based Device protection HP Sure Start1 HP a particular LED code. Users can recover manually by flashing the BIOS from a USB - HP EliteDesk 800 G1 Ultra-slim PC | Client Security Commercial Managed IT Softwa - Page 8
absolute.com/company/legal/agreements/computrace-agreement. Data Delete is an optional service provided by Absolute Software. If utilized, the Recovery Guarantee is null credentials, fingerprint reader reset, HP One Step Logon and HP SpareKey support. Supports multiple authentication methods and two - HP EliteDesk 800 G1 Ultra-slim PC | Client Security Commercial Managed IT Softwa - Page 9
fingerprint templates rather than storing fingerprint images. • The Fingerprint Sensor included on the HP Security Jacket is a FIPS 201 certified touch sensor. 1. Not supported on the ElitePad 900 G1. 2. Requires Windows. User setup required. 3. Requires Internet Explorer (IE) some websites and - HP EliteDesk 800 G1 Ultra-slim PC | Client Security Commercial Managed IT Softwa - Page 10
access control policy which is stored in Windows Active Directory. o Does not support Just In Time Authentication o Visit www.hp-protecttools.com/products.asp SEAHawk o SEAHawk provides similar capabilities to HP Trust Circles, allowing IT to determine Trust Boundaries for users and integration - HP EliteDesk 800 G1 Ultra-slim PC | Client Security Commercial Managed IT Softwa - Page 11
end, the secrets are always protected via user authentication. Microsoft Enhanced Cryptographic Provider (ECP). Design and Services HP Client Security provides an authentication service to ensure that the user authentication capabilities extend beyond Windows, and that BIOS and Drive Encryption - HP EliteDesk 800 G1 Ultra-slim PC | Client Security Commercial Managed IT Softwa - Page 12
shown in Figure 1, which guides a user through the setup of core security features that include: Figure 1 HP Client Security Setup Wizard not available). o Rejects answers containing invalid characters that cannot be supported by HP BIOS. o Allows only English, French, Italian, and German - HP EliteDesk 800 G1 Ultra-slim PC | Client Security Commercial Managed IT Softwa - Page 13
The Finished page provides a summary of the settings and credentials set up by the user. It also provides information about aditional features of the HP Client Security product. NOTE The changes are saved on the wizard on a page-by-page basis. If for example, the user enrolls their fingerprints - HP EliteDesk 800 G1 Ultra-slim PC | Client Security Commercial Managed IT Softwa - Page 14
UAC elevation. User Management Accessing the User Management page shown in Figure 3 from the Advanced Settings icon allows you to create and delete HP Client Security users in a system wide manner. To ensure users and security policies are synchronized between the operating system and the pre-boot - HP EliteDesk 800 G1 Ultra-slim PC | Client Security Commercial Managed IT Softwa - Page 15
to verify identity within a Windows session, such as with Password Manager, Trust Circles, and Just In Time Authentication. Figure 4 HP Client Security Logon & Session Policy Configuration You can control authentication strength to increase system security by requiring user to authenticate with - HP EliteDesk 800 G1 Ultra-slim PC | Client Security Commercial Managed IT Softwa - Page 16
Manage : o Internet Explorer (IE) - Import and export features not supported in IE 10 and 11, User may need to disable Enhanced Protected Mode in IE 11 for Password Manager plug-in to work. o Chrome -May require a user to enable the HP Client Security add-on before Password Manager feature will - HP EliteDesk 800 G1 Ultra-slim PC | Client Security Commercial Managed IT Softwa - Page 17
Backup and Restore To back up Password Manager login credentials click the 'Advanced Settings' icon to access HP Client Security Backup and Restore. This is not a user data backup solution. HP Client Security Backup and Restore: Requires creation of a password for the backup file in order to - HP EliteDesk 800 G1 Ultra-slim PC | Client Security Commercial Managed IT Softwa - Page 18
security features relate to the HP Client Security, including BIOS and Drive Encryption: A HP-signed DLL for use by HP Client Security. A Validity service. A WinUSB device SID on an authenticated SecureMatch®. Securely extendable firmware for supporting One Time Password (OTP) solutions. 18 - HP EliteDesk 800 G1 Ultra-slim PC | Client Security Commercial Managed IT Softwa - Page 19
Embedded Secure Template Database will securely protect application-provided user payload data / user credentials bound to the finger enrollment. Up to 50 finger enrollments may be stored in the secure database, beyond this, fingers must be removed before new enrollments can be performed. The - HP EliteDesk 800 G1 Ultra-slim PC | Client Security Commercial Managed IT Softwa - Page 20
HP Device Access Manager solves that problem. In doing so, it enables a new usage model for personal computing devices. Through the combination of a Windows service The following common device classes within Device Access Manager are supported: Removable Storage (any attached storage device that - HP EliteDesk 800 G1 Ultra-slim PC | Client Security Commercial Managed IT Softwa - Page 21
JITA. JITA-enabled users will be able to access some devices for which policies created in the Device Class Configuration have been restricted. Figure 5 HP Device Access Manager The JITA period authorization can be for a set number of minutes or an "Unlimited" duration that will not expire. With - HP EliteDesk 800 G1 Ultra-slim PC | Client Security Commercial Managed IT Softwa - Page 22
HP File Sanitizer File Sanitizer allows you to securely shred personal information folders from being shredded by adding folders to your Never Shred List. Shred on browser close o Supported browser: Internet Explorer (IE) NOTE Internet Explorer 11 may require a user to disable "Enhanced Protected - HP EliteDesk 800 G1 Ultra-slim PC | Client Security Commercial Managed IT Softwa - Page 23
.com or other email services (SMTP) - when you enter your name, email address, and password; Trust Circles uses your email service to send email invitations Limitations HP Trust Circles Standard supports up to 5 Trust Circles each with a maximum of 5 members in each Trust Circle. HP Trust Circles - HP EliteDesk 800 G1 Ultra-slim PC | Client Security Commercial Managed IT Softwa - Page 24
o User can change the settings for requiring Periodic Authentication which requires that the user is authenticated after the specified timeout and while performing sensitive operations. This setting allows users the authentication to turn on or off as well as the time limit. Backup/Restore Backups - HP EliteDesk 800 G1 Ultra-slim PC | Client Security Commercial Managed IT Softwa - Page 25
HP another PC without proper authorization. Figure 6 HP Drive Encryption When the drive is encrypted, , smart card or fingerprint before starting. HP Client Security allows a Windows administrator to encrypted computer using encryption recovery key and HP SpareKey. Enable Drive Encryption pre - HP EliteDesk 800 G1 Ultra-slim PC | Client Security Commercial Managed IT Softwa - Page 26
Launch via Wizard HPDE can be activated from HP Client Security Setup wizard shown in Figure 7. Figure 7 Wizard Page Completing the wizard performs the following: Allows . If you choose not to activate HPDE from the Wizard, you can activate it later via the HP Client Security application. 26 - HP EliteDesk 800 G1 Ultra-slim PC | Client Security Commercial Managed IT Softwa - Page 27
shown in Figure 8. Figure 8 Launch HPDE Using HP Client Security HP Client Security provides the following options: Select partition Table 4. Color indicates the severity of the notification and the associated message guides the user to what needs to be done. Notifications can be dismissed - HP EliteDesk 800 G1 Ultra-slim PC | Client Security Commercial Managed IT Softwa - Page 28
encrypted or not) Can backup and restore the encryption key. Pre-requisites o HP Client Security: Version 8.2.x must be installed first o 2008 VC ++ version 9.0.30729.6161 Redistributables o Microsoft .NET Framework 4.5 Supported OS's o Windows 7 (32-bit and 64 bit) o Windows 8 (32-bit and 64 - HP EliteDesk 800 G1 Ultra-slim PC | Client Security Commercial Managed IT Softwa - Page 29
-boot authentication (PBA) BEFORE the drive can be accessed by the Windows Boot Loader. In order to support F11 Recovery for SEDs, HPDE requires INT15h implementation in HP BIOS. INT15h-implemented HP BIOS will detect if OPAL mode is enabled and then will display F11 Recovery prompt. Without INT15h - HP EliteDesk 800 G1 Ultra-slim PC | Client Security Commercial Managed IT Softwa - Page 30
Full Disk Encryption (FDE/FVE) HPDE (Pre-installed) ✔ (FVE) WinMagic SecureDoc Enterprise (for HP) ✔ Multi-Drive Encryption (external) ✔ ✔ RAID Support ✔ ✔ Windows 8 refresh/reset support ✔ ✔ Onscreen Keyboard for Win 8 Touch ✔ ✔ Pre-boot Authentication One Step Logon Opal SED - HP EliteDesk 800 G1 Ultra-slim PC | Client Security Commercial Managed IT Softwa - Page 31
encrypted files are protected by the embedded security chip, providing a higher degree of hardware-based protection Support for TPM v.1.2 HP PC's support the latest TPM v1.2 Some scenarios supported by the embedded TPM module include: A computer with the TPM can create encryption keys that can - HP EliteDesk 800 G1 Ultra-slim PC | Client Security Commercial Managed IT Softwa - Page 32
, Computrace Mobile and Computrace One. Computrace provides foundational support for all activities related to Governance, Risk Management, and Geotechnology (Geolocation/Geofencing) Since most HP devices have a BIOS Absolute Persistence module, the service will continue to function once activated - HP EliteDesk 800 G1 Ultra-slim PC | Client Security Commercial Managed IT Softwa - Page 33
HP ElitePad 900 G1 and EliteBook Revolve 810 with Windows 8.x include a 4 year license of Absolute can choose to upgrade to LoJack for Laptops Premium which provides additional theft recovery and a service guarantee - more information can be found at http://www3.absolute.com/lojackforlaptops . How - HP EliteDesk 800 G1 Ultra-slim PC | Client Security Commercial Managed IT Softwa - Page 34
Smart Card, Contactless Card, Proximity Card Bluetooth PIN Q. How does Smart Card security compare to fingerprint security? A. HP Client Security supports both Smart Card authentication and fingerprint authentication. Since both devices store secrets using hardware protection, they have similar - HP EliteDesk 800 G1 Ultra-slim PC | Client Security Commercial Managed IT Softwa - Page 35
on another PC in order to transfer all of the application and website usernames and passwords. Q. Is Credential Manager supported on non-HP computers? A. No. Q. Is the HP Client Security software suite available on a non-Microsoft Windows environment? A. No. Q. What type of smart card is needed for - HP EliteDesk 800 G1 Ultra-slim PC | Client Security Commercial Managed IT Softwa - Page 36
is the information about the hardware it might or might not work on? A. HP Disk Sanitizer is a feature built into most HP Business Notebook's BIOS, 2006 and later. HP Disk Sanitizer External edition is available on hp.com for supported HP Business Desktops. Supports traditional hard drives only. 36 - HP EliteDesk 800 G1 Ultra-slim PC | Client Security Commercial Managed IT Softwa - Page 37
No o Not FIPS 201 compliant o Even though the HP Fingerprint Reader is very secure, it does not support FIPS 201 mainly because FIPS 201 requires a touch o TSS software stack compliant to TCG specifications o TPM Cryptographic Service provider (CSP) FIPS Link to Wikipedia (General Definition
1
Technical Whitepaper
HP Client
Security
Commercial Managed IT
Software
Contents
Executive summary
..............................................................................................................................
3
System requirements and prerequisites
...........................................................................................
3
Supported operating systems
.............................................................................................
3
Supported hardware options
...............................................................................................
3
Pre-requisites
.........................................................................................................................
4
Introduction
...........................................................................................................................................
5
HP Security Strategy
............................................................................................................................
5
HP Client Security – Manageability Options
....................................................................................
10
Remote Management Alternatives to HP Client Security Technology
........................................
10
HP Client Security Technology
..........................................................................................................
10
Security and Encryption Strength
.....................................................................................
10
Design and Services
............................................................................................................
11
HP Client Security - Setup Wizard
.....................................................................................................
11
HP Client Security - Application
........................................................................................................
13
User Management
..............................................................................................................
14
Policies
.................................................................................................................................
15
Password Manager
.............................................................................................................................
16
Backup and Restore
...........................................................................................................
17
Validity Fingerprint Reader Sensor/Driver (VFS495)
......................................................................
18
Technology
..........................................................................................................................
18
Design
............................................................................................................................................
18
HP Device Access Manager (HPDAM)
...............................................................................................
20