Home » HP Manuals » Laptops » HP ProBook 4341s » Manual Viewer

HP ProBook 4341s HP ProtectTools Getting Started - Page 15

Drive Encryption for HP ProtectTools (select models only)

Add to My Manuals
Save this manual to your list of manuals

Page 15 highlights

moves the confidential data to the personal secure drive. The warehouse manager can enter a password and access the confidential data just like another hard drive. When he logs off or reboots the personal secure drive, it cannot be seen or opened without the proper password. The workers never see the confidential data when they access the computer. Embedded Security protects encryption keys within a hardware TPM (Trusted Platform Module) chip located on the system board. It is the only encryption tool that meets the minimum requirements to resist password attacks where someone would attempt to guess the decryption password. Embedded Security can also encrypt the entire drive and email. Example 2: A stock broker wants to transport extremely sensitive data to another computer using a portable drive. She wants to make sure that only these two computers can open the drive, even if the password is compromised. The stock broker uses Embedded Security TPM migration to allow a second computer to have the necessary encryption keys to decrypt the data. During the transport process, even with the password, only the two physical computers can decrypt the data. Drive Encryption for HP ProtectTools (select models only) Drive Encryption is used to restrict access to the data on the entire computer hard drive or a secondary drive. Drive Encryption can also manage self-encrypting drives. Example 1: A doctor wants to make sure only he can access any data on his computer hard drive. The doctor activates Drive Encryption, which requires pre-boot authentication before Windows login. Once set up, the hard drive cannot be accessed without a password before the operating system starts. The doctor could further enhance drive security by choosing to encrypt the data with the selfencrypting drive option. Both Embedded Security for HP ProtectTools and Drive Encryption for HP ProtectTools do not allow access to the encrypted data even when the drive is removed, because they are both bound to the original system board. Example 2: A hospital administrator wants to ensure only doctors and authorized personnel can access any data on their local computer without sharing their personal passwords. The IT department adds the administrator, doctors, and all authorized personnel as Drive Encryption users. Now only authorized personnel can boot the computer or domain using their personal user name and password. File Sanitizer for HP ProtectTools (select models only) File Sanitizer for HP ProtectTools is used to permanently delete data, including Internet browser activity, temporary files, previously deleted data, or any other information. File Sanitizer can be configured to run either manually or automatically on a user-defined schedule. Example 1: An attorney often deals with sensitive client information and wants to ensure that data in deleted files cannot be recovered. The Attorney uses File Sanitizer to "shred" deleted files so it is virtually impossible to recover. Normally when Windows deletes data, it does not actually erase the data from the hard drive. Instead, it marks the hard drive sectors as available for future use. Until the data is written over, it can be easily recovered using common tools available on the Internet. File Sanitizer overwrites the sectors with random data (multiple times when necessary), thereby making the deleted data unreadable and unrecoverable. Example 2: A researcher wants to shred deleted data, temporary files, browser activity, and so on automatically when she logs off. She uses File Sanitizer to schedule "shredding" so she can select the common files or any custom files to be permanently removed automatically. HP ProtectTools security product description and common use examples 5

Section	Page
Introduction to security	11
HP ProtectTools features	12
HP ProtectTools security product description and common use examples	14
Password Manager	14
Embedded Security for HP ProtectTools (select models only)	14
Drive Encryption for HP ProtectTools (select models only)	15
File Sanitizer for HP ProtectTools (select models only)	15
Device Access Manager for HP ProtectTools (select models only)	16
Privacy Manager for HP ProtectTools (select models only)	16
Computrace for HP ProtectTools (formerly LoJack Pro) (purchased separately)	16
Achieving key security objectives	17
Protecting against targeted theft	17
Restricting access to sensitive data	18
Preventing unauthorized access from internal or external locations	18
Creating strong password policies	18
Additional security elements	19
Assigning security roles	19
Managing HP ProtectTools passwords	19
Creating a secure password	20
Backing up credentials and settings	21
Getting started with the Setup Wizard	23
Easy Setup Guide for Small Business	25
Getting started	26
Password Manager	27
Viewing and managing the saved authentications in Password Manager	27
File Sanitizer for HP ProtectTools	28
Device Access Manager for HP ProtectTools	29
Drive Encryption for HP ProtectTools	30
HP ProtectTools Security Manager Administrative Console	31
Opening HP ProtectTools Administrative Console	32
Using Administrative Console	32
Configuring your system	33
Setting up authentication for your computer	33
Logon Policy	33
Session Policy	34
Settings	34
Managing users	34
Credentials	35
SpareKey	35
Fingerprints	35
Face	36
Smart card	36
Initializing the smart card	36
Registering the smart card	37
Configuring the smart card	38
Contactless card	38
Proximity card	38
Bluetooth	38
PIN	39
Applications	39
General tab	39
Applications tab	39
Antimalware Central	40
Data	40
Computer	40
Communications	41
Central Management	41
HP ProtectTools Security Manager	43
Opening Security Manager	43
Using the Security Manager dashboard	44
Your personal ID card	45
Security Applications Status	45
My Logons	46
Password Manager	46
For Web pages or programs where a logon has not yet been created	47
For Web pages or programs where a logon has already been created	47
Adding logons	47
Editing logons	49
Using the Password Manager Quick Links menu	49
Organizing logons into categories	49
Managing your logons	50
Assessing your password strength	51
Password Manager icon settings	51
Settings	52
DigitalPass	52
Credential Manager	53
Changing your Windows password	53
Setting up your SpareKey	53
Enrolling your fingerprints	54
Enrolling scenes for face logon	54
Authentication	55
Dark mode	56
Learning	56
Deleting a scene	56
Advanced User Settings	56
Setting up a smart card	56
Initializing the smart card	57
Registering the smart card	57
Changing the smart card PIN	57
Contactless card	57
Proximity card	57
Bluetooth	58
PIN	58
Antimalware Central	58
Administration	58
Central Management	59
Advanced	59
Setting your preferences	59
Backing up and restoring your data	60
Drive Encryption for HP ProtectTools (select models only)	63
Opening Drive Encryption	64
General tasks	64
Activating Drive Encryption for standard hard drives	64
Activating Drive Encryption for self-encrypting drives	65
Deactivating Drive Encryption	66
Logging in after Drive Encryption is activated	67
Protect your data by encrypting your hard drive	68
Displaying encryption status	68
Advanced tasks	69
Managing Drive Encryption (administrator task)	69
Using Enhanced Security with TPM (select models only)	70
Encrypting or decrypting individual drive partitions (software encryption only)	71
Performing an HP SpareKey Recovery	71
Backup and recovery (administrator task)	71
Backing up encryption keys	71
Recovering access to an activated computer using backup keys	72
Recovering encryption keys	73
Privacy Manager for HP ProtectTools (select models only)	75
Opening Privacy Manager	75
Setup procedures	76
Managing Privacy Manager Certificates	76
Installing a Privacy Manager Certificate	76
Requesting a Privacy Manager Certificate	76
Obtaining a preassigned Corporate Privacy Manager Certificate	77
Setting up a Privacy Manager Certificate	77
Importing a third-party certificate	77
Viewing Privacy Manager Certificate details	78
Renewing a Privacy Manager Certificate	78
Setting a default Privacy Manager Certificate	78
Deleting a Privacy Manager Certificate	79
Restoring a Privacy Manager Certificate	79
Revoking your Privacy Manager Certificate	79
Managing Trusted Contacts	80
Adding Trusted Contacts	80
Adding a Trusted Contact	80
Adding Trusted Contacts using Microsoft Outlook contacts	81
Viewing Trusted Contact details	82
Deleting a Trusted Contact	82
Checking revocation status for a Trusted Contact	82
General tasks	83
Using Privacy Manager in Microsoft Outlook	83
Configuring Privacy Manager for Microsoft Outlook	83
Signing and sending an email message	83
Sealing and sending an email message	84
Viewing a sealed email message	84
Using Privacy Manager in a Microsoft Office document	84
Configuring Privacy Manager for Microsoft Office	85
Signing a Microsoft Office document	85
Adding a signature line when signing a Microsoft Word or Microsoft Excel document	85
Adding suggested signers to a Microsoft Word or Microsoft Excel document	85
Adding a suggested signer's signature line	86
Encrypting a Microsoft Office document	86
Removing encryption from a Microsoft Office document	87
Sending an encrypted Microsoft Office document	87
Viewing a signed Microsoft Office document	87
Viewing an encrypted Microsoft Office document	88
Advanced tasks	88
Migrating Privacy Manager Certificates and Trusted Contacts to a different computer	88
Backing up Privacy Manager Certificates and Trusted Contacts	88
Restoring Privacy Manager Certificates and Trusted Contacts	88
Central administration of Privacy Manager	89
File Sanitizer for HP ProtectTools (select models only)	91
Shredding	91
Free space bleaching	91
Opening File Sanitizer	92
Setup procedures	92
Setting a shred schedule	92
Setting a free space bleaching schedule	93
Selecting or creating a shred profile	93
Selecting a predefined shred profile	93
Customizing a shred profile	94
Customizing a simple delete profile	95
General tasks	96
Using a key sequence to initiate shredding	96
Using the File Sanitizer icon	97
Manually shredding one asset	97
Manually shredding all selected items	97
Manually activating free space bleaching	98
Aborting a shred or free space bleaching operation	98
Viewing the log files	98
Device Access Manager for HP ProtectTools (select models only)	99
Opening Device Access Manager	99
Setup Procedures	100
Configuring device access	100
Simple Configuration	100
Starting the background service	101
Device Class Configuration	101
Denying access to a user or group	103
Allowing access for a user or a group	103
Allowing access to a class of devices for one user of a group	104
Allowing access to a specific device for one user of a group	104
Removing settings for a user or a group	105
Resetting the configuration	105
JITA Configuration	105
Creating a JITA for a user or group	106
Creating an extendable JITA for a user or group	106
Disabling a JITA for a user or group	107
Advanced Settings	108
Device Administrators group	108
eSATA Device Support	109
Unmanaged Device Classes	109
Theft recovery (select models only)	111
Embedded Security for HP ProtectTools (select models only)	113
Setup procedures	113
Enabling the embedded security chip in Computer Setup	113
Initializing the embedded security chip	114
Setting up the basic user account	114
General tasks	115
Using the personal secure drive	115
Encrypting files and folders	115
Sending and receiving encrypted email	116
Changing the Basic User Key password	116
Advanced tasks	116
Backing up and restoring	116
Creating a backup file	116
Restoring certification data from the backup file	117
Changing the owner password	117
Resetting a user password	117
Migrating keys with the Migration Wizard	117
Localized password exceptions	119
Windows IMEs not supported at the Preboot Security level or the HP Drive Encryption level	119
Password changes using keyboard layout that is also supported	120
Special key handling	121
What to do when a password is rejected	123
Related documentation	125
Glossary	127

Match case Limit results 1 per page

moves the confidential data to the personal secure drive. The warehouse manager can enter a

password and access the confidential data just like another hard drive. When he logs off or reboots

the personal secure drive, it cannot be seen or opened without the proper password. The workers

never see the confidential data when they access the computer.

Embedded Security protects encryption keys within a hardware TPM (Trusted Platform Module) chip

located on the system board. It is the only encryption tool that meets the minimum requirements to

resist password attacks where someone would attempt to guess the decryption password. Embedded

Security can also encrypt the entire drive and email.

Example 2:

A stock broker wants to transport extremely sensitive data to another computer using a

portable drive. She wants to make sure that only these two computers can open the drive, even if the

password is compromised. The stock broker uses Embedded Security TPM migration to allow a

second computer to have the necessary encryption keys to decrypt the data. During the transport

process, even with the password, only the two physical computers can decrypt the data.

Drive Encryption for HP ProtectTools (select models only)

Drive Encryption is used to restrict access to the data on the entire computer hard drive or a

secondary drive. Drive Encryption can also manage self-encrypting drives.

Example 1:

A doctor wants to make sure only he can access any data on his computer hard drive.

The doctor activates Drive Encryption, which requires pre-boot authentication before Windows login.

Once set up, the hard drive cannot be accessed without a password before the operating system

starts. The doctor could further enhance drive security by choosing to encrypt the data with the self-

encrypting drive option.

Both Embedded Security for HP ProtectTools and Drive Encryption for HP ProtectTools do not allow

access to the encrypted data even when the drive is removed, because they are both bound to the

original system board.

Example 2:

A hospital administrator wants to ensure only doctors and authorized personnel can

access any data on their local computer without sharing their personal passwords. The IT department

adds the administrator, doctors, and all authorized personnel as Drive Encryption users. Now only

authorized personnel can boot the computer or domain using their personal user name and

password.

File Sanitizer for HP ProtectTools (select models only)

File Sanitizer for HP ProtectTools is used to permanently delete data, including Internet browser

activity, temporary files, previously deleted data, or any other information. File Sanitizer can be

configured to run either manually or automatically on a user-defined schedule.

Example 1:

An attorney often deals with sensitive client information and wants to ensure that data in

deleted files cannot be recovered. The Attorney uses File Sanitizer to “shred” deleted files so it is

virtually impossible to recover.

Normally when Windows deletes data, it does not actually erase the data from the hard drive. Instead,

it marks the hard drive sectors as available for future use. Until the data is written over, it can be

easily recovered using common tools available on the Internet. File Sanitizer overwrites the sectors

with random data (multiple times when necessary), thereby making the deleted data unreadable and

unrecoverable.

Example 2:

A researcher wants to shred deleted data, temporary files, browser activity, and so on

automatically when she logs off. She uses File Sanitizer to schedule “shredding” so she can select

the common files or any custom files to be permanently removed automatically.

HP ProtectTools security product description and common use examples