HP ProBook 4410s HP ProtectTools - Windows Vista and Windows XP
HP ProBook 4410s - Notebook PC Manual
View all HP ProBook 4410s manuals
Add to My Manuals
Save this manual to your list of manuals |
HP ProBook 4410s manual content summary:
- HP ProBook 4410s | HP ProtectTools - Windows Vista and Windows XP - Page 1
HP ProtectTools User Guide - HP ProBook 4410s | HP ProtectTools - Windows Vista and Windows XP - Page 2
by its proprietor and used by Hewlett-Packard Company under license. Java is a US trademark of Sun Microsystems, Inc. SD Logo is a trademark of its proprietor. The information contained herein is subject to change without notice. The only warranties for HP products and services are set forth in the - HP ProBook 4410s | HP ProtectTools - Windows Vista and Windows XP - Page 3
access from internal or external locations 6 Creating strong password policies 7 Additional security elements ...8 Assigning security roles ...8 Managing HP ProtectTools passwords 8 Creating a secure password 10 Backing up and restoring HP ProtectTools credentials 10 Backing up credentials and - HP ProBook 4410s | HP ProtectTools - Windows Vista and Windows XP - Page 4
password (select models only 28 Encrypting or decrypting individual drives 28 Backup and recovery (administrator task 28 Creating backup keys 28 Registering for online recovery 29 Managing an existing online recovery account 30 Performing a recovery 30 4 Privacy Manager for HP ProtectTools - HP ProBook 4410s | HP ProtectTools - Windows Vista and Windows XP - Page 5
shredding one asset 56 Manually shredding all selected items 57 Manually activating free space bleaching 57 Aborting a shred or free space bleaching operation 57 Viewing the log files ...58 6 BIOS Configuration for HP ProtectTools General tasks ...60 Accessing BIOS Configuration 60 Viewing or - HP ProBook 4410s | HP ProtectTools - Windows Vista and Windows XP - Page 6
file 72 Changing the owner password 73 Resetting a user password 73 Enabling and disabling Embedded specific device for one user of a group 78 9 Troubleshooting Credential Manager for HP ProtectTools 79 Embedded Security for HP ProtectTools (select models only 82 Device Access Manager for HP - HP ProBook 4410s | HP ProtectTools - Windows Vista and Windows XP - Page 7
for HP ProtectTools ● Drive Encryption for HP ProtectTools (select models only) ● Privacy Manager for HP ProtectTools (select models only) ● File Sanitizer for HP ProtectTools ● BIOS Configuration for HP ProtectTools ● Embedded Security for HP ProtectTools (select models only) ● Device Access - HP ProBook 4410s | HP ProtectTools - Windows Vista and Windows XP - Page 8
as Computer Setup. ● BIOS Configuration enablement of automatic DriveLock support, which is enhanced with the embedded security chip, helps protect a hard drive from unauthorized access, even if it is removed from a system, without requiring the user to remember any additional passwords beyond the - HP ProBook 4410s | HP ProtectTools - Windows Vista and Windows XP - Page 9
Embedded Security supports third-party applications (such as Microsoft Outlook and Internet Explorer) for protected digital certificate operations. Device Access Manager for HP ProtectTools (select ● Device Access Manager allows IT managers to control access to models only) devices based on user - HP ProBook 4410s | HP ProtectTools - Windows Vista and Windows XP - Page 10
for Administrators. - or - In Windows XP, click Start, click All Programs, and then click HP ProtectTools Security Manager. NOTE: If you are not an HP ProtectTools administrator, you can run HP ProtectTools in nonadministrator mode to view information, but you cannot make changes. 2. In the left - HP ProBook 4410s | HP ProtectTools - Windows Vista and Windows XP - Page 11
● The wizard guides Windows operating system administrators through the configuration of levels of security and of the security logon methods that are used in a pre-boot environment, in Credential Manager, and in Drive Encryption. ● Users also use the setup wizard to configure their security logon - HP ProBook 4410s | HP ProtectTools - Windows Vista and Windows XP - Page 12
even if the hard drive is removed and installed into an unsecured system. Preventing unauthorized access from internal or external locations Unauthorized access to an unsecured business PC presents a very tangible risk to corporate network resources such as information from financial services, an - HP ProBook 4410s | HP ProtectTools - Windows Vista and Windows XP - Page 13
access to password-protected applications: ◦ Credential Manager "Setup procedures on page 11" ◦ "Using Single Sign On on page 17" ● Device Access Manager for HP ProtectTools allows IT managers to restrict access to writeable devices so sensitive information cannot be copied from the hard drive. See - HP ProBook 4410s | HP ProtectTools - Windows Vista and Windows XP - Page 14
can enable Java Card BIOS security mode. ● User-Uses the security features. For example, if the security officer and IT administrator have enabled Java Cards for the system, the user can set the Java Card PIN and use the card for authentication. Managing HP ProtectTools passwords Most of the - HP ProBook 4410s | HP ProtectTools - Windows Vista and Windows XP - Page 15
the embedded security chip. Owner password Embedded Security, by IT administrator Protects the system and the TPM chip from Drive Encryption, if the Java Card token is selected. Computer Setup password NOTE: Also known as BIOS administrator, f10 Setup, or Security Setup password BIOS - HP ProBook 4410s | HP ProtectTools - Windows Vista and Windows XP - Page 16
ProtectTools to select and back up HP ProtectTools credentials. You can also register for Online Drive Encryption Key Recovery Service to store a backup copy of your encryption key, which will enable you to access your computer if you forget your password and do not have access to your local backup - HP ProBook 4410s | HP ProtectTools - Windows Vista and Windows XP - Page 17
resources. ● Support for optional security devices, such as Java Cards and biometric readers. ● Support for additional security HP ProtectTools Security Manager for Administrators to make changes. After logging on to Credential Manager, you can register additional credentials, such as a fingerprint - HP ProBook 4410s | HP ProtectTools - Windows Vista and Windows XP - Page 18
of HP ProtectTools Security Manager, by clicking the Log On link in the upper-right corner of the window 2. Follow the on-screen instructions to Registering fingerprints A fingerprint reader allows you to log on to Windows using your fingerprint for authentication instead of using a Windows password. - HP ProBook 4410s | HP ProtectTools - Windows Vista and Windows XP - Page 19
fingerprint reader 1. In HP ProtectTools Security Manager, click Credential Manager in the left pane. 2. Click My Identity, and then click Register Fingerprints. 3. Follow the on-screen instructions to complete registering your fingerprints and setting up the fingerprint based the Device Type dialog - HP ProBook 4410s | HP ProtectTools - Windows Vista and Windows XP - Page 20
Registering other credentials 1. In HP ProtectTools Security Manager, click Credential Manager. 2. Click My Identity, and then click Register Credentials. The Credential Manager Registration Wizard opens. 3. Follow the on-screen instructions. 14 Chapter 2 Credential Manager for HP ProtectTools - HP ProBook 4410s | HP ProtectTools - Windows Vista and Windows XP - Page 21
either on the computer hard drive or in the Windows password in the New password and Confirm password boxes. 5. Click Finish. Changing a token PIN 1. In HP ProtectTools Security Manager, click Credential Manager in the left pane. 2. Click My Identity, and then click Change Token PIN. 3. On the Device - HP ProBook 4410s | HP ProtectTools - Windows Vista and Windows XP - Page 22
Workstation to lock your computer immediately. You must use a Windows password or the Credential Manager Logon Wizard to unlock the computer. Using the first time, the system automatically adds your local Windows user account as the account for the Windows Logon service. Logging on to Windows with - HP ProBook 4410s | HP ProtectTools - Windows Vista and Windows XP - Page 23
box. 6. Follow the on-screen instructions. If your authentication information is correct with a Java Card, a fingerprint reader, or a token before also register an application manually. Using automatic registration 1. program or Web site password dialog box. 3. Type your password for the program or - HP ProBook 4410s | HP ProtectTools - Windows Vista and Windows XP - Page 24
, select the desired record in the list. 4. Follow the on-screen instructions. Managing applications and credentials Modifying application properties 1. In HP ProtectTools Security Manager, click Credential Manager, and then click Services and Applications from the left pane. 2. Click Manage - HP ProBook 4410s | HP ProtectTools - Windows Vista and Windows XP - Page 25
instructions to complete the import. 5. Click OK. Modifying credentials 1. In HP ProtectTools Security Manager, click Credential Manager, and then click Services and Applications. 2. Click Manage Services ◦ Import Script ◦ Export Script ● Credentials ◦ Create New ● View Password General tasks 19 - HP ProBook 4410s | HP ProtectTools - Windows Vista and Windows XP - Page 26
NOTE: You must authenticate your identity before viewing the password. 5. Follow the on-screen instructions. 6. Click OK. Using Application Protection This feature allows you to configure access to applications. You can restrict access based on the following criteria: ● Category of user ● Time of - HP ProBook 4410s | HP ProtectTools - Windows Vista and Windows XP - Page 27
(Can be used without restrictions) ● Restricted (Usage depends on settings) 5. When you select Restricted, the following settings are available: a. If you want to restrict usage based on time, day, or date, click the Schedule tab and configure the settings. b. If you want to restrict usage - HP ProBook 4410s | HP ProtectTools - Windows Vista and Windows XP - Page 28
type or combination of credentials are required of either users or administrators. To specify how users or administrators log on: 1. In HP ProtectTools Security Manager, click Credential Manager in the left pane. 2. Click Multifactor Authentication 3. In the right pane, click the Authentication tab - HP ProBook 4410s | HP ProtectTools - Windows Vista and Windows XP - Page 29
can create custom requirements. To configure custom requirements: 1. In HP ProtectTools Security Manager, click Credential Manager in the left pane. To register the credential, click Register, and then follow the on-screen instructions. ● To delete the credential, click Clear, and then click Yes in - HP ProBook 4410s | HP ProtectTools - Windows Vista and Windows XP - Page 30
of logon screens, automatic logon to registered logon dialogs, and password display. ● Services and Applications-Allows you to view the available services and modify the settings for those services. ● Security-Allows you to select the fingerprint reader software and adjust the security level of the - HP ProBook 4410s | HP ProtectTools - Windows Vista and Windows XP - Page 31
Example 2-Using the "Advanced Settings" page to require user verification before Single Sign On 1. In HP ProtectTools Security Manager, click Credential Manager, and then click Settings. 2. Click the Single Sign On tab. 3. Under When registered logon dialog or Web page is - HP ProBook 4410s | HP ProtectTools - Windows Vista and Windows XP - Page 32
unless you have registered with the Drive Encryption recovery service. Reinstalling the Drive Encryption module will not enable you to access the encrypted drives. Setup procedures Opening Drive Encryption 1. Click Start, click All Programs, and then click HP ProtectTools Security Manager. 2. Click - HP ProBook 4410s | HP ProtectTools - Windows Vista and Windows XP - Page 33
has enabled Pre-boot Security in the HP ProtectTools Security Manager, you will log in to the computer immediately after the computer is turned on, rather than at the Drive Encryption logon screen. 1. Select your user name, and then type your Windows password or Java™ Card PIN, or swipe a registered - HP ProBook 4410s | HP ProtectTools - Windows Vista and Windows XP - Page 34
backup keys CAUTION: Be sure to keep the storage device containing the backup key in a safe place, because if you forget your password or lose your Java Card, this device provides your only access to your hard drive. 1. Open Drive Encryption, and then click Recovery. 2. Click Backup Keys. 3. On - HP ProBook 4410s | HP ProtectTools - Windows Vista and Windows XP - Page 35
on the storage device you selected. 5. Click OK when the confirmation dialog box opens. Registering for online recovery The Online Drive Encryption Key Recovery Service stores a backup copy of your encryption key, which will enable you to access your computer if you forget your password and do not - HP ProBook 4410s | HP ProtectTools - Windows Vista and Windows XP - Page 36
On the recovery service logon page, enter your e-mail address, password, and the numbers and letters you see in the box. 5. Click Logon. 6. Click Profile to update your personal information, such as your telephone or billing address. - or - Click Reset Password to reset or change your password. - or - HP ProBook 4410s | HP ProtectTools - Windows Vista and Windows XP - Page 37
Web site at http://www.safeboot-hp.com. 7. Click Recovery Process. 8. On the recovery service logon page, enter your e-mail address, password, and the numbers and letters you see in the box. 9. Click Logon. 10. Click Recovery Process. 11. Enter the client code you recorded from the computer you - HP ProBook 4410s | HP ProtectTools - Windows Vista and Windows XP - Page 38
instant messaging (IM). Privacy Manager leverages the security infrastructure provided by HP ProtectTools Security Manager, which includes the following security logon methods: ● Fingerprint authentication ● Windows® password ● HP ProtectTools Java™ Card You may use any of the above security logon - HP ProBook 4410s | HP ProtectTools - Windows Vista and Windows XP - Page 39
Opening Privacy Manager To open Privacy Manager: 1. Click Start, click All Programs, and then click HP ProtectTools Security Manager. 2. Click Privacy Manager: Sign and Chat. - or - Right-click the HP ProtectToolsicon in the notification area, at the far right of the taskbar, click Privacy Manager: - HP ProBook 4410s | HP ProtectTools - Windows Vista and Windows XP - Page 40
than your hard drive and put it in a safe place. This file should be for your use only, and is required in case you need to restore your Privacy Manager Certificate and associated keys. 5. Enter and confirm a password, and then click Next. 34 Chapter 4 Privacy Manager for HP ProtectTools (select - HP ProBook 4410s | HP ProtectTools - Windows Vista and Windows XP - Page 41
2. Click a Privacy Manager Certificate. 3. Click Renew certificate. 4. Follow the on-screen instructions to purchase a new Privacy Manager Certificate. NOTE: The Privacy Manager Certificate renewal process does not replace your old Privacy Manager Certificate. You will need to purchase a new Privacy - HP ProBook 4410s | HP ProtectTools - Windows Vista and Windows XP - Page 42
When the confirmation dialog box opens, click Yes. 5. Authenticate using your chosen security logon method. 6. Follow the on-screen instructions. Managing Trusted Contacts Trusted Contacts are users with whom you have exchanged Privacy Manager Certificates, enabling you to securely communicate with - HP ProBook 4410s | HP ProtectTools - Windows Vista and Windows XP - Page 43
Adding Trusted Contacts 1. You send an e-mail invitation to a Trusted Contact recipient. 2. The Trusted Contact recipient responds to the e-mail. 3. You receive the e-mail response from the Trusted Contact recipient, and click Accept. You can send Trusted Contact e-mail invitations to individual - HP ProBook 4410s | HP ProtectTools - Windows Vista and Windows XP - Page 44
Manager. 2. Click the Trusted Contact you want to delete. 3. Click Delete contact. 4. When the confirmation dialog box opens, click Yes. 38 Chapter 4 Privacy Manager for HP ProtectTools (select models only) - HP ProBook 4410s | HP ProtectTools - Windows Vista and Windows XP - Page 45
Checking revocation status for a Trusted Contact 1. Open Privacy Manager, and click Trusted Contacts Manager. 2. Click a Trusted Contact. 3. Click the Advanced button. The Advanced Trusted Contact Management dialog box opens. 4. Click Check Revocation. 5. Click Close. Setup procedures 39 - HP ProBook 4410s | HP ProtectTools - Windows Vista and Windows XP - Page 46
click Sign Document. 5. Authenticate using your chosen security logon method. Adding suggested signers to a Microsoft Word or Microsoft Excel document 40 Chapter 4 Privacy Manager for HP ProtectTools (select models only) - HP ProBook 4410s | HP ProtectTools - Windows Vista and Windows XP - Page 47
at the bottom of the final page of the document with instructions to sign by a specific date. To add a suggested signer to a Microsoft Word Instructions to the signer, enter a message for this suggested signer. NOTE: This message will appear in place of a title, and is either deleted or replaced - HP ProBook 4410s | HP ProtectTools - Windows Vista and Windows XP - Page 48
Attach the Microsoft Office document. 4. Refer to Sealing and sending an e-mail message for further instructions. Viewing a signed Microsoft Office document NOTE: You do not need to have a Privacy Manager view additional details. 42 Chapter 4 Privacy Manager for HP ProtectTools (select models only) - HP ProBook 4410s | HP ProtectTools - Windows Vista and Windows XP - Page 49
Viewing an encrypted Microsoft Office document To view an encrypted Microsoft Office document from another computer, Privacy Manager must be installed on that computer. In addition, you must import the Privacy Manager Certificate that was used to encrypt the file. A Trusted Contact wanting to view - HP ProBook 4410s | HP ProtectTools - Windows Vista and Windows XP - Page 50
. 2. Click the Windows Live icon, and then click Windows Live Services. 3. Click Gallery, and then click Messenger. 4. Click Activities, and Click Privacy Manager Chat, and then follow the on-screen instructions. Starting Privacy Manager Chat NOTE: In order to use HP ProtectTools (select models only) - HP ProBook 4410s | HP ProtectTools - Windows Vista and Windows XP - Page 51
. By default, sessions are shown for all e-mail accounts that you have set up. You can use the Display history for menu to select only specific accounts to view. General tasks 45 - HP ProBook 4410s | HP ProtectTools - Windows Vista and Windows XP - Page 52
Double-click any session to view its content. Reveal sessions for a specific account Revealing a session displays the decrypted Contact Screen Name for the currently session content is decrypted. Search sessions for specific text 46 Chapter 4 Privacy Manager for HP ProtectTools (select models only) - HP ProBook 4410s | HP ProtectTools - Windows Vista and Windows XP - Page 53
left panel. Filter displayed sessions A list of sessions for all of your accounts is displayed in the Chat History Viewer. Displaying sessions for a specific account ▲ In the Chat History Viewer, select an account from the Display history for menu. Displaying sessions for a range of dates 1. In the - HP ProBook 4410s | HP ProtectTools - Windows Vista and Windows XP - Page 54
different computer. To do this, export them as a password-protected file to a network location or any removable storage device, and then import the file to the new computer. the "Migration File Import" page, click Finish. 48 Chapter 4 Privacy Manager for HP ProtectTools (select models only) - HP ProBook 4410s | HP ProtectTools - Windows Vista and Windows XP - Page 55
HP ProtectTools File Sanitizer is a tool that allows you to securely shred assets (personal information or files, historical or Web-related data, or other data components) on your computer and periodically bleach your hard drive. NOTE: File Sanitizer currently operates only on the hard drive manually - HP ProBook 4410s | HP ProtectTools - Windows Vista and Windows XP - Page 56
Double-click the File Sanitizer icon. - or - ● Right-click the HP ProtectTools icon in the notification area, at the far right of the taskbar browser. ● Scheduler - Select the Activate Scheduler check box, enter your Windows password, and then enter a day and time to shred selected assets. 3. Click - HP ProBook 4410s | HP ProtectTools - Windows Vista and Windows XP - Page 57
assets that you delete using the Windows Recycle Bin or for manually deleted assets. Free space bleaching provides no additional security to the Activate Scheduler check box, enter your Windows password, and then enter a day and time to bleach your hard drive. 3. Click Apply, and then click OK - HP ProBook 4410s | HP ProtectTools - Windows Vista and Windows XP - Page 58
then click Remove. 5. Under Do not shred the following, click Add to select the specific assets that you want to exclude from shredding. NOTE: Only file extensions can be excluded from click Add to select the specific assets that you want to exclude from shredding. 52 Chapter 5 File Sanitizer for - HP ProBook 4410s | HP ProtectTools - Windows Vista and Windows XP - Page 59
assets that you delete using the Windows Recycle Bin or for manually deleted assets. Free space bleaching provides no additional security to the Activate Scheduler check box, enter your Windows password, and then enter a day and time to bleach your hard drive. 3. Click Apply, and then click OK - HP ProBook 4410s | HP ProtectTools - Windows Vista and Windows XP - Page 60
remove an asset from the shred list, click the asset, and then click Remove. 5. Under Do not shred the following, click Add to select the specific assets that you want to exclude from shredding. 54 Chapter 5 File Sanitizer for - HP ProBook 4410s | HP ProtectTools - Windows Vista and Windows XP - Page 61
remove an asset from the delete list, click the asset, and then click Remove. 4. Under Do not delete the following, click Add to select the specific assets that you want to exclude from shredding. NOTE: Only file extensions can be excluded from deleting. For example, if you add the .BMP file - HP ProBook 4410s | HP ProtectTools - Windows Vista and Windows XP - Page 62
shredding one asset CAUTION: Shredded assets cannot be recovered. Carefully consider which items you select for manual shredding. 1. Right-click the HP ProtectTools icon in the notification area, at the far right of the taskbar, click File Sanitizer, and then click Shred One. 2. When the Browse - HP ProBook 4410s | HP ProtectTools - Windows Vista and Windows XP - Page 63
1. Open File Sanitizer, and click Shred. 2. Click the Shred Now button. 3. When the confirmation dialog box opens, click Yes. Manually shredding all selected items 1. Right-click the HP ProtectTools icon in the notification area, at the far right of the taskbar, click File Sanitizer, and then click - HP ProBook 4410s | HP ProtectTools - Windows Vista and Windows XP - Page 64
operation is performed, log files of any errors or failures are generated. The log files are always updated according to the latest shred or free space the hard drive at: ● C:\Program Files\Hewlett-Packard\File Sanitizer\[Username]_ShredderLog.txt ● C:\Program Files\Hewlett-Packard\File Sanitizer - HP ProBook 4410s | HP ProtectTools - Windows Vista and Windows XP - Page 65
and configuration settings. This gives users Windows access to system security features that are managed by Computer Setup. With BIOS Configuration, you can accomplish the following objectives: ● Manage administrator passwords. ● Configure other power-on authentication features, such as embedded - HP ProBook 4410s | HP ProtectTools - Windows Vista and Windows XP - Page 66
them. 4. If you are not an HP ProtectTools user, the BIOS Configuration software checks to see whether a BIOS administrator password has been set up. ● If a BIOS administrator password has been set up, you must enter it. ◦ If you enter the BIOS administrator password correctly, you can both view and - HP ProBook 4410s | HP ProtectTools - Windows Vista and Windows XP - Page 67
: Password changes take effect immediately with no need to restart the computer. Viewing system information Use the "File" page to view the following types of information: ● Identification information about the computer (including the serial number) and about batteries in the system ● Specification - HP ProBook 4410s | HP ProtectTools - Windows Vista and Windows XP - Page 68
to set a BIOS administrator password. System IDs Option Ownership Tag Asset Tracking Number Action Enter, view or change. Enter, view or change. TPM Embedded Security NOTE: This feature is supported only on computers equipped with the HP ProtectTools Embedded Security Chip (TPM). Option Reset of - HP ProBook 4410s | HP ProtectTools - Windows Vista and Windows XP - Page 69
power-on authentication. NOTE: This feature is supported only on computers with optional smart card readers. Enable or disable. Administrator Tools Option HP SpareKey Fingerprint Reset on Reboot (if present) Action Enable or disable. Enable or disable. Password Policy Option At least one symbol - HP ProBook 4410s | HP ProtectTools - Windows Vista and Windows XP - Page 70
Boot Popup Delay, in seconds. Enable or disable. Enable or disable. Enable or disable. Enable or disable. Enable or disable. Set the order in which system devices boot. 64 Chapter 6 BIOS Configuration for HP ProtectTools - HP ProBook 4410s | HP ProtectTools - Windows Vista and Windows XP - Page 71
mode Dual core CPU Secondary battery fast charge HP QuickLook 2 TXT technology Display Diagnostic URL HDD Translation Mode Virtualization technology Built-in device options Option Wireless Button State Embedded WWAN Device Radio Fingerprint Device Notebook MultiBay Network Interface Controller (LAN - HP ProBook 4410s | HP ProtectTools - Windows Vista and Windows XP - Page 72
. Secondary Battery Fast Charge Security Level Change, view, or hide. Embedded Security Device Availability Security Level Change, view, or hide. HDD Translation Mode Security Level Change, view, or hide. Fingerprint Device Security Level Change, view, or hide. Optical Disk Drive Security - HP ProBook 4410s | HP ProtectTools - Windows Vista and Windows XP - Page 73
Security Level SD Card Boot Security Level Boot From EFI File Security Level HP QuickLook 2 Security Level Wireless Button State Security Level Modem Device Security Level Finger Print reset Security Level HP SpareKey Security Level TXT Technology Security Level Diagnostic URL Security Level Change - HP ProBook 4410s | HP ProtectTools - Windows Vista and Windows XP - Page 74
: ● Enhanced Microsoft® Encryption File System (EFS) file and folder encryption ● Creation of a personal secure drive (PSD) for protecting user data ● Data management functions, such as backing up and restoring the key hierarchy ● Support for third - HP ProBook 4410s | HP ProtectTools - Windows Vista and Windows XP - Page 75
for HP ProtectTools. To enable the embedded security chip: 1. Open Computer Setup by turning on or restarting the computer, and then pressing f10 while the "f10 = ROM Based Setup" message is displayed in the lower-left corner of the screen. 2. If you have not set an administrator password, use - HP ProBook 4410s | HP ProtectTools - Windows Vista and Windows XP - Page 76
instructions. Setting up the basic user account Setting up a basic user account in Embedded Security accomplishes the following tasks: ● Produces a Basic User Key that protects encrypted information, and sets a Basic User Key password to protect the Basic User Key. ● Sets up a personal secure drive - HP ProBook 4410s | HP ProtectTools - Windows Vista and Windows XP - Page 77
Secure Drive After setting up the PSD, you are prompted to type the Basic User Key password at the next logon. If the Basic User Key password is encrypted. Files and folders on FAT partitions cannot be encrypted. ● System files and compressed files cannot be encrypted, and encrypted files cannot be - HP ProBook 4410s | HP ProtectTools - Windows Vista and Windows XP - Page 78
password. 5. Click OK. Advanced tasks Backing up and restoring The Embedded Security backup feature creates an archive that contains certification information to be restored in case of emergency. Creating a backup file To create a backup file: 1. Click Start, click All Programs, and then click HP - HP ProBook 4410s | HP ProtectTools - Windows Vista and Windows XP - Page 79
and then click HP ProtectTools Security Manager. 2. In the left pane, click Embedded Security, and then click Advanced. 3. In the right pane, under Owner Password, click Change. 4. Type the old owner password, and then set and confirm the new owner password. 5. Click OK. Resetting a user password An - HP ProBook 4410s | HP ProtectTools - Windows Vista and Windows XP - Page 80
the management, restoration, and transfer of keys and certificates. For details on migration, refer to the Embedded Security software Help. 74 Chapter 7 Embedded Security for HP ProtectTools (select models only) - HP ProBook 4410s | HP ProtectTools - Windows Vista and Windows XP - Page 81
computer system: ● Device profiles that are created for each user to define device access ● Device access that can be granted or denied on the basis of group membership Starting background service For device profiles to be applied, the HP ProtectTools Device Locking/Auditing background service must - HP ProBook 4410s | HP ProtectTools - Windows Vista and Windows XP - Page 82
This feature allows you to deny access to the following classes of devices: ● USB devices for all non-administrators ● All removable media (floppy disks, pen drives, etc.) for all non-administrators ● All DVD/CD-ROM drives for all non-administrators ● All serial and parallel ports for all non - HP ProBook 4410s | HP ProtectTools - Windows Vista and Windows XP - Page 83
More selections are available to allow specific users or groups of users to be granted or denied access to types of devices. Adding a user or a group 1. Click Start, click All Programs, and then click HP ProtectTools Security Manager. 2. In the left pane, click Device Access Manager, and then click - HP ProBook 4410s | HP ProtectTools - Windows Vista and Windows XP - Page 84
allow one user access to a specific device while denying access to all other members of that user's group for all devices in the class. To allow access to a specific device for one user but not the group: 1. Click Start, click All Programs, and then click HP ProtectTools Security Manager. 2. In the - HP ProBook 4410s | HP ProtectTools - Windows Vista and Windows XP - Page 85
create errors that prevent the user from performing or completing tasks. Some Web-based applications stop functioning and report errors due a specific Single Sign On cannot be disabled for a given application, call HP technical support and request 3rd-level support through your HP Service contact - HP ProBook 4410s | HP ProtectTools - Windows Vista and Windows XP - Page 86
(password, fingerprint, or Java Card) is selected. Update Windows to Service Pack 2 via Windows Update. Refer to Microsoft knowledge base article chip can be enabled using the f10 Computer Setup utility, BIOS Configuration, or HP Client Manager. To enable the TPM embedded security chip using - HP ProBook 4410s | HP ProtectTools - Windows Vista and Windows XP - Page 87
registered, the user must reregister the token to restore the association. This is currently by design. When uninstalling Credential Manager without keeping identities, the system (server) part of the token is destroyed, so the token cannot be used anymore for logging on, even if the client part of - HP ProBook 4410s | HP ProtectTools - Windows Vista and Windows XP - Page 88
during Embedded Security initialization, an error message is displayed. This is as designed. Storage of the recovery archive on removable media is not supported. The recovery archive can be stored on a network drive or on another local drive other than the C drive. 82 Chapter 9 Troubleshooting - HP ProBook 4410s | HP ProtectTools - Windows Vista and Windows XP - Page 89
Wizard, the following error message is displayed: click Embedded Security. 6. Set the Embedded Security Device option to Enable. 7. Press f10 to accept password. When the module has been enabled, the user can remove the password. This allows anyone with direct access to the system to reset - HP ProBook 4410s | HP ProtectTools - Windows Vista and Windows XP - Page 90
the PSD when the removable hard drive is not present, an error message is displayed stating that the device is not ready. During password authentication, since this is a feature of the Microsoft EFS encryption. Decryption will require the user password to be supplied. 84 Chapter 9 Troubleshooting - HP ProBook 4410s | HP ProtectTools - Windows Vista and Windows XP - Page 91
location, and the restore process proceeds. ● Resets the chip to factory settings in the BIOS. ● Reboots the computer. ● Begins to be deleted after formatting the hard drive on which the PSD was generated. The PSD icon is still visible, but the error message drive is not accessible is displayed - HP ProBook 4410s | HP ProtectTools - Windows Vista and Windows XP - Page 92
the following error message is Resetting the system ROM to default hides the TPM to Windows. This does not allow the security software to operate properly and makes TPM-encrypted data inaccessible. Unhide the TPM in BIOS: Open the Computer Setup (f10) Utility, navigate to Security > Device - HP ProBook 4410s | HP ProtectTools - Windows Vista and Windows XP - Page 93
a specific time, however, the backup fails without displaying notice of the failure. Embedded Security cannot be temporarily disabled in the Embedded Security GUI. The current 4.0 software was designed for HP Notebook 1.1B implementations, as well as supporting HP Desktop 1.2 implementations. HP - HP ProBook 4410s | HP ProtectTools - Windows Vista and Windows XP - Page 94
has started. As an administrative user, browse to Control Panel > Administrative Tools > Services. In the Services window, search for the HP ProtectTools Device Locking/Auditing service. Be sure that the service is started and that the startup type is Automatic. A user has unexpected access to - HP ProBook 4410s | HP ProtectTools - Windows Vista and Windows XP - Page 95
Device driver library version 2.0.0.9 (or greater) 5. If the FW version does not match 2.18, download and update the TPM firmware. The TPM Firmware SoftPaq is a support download available on the HP Web site at http://www.hp.com. HP ProtectTools Security Intermittently (1 in 12 instances), an error - HP ProBook 4410s | HP ProtectTools - Windows Vista and Windows XP - Page 96
Embedded Security options (including Power-on authentication support). However, after reenabling Embedded Security Device, Power-on authentication support remains enabled. HP is working on a resolution, which will be provided in future Web-based ROM SoftPaq offerings. 90 Chapter 9 Troubleshooting - HP ProBook 4410s | HP ProtectTools - Windows Vista and Windows XP - Page 97
log on to the system using the TPM password, but, if the user presses f10 to access the BIOS, the user is granted Read rights access only. To be able to write to BIOS, the user must type the BIOS password instead of the TPM password at the Poweron Authentication window. The BIOS asks for both the - HP ProBook 4410s | HP ProtectTools - Windows Vista and Windows XP - Page 98
chip during startup by entering the correct TPM Basic User Key password, the BIOS unlocks the hard drive for the user. automatic shredding. Scheduled shredding that the user sets in File Sanitizer for HP ProtectTools. Automatic Technology Manager (ATM). Allows network administrators to manage - HP ProBook 4410s | HP ProtectTools - Windows Vista and Windows XP - Page 99
without having to log in again at the Windows logon screen. DriveLock Security feature that links the hard drive to a user and requires the user to correctly type the DriveLock password when the computer starts up. emergency recovery archive. Protected storage area that allows the reencryption of - HP ProBook 4410s | HP ProtectTools - Windows Vista and Windows XP - Page 100
certificate. The password is required when the user wants to revoke his or her digital certificate. This ensures that only the user may revoke the certificate. SATA device mode. Data transfer mode between a computer and mass storage devices, such as hard drives and optical drives. seal for trusted - HP ProBook 4410s | HP ProtectTools - Windows Vista and Windows XP - Page 101
specific to the host system, such as encryption keys, digital certificates, and passwords Trusted Execution Technology. USB token. Security device that stores identifying information about a user. reader. The token is saved either on the computer hard drive or in the Windows registry. When you log on - HP ProBook 4410s | HP ProtectTools - Windows Vista and Windows XP - Page 102
troubleshooting 79 user verification 25 virtual token, creating 15 Windows Logon 16 Windows logon password, changing 15 Windows logon, allow 24 D data, restricting access to 6 decrypting a drive 26 Device Access Manager for HP ProtectTools background service 75 device class configuration 77 device - HP ProBook 4410s | HP ProtectTools - Windows Vista and Windows XP - Page 103
definition 9 setting 70 P password Basic User Key 72 BIOS administrator 60 changing owner 73 emergency recovery token 70 guidelines 10 HP ProtectTools 8 managing 8 owner 70 policies, creating 7 resetting user 73 secure, creating 10 Windows 60 Windows logon 15 personal secure drive (PSD) 71 Index 97 - HP ProBook 4410s | HP ProtectTools - Windows Vista and Windows XP - Page 104
sessions for a range of dates 47 displaying sessions for a specific account 47 displaying sessions that are saved in a folder other setup password 9 setting boot options 63 built-in device options 63 device configuration options 63 port options 63 security options 62 system configuration - HP ProBook 4410s | HP ProtectTools - Windows Vista and Windows XP - Page 105
boot options 63 built-in device options 63 device configuration options 63 port options 63 system configuration options 63 T targeted theft, protecting against 6 token, Credential Manager 13 TPM chip enabling 69 initializing 70 troubleshooting Credential Manager 79 Device Access Manager 88 Embedded - HP ProBook 4410s | HP ProtectTools - Windows Vista and Windows XP - Page 106
HP ProtectTools
User Guide