Home » HP Manuals » Laptops » HP ProBook 6360b » Manual Viewer

HP ProBook 6360b HP ProtectTools Getting Started - Windows 7 and Windows Vista - Page 97

Advanced Settings, Device Administrators group, Device Class Configuration, Simple Configuration

Add to My Manuals
Save this manual to your list of manuals

Page 97 highlights

Advanced Settings Advanced Settings provides the following functions: ● Management of the Device Administrators group ● Management of drive letters to which Device Access Manager never denies access. The Device Administrators group is used to exclude trusted users (trusted in terms of device access) from the restrictions imposed by a Device Access Manager policy. Trusted users usually include system administrators. Refer to Device Administrators group on page 89 for more information. The Advanced Settings view also enables the administrator to configure a list of drive letters to which Device Access Manager will not restrict access for any user. NOTE: The Device Access Manager background services must be running when the list of drive letters is configured. To start these services: 1. Apply a Simple Configuration policy, such as denying all non-device administrators access to removable media. - or - Open a command prompt window with Administrator privileges, and then type: sc start flcdlock Press enter. 2. When the services are started, the drive list can be edited. Enter the drive letters of devices that you do not want Device Access Manager to control. The drive letters are displayed for physical hard disks or partitions. NOTE: Whether or not the system drive (typically C) is in this list, access to it will never be denied for any user. Device Administrators group When Device Access Manager is installed, a Device Administrators group is created. The Device Administrators group is used to exclude trusted users (trusted in terms of device access) from the restrictions imposed by a Device Access Manager policy. Trusted users usually include system administrators. NOTE: Adding a user to the Device Administrators group does not automatically allow the user to access devices. In the Device Class Configuration view, if the Users group is denied access to a device, the Device Administrators group must be granted access in order for members of the group to have access to the device. However, the Simple Configuration view can be used to deny access to device classes for all users who are not members of the Device Administrators group. To add users to the Device Administrators group: 1. In the Advanced Settings view, click +. 2. Enter the user name of the trusted user. Advanced Settings 89

Section	Page
Introduction to security	9
HP ProtectTools features	10
HP ProtectTools security product description and common use examples	12
Credential Manager for HP ProtectTools	12
Drive Encryption for HP ProtectTools	12
File Sanitizer for HP ProtectTools	13
Device Access Manager for HP ProtectTools	13
Privacy Manager for HP ProtectTools	14
Computrace for HP ProtectTools (formerly LoJack Pro)	14
Embedded Security for HP ProtectTools (select models only)	14
Achieving key security objectives	16
Protecting against targeted theft	16
Restricting access to sensitive data	16
Preventing unauthorized access from internal or external locations	16
Creating strong password policies	17
Additional security elements	18
Assigning security roles	18
Managing HP ProtectTools passwords	18
Creating a secure password	20
Backing up and restoring HP ProtectTools credentials	20
Getting started with the Setup Wizard	21
HP ProtectTools Security Manager Administrative Console	23
Opening HP ProtectTools Administrative Console	24
Using Administrative Console	25
Configuring your system	26
Setting up authentication for your computer	26
Logon Policy	26
Session Policy	27
Settings	27
Managing users	27
Credentials	28
SpareKey	28
Fingerprints	28
Smart card	29
Face	29
Configuring your applications	30
General tab	30
Applications tab	30
Central Management	30
HP ProtectTools Security Manager	31
Opening Security Manager	32
Using the Security Manager dashboard	33
Security Applications Status	34
My Logons	35
Password Manager	35
For Web pages or programs where a logon has not yet been created	35
For Web pages or programs where a logon has already been created	36
Adding logons	36
Editing logons	37
Using the Logons menu	38
Organizing logons into categories	38
Managing your logons	38
Assessing your password strength	39
Password Manager icon settings	39
VeriSign Identity Protection (VIP)	40
Settings	41
Credential Manager	41
Changing your Windows password	41
Setting up your SpareKey	42
Enrolling your fingerprints	42
Setting up a smart card	43
Initializing the smart card	43
Registering the smart card	43
Configuring the smart card	44
Enrolling scenes for face logon	44
Advanced User Settings	45
Your personal ID card	47
Setting your preferences	47
Backing up and restoring your data	48
Drive Encryption for HP ProtectTools (select models only)	50
Opening Drive Encryption	51
General tasks	52
Activating Drive Encryption for standard hard drives	52
Activating Drive Encryption for self-encrypting drives	52
Deactivating Drive Encryption	54
Logging in after Drive Encryption is activated	54
Protect your data by encrypting your hard drive	56
Displaying encryption status	56
Advanced tasks	57
Managing Drive Encryption (administrator task)	57
Encrypting or decrypting individual drives (software encryption only)	57
Backup and recovery (administrator task)	58
Backing up encryption keys	58
Recovering encryption keys	58
Privacy Manager for HP ProtectTools (select models only)	59
Opening Privacy Manager	60
Setup procedures	61
Managing Privacy Manager Certificates	61
Requesting a Privacy Manager Certificate	61
Obtaining a preassigned Corporate Privacy Manager Certificate	62
Setting up a Privacy Manager Certificate	62
Importing a third-party certificate	62
Viewing Privacy Manager Certificate details	63
Renewing a Privacy Manager Certificate	63
Setting a default Privacy Manager Certificate	63
Deleting a Privacy Manager Certificate	64
Restoring a Privacy Manager Certificate	64
Revoking your Privacy Manager Certificate	64
Managing Trusted Contacts	65
Adding Trusted Contacts	65
Adding a Trusted Contact	65
Adding Trusted Contacts using Microsoft Outlook contacts	66
Viewing Trusted Contact details	67
Deleting a Trusted Contact	67
Checking revocation status for a Trusted Contact	67
General tasks	68
Using Privacy Manager in Microsoft Outlook	68
Configuring Privacy Manager for Microsoft Outlook	68
Signing and sending an e-mail message	68
Sealing and sending an e-mail message	69
Viewing a sealed e-mail message	69
Using Privacy Manager in a Microsoft Office 2007 document	69
Configuring Privacy Manager for Microsoft Office	70
Signing a Microsoft Office document	70
Adding a signature line when signing a Microsoft Word or Microsoft Excel document	70
Adding suggested signers to a Microsoft Word or Microsoft Excel document	70
Adding a suggested signer's signature line	71
Encrypting a Microsoft Office document	71
Removing encryption from a Microsoft Office document	72
Sending an encrypted Microsoft Office document	72
Viewing a signed Microsoft Office document	72
Viewing an encrypted Microsoft Office document	73
Advanced tasks	74
Migrating Privacy Manager Certificates and Trusted Contacts to a different computer	74
Backing up Privacy Manager Certificates and Trusted Contacts	74
Restoring Privacy Manager Certificates and Trusted Contacts	74
Central administration of Privacy Manager	75
File Sanitizer for HP ProtectTools	76
Shredding	77
Free space bleaching	78
Opening File Sanitizer	79
Setup procedures	80
Setting a shred schedule	80
Setting a free space bleaching schedule	80
Selecting or creating a shred profile	81
Selecting a predefined shred profile	81
Customizing a shred profile	81
Customizing a simple delete profile	82
General tasks	84
Using a key sequence to initiate shredding	84
Using the File Sanitizer icon	85
Manually shredding one asset	85
Manually shredding all selected items	85
Manually activating free space bleaching	86
Aborting a shred or free space bleaching operation	86
Viewing the log files	86
Device Access Manager for HP ProtectTools (select models only)	87
Opening Device Access Manager	88
Setup Procedures	89
Configuring device access	89
Simple Configuration	89
Starting the background service	90
Device Class Configuration	90
Denying access to a user or group	92
Allowing access for a user or a group	92
Allowing access to a class of devices for one user of a group	93
Allowing access to a specific device for one user of a group	93
Removing settings for a user or a group	94
Resetting the configuration	94
JITA Configuration	94
Creating a JITA for a user or group	95
Creating an extendable JITA for a user or group	95
Disabling a JITA for a user or group	96
Advanced Settings	97
Device Administrators group	97
eSATA Support	98
Unmanaged Device Classes	98
Theft recovery	100
Embedded Security for HP ProtectTools (select models only)	101
Setup procedures	102
Enabling the embedded security chip in Computer Setup	102
Initializing the embedded security chip	103
Setting up the basic user account	104
General tasks	105
Using the personal secure drive	105
Encrypting files and folders	105
Sending and receiving encrypted e-mail	105
Changing the Basic User Key password	106
Advanced tasks	107
Backing up and restoring	107
Creating a backup file	107
Restoring certification data from the backup file	107
Changing the owner password	108
Resetting a user password	108
Migrating keys with the Migration Wizard	109
Localized password exceptions	110
Windows IMEs not supported at the Preboot Security level or the HP Drive Encryption level	110
Password changes using keyboard layout that is also supported	111
Special key handling	112
What to do when a password is rejected	114
Glossary	115

Match case Limit results 1 per page

Advanced Settings

Advanced Settings provides the following functions:

●

Management of the Device Administrators group

●

Management of drive letters to which Device Access Manager never denies access.

The Device Administrators group is used to exclude trusted users (trusted in terms of device access)

from the restrictions imposed by a Device Access Manager policy. Trusted users usually include

system administrators. Refer to

Device Administrators group

on page

for more information.

The

Advanced Settings

view also enables the administrator to configure a list of drive letters to

which Device Access Manager will not restrict access for any user.

NOTE:

The Device Access Manager background services must be running when the list of drive

letters is configured.

To start these services:

Apply a Simple Configuration policy, such as denying all non-device administrators access to

removable media.

– or –

Open a command prompt window with Administrator privileges, and then type:

sc start flcdlock

Press

enter

When the services are started, the drive list can be edited. Enter the drive letters of devices that

you do not want Device Access Manager to control.

The drive letters are displayed for physical hard disks or partitions.

NOTE:

Whether or not the system drive (typically C) is in this list, access to it will never be

denied for any user.

Device Administrators group

When Device Access Manager is installed, a Device Administrators group is created.

The Device Administrators group is used to exclude trusted users (trusted in terms of device access)

from the restrictions imposed by a Device Access Manager policy. Trusted users usually include

system administrators.

NOTE:

Adding a user to the Device Administrators group does not automatically allow the user to

access devices. In the

Device Class Configuration

view, if the Users group is denied access to a

device, the Device Administrators group must be granted access in order for members of the group to

have access to the device. However, the

Simple Configuration

view can be used to deny access to

device classes for all users who are not members of the Device Administrators group.

To add users to the Device Administrators group:

In the

Advanced Settings

view, click

Enter the user name of the trusted user.

Advanced Settings