HP ProtectTools Getting Started
© Copyright 2007 Hewlett-Packard Development Company, L.P. Microsoft and Windows are U.S. registered trademarks of Microsoft Corporation. Intel is a trademark or registered trademark of Intel Corporation or its subsidiaries in the United States and other countries. AMD, the AMD Arrow logo and combinations thereof are trademarks of Advanced Micro Devices, Inc. Bluetooth is a trademark owned by its proprietor and used by Hewlett-Packard Company under license. Java is a US trademark of Sun Microsystems, Inc.
Table of contents 1 Introduction Accessing the HP ProtectTools Security Manager ............................................................................... 2 Understanding security roles ................................................................................................................ 2 Managing HP ProtectTools passwords ................................................................................................ 3 Creating a secure password ............................................
Creating a backup Java Card ............................................................................ 24 4 Embedded Security for HP ProtectTools Setup procedures ............................................................................................................................... 26 Enabling the embedded security chip ................................................................................ 26 Initializing the embedded security chip ........................................................
Registering credentials ...................................................................................................... 46 Registering fingerprints ..................................................................................... 46 Setting up the fingerprint reader ....................................................... 47 Using your registered fingerprint to log on to Windows .................... 47 Registering a Java Card, smart card, token, or virtual token ............................
Denying access to a user or group .................................................................................... 66 Allowing access to a device class for one user of a group ................................................ 66 Allowing access to a specific device for one user of a group ............................................ 67 Glossary .............................................................................................................................................................
1 Introduction HP ProtectTools Security Manager software provides security features that help protect against unauthorized access to the computer, networks, and critical data.
Accessing the HP ProtectTools Security Manager To access the HP ProtectTools Security Manager from the Windows® Control Panel: ▲ Select Start > All Programs > HP ProtectTools Security Manager. NOTE After you have configured the Credential Manager module, you can also open HP ProtectTools by logging on to Credential Manager directly from the Windows logon screen. For more information, refer to “Logging on to Windows with Credential Manager,” in Chapter 6 "Credential Manager for HP ProtectTools.
Managing HP ProtectTools passwords Most of the HP ProtectTools Security Manager features are secured by passwords. The following table lists the commonly used passwords, the software module where the password is set, and the password function. The passwords that are set and used by IT administrators only are indicated in this table as well. All other passwords may be set by regular users or administrators.
HP ProtectTools password Set in this HP ProtectTools module Function Emergency Recovery Token password Embedded Security, by IT administrator Protects access to the Emergency Recovery Token, which is a backup file for the embedded security chip. Owner password Embedded Security, by IT administrator Protects the system and the TPM chip from unauthorized access to all owner functions of Embedded Security.
Creating a secure password When creating passwords, you must first follow any specifications that are set by the program. In general, however, consider the following guidelines to help you create strong passwords and reduce the chances of your password being compromised: ENWW ● Use passwords with more than 6 characters, preferably more than 8. ● Mix the case of letters throughout your password. ● Whenever possible, mix alphanumeric characters and include special characters and punctuation marks.
2 Smart Card Security for HP ProtectTools Smart Card Security for HP ProtectTools manages the smart card setup and configuration for computers equipped with an optional smart card reader. With Smart Card Security, you can 6 ● Access smart card security features. ● Initialize a smart card so that it can be used with other HP ProtectTools modules, such as Credential Manager for HP ProtectTools.
Initializing the smart card You must initialize the smart card before using it. To initialize the smart card: 1. Insert the smart card into the reader. 2. Select Start > All Programs > HP ProtectTools Security Manager. 3. In the left pane, click Smart Card Security, and then click Smart Card. 4. In the right pane, click Initialize. 5. Type your name in the first box in the Initialize the smart card dialog box. 6. Set and confirm the smart card PIN in the appropriate boxes.
Smart card BIOS security mode When enabled, smart card BIOS security mode requires you to use a smart card to start the computer. The process of enabling smart card BIOS security mode involves the following steps: 1. Enable Smart Card Power-on Authentication Support in BIOS Configuration. Refer to “Enabling and disabling smart card or Java Card power-on authentication support,” in Chapter 5, “BIOS Configuration for HP ProtectTools.
Enabling smart card BIOS security mode and setting the smart card administrator password To enable smart card BIOS security mode and set the smart card administrator password: 1. Select Start > All Programs > HP ProtectTools Security Manager. 2. In the left pane, click Smart Card Security, and then click BIOS. 3. In the right pane, under BIOS Security Mode, click Enable. 4. Click Next. 5. Enter the Computer Setup setup password at the prompt, and then click Next. 6.
Changing the smart card administrator password The smart card administrator password is set as part of the process for enabling smart card BIOS security mode. You can change the smart card administrator password after it has been set. Refer to “Smart card BIOS security mode,” earlier in this chapter, for more information about the smart card administrator password. NOTE The following procedure updates the smart card administrator password stored on the card and in Computer Setup.
Setting and changing the smart card user password To set or change the smart card user password: 1. Select Start > All Programs > HP ProtectTools Security Manager. 2. In the left pane, click Smart Card Security, and then click BIOS. 3. In the right pane, under BIOS Security Mode, next to BIOS user card, click the Set button. NOTE If there is already a user password in Computer Setup, click the Change button. 4. Enter the smart card PIN and click Next. 5. Insert the new user card and click Next. 6.
Storing the administrator or user card password If you want to create a backup card and have already set the administrator password, you can store the password on the new card. CAUTION This procedure updates only the password on the card and not in Computer Setup. You will not be able to access the computer with the new card. To store the administrator or user card password: 1. Insert a smart card into the reader. 2. Select Start > All Programs > HP ProtectTools Security Manager. 3.
General tasks Updating BIOS smart card settings To require a smart card PIN when you restart the computer: 1. Select Start > All Programs > HP ProtectTools Security Manager. 2. In the left pane, click Smart Card Security, and then click BIOS. 3. In the right pane, under Smart Card BIOS Password Properties, click Settings. 4. select the check box to require a PIN at reboot. NOTE To eliminate this requirement, clear the check box. 5. Enter the smart card PIN and click OK.
Backing up and restoring smart cards After you have initialized a smart card and the card is ready for use, it is highly recommended that you create a smart card recovery file. The recovery file can be used to transfer the smart card data from one smart card to another smart card. This file can also be used to back up the original smart card or to restore the data when a smart card is lost or stolen.
Restoring smart card data You can restore the smart card data from the recovery file. This is especially useful if a card was lost or stolen, or if you want to create a backup smart card. If you use a card with previous data saved on it, the data will be overwritten. Before you begin, you will need the following: ● Access to a computer with Smart Card Security software installed ● Smart card recovery file ● Smart card recovery file password ● Smart card To restore a smart card: ENWW 1.
Creating a backup smart card It is highly recommended that you create duplicate smart cards for backup purposes. Two methods can be used to create a backup card, depending upon whether the smart card password was manually or randomly generated. To create a replacement smart card with a randomly generated smart card password: ▲ Insert a smart card into the reader, and then load the appropriate recovery file onto it. For more information, refer to “Restoring smart card data,” earlier in this chapter.
3 Java Card Security for HP ProtectTools Java Card Security for HP ProtectTools manages the Java Card setup and configuration for computers equipped with an optional smart card reader. With Java Card Security, you can ENWW ● Access Java Card security features. ● Work with the Computer Setup utility to enable Java Card authentication in a power-on environment, and to configure separate Java Cards for an administrator and a user.
General tasks The “General” page allows you to perform the following tasks: ● Change a Java Card PIN ● Select the smart card reader NOTE The smart card reader uses both Java Cards and smart cards. This feature is available if you have more than one smart card reader on the computer. Changing a Java Card PIN To change a Java Card PIN: NOTE The Java Card PIN must be between 4 and 8 numeric characters. 1. Select Start > All Programs > HP ProtectTools Security Manager. 2.
Advanced tasks (administrators only) The “Advanced” page allows you to perform the following tasks: ● Assign a Java Card PIN ● Assign a name to a Java Card ● Set power-on authentication ● Back up and restore Java Cards NOTE You must have a Computer Setup setup password in order to get to the “Advanced” page. Assigning a Java Card PIN You must assign a PIN to a Java Card before it can be used for power-on authentication.
Assigning a name to a Java Card You must assign a name to a Java Card before it can be used for power-on authentication. To assign a name to a Java Card: 1. Select Start > All Programs > HP ProtectTools Security Manager. 2. In the left pane, click Java Card Security, and then click Advanced. 3. When the Setup Password dialog box displays, enter your Computer Setup setup password, and then click OK. 4. Insert the Java Card into the smart card reader.
Enabling Java Card power-on authentication and creating an administrator Java Card To enable Java Card power-on authentication: 1. Select Start > All Programs > HP ProtectTools Security Manager. 2. In the left pane, click Java Card Security, and then click Advanced. 3. When the Computer Setup Password dialog box displays, enter your Computer Setup setup password, and then click OK. 4. Insert the Java Card into the smart card reader.
Creating a user Java Card NOTE Power-on authentication and an administrator card must be set up in order to create a user Java Card. To create a user Java Card: 1. Select Start > All Programs > HP ProtectTools Security Manager. 2. In the left pane, click Java Card Security, and then click Advanced. 3. When the Setup Password dialog box displays, enter your Computer Setup setup password, and then click OK. 4. Insert a Java Card that will be used as a user card. 5.
Backing up and restoring Java Cards After you have assigned power-on authentication identity to a Java Card, it is highly recommended that you create a Java Card recovery file. The recovery file can be used to transfer the Java Card power-on authentication identity data from one Java Card to another Java Card. This file can also be used to back up the original Java Card or to restore the data when a Java Card is lost or stolen.
Restoring Java Card data You can restore the Java Card data from the recovery file. This is especially useful if a card was lost or stolen, or if you want to create a backup Java Card. If you use a card with previous data saved on it, the data will be overwritten. Before you begin, you will need the following: ● Access to a computer with Java Card Security software installed ● Java Card recovery file ● Java Card recovery file password ● Java Card To restore a Java Card: 1.
4 Embedded Security for HP ProtectTools NOTE The integrated Trusted Platform Module (TPM) embedded security chip must be installed in your computer to use Embedded Security for HP ProtectTools. Embedded Security for HP ProtectTools protects against unauthorized access to user data or credentials.
Setup procedures CAUTION To reduce security risk, it is highly recommended that your IT administrator immediately initialize the embedded security chip. Failure to initialize the embedded security chip could result in an unauthorized user, a computer worm, or a virus taking ownership of the computer and gaining control over the owner tasks, such as handling the emergency recovery archive, and configuring user access settings.
Initializing the embedded security chip In the initialization process for Embedded Security, you will ● Set an owner password for the embedded security chip that protects access to all owner functions on the embedded security chip. ● Set up the emergency recovery archive, which is a protected storage area that allows reencryption of the Basic User Keys for all users. To initialize the embedded security chip: 1.
Setting up the basic user account Setting up a basic user account in Embedded Security ● Produces a Basic User Key that protects encrypted information, and sets a Basic User Key password to protect the Basic User Key. ● Sets up a personal secure drive (PSD) for storing encrypted files and folders. CAUTION Safeguard the Basic User Key password. Encrypted information cannot be accessed or recovered without this password. To set up a basic user account and enable the user security features: 1.
General tasks After the basic user account is set up, you can perform the following tasks: ● Encrypting files and folders ● Sending and receiving encrypted e-mail Using the Personal Secure Drive After setting up the PSD, you are prompted to enter the Basic User Key password at the next logon. If the Basic User Key password is entered correctly, you can access the PSD directly from Windows Explorer.
Changing the Basic User Key password To change the Basic User Key password: 30 1. Select Start > All Programs > HP ProtectTools Security Manager. 2. In the left pane, click Embedded Security, and then click User Settings. 3. In the right pane, under Basic User Key password, click Change. 4. Type the old password, and then set and confirm the new password. 5. Click OK.
Advanced tasks Backing up and restoring The Embedded Security backup feature creates an archive that contains certification information to be restored in case of emergency. Creating a backup file To create a backup file: 1. Select Start > All Programs > HP ProtectTools Security Manager. 2. In the left pane, click Embedded Security, and then click Backup. 3. In the right pane, click Backup. 4. Click Browse to choose the location where the backup file will be saved. 5.
Changing the owner password To change the owner password: 1. Select Start > All Programs > HP ProtectTools Security Manager. 2. In the left pane, click Embedded Security, and then click Advanced. 3. In the right pane, under Owner Password, click Change. 4. Type the old owner password, and then set and confirm the new owner password. 5. Click OK. Resetting a user password An administrator can help a user to reset a forgotten password. For more information, refer to the online Help.
Migrating keys with the Migration Wizard Migration is an advanced administrator task that allows the management, restoration, and transfer of keys and certificates. For details on migration, refer to the Embedded Security online Help.
5 BIOS Configuration for HP ProtectTools BIOS Configuration for HP ProtectTools provides access to the Computer Setup utility security and configuration settings. This gives users Windows access to system security features that are managed by Computer Setup. With BIOS Configuration, you can ● Manage power-on passwords and administrator passwords. ● Configure other power-on authentication features, such as enabling smart card passwords and embedded security authentication support.
General tasks BIOS Configuration allows you to manage various computer settings that would otherwise be accessible only by pressing f10 at startup and entering Computer Setup. Managing boot options You can use BIOS Configuration to manage various settings for tasks that run when you turn on or restart the computer. To manage boot options: 1. Select Start > All Programs > HP ProtectTools Security Manager. 2. In the left pane, click BIOS Configuration. 3.
Enabling and disabling system configuration options NOTE Some of the items listed below may not be supported by your computer. To enable or disable devices or security options: 1. Select Start > All Programs > HP ProtectTools Security Manager. 2. In the left pane, click BIOS Configuration. 3. Enter your Computer Setup administrator password at the BIOS administrator password prompt, and then click OK. 4.
● 5.
Advanced tasks Managing HP ProtectTools settings Some of the features of HP ProtectTools Security Manager can be managed in BIOS Configuration. Enabling and disabling smart card or Java Card power-on authentication support Enabling this option allows you to use the smart card or the Java Card for user authentication when you turn on the computer.
Enabling and disabling power-on authentication support for Embedded Security Enabling this option allows the system to use the TPM embedded security chip (if available) for user authentication when you turn on the computer. NOTE To fully enable the power-on authentication feature, you must also configure the TPM embedded security chip using the Embedded Security for HP ProtectTools module. To enable power-on authentication support for embedded security: 1.
Enabling and disabling Automatic DriveLock hard drive protection When this option is enabled, the DriveLock passwords will be automatically generated and set in the drive, and protected by the TPM embedded security chip. NOTE The automatically generated passwords will not be set in the drive until the computer is restarted and you successfully enter the TPM embedded security password at the password prompt.
If you have set a setup password, you will be prompted for the password before opening the BIOS Configuration portion of HP ProtectTools. NOTE After you have set a setup password, the Set button on the “Passwords” page is replaced by a Change button. Setting the power-on password To set the power-on password: 1. Select Start > All Programs > HP ProtectTools Security Manager. 2. In the left pane, click BIOS Configuration, and then click Security. 3.
Changing the setup password To change the Computer Setup setup password: 1. Select Start > All Programs > HP ProtectTools Security Manager. 2. In the left pane, click BIOS Configuration, and then click Security. 3. In the right pane, next to Setup Password, click Change. 4. Type the current password in the Old Password box. 5. Type and confirm the new password in the Enter New Password and Verify New Password boxes. 6. Click OK in the Passwords dialog box. 7.
ENWW 3. In the right pane, under Password Options, enable or disable Require password on restart. 4. Click Apply, and then click OK in the HP ProtectTools window to save your changes.
6 Credential Manager for HP ProtectTools Credential Manager for HP ProtectTools has security features that provide protection against unauthorized access to your computer. These features include the following: 44 ● Alternatives to passwords when logging on to Windows, such as using a smart card or biometric reader to log on to Windows. For additional information, refer to “Registering credentials,” later in this chapter.
Setup procedures Logging on to Credential Manger Depending on the configuration, you can log on to Credential Manager in any of the following ways: ● Credential Manager Logon Wizard (preferred) ● HP ProtectTools Security Manager icon in the notification area ● HP ProtectTools Security Manager NOTE If you use the Credential Manager Logon prompt on the Windows Logon screen to log on to Credential Manager, you are logged on to Windows at the same time.
Logging on for the first time Before you begin, you must be logged on to Windows with an administrator account, but not logged on to Credential Manager. 1. Open HP ProtectTools Security Manager by double-clicking the HP ProtectTools Security Manager icon in the notification area. The HP ProtectTools Security Manager window opens. 2. In the left pane, click Credential Manager, and then click Log On in the upper-right corner of the right pane. The Credential Manager Logon Wizard opens. 3.
Setting up the fingerprint reader 1. After logging on to Credential Manager, swipe your finger across the fingerprint reader. The Credential Manager Registration Wizard opens. 2. Click Next. NOTE By default, Credential Manager requires registration of at least 2 different fingers. The right index finger is the default finger for enrolling the first fingerprint. You can change the default by clicking the finger you want to register first, on either the left hand or the right hand.
5. Click the authentication method you want to register, and then click Next. 6. Follow the on-screen instructions to complete the registration. Registering a USB eToken 1. Be sure that the USB eToken drivers are installed. NOTE Refer to the USB eToken user guide for more information. 2. Select Start > All Programs > HP ProtectTools Security Manager. 3. In the left pane, click Credential Manager. 4. In the right pane, click Register Smart Card or Token.
General tasks All users have access to the “My Identity” page in Credential Manager. From the “My Identity” page, you can perform the following tasks: ● Creating a virtual token ● Changing the Windows logon password ● Managing a token PIN ● Managing identity ● Locking the computer NOTE This option is available only if the Credential Manager classic logon prompt is enabled. See “Example 1—Using the “Advanced Settings” page to allow Windows logon from Credential Manager.
5. Type your new password in the New password and Confirm password boxes. 6. Click Finish. Changing a token PIN 1. Select Start > All Programs > HP ProtectTools Security Manager. 2. In the left pane, click Credential Manager. 3. In the right pane, click Change Token PIN. 4. Select the token for which you want to change the PIN, and then click Next. 5. Follow the on-screen instructions to complete the PIN change.
Restoring an Identity To restore an identity: 1. Select Start > All Programs > HP ProtectTools Security Manager. 2. In the left pane, click Credential Manager. 3. In the right pane, click Restore Identity. 4. On the “Device Type” page, select the device type where the backup is stored, and then click Next. NOTE You will need to know the password or PIN for the device you select for the backup file. 5. Follow the on-screen instructions, and then click Finish. 6.
Locking the computer This feature is available if you log on to Windows using Credential Manager. To secure your computer when you are away from your desk, use the Lock Workstation feature. This prevents unauthorized users from gaining access to your computer. Only you and members of the administrators group on your computer can unlock it. NOTE This option is available only if the Credential Manager classic logon prompt is enabled.
Adding an account 1. Select Start > All Programs > HP ProtectTools Security Manager. 2. In the left pane, click Credential Manager, and then click Services and Applications. 3. In the right pane, click Windows Logon, and then click Add a Network Account. The Add Network Account Wizard opens. 4. Type the user name for the new account in the User name box, or click Browse to find a user name. 5. Click the domain from the list of available domains. 6. Type and confirm the password.
Using automatic registration 1. Open an application that requires you to log on. 2. Click the Credential Manager SSO icon in the program or Web site password dialog box. 3. Enter your password for the program or Web site and click OK. The Credential Manager Single Sign On dialog box opens. 4. Click More and select from the following options: 5. ● Do not use SSO for this site or application. ● Prompt to select account for this application. ● Fill in credentials but do not submit.
● Authenticate user before submitting credentials. ● Show SSO shortcut for this application. 12. Click Yes to complete the registration. Managing applications and credentials Modifying application properties 1. Select Start > All Programs > HP ProtectTools Security Manager. 2. In the left pane, click Credential Manager, and then click Services and Applications. 3. In the right pane, under Single Sign On, click Manage Applications and Credentials. 4.
Importing an application 1. Select Start > All Programs > HP ProtectTools Security Manager. 2. In the left pane, click Credential Manager, and then click Services and Applications. 3. In the right pane, under Single Sign On, click Manage Applications and Credentials. 4. Click the application entry you want to import. Then select More > Applications > Import Script. 5. Follow the on-screen instructions to complete the import. 6. Click OK. Modifying credentials 1.
Using Application Protection This feature allows you to configure access to applications. You can restrict access based on the following criteria: ● Category of user ● Time of use ● User inactivity Restricting access to an application 1. Select Start > All Programs > HP ProtectTools Security Manager. 2. In the left pane, click Credential Manager, and then click Services and Applications. 3. In the right pane, under Application Protection, click Manage Protected Applications.
3. In the right pane, under Application Protection, click Manage Protected Applications. The Application Protection Service dialog box opens. 4. Select a category of user whose access you want to manage. NOTE If the category is not Everyone, you may need to click Override default settings to override the settings for the Everyone category. 5. Click the application entry you want to remove, and then click Remove. 6. Click OK. Changing restriction settings for a protected application 1.
Advanced tasks (administrator only) The “Authentication and Credentials” page and the “Advanced Settings” page of Credential Manager are available only to those users with administrator rights.
Configuring custom authentication requirements If the set of authentication credentials you want is not listed on the Authentication tab of the “Authentication and Credentials” page, you can create custom requirements. To configure custom requirements: 1. Select Start > All Programs > HP ProtectTools Security Manager. 2. In the left pane, click Credential Manager, and then click Authentication and Credentials. 3. In the right pane, click the Authentication tab. 4.
Configuring Credential Manager settings From the “Settings” page, you can access and modify various settings using the following tabs: ● General—Allows you to modify the settings for basic configuration. ● Single Sign On—Allows you to modify the settings for how Single Sign On works for the current user, such as how it handles detection of logon screens, automatic logon to registered logon dialogs, and password display.
Example 2—Using the “Advanced Settings” page to require user verification before Single Sign On 62 1. Select Start > All Programs > HP ProtectTools Security Manager. 2. In the left pane, click Credential Manager, and then click Settings. 3. In the right pane, click the Single Sign On tab. 4. Under When registered logon dialog or Web page is visited, select the Authenticate user before submitting credentials check box. 5. Click Apply, and then click OK to save your changes. 6.
7 Device Access Manager for HP ProtectTools This security tool is available to administrators only. Device Access Manager for HP ProtectTools has security features that provide protection against unauthorized access to devices attached to your computer system.
Starting background service For device profiles to be applied, the HP ProtectTools Device Locking/Auditing background service must be running. When you first attempt to apply device profiles, HP ProtectTools Security Manager opens a dialog box to ask if you would you like to start the background service. Click Yes to start the background service and set it to start automatically whenever the system boots.
Simple configuration This feature allows you to deny access to the following classes of devices: ● USB devices for all non-administrators ● All removable media (floppy disks, pen drives, etc.) for all non-administrators ● All DVD/CD-ROM drives for all non-administrators ● All serial and parallel ports for all non-administrators To deny access to a class of device for all non-administrators: 1. Select Start > All Programs > HP ProtectTools Security Manager. 2.
Device class configuration (advanced) More selections are available to allow specific users or groups of users to be granted or denied access to types of devices. Adding a user or a group 1. Select Start > All Programs > HP ProtectTools Security Manager. 2. In the left pane, click Device Access Manager, and then click Device Class Configuration. 3. In the device list, click the device class that you want to configure. 4. Click Add. The Select Users or Groups dialog box opens. 5.
4. Under User/Groups, add the group to be denied access. 5. Click Deny next to the group to be denied access. 6. Navigate to the folder below that of the required class and add the specific user. Click Allow to grant this user access. 7. Click Apply, and then click OK. Allowing access to a specific device for one user of a group You can allow one user access to a specific device while denying access to all other members of that user's group for all devices in the class.
Glossary Authentication Process of verifying whether a user is authorized to perform a task, for example, accessing a computer, modifying settings for a particular program, or viewing secured data. Automatic DriveLock Security feature that causes the DriveLock passwords to be generated and protected by the TPM Embedded Security chip.
Identity In the HP ProtectTools Credential Manager, a group of credentials and settings that is handled like an account or profile for a particular user. Java Card Small piece of hardware, similar in size and shape to a credit card, which stores identifying information about the owner. Used to authenticate the owner to a computer. Migration A task that allows the management, restoration, and transfer of keys and certificates.
Index A accessing HP ProtectTools Security Manager 2 account basic user 28 Credential Manager 46 administrator tasks Credential Manager 59 Java Card 19 advanced tasks BIOS Configuration 38 Credential Manager 59 Device Access Manager 66 Embedded Security 31 Java Card 19 Automatic DriveLock 40 B background service, Device Access Manager 64 backup Embedded Security 31 identity 50 single sign on 55 smart card 14 basic user account 28 Basic User Key password changing 30 setting 28 biometric readers 47 BIOS admi
SSO application, removing 55 SSO applications and credentials 55 SSO automatic registration 54 SSO credentials, modifying 56 SSO manual registration 54 SSO new application 53 token PIN, changing 50 USB eToken, registering 48 user verification 62 virtual token, creating 49 Windows Logon 52 Windows logon 52 Windows logon password, changing 49 Windows logon, allow 61 D Device Access Manager background service 64 device class configuration 66 device class, allowing access to one 66 device, allowing access to on
Computer Setup, managing 40 emergency recovery token 27 guidelines 5 managing 3 owner 27 recovery file 14 resetting user 32 secure, creating 5 setting options 42 setting power-on 41 setting setup 41 smart card administrator 9 smart card administrator, changing 10 smart card user, setting and changing 11 storing administrator or user card 12 Windows logon 49 personal secure drive (PSD) 29 power-on authentication enabling and disabling 38 on Windows restart 42 power-on password definition 3 setting and changi