Reference Guide ProtectTools Security Manager Document Part Number: 389171-001 May 2005
© Copyright 2005 Hewlett-Packard Development Company, L.P. Microsoft and Windows are U.S. registered trademarks of Microsoft Corporation. The information contained herein is subject to change without notice. The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP shall not be liable for technical or editorial errors or omissions contained herein.
Contents 1 Introduction ProtectTools Security Manager . . . . . . . . . . . . . . . . . . . . Accessing the ProtectTools Security Manager . . . . . Understanding Security Roles . . . . . . . . . . . . . . . . . . . . . Managing ProtectTools Passwords . . . . . . . . . . . . . . . . . Creating a Secure Password . . . . . . . . . . . . . . . . . . . 1–1 1–2 1–3 1–4 1–7 2 Smart Card Security for ProtectTools Basic Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Contents 3 Embedded Security for ProtectTools Basic Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3–1 Setup Procedures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3–2 Enabling the Embedded Security Chip . . . . . . . . . . . 3–2 Initializing the Embedded Security Chip. . . . . . . . . . 3–3 Setting Up the Basic User Account . . . . . . . . . . . . . . 3–4 General Tasks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Contents 5 Credential Manager for ProtectTools Basic Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5–1 Setup Procedures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5–2 Logging On to Credential Manger. . . . . . . . . . . . . . . 5–2 Registering Credentials . . . . . . . . . . . . . . . . . . . . . . . 5–5 General Tasks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5–7 Creating a Virtual Token . . . . . . . . . . . . . . . . . . . . . .
1 Introduction ProtectTools Security Manager ProtectTools Security Manager software provides security features that help protect against unauthorized access to the computer, networks, and critical data.
Introduction Accessing the ProtectTools Security Manager To access the ProtectTools Security Manager from the Microsoft® Windows® Control Panel: » Select Start > All Programs > HP ProtectTools Security Manager. you have configured the Credential Manager module, ✎ After you can also open ProtectTools by logging on to Credential Manager directly from the Windows logon screen.
Introduction Understanding Security Roles In managing computer security (particularly for large organizations), one important practice is to divide responsibilities and rights among various types of administrators and users. organization or for individual use, these roles may ✎ Inall abesmall held by the same person.
Introduction Managing ProtectTools Passwords Most of the ProtectTools Security Manager features are secured by passwords. The following table lists the commonly used passwords, the software module where the password is set, and the password function. The passwords that are set and used by IT administrators only are indicated in this table as well. All other passwords may be set by regular users or administrators.
Introduction ProtectTools Password Set in this ProtectTools Module Function Profile password BIOS Configuration, by IT administrator Encrypts (and unlocks) the profile where BIOS system settings are saved. Smart card administrator password Smart Card Security, by IT administrator Links the smart card to the computer for identification purposes.
Introduction ProtectTools Password Set in this ProtectTools Module Basic User Key password Embedded Security When enabled as the BIOS power-on authentication support password, protects access to the computer contents when computer is turned on, restarted, or restored from hibernation. Embedded Security, by IT administrator Protects access to the Emergency Recovery Token, which is a backup file for the embedded security chip.
Introduction ProtectTools Password Set in this ProtectTools Module Credential Manager recovery file password Credential Manager, by IT administrator Protects access to the Credential Manager recovery file. Windows logon password Windows Control Panel Can be used in manual logon or saved on the smart card. Function Creating a Secure Password When creating passwords, you must first follow any specifications that are set by the program.
Introduction 1–8 ■ Change passwords regularly. You might change only a couple of characters that increment. ■ If you write down your password, do not store it in a commonly visible place very close to the computer. ■ Do not save the password in a file, such as an e-mail, on your computer. ■ Do not share accounts or tell anyone your password.
2 Smart Card Security for ProtectTools Basic Concepts Smart Card Security for ProtectTools manages the smart card setup and configuration for computers equipped with an optional smart card reader. With Smart Card Security, you can ■ Access smart card security features. ■ Initialize a smart card so that it can be used with other ProtectTools modules, such as Credential Manager for ProtectTools.
Smart Card Security for ProtectTools Initializing the Smart Card You must initialize the smart card before using it. To initialize the smart card: 1. Insert the smart card into the reader. 2. Select Start > All Programs > HP ProtectTools Security Manager > Smart Card Security. 3. Select the plus sign (+) to expand the Smart Card Security menu, and then select Smart Card. 4. Click Initialize. 5. Type your name in the first box in the Initialize the smart card dialog box. 6.
Smart Card Security for ProtectTools Smart Card BIOS Security Mode When enabled, smart card BIOS security mode requires you to use a smart card to log on to the computer. The process of enabling smart card BIOS security mode involves the following steps: 1. Enable Smart Card Power-on Authentication Support in BIOS Configuration. Refer to “Enabling and Disabling Smart Card Power-on Authentication Support,” in Chapter 4, “BIOS Configuration for ProtectTools.
Smart Card Security for ProtectTools Enabling Smart Card BIOS Security Mode and Setting the Smart Card Administrator Password To enable smart card BIOS security mode and set the smart card administrator password: 1. Select Start > All Programs > HP ProtectTools Security Manager > Smart Card Security. 2. Select the plus sign (+) to expand the Smart Card Security menu, and then select BIOS. 3. Under BIOS Security Mode, click Enable. 4. Click Next. 5.
Smart Card Security for ProtectTools Disabling Smart Card BIOS Security Mode When disabling smart card BIOS security mode, the smart card administrator and user passwords are disabled, and the use of the smart card is no longer needed to access the computer. card BIOS security mode has previously been enabled, ✎ Ifthesmart button on the Smart Card Security BIOS page changes to Disable. To disable smart card security: 1. Select Start > All Programs > HP ProtectTools Security Manager > Smart Card Security.
Smart Card Security for ProtectTools Changing the Smart Card Administrator Password The smart card administrator password is set as part of the process for enabling smart card BIOS security mode. You can change the smart card administrator password after it has been set. Refer to “Smart Card BIOS Security Mode,” earlier in this chapter, for more information about the smart card administrator password.
Smart Card Security for ProtectTools Setting and Changing the Smart Card User Password To set or change the smart card user password: 1. Select Start > All Programs > HP ProtectTools Security Manager > Smart Card Security. 2. Select the plus sign (+) to expand the Smart Card Security menu, and then select BIOS. 3. Under BIOS Security Mode, next to BIOS user card, click the Set button. there is already a user password in Computer Setup, ✎ Ifclick the Change button. 4.
Smart Card Security for ProtectTools 7. Under Boot Requirements, select the check box if you require the smart card PIN to be entered at startup. you do not require the smart card PIN to be entered at ✎ Ifstartup, clear this check box. 8. Enter the smart card PIN and click OK. The system prompts you to create a recovery file. recommended that you create a recovery ✎ Itfile.is highly For more information, refer to “Creating a Recovery File,” later in this chapter. 9.
Smart Card Security for ProtectTools 4. Under BIOS Password on Smart Card, click Store. 5. In the BIOS Password Wizard, you can either ❏ Enter a password manually. ❏ Generate a random 32-byte password. a known password enables you to create duplicate ✎ Using cards without using a recovery file. Generating a random password offers more security; however, you must have a recovery file to make backup cards 6. Under Access Privilege, click either Administrator or User for the type of card. 7.
Smart Card Security for ProtectTools General Tasks Updating BIOS Smart Card Settings To require a smart card PIN when you restart the computer: 1. Select Start > All Programs > HP ProtectTools Security Manager > Smart Card Security. 2. Click the plus sign (+) to expand the Smart Card Security menu, and then select BIOS. 3. Under Smart Card BIOS Password Properties, click Settings. 4. Select the check box to require a PIN at reboot. ✎ To eliminate this requirement, clear the check box. 5.
Smart Card Security for ProtectTools Changing the Smart Card PIN To change the smart card PIN: 1. Select Start > All Programs > HP ProtectTools Security Manager > Smart Card Security. 2. Select the plus sign (+) to expand the Smart Card Security menu, and then select Smart Card. 3. Click Change PIN. 4. Type your current smart card PIN. 5. Set and confirm the new PIN. 6. Click OK in the confirmation dialog box.
Smart Card Security for ProtectTools Creating a Recovery File To create a recovery file: 1. Select Start > All Programs > HP ProtectTools Security Manager > Smart Card Security. 2. Select the plus sign (+) to expand the Smart Card Security menu, and then select Smart Card. 3. Under Recovery, click Create. 4. Enter the smart card PIN and click OK. 5. Enter the file path and file name in the Filename field.
Smart Card Security for ProtectTools Restoring Smart Card Data You can restore the smart card data from the recovery file. This is especially useful if a card was lost or stolen, or if you want to create a backup smart card. If you use a card with previous data saved on it, the data will be overwritten.
Smart Card Security for ProtectTools Creating a Backup Smart Card It is highly recommended that you create duplicate smart cards for backup purposes. Two methods can be used to create a backup card, depending upon whether the smart card password was manually or randomly generated. To create a replacement smart card with a randomly generated smart card password: » Insert a smart card into the reader, and then load the appropriate recovery file onto it.
3 Embedded Security for ProtectTools Basic Concepts integrated Trusted Platform Module (TPM) embedded ✎ The security chip must be installed in your computer to use Embedded Security for ProtectTools. Embedded Security for ProtectTools protects against unauthorized access to user data or credentials.
Embedded Security for ProtectTools The TPM embedded security chip enhances and enables other ProtectTools Security Manager security features. For example, Credential Manager for ProtectTools can use the embedded chip as an authentication factor when the user logs on to Windows. On select models, the TPM embedded security chip also enables enhanced BIOS security features accessed through BIOS Configuration for ProtectTools.
Embedded Security for ProtectTools 4. In the Security menu, use the arrow keys to select Embedded Security, and then press enter. 5. Under Embedded Security, select Embedded security device state and change to Enable. 6. Press f10 to accept the changes to the Embedded Security configuration. 7. To save your preferences and exit Computer Setup, use the arrow keys to select File > Save Changes and Exit. Then follow the instructions on the screen.
Embedded Security for ProtectTools 6. Click Browse and choose the location for the emergency recovery archive, and then click Next. 7. Click Next on the “Summary” page. ❏ If you do not want to set up a basic user account at this time, clear the Start the Embedded Security User Initialization Wizard check box, and then click Finish. You can start the wizard manually to set up a basic user account at any time by following the instructions in the next section.
Embedded Security for ProtectTools 4. Set and confirm the Basic User Key password, and then click Next. 5. Click Next to confirm settings. 6. Select the security features you want, and then click Next. 7. Click Next again. use secure e-mail, you must first configure the e-mail ✎ To client to use a digital certificate that is created with Embedded Security. If a digital certificate is not available, you must obtain one from a certification authority.
Embedded Security for ProtectTools General Tasks After the basic user account is set up, you can perform the following tasks: ■ Encrypting files and folders ■ Sending and receiving encrypted e-mail Using the Personal Secure Drive After setting up the PSD, you are prompted to enter the Basic User Key password at the next logon. If the Basic User Key password is entered correctly, you can access the PSD directly from Windows Explorer.
Embedded Security for ProtectTools To encrypt files and folders: 1. Right-click the file or folder that you want to encrypt. 2. Click Encrypt. 3. Click one of the following options: ❏ Apply changes to this folder only. ❏ Apply changes to this folder, subfolders, and files. 4. Click OK. Sending and Receiving Encrypted E-mail Embedded Security enables you to send and receive encrypted e-mail, but the procedures vary depending upon the program you use to access your e-mail.
Embedded Security for ProtectTools Advanced Tasks Backing Up and Restoring The Embedded Security backup feature creates an archive that contains certification information to be restored in case of emergency. Creating a Backup File To create a backup file: 1. Select Start > All Programs > HP ProtectTools Security Manager > Embedded Security > Backup. 2. Select Backup. 3. Click Browse to choose the location where the backup file will be saved. 4.
Embedded Security for ProtectTools Restoring Certification Data from the Backup File To restore data from the backup file: 1. Select Start > All Programs > HP ProtectTools Security Manager > Embedded Security > Backup. 2. Click Restore. 3. Click Browse to select the backup file from the stored location. 4. Click Next. 5. Select whether to start the Embedded Security User Initialization Wizard.
Embedded Security for ProtectTools Changing the Owner Password To change the owner password: 1. Select Start > All Programs > HP ProtectTools Security Manager > Embedded Security > Advanced. 2. Under Owner Password, click Change. 3. Type the old owner password, and then set and confirm the new owner password. 4. Click OK. Enabling and Disabling Embedded Security It is possible to disable the Embedded Security features if you want to work without the security function.
Embedded Security for ProtectTools Temporarily Disabling Embedded Security To temporarily disable Embedded Security: 1. Select Start > All Programs > HP ProtectTools Security Manager > Embedded Security > User Settings. 2. Under Embedded Security, click Disable. Enabling Embedded Security After Temporary Disable Embedded Security will automatically be reenabled upon Windows restart if it was disabled through User Settings.
Embedded Security for ProtectTools Enabling Embedded Security After Permanent Disable To enable Embedded Security after permanently disabling it: 1. Select Start > All Programs > HP ProtectTools Security Manager > Embedded Security > Advanced. 2. Under Embedded Security, click Enable. 3. Enter your owner password at the prompt, and then click OK.
4 BIOS Configuration for ProtectTools Basic Concepts BIOS Configuration for ProtectTools provides access to the Computer Setup utility security and configuration settings. This gives users Windows access to system security features that are managed by Computer Setup. With BIOS Configuration, you can ■ Manage power-on passwords and administrator passwords. ■ Configure other preboot authentication features, such as enabling smart card passwords and embedded security authentication.
BIOS Configuration for ProtectTools General Tasks BIOS Configuration allows you to manage various computer settings that would otherwise be accessible only by pressing f10 at startup and entering the Computer Setup utility. Managing Boot Options You can use BIOS Configuration to manage various settings for tasks that run when you turn on or restart the computer. To manage boot options: 1. Select Start > All Programs > HP ProtectTools Security Manager > BIOS Configuration. 2.
BIOS Configuration for ProtectTools Enabling and Disabling Device or Security Options To enable or disable devices or security options: 1. Select Start > All Programs > HP ProtectTools Security Manager > BIOS Configuration. 2. Enter your Computer Setup administrator password at the BIOS administrator password prompt, and then click OK. 3. Click Device Options. 4.
BIOS Configuration for ProtectTools Advanced Tasks Managing ProtectTools Settings Some of the features of ProtectTools Security Manager can be managed in BIOS Configuration. Enabling and Disabling Smart Card Power-on Authentication Support Enabling this option allows you to use the smart card for user authentication when you turn on the computer. To enable smart card power-on authentication support: 1. Select Start > All Programs > HP ProtectTools Security Manager > BIOS Configuration. 2.
BIOS Configuration for ProtectTools Enabling and Disabling Power-on Authentication Support for Embedded Security Enabling this option allows the system to use the TPM embedded security chip (if available) for user authentication when you turn on the computer. To enable power-on authentication support for embedded security: 1. Select Start > All Programs > HP ProtectTools Security Manager > BIOS Configuration. 2.
BIOS Configuration for ProtectTools Enabling and Disabling Automatic DriveLock Hard Drive Protection When this option is enabled, the DriveLock passwords will be generated and protected by the TPM embedded security chip. The DriveLock master password is set to match the Computer Setup administrator password, and the DriveLock user password is generated randomly by the TPM and protected by the TPM.
BIOS Configuration for ProtectTools Managing Profiles After you have set your preferences in BIOS Configuration for ProtectTools, you can save the settings under a named profile. The settings are saved in a file which is encrypted with a password that you provide. This profile can then be applied to multiple platforms. ✎ You must restart your computer for these settings to take effect.
BIOS Configuration for ProtectTools 5. Enter hpqsetup.exe, and add switches to customize the request, as shown in the following table. Switch(es) Function Example /f and /k /f: Specify INI file path /k: Specify the password for decrypting the file created in the BIOS Configuration tool Hpqsetup.exe /fc:\test.ini /kxxxx Display the “Profiles” page on the BIOS Configuration page of ProtectTools, which is hidden by default (requires restart of ProtectTools) Hpqsetup.
BIOS Configuration for ProtectTools Saving a New Profile Scheme To save a new profile scheme: 1. Select Start > All Programs > HP ProtectTools Security Manager > BIOS Configuration. 2. Click Profiles. “Profiles” page is not visible, you must change ✎ Ifthethedisplay setting from the command line. For instructions, refer to “Managing Profiles Using the Command Line,” in the previous section. 3. Click Save As. 4. Type a name for the profile in the dialog box. 5.
BIOS Configuration for ProtectTools Applying a Profile Scheme You can apply any profile scheme to a new platform through HP BIOS Configuration for ProtectTools. To apply a profile scheme: 1. Select Start > All Programs > HP ProtectTools Security Manager > BIOS Configuration. 2. Select Profiles. 3. Select the profile scheme you want to apply from the drop-down list. 4. Click Apply. 5. Click OK. The XXX.
BIOS Configuration for ProtectTools Managing Computer Setup Passwords You can use BIOS Configuration to set and change the power-on and administrator passwords in Computer Setup, and also to manage various password settings. Ä CAUTION: The passwords you set through the “Passwords” page in BIOS Configuration are saved immediately upon clicking the Apply or OK button in the ProtectTools window.
BIOS Configuration for ProtectTools Setting the Power-On Password To set the power-on password: 1. Select Start > All Programs > HP ProtectTools Security Manager > BIOS Configuration. 2. Select Passwords. 3. Under Power-On Password, select Set. 4. Type and confirm the password in the Enter Password and Verify Password boxes. 5. Click OK in the Passwords dialog box. 6. Click Apply, and then click OK in the ProtectTools window to save your changes.
BIOS Configuration for ProtectTools Setting the Administrator Password To set the Computer Setup administrator password: 1. Select Start > All Programs > HP ProtectTools Security Manager > BIOS Configuration. 2. Select Passwords. 3. Under Administrator Password, select Set. 4. Set and confirm the password in the Enter Password and Confirm Password boxes. 5. Click OK in the Passwords dialog box. 6. Click Apply, and then click OK in the ProtectTools window to save your changes.
BIOS Configuration for ProtectTools Setting Password Options You can use BIOS Configuration for ProtectTools to set password options to enhance the security of your system. Enabling and Disabling Stringent Security Ä CAUTION: To prevent the computer from becoming permanently unusable, record your configured administrator password, power-on password, or smart card PIN in a safe place away from your computer. Without these passwords or PIN, the computer cannot be unlocked.
BIOS Configuration for ProtectTools Enabling and Disabling Power-on Authentication on Windows Restart This option allows you to enhance security by requiring users to enter a power-on, TPM, DriveLock, or smart card password when Windows restarts. To enable or disable power-on authentication on Windows restart: 1. Select Start > All Programs > HP ProtectTools Security Manager > BIOS Configuration. 2. Select Passwords. 3. Select the Enable Power-on Authentication on Windows restart check box.
5 Credential Manager for ProtectTools Basic Concepts Credential Manager for ProtectTools has security features that provide protection against unauthorized access to your computer. These features include the following: ■ Alternatives to passwords when logging on to Microsoft Windows, such as using a smart card or biometric reader to log on to Windows. ■ Single Sign On feature that automatically remembers credentials for Web sites, applications, and protected network resources.
Credential Manager for ProtectTools Setup Procedures Logging On to Credential Manger Depending upon the configuration, you can log on to Credential Manager in any of the following ways: ■ Credential Manager Logon Wizard (preferred) ■ Credential Manager icon in the notification area ■ ProtectTools Security Manager you use the Credential Manager Logon prompt on the ✎ IfWindows Logon screen to log in to Credential Manager, you are logged in to Windows at the same time.
Credential Manager for ProtectTools Using the Credential Manager Logon Wizard To log on to Credential Manger using the Credential Manager Logon Wizard: 1. Open the Credential Manager Logon Wizard in any of the following ways: ❏ From the Windows logon screen ❏ From the notification area, by double-clicking the ProtectTools icon. ❏ From the “Credential Manager” page of Protect Tools Security Manager, by clicking the Log On link on the upper right side of the window. 2.
Credential Manager for ProtectTools Creating a New Account You can use the Credential Manager Logon Wizard to create a new user account. Before you begin, you must be logged on to Windows with an administrator account, but not logged on to Credential Manager. To create a new account: 1. Open Credential Manager by double-clicking the icon in the notification area. The Credential Manager Logon Wizard opens. 2. On the “Introduce Yourself” page, click the More button, and then click Sign Up for a New Account.
Credential Manager for ProtectTools Registering Credentials You can use the “My Identity” page to register your various authentication methods, or credentials. After they have been registered, you can use these methods to log on to Credential Manager. Registering Fingerprints To register fingerprints: 1. Connect the fingerprint reader to your computer. 2. Select Start > All Programs > HP ProtectTools Security Manager > Credential Manager. 3. Click My Identity. 4.
Credential Manager for ProtectTools Registering a Smart Card or Token To register a smart card or token: 1. Select Start > All Programs > HP ProtectTools Security Manager > Credential Manager. 2. Click My Identity. 3. Under I Want To, click More, and then click Register Credentials. 4. Click the authentication method you want to register, and then click Next. 5. Follow the on-screen instructions to complete the registration. Registering Other Credentials To register other credentials: 1.
Credential Manager for ProtectTools General Tasks All users have access to the “My Identity” page in Credential Manager. From the “My Identity” page, you can ■ Create and register authentication credentials. ■ Manage passwords. ■ Manage Microsoft Network accounts. ■ Manage single sign on credentials. Creating a Virtual Token A virtual token works very much like a smart card or USB token. The token is saved either on the computer hard drive or in the Windows registry.
Credential Manager for ProtectTools Changing the Windows Logon Password You can change your Windows logon password from the “My Identity” page in Credential Manager. 1. Select Start > All Programs > HP ProtectTools Security Manager > Credential Manager. 2. Click My Identity. 3. Under I Want To, click Change Windows Logon Password. 4. Type your old password in the Old password box. 5. Set and confirm your new password in the New password and Confirm password boxes. 6. Click Finish.
Credential Manager for ProtectTools Managing Identity Backing Up an Identity It is recommended that you back up your identity in Credential Manager, in case of data loss or accidental removal. To back up an identity: 1. Select Start > All Programs > HP ProtectTools Security Manager > Credential Manager. 2. Click My Identity. 3. Under I Want To, click More, and then click Backup Identity. 4. Click Next. 5. Select the elements you want to back up, and then click Next. 6.
Credential Manager for ProtectTools Restoring an Identity To restore an identity: 1. Select Start > All Programs > HP ProtectTools Security Manager > Credential Manager. 2. Click My Identity. 3. Under I Want To, click More, and then click Restore Identity. 4. Click Next. 5. On the “Device Type” page, select the device type where the backup was stored, and then click Next. 6. Follow the on-screen instructions for the device you selected, and then click Finish. 7. Click Yes at the confirmation dialog box.
Credential Manager for ProtectTools Locking the Computer To secure your computer when you are away from your desk, use the Lock Workstation feature. This prevents unauthorized users from gaining access to your computer. Only you and members of the administrators group on your computer can unlock it. added security, you can configure the Lock Workstation ✎ For feature to require a smart card, biometric reader, or token to unlock the computer.
Credential Manager for ProtectTools Using Microsoft Network Logon You can use Credential Manager to log on to Windows, either at a local computer or on a network domain. When you log on to Credential Manager for the first time, the system automatically adds your local Windows user account as the network account for the Network Logon service. Refer to “Logging On for the First Time,” earlier in this chapter, for more information.
Credential Manager for ProtectTools Adding Accounts You can add additional local or domain accounts after logging on to Credential Manager. To add an account: 1. Select Start > All Programs > HP ProtectTools Security Manager > Credential Manager. 2. Click My Identity. 3. Under Microsoft Network Logon, click Add a Network Account. 4. Set the user name for the new account in the User name box. 5. Click the domain from the list of available domains. 6. Type and confirm the password.
Credential Manager for ProtectTools Setting a Default User You can set or change the default user after logging on to Credential Manager. To set a default user: 1. Select Start > All Programs > HP ProtectTools Security Manager > Credential Manager. 2. Click My Identity. 3. Under Microsoft Network Logon, click Manage Network Accounts. 4. Click the account you want to be the default, and then click Properties. 5.
Credential Manager for ProtectTools Using Single Sign On Credential Manager has a Single Sign On feature that stores user names and passwords for multiple Internet and Windows applications, and automatically enters logon credentials when you access a registered application. and privacy are important features of Single Sign On. ✎ Security All credentials are encrypted and are available only after successful logon to Credential Manager.
Credential Manager for ProtectTools Registering a New Application Credential Manager prompts you to register any application that you launch while you are logged on to Credential Manager. You can also register an application manually. Using Automatic Registration To register an application with automatic registration: 1. Open an application that requires you to log on. 2.
Credential Manager for ProtectTools 6. Click and drag the icon from the wizard page over the area of the application where the password box is located. Release the pointer when the area is highlighted. will not see the finger icon move across the page, ✎ You but when you drag the pointer over the logon box in the application, a rectangular icon is displayed. 7. On the “Application Information” page of the SSO Registration Wizard, enter the name and description for the application. 8. Click Finish. 9.
Credential Manager for ProtectTools Removing Applications from Single Sign On To remove applications from Single Sign On: 1. Select Start > All Programs > HP ProtectTools Security Manager > Credential Manager. 2. Click My Identity. 3. Under Single Sign On, click Manage Applications and Credentials. 4. Click the application entry you want to remove, and then click Remove. 5. Click Yes in the confirmation dialog box. 6. Click OK.
Credential Manager for ProtectTools Importing Applications To import an application: 1. Select Start > All Programs > HP ProtectTools Security Manager > Credential Manager. 2. Click My Identity. 3. Under Single Sign On, click Manage Applications and Credentials. 4. Click the application entry you want to import. Then click More, and then click Import Application. 5. Follow the on-screen instructions to complete the import. 6. Click OK. Modifying Credentials To modify credentials: 1.
Credential Manager for ProtectTools Advanced Tasks (Administrator Only) The “Authentication and Credentials” page and the “Advanced Settings” page of Credential Manager are available only to those users with administrator rights. From these pages, you can ■ Specify how users and administrators log on. ■ Configure credential properties. ■ Configure Credential Manager program settings.
Credential Manager for ProtectTools Configuring Custom Authentication Requirements If the set of authentication credentials you want is not listed on the Authentication tab of the “Authentication and Credentials” page, you can create custom requirements. To configure custom requirements: 1. Select Start > All Programs > HP ProtectTools Security Manager > Credential Manager. 2. Click Authentication and Credentials. 3. Click the Authentication tab. 4.
Credential Manager for ProtectTools Configuring Credential Properties From the Credentials tab of the “Authentication and Credentials” page, you can view the list of available authentication methods, and modify the settings. To configure the credentials: 1. Select Start > All Programs > HP ProtectTools Security Manager > Credential Manager. 2. Click Authentication and Credentials. 3. Click the Credentials tab. 4. Click the credential type you want to modify.
Credential Manager for ProtectTools Configuring Credential Manager Settings From the “Advanced Settings” page, you can access and modify various settings using the following tabs:. ■ General—Allows you to modify the settings for basic configuration. ■ Single Sign On—Allows you to modify the settings for how Single Sign On works for the current user, such as how it handles detection of logon screens, automatic logon to registered dialogs, and password display.
Credential Manager for ProtectTools Example 1—Using the “Advanced Settings” Page to Allow Windows Logon from Credential Manager To enable logging on to Windows from Credential Manager: 1. Select Start > All Programs > HP ProtectTools Security Manager > Credential Manager. 2. Click Advanced Settings. 3. Click the General tab. 4. Select the Use Credential Manager to log on to Windows check box. 5. Click Apply, and then click OK to save your changes. 6. Restart the computer.
Glossary The following terms are used in this document and throughout the ProtectTools Security Manager. Authentication—Process of verifying whether a user is authorized to perform a task, for example, accessing a computer, modifying settings for a particular program, or viewing secured data. Automatic DriveLock—Security feature that causes the DriveLock passwords to be generated and protected by the TPM Embedded Security chip.
Glossary Cryptography—Practice of encrypting and decrypting data so that it can be decoded only by specific individuals. Decryption—Procedure used in cryptography to convert encrypted data into plain text. DriveLock—Security feature that links the hard drive to a user and requires the user to correctly enter the DriveLock password when the computer starts up.
Glossary Network account—Windows user or administrator account, either on a local computer, in a workgroup, or on a domain. Personal secure drive (PSD)—Provides a protected storage area for sensitive data. Power-on authentication—Security feature that requires some form of authentication, such as a smart card, security chip, or password, when the computer is turned on.
Glossary USB token—Security device that stores identifying information about a user. Like a smart card or biometric reader, it is used to authenticate the owner to a computer. Virtual token—Security feature that works very much like a smart card and reader. The token is saved either on the computer hard drive or in the Windows registry. When you log on with a virtual token, you are asked for a user PIN to complete the authentication.
Index A account basic user 3–4 Credential Manager 5–4 Automatic DriveLock 4–6 B backup embedded security 3–8 identity 5–9 single sign on 5–18 smart card 2–11 basic user account 3–4 Basic User Key password changing 3–7 definition 1–6 setting 3–5 biometric readers 5–5 BIOS administrator card password changing 2–6 definition 1–5 setting 2–4 BIOS administrator password changing 4–13 definition 1–4 setting 4–13 Reference Guide BIOS Configuration for ProtectTools 4–1 BIOS smart card security 2–3 BIOS user card
Index disabling Automatic DriveLock 4–6 device options 4–3 embedded security 3–11 power-on authentication 4–4 smart card authentication 4–4 smart card BIOS security 2–5 stringent security 4–14 DriveLock passwords 1–4 Index–2 F F10 Setup password 1–4 fingerprints 5–5 I identity 5–9 initializing embedded security chip 3–3 smart card 2–2 L locking workstation 5–11 E M Embedded Security for ProtectTools 3–1 emergency recovery 3–3 emergency recovery token password definition 1–6 setting 3–3 enabling Auto
Index power-on authentication enabling and disabling 4–4 on Windows restart 4–15 power-on password definition 1–4 setting and changing 4–12 profile password definition 1–5 setting 4–9 profiles applying 4–10 deleting 4–9 displaying menu 4–8 saving 4–9 properties application 5–17 authentication 5–20 credential 5–22 ProtectTools Security Manager 1–1 R recovery identity 5–10 Single Sign On 5–19 smart cards 2–13 registering application 5–16 credentials 5–5 Reference Guide S security setup password 1–4 Single
Index T TPM chip enabling 3–2 initializing 3–3 V virtual token 5–7 W Windows logon password 1–7 Windows network account 5–13 Index–4 Reference Guide