HP ProtectTools Security Manager Guide HP Compaq Business Desktops Document Part Number: 407154-001 December 2005 This guide provides instructions for configuring and using HP ProtectTools Security Manager.
© Copyright 2005 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Microsoft and Windows are trademarks of Microsoft Corporation in the U.S. and other countries. The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty.
Contents 1 Introduction ProtectTools Security Manager . . . . . . . . . . . . . . . . . . . . Accessing the ProtectTools Security Manager . . . . . Understanding Security Roles . . . . . . . . . . . . . . . . . . . . . Managing ProtectTools Passwords . . . . . . . . . . . . . . . . . Creating a Secure Password . . . . . . . . . . . . . . . . . . . 1–1 1–2 1–3 1–4 1–8 2 Smart Card Security for ProtectTools Basic Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Contents Glossary Index iv www.hp.
1 Introduction ProtectTools Security Manager ProtectTools Security Manager software provides security features that help protect against unauthorized access to the computer, networks, and critical data. Enhanced security functionality is provided by the following modules: ■ Smart Card Security for ProtectTools ■ Embedded Security for ProtectTools ■ BIOS Configuration for ProtectTools ■ Credential Manager for ProtectTools The modules available for your computer may vary depending on your model.
Introduction Accessing the ProtectTools Security Manager To access the ProtectTools Security Manager from the Microsoft® Windows Control Panel: » Windows® XP Click Start > Control Panel > Windows Security Center > ProtectTools Security Manager. » Windows 2000 Click Start > All Programs > HP ProtectTools Security Manager. you have configured the Credential Manager module, ✎ After you can also open ProtectTools by logging on to Credential Manager directly from the Windows logon screen.
Introduction Understanding Security Roles In managing computer security (particularly for large organizations), one important practice is to divide responsibilities and rights among various types of administrators and users. organization or for individual use, these roles may ✎ Inall abesmall held by the same person.
Introduction Managing ProtectTools Passwords Most of the ProtectTools Security Manager features are secured by passwords. The following table lists the commonly used passwords, the software module where the password is set, and the password function. The passwords that are set and used by IT administrators only are indicated in this table as well. All other passwords may be set by regular users or administrators.
Introduction Password Management (Continued) ProtectTools Password Set in this ProtectTools Module Smart card administrator password Smart Card Security, by IT administrator Links the smart card to the computer for identification purposes. Allows a computer administrator to enable or disable Computer Setup passwords, generate a new administrator card, and create recovery files to restore user or administrator cards.
Introduction Password Management (Continued) ProtectTools Password Set in this ProtectTools Module Basic User Key password Embedded Security When enabled as the BIOS power-on authentication support password, protects access to the computer contents when computer is turned on, restarted, or restored from hibernation. Embedded Security, by IT administrator Protects access to the Emergency Recovery Token, which is a backup file for the TPM embedded security chip.
Introduction Password Management (Continued) ProtectTools Password Credential Manager logon password Set in this ProtectTools Module Credential Manager Function This password offers 2 options: • It can be used in place of the Windows logon process, allowing access to Windows and Credential Manager simultaneously. • It can be used in a separate logon to access Credential Manager after logging on to Microsoft Windows.
Introduction Creating a Secure Password When creating passwords, you must first follow any specifications that are set by the program. In general, however, consider the following guidelines to help you create strong passwords and reduce the chances of your password being compromised: 1–8 ■ Use passwords with more than 6 characters, preferably more than 8. ■ Mix the case of letters throughout your password.
2 Smart Card Security for ProtectTools Basic Concepts Smart Card Security for ProtectTools manages the smart card setup and configuration for computers equipped with an optional smart card reader. With Smart Card Security for ProtectTools, you can ■ Access Smart Card Security features. ■ Initialize a smart card so that it can be used with other ProtectTools modules, such as Credential Manager for ProtectTools.
3 Embedded Security for ProtectTools Basic Concepts integrated Trusted Platform Module (TPM) embedded ✎ The security chip must be installed in your computer to use Embedded Security for ProtectTools. Embedded Security for ProtectTools protects against unauthorized access to user data or credentials.
Embedded Security for ProtectTools Windows. On some models, the TPM embedded security chip also enables enhanced BIOS security features accessed through BIOS Configuration for ProtectTools. Setup Procedures Ä CAUTION: To reduce security risk, it is highly recommended that your IT administrator immediately initialize the TPM embedded security chip.
Embedded Security for ProtectTools HP Client Manager HP Client Manager has several management features. For more information, see http://h18000.www1.hp.com/im/client_mgr.html. HP ProtectTools Security Manager www.hp.
4 BIOS Configuration for ProtectTools Basic Concepts BIOS Configuration for ProtectTools provides access to the Computer Setup utility security and configuration settings. This gives users Windows access to system security features that are managed by Computer Setup. With BIOS Configuration, you can ■ Manage power-on passwords and setup passwords. ■ Enable smart card BIOS support. ■ Enable and disable hardware features, such as CD-ROM boot or different hardware ports.
BIOS Configuration for ProtectTools to the ProtectTools Help screens for specific instructions ✎ Refer for ProtectTools BIOS Configuration. 4–2 www.hp.
5 Credential Manager for ProtectTools Basic Concepts Credential Manager for ProtectTools has security features that provide a secure and convenient computing environment.
Credential Manager for ProtectTools Installation Procedure Credential Manager for ProtectTools is preloaded on the computer, but it must be installed before it can be used. To install Credential Manager: » Click Start > All Programs > Credential Manager for ProtectTools.
Glossary The following terms are used in this document and throughout the ProtectTools Security Manager. Authentication—Process of verifying whether a user is authorized to perform a task, for example, accessing a computer, modifying settings for a particular program, or viewing secured data. Biometric—Category of authentication credentials that use a physical feature, such as a fingerprint, to identify a user.
Glossary Digital certificate—Electronic credentials that confirm the identity of an individual or a company by binding the identity of the digital certificate owner to a pair of electronic keys that are used to sign digital information. Digital signature—Data sent with a file that verifies the sender of the material, and that the file has not been modified after it was signed. Domain—Group of computers that are part of a network and share a common directory database.
Glossary Power-on authentication—Security feature that requires some form of authentication, such as a smart card, security chip, or password, when the computer is turned on. Public Key Infrastructure (PKI)—Standard that defines the interfaces for creating, using, and administering certificates and cryptographic keys. Reboot—Process of restarting the computer.
Glossary USB token—Security device that stores identifying information about a user. Like a smart card or biometric reader, it is used to authenticate the owner to a computer. Virtual token—Security feature that works very much like a smart card and reader. The token is saved either on the computer hard drive or in the Windows registry. When you log on with a virtual token, you are asked for a user PIN to complete the authentication.
Index B O Basic User Key password, definition 1–6 BIOS administrator card password, definition 1–5 administrator password, definition 1–4 user card password, definition 1–5 BIOS Configuration for ProtectTools 4–1 owner password, definition 1–6 C Computer Setup administrator password, definition 1–4 Credential Manager for ProtectTools 5–1 logon password 1–7 recovery file password 1–7 E Embedded Security for ProtectTools 3–1 emergency recovery token password, definition 1–6 P passwords guidelines 1–8 ma
