HP ProtectToolsUser Guide
HP ProtectTools featuresThe following table details the key features of HP ProtectTools modules.Module Key featuresCredential Manager for HP ProtectTo
opening 42Privacy ManagerCertificate 42security login methods 41setup procedures 42system requirements 41protecting assets from automaticshredding 66R
Achieving key security objectivesThe HP ProtectTools modules can work together to provide solutions for a variety of security issues,including the fol
●Device Access Manager for HP ProtectTools allows IT managers to restrict access to writeabledevices so sensitive information cannot be copied from th
Additional security elementsAssigning security rolesIn managing computer security (particularly for large organizations), one important practice is to
HP ProtectTools password Set in this HP ProtectToolsmoduleFunctionComputer Setup utility and to the computercontents.Authenticates users of Drive Encr
Creating a secure passwordWhen creating passwords, you must first follow any specifications that are set by the program. Ingeneral, however, consider
2 Getting startedNOTE: Administration of HP ProtectTools requires administrative privileges.The HP ProtectTools Setup Wizard guides you through settin
Opening HP ProtectTools Administrative ConsoleFor administrative tasks, such as setting system policies or configuring software, open the console asfo
Enabling security featuresThe Setup Wizard will ask you to verify your identity.1. Read the “Welcome” screen, and then click Next.2. Verify your ident
Enrolling your fingerprintsIf you have selected "Fingerprint" and if your computer has a fingerprint reader built in or connected,you will b
© Copyright 2009 Hewlett-PackardDevelopment Company, L.P.Bluetooth is a trademark owned by itsproprietor and used by Hewlett-PackardCompany under lice
Setting up a smart cardIf you have selected "Smart card" and if a smart card reader is built in or connected to your computer,the HP Protect
Using Administrative ConsoleHP ProtectTools Administrative Console is the central location for administering HP ProtectToolsSecurity Manager features
3 Configuring your systemThe System group is accessed from the Tools menu panel on the left side of the HP ProtectToolsAdministrative Console screen.
Setting up authentication for your computerWithin the Authentication application, you can select which security features should be implemented onthis
SettingsYou can allow one or more of the following security settings:●Allow One Step logon—Allows users of this computer to skip Windows logon if auth
Managing usersWithin the Users application, you can monitor and manage this computer's HP ProtectTools users.All HP ProtectTools users are listed
Specifying device settingsWithin the Device application, you can specify settings available for any built-in or attached securitydevices recognized by
4 Configuring your applicationsThe Applications group is accessed from the Security Applications menu panel on the left side of HPProtectTools Adminis
General tabThe following settings are available on the General tab:▲Do not automatically launch the Setup Wizard for administrators—Select this option
Applications tabThe settings displayed here can change when new applications are added to Security Manager. Theminimal settings shown by default are a
Table of contents1 Introduction to securityHP ProtectTools features ...
5 Adding management toolsAdditional applications may be available for adding new management tools to Security Manager. Theadministrator of this comput
6 HP ProtectTools Security ManagerHP ProtectTools Security Manager allows you to significantly increase the security of your computer.You can use prel
Setup proceduresGetting startedThe HP ProtectTools Setup Wizard is displayed automatically as the default page in HP ProtectToolsSecurity Manager unti
5. You must enroll at least two fingers; index or middle fingers are preferable. Repeat steps 3 and 4for another finger.6. Click Next.NOTE: When enrol
●Administration—Opens the HP ProtectTools Administrative Console.●Help button—Displays information about the current screen.●Advanced—Allows you to ac
General tasksThe applications included in this group assist you in managing various aspects of your digital identity.●Security Manager—Creates and man
●Add a New Account—Allows you to add an account to a logon.●Open Password Manager—Launches the Password Manager application.●Help—Displays Password Ma
Editing logonsTo edit a logon, follow these steps:1. Open the logon screen for a Web site or program.2. To display a dialog box where you can edit you
To add a logon to a category:1. Place your mouse pointer over the desired logon.2. Press and hold the left mouse button.3. Drag the logon into the lis
Click the icon arrow, and then click Icon Settings to customize how Password Manager handlespossible logon sites.●Prompt to add logons for logon scree
5 Adding management tools6 HP ProtectTools Security ManagerSetup procedures ...
Your personal ID cardYour ID card uniquely identifies you as the owner of this Windows account, showing your name and apicture of your choice. It is p
Fingerprint Scan Feedback—Displays only when a fingerprint reader is available. Use this setting toadjust the feedback that occurs when you scan your
Adding applicationsAdditional applications that provide new features for this program may be available.From the Security Manager dashboard, click [+]
7 Drive Encryption for HP ProtectTools(select models only)CAUTION: If you decide to uninstall the Drive Encryption module, you must first decrypt all
Setup proceduresOpening Drive Encryption1. Click Start, click All Programs, click HP, and then click HP ProtectTools AdministrativeConsole.2. In the l
General tasksActivating Drive EncryptionUse the HP ProtectTools Setup Wizard to activate Drive Encryption.NOTE: This wizard is also used to add and re
NOTE: If the Windows administrator has enabled Pre-boot Security in the HP ProtectTools SecurityManager, you will log in to the computer immediately a
Advanced tasksManaging Drive Encryption (administrator task)The ”Encryption Management” page allows administrators to view and change the status of Dr
CAUTION: Be sure to keep the storage device containing the backup key in a safe place, because ifyou forget your password or lose your Java Card, this
8 Privacy Manager for HP ProtectTools(select models only)Privacy Manager for HP ProtectTools enables you to use advanced security login (authenticatio
Creating backup keys ... 39Performing a recovery ...
Setup proceduresOpening Privacy ManagerTo open Privacy Manager:1. Click Start, click All Programs, click HP, and then click HP ProtectTools Security M
Requesting a Privacy Manager Certificate1. Open Privacy Manager, and click Certificates.2. Click Request a Privacy Manager certificate.3. On the “Welc
If you click Cancel, refer to for Adding a Trusted Contact on page 46 information on adding aTrusted Contact at a later time.Viewing Privacy Manager C
3. Click Delete.4. When the confirmation dialog box opens, click Yes.5. Click Close, and then click Apply.Restoring a Privacy Manager CertificateDurin
Trusted Contacts Manager allows you to perform the following tasks:●View Trusted Contact details●Delete Trusted Contacts●Check revocation status for T
8. When you receive an e-mail response from a recipient accepting the invitation to become a TrustedContact, click Accept in the lower-right corner of
Deleting a Trusted Contact1. Open Privacy Manager, and click Trusted Contacts.2. Click the Trusted Contact you want to delete.3. Click Delete contact.
General tasksYou can use Privacy Manager with the following Microsoft products:●Microsoft Outlook●Microsoft Office●Windows Live MessengerUsing Privacy
3. Click the down arrow next to Send Securely (Privacy in Outlook 2003), and then click Sign andSend.4. Authenticate using your chosen security login
Configuring Privacy Manager for Microsoft Office1. Open Privacy Manager, click Settings, and then click the Documents tab.– or –On the toolbar of a Mi
Starting a Privacy Manager Chat session ... 54Configuring Privacy Manager for Windows Live Messe
To add a suggested signer to a Microsoft Word or Microsoft Excel document:1. In Microsoft Word or Microsoft Excel, create and save a document.2. Click
NOTE: To select multiple Trusted Contact names, hold down the ctrl key and click the individualnames.5. Click OK.If you later decide to edit the docum
Viewing an encrypted Microsoft Office documentTo view an encrypted Microsoft Office document from another computer, Privacy Manager must beinstalled o
– or –a. Right-click the ProtectTools icon in the notification area, click Privacy Manager for HPProtectTools, and then select Start Chat.b. In Live M
●Send—Click this button to send an encrypted message to your contact.●Send signed—Select this check box to electronically sign and encrypt your messag
Reveal sessions for a specific accountRevealing a session displays the decrypted Contact Screen Name for the currently selected session.To reveal a sp
Add or remove columnsBy default, the 3 most used columns are displayed in the Live Messenger History Viewer. You can addadditional columns to the disp
Advanced tasksMigrating Privacy Manager Certificates and Trusted Contacts to a differentcomputerYou can securely migrate your Privacy Manager Certific
Central administration of Privacy ManagerYour installation of Privacy Manager may be part of a centralized installation, that has been customizedby yo
9 File Sanitizer for HP ProtectToolsFile Sanitizer is a tool that allows you to securely shred assets (personal information or files, historicalor Web
Device administrators group ... 71Simple Configuration ...
ShreddingShredding is different than a standard Windows® delete (also known as a simple delete in File Sanitizer)in that when you shred an asset using
Free space bleachingDeleting an asset in Windows does not completely remove the contents of the asset from your harddrive. Windows only deletes the re
Setup proceduresOpening File SanitizerTo open File Sanitizer:1. Click Start, click All Programs, click HP, and then click HP ProtectTools Security Man
To set a free space bleaching schedule:1. Open File Sanitizer, and click Free Space Bleaching.2. Select the Activate Scheduler check box, enter your W
NOTE: To remove an asset from the available shred options, click the asset, and then clickDelete.4. Under Shred the following, select the check box ne
General tasksYou can use File Sanitizer to perform the following tasks:●Use a key sequence to initiate shredding—This feature allows you to create a k
Using the File Sanitizer iconCAUTION: Shredded assets cannot be recovered. Carefully consider which items you select formanual shredding.1. Navigate t
– or –1. Open File Sanitizer, and click Shred.2. Click the Shred now button.3. When the confirmation dialog box opens, click Yes.Manually activating f
10 Device Access Manager for HPProtectTools (select models only)Windows® operating system administrators use Device Access Manager for HP ProtectTools
Setup ProceduresOpening Device Access ManagerTo open Device Access Manager, follow these steps:1. Click Start, click All Programs, click HP, and then
viii
NOTE: In order to use this view to read device access information, the user or group must be granted"read" access in the User Access Setting
Stopping the Device Locking/Auditing service does not stop the device locking. Two componentsenforce device locking:●Device Locking/Auditing service●D
The same user, the same group, or a member of the same group can be denied write accessor read+write access only for the same device or a device below
Allowing access for a user or a groupTo grant permission for a user or a group to access a device or a class of devices, follow these steps:1. In the
Allowing access to a class of devices for one user of a groupTo allow a user to access a class of devices while denying access to all other members of
To reset the configuration settings to the factory values, follow these steps:1. In the left pane of HP ProtectTools Administrative Console, click Dev
Advanced tasksControlling access to the configuration settingsIn the User Access Settings view, administrators specify the groups or users who are all
Denying access to an existing group or userTo deny permission for an existing group or user to view or change the configuration settings, followthese
11 LoJack Pro for HP ProtectToolsComputrace LoJack Pro, powered by Absolute Software (purchased separately), addresses the growingproblem of computers
12 TroubleshootingHP ProtectTools Security ManagerShort description Details SolutionSmart cards and USBtokens are not available inSecurity Manager ifi
1 Introduction to securityHP ProtectTools Security Manager software provides security features that help protect againstunauthorized access to the com
Short description Details SolutionPassword Manager doesnot recognize theConnect button onscreen.If the Single Sign On credentials forRemote Desktop Co
Device Access Manager for HP ProtectToolsUsers have been denied access to devices within Device Access Manager, but the devices arestill accessible.●E
◦One workaround is to deny the Users group at the DVD/CD-ROM Drives level and to allowthe Administrators group at the level below DVD/CD-ROM Drives.◦A
MiscellaneousSoftware Impacted—Short descriptionDetails SolutionSecurity Manager—Warning received: Thesecurity application cannot be installed until t
Glossaryactivation The task that must be completed before any of the Drive Encryption features are accessible. DriveEncryption is activated using the
decryption Procedure used in cryptography to convert encrypted data into plain text.device access control policy The list of devices for which a user
Live Messenger History Viewer A Privacy Manager Chat component that allows you to search for and viewencrypted chat history sessions.logon An object w
simple delete Deletion of the Windows reference to an asset. The asset content remains on the hard drive untilobscuring data is written over it by fre
IndexAaborting a shred or bleachoperation 69accessallowing 75controlling 70denying 74denying to existing groups orusers 79granting to existing groups
managing Drive Encryption 39opening 36Ee-mail messageSealing for TrustedContacts 50signing 49viewing a sealed message 50e-mailing an encrypted Microso
Comments to this Manuals