HP 4540s Einstellungsanleitung Seite 1

HP ProtectToolsGetting Started

x

Setup ProceduresConfiguring device accessHP ProtectTools Device Access Manager offers four views:●Simple Configuration—Allow or deny access to classes

Starting the background serviceThe first time a new policy is defined and applied, the HP ProtectTools Device Locking/Auditingbackground service start

The Device Class Configuration view has the following sections:● Device List—Shows all the device classes and devices that are installed on the system

The same user, the same group, or a member of the same group can be denied writeaccess or read+write access only for the same device or a device below

Allowing access to a class of devices for one user of a groupTo allow a user to access a class of devices while denying access to all other members of

Removing settings for a user or a groupTo remove permission for a user or a group to access a device or a class of devices, follow thesesteps:1. In th

The JITA period can also be extended, if configured to do so. In this scenario, 1 minute before theJITA period is about to expire, users can click the

Disabling a JITA for a user or groupAdministrators can disable user or group access to devices using just-in-time authentication.1. In the left pane o

Advanced SettingsAdvanced Settings provides the following functions:●Management of the Device Administrators group● Management of drive letters to whi

3. Click OK.4. Click Apply.Alternative methods for managing membership of this group include:●For Windows 7 Professional or Windows Vista, users can b

1 Introduction to securityHP ProtectTools Security Manager software provides security features that help protect againstunauthorized access to the com

◦ Hard disk controller (HDC)◦ Human interface device (HID) class●Power◦Battery◦Advanced power management (APM) support● Miscellaneous◦ Computer◦ Decod

10 Theft recovery (select models only)Computrace for HP ProtectTools (purchased separately) allows you to remotely monitor, manage,and track your comp

102 Chapter 10 Theft recovery (select models only)

11 Embedded Security for HPProtectTools (select models only)NOTE: The integrated Trusted Platform Module (TPM) embedded security chip must be installe

To enable the embedded security chip in Computer Setup:1. Open Computer Setup by turning on or restarting the computer, and then pressing f10 while th

To set up a basic user account and enable the user security features:1. If the Embedded Security User Initialization Wizard is not open, click Start,

3. Click one of the following options:● Apply changes to this folder only.●Apply changes to this folder, subfolders, and files.4. Click OK.Sending and

Restoring certification data from the backup fileTo restore data from the backup file:1. Click Start, click All Programs, click Security and Protectio

108 Chapter 11 Embedded Security for HP ProtectTools (select models only)

12 Localized password exceptionsAt the Preboot Security level and the HP Drive Encryption level, password localization support islimited, as described

HP ProtectTools featuresThe following table details the key features of HP ProtectTools modules.Module Key featuresHP ProtectTools Administrative Cons

Password changes using keyboard layout that is alsosupportedIf the password is initially set with one keyboard layout, such as U.S. English (409), and

Special key handling●Chinese, Slovakian, Canadian French and CzechWhen a user selects one of the preceding keyboard layouts and then enters a password

Language Windows BIOS Drive EncryptionCzech ◦ The ğ key is rejected.◦The į key is rejected.◦ The ų key is rejected.◦ The ė, ı, and ż keysare rejected.

What to do when a password is rejectedPasswords can be rejected for the following reasons:●A user is using an IME that is not supported. This is a com

114 Chapter 12 Localized password exceptions

13 Related documentationFor more information about Security Manager for HP ProtectTools:●To access this guide, select Start, click Help and Support, a

116 Chapter 13 Related documentation

GlossaryactivationThe task that must be completed before any of the Drive Encryption features are accessible. Drive Encryption isactivated using the H

cryptographyThe practice of encrypting and decrypting data so that it can be decoded only by specific individuals.dashboardA central location where ge

free space bleachingThe secure writing of random data over deleted assets to distort the contents of the deleted asset.groupA group of users that have

Module Key featuresFile Sanitizer for HP ProtectTools (select modelsonly)● Allows you to securely shred digital assets (securely deletesensitive infor

A process that copies program information from a previously saved backup file into this program.revocation passwordA password that is created when a u

Trusted Contact invitationAn email that is sent to a person, asking them to become a Trusted Contact.Trusted Contact recipientA person who receives an

122 Glossary

IndexAaborting a shred or bleachoperation 88accesscontrolling 89preventing unauthorized 8account, basic user 104activatingDrive Encryption for self-en

digital certificatedeleting 69receiving 67renewing 68requesting 66restoring 69revoking 69setting a default 68setting up 67viewing details 68DigitalPas

Mmanagement tools 31managingcredentials 43encrypting or decrypting drivepartitions 61passwords 29, 36, 37users 24manually shreddingall selected items

shred profile 82creating 83, 84customizing 84selecting 83shred schedule, setting 82shreddingaborting 88automatic 86cancelling 88key sequence 86manual

HP ProtectTools security product description andcommon use examplesMost of the HP ProtectTools security products have both user authentication (usuall

moves the confidential data to the personal secure drive. The warehouse manager can enter apassword and access the confidential data just like another

Device Access Manager for HP ProtectTools (select models only)Device Access Manager for HP ProtectTools allows an administrator to restrict and manage

Example 2: A real estate company needs to manage and update computers all over the world. Theyuse Computrace to monitor and update the computers witho

Restricting access to sensitive dataSuppose a contract auditor is working onsite and has been given computer access to review sensitivefinancial data;

Additional security elementsAssigning security rolesIn managing computer security (particularly for large organizations), one important practice is to

© Copyright 2012 Hewlett-PackardDevelopment Company, L.P.Bluetooth is a trademark owned by itsproprietor and used by Hewlett-PackardCompany under lice

HP ProtectTools password Set in the followingmoduleFunctionBasic User Key password Embedded Security Used to access Embedded Securityfeatures, such as

Backing up credentials and settingsYou can back up credentials in the following ways:●Use Drive Encryption for HP ProtectTools to select and back up H

12 Chapter 1 Introduction to security

2 Getting started with the Setup WizardThe Security Manager Setup Wizard guides you through enabling available security features that areapplied to al

3. Verify your identity by typing your Windows password, and then click Next.If you have not yet created a Windows password, you are prompted to creat

3 Easy Setup Guide for Small BusinessThis chapter is designed to demonstrate the basic steps to activate the most common and usefuloptions within HP P

Getting started1. Open HP ProtectTools Security Manager from the Gadget icon, task bar icon (blue shield), orclick Start > All Programs > Securi

Password ManagerPasswords! We all have quite a number of them – especially if you regularly access websites or useapplications that require you to log

File Sanitizer for HP ProtectToolsFile Sanitizer is designed to make it very difficult for an unauthorized person to recover data you havedeleted. Mul

Device Access Manager for HP ProtectToolsDevice Access Manager can be used to restrict the use of various internal and external storagedevices so your

Table of contents1 Introduction to security ...

Drive Encryption for HP ProtectToolsDrive Encryption for HP ProtectTools is used to protect your data by encrypting the entire hard drive.The data on

4 HP ProtectTools Security ManagerAdministrative ConsoleHP ProtectTools Security Manager software provides security features that help protect against

Opening HP ProtectTools Administrative ConsoleFor administrative tasks, such as setting system policies or configuring software, open the console asfo

Configuring your systemThe System group is accessed from the menu panel on the left side of HP ProtectToolsAdministrative Console. You can use the app

8. To return to the original settings, click Restore Defaults.9. Click Apply.Session PolicyTo define policies governing the credentials required to ac

● To set up additional credentials for the user, click the user, and then click Enroll.● To view the policies for a specific user, select the user, an

FaceIf a webcam is installed or connected to the computer, and if the Face Recognition program isinstalled, you can set the security level for Face Re

3. Initialize (format) the smart card.a. Launch the smart card initialization tool, or it may be displayed when you insert the smartcard into the read

Configuring the smart cardIf a smart card reader is installed or connected to the computer, the Smart card page has two tabs:●Settings—Select the Lock

Bluetooth phone in conjunction with other credentials for additional security. Specify the Bluetoothsettings:▲ To allow silent authentication, select

4 HP ProtectTools Security Manager Administrative Console ... 21Opening HP ProtectTo

● Antimalware Central—Enables Antimalware Central for all users of the computer.● Enable the Central Management link—Allows all users of this computer

For more information, see the Device Access Manager software Help by clicking the blue ? icon atthe top right of the Device Access Manager page.Commun

32 Chapter 4 HP ProtectTools Security Manager Administrative Console

5 HP ProtectTools Security ManagerHP ProtectTools Security Manager allows you to significantly increase the security of your computer.You can use prel

Using the Security Manager dashboardThe Security Manager dashboard is the central location for easy access to Security Managerfeatures, applications,

Your personal ID cardYour ID card uniquely identifies you as the owner of this Windows account, showing your name and apicture of your choice. It is p

A message is displayed at the bottom of the gadget icon to indicate one of the followingconditions:◦ Set up now—The administrator must click the gadge

Password Strength tab●Check the strength of individual passwords used for websites and applications, as well as theoverall password strength.●Password

after browsing to the website or program, or click a logon from the Password Manager Quick Linksmenu to have Password Manager open the website or prog

Editing logonsTo edit a logon, follow these steps:1. Open the logon screen for a website or program.2. To display a dialog box where you can edit your

Using the Password Manager Quick Links menu ... 39Organizing logons into categories ...

To add a category:1. From the Security Manager dashboard, click Password Manager.2. Click the Manage tab, and then click Add Category.3. Enter a name

Assessing your password strengthUsing strong passwords for logon to your websites and programs is an important aspect of protectingyour identity.Passw

SettingsYou can specify settings for personalizing Password Manager:1. Prompt to add logons for logon screens—The Password Manager icon with a plus si

Credential ManagerYou use your Security Manager credentials to verify that you are really you. The administrator of thiscomputer can set up which cred

You can select different questions or change your answers on the SpareKey page under CredentialManager.After your SpareKey is set up, you can access y

4. During scene enrollment you can watch a demonstration by clicking Play Video or change thebackground lighting, click the Light bulb icon.If this is

Dark modeIf the lighting is too dark during the face logon process, the face logon screen background colorswitches automatically to a white screen to

Initializing the smart cardHP ProtectTools Security Manager can support a number of different smart cards. The number andtype of characters used as PI

manufacturer, and if the administrator has enabled a proximity card as an authentication credential,you can use a proximity card in conjunction with o

Central ManagementThe Central Management page displays tabs for accessing information about central management ofsecurity solutions with DigitalPerson

Advanced tasks ... 59Ma

Fingerprint tabNOTE: The Fingerprint tab is available only if the computer has a fingerprint reader and the correctdriver is installed.●Quick Actions—

7. Enter a password to protect the file.8. Click Finish.To restore your data:1. Open the Security Manager dashboard. For more information, see Opening

52 Chapter 5 HP ProtectTools Security Manager

6 Drive Encryption for HP ProtectTools(select models only)Drive Encryption for HP ProtectTools provides complete data protection by encrypting yourcom

Opening Drive EncryptionAdministrators can access Drive Encryption from HP ProtectTools Administrative Console.1. Click Start, click All Programs, cli

Activating Drive Encryption for self-encrypting drivesSelf-encrypting drives meeting Trusted Computing Group's OPAL specification for self-encryp

Hardware encryption1. Click Start, click All Programs, click Security and Protection, and then click HP ProtectToolsAdministrative Console.2. In the l

3. Click Features.4. Clear the Drive Encryption check box, and then click Next.Drive Encryption deactivation begins.NOTE: If software encryption was u

● RSA SID800 v2● RSA SID800 Rev D (Sahara)●Aladdin eToken Java 72kl●Gemalto .NET●Gemalto .NET v2+● Gemalto CyberFlex Access 2Internal readers●Alcor In

In a software encryption scenario, the drive encryption status is displayed as one of the followingfor each hard drive or hard drive partition:● Not e

Signing a Microsoft Office document ... 75Adding a signature line when signing a Microsof

Using Enhanced Security with TPM (select models only)After the Trusted Platform Module (TPM) is activated and the Drive Encryption Enhanced Securitywi

Encrypting or decrypting individual drive partitions (software encryption only)Administrators can use the Drive Encryption Settings page to encrypt on

CAUTION: Be sure to keep the storage device containing the backup key in a safe place, becauseif you forget your password, lose your smart card, or do

Recovering encryption keysAdministrators can recover an encryption key from the removable storage device where it was savedpreviously:1. Turn on the c

64 Chapter 6 Drive Encryption for HP ProtectTools (select models only)

7 Privacy Manager for HP ProtectTools(select models only)Privacy Manager for HP ProtectTools enables you to use advanced security login (authenticatio

Setup proceduresManaging Privacy Manager CertificatesPrivacy Manager Certificates protect data and messages using a cryptographic technology calledpub

Obtaining a preassigned Corporate Privacy Manager Certificate1. In Outlook, open the email that you received indicating that a Corporate Certificate h

3. Choose whether to import a certificate already installed on this computer or a certificate storedas a PFX (Personal Information Exchange/PKCS#12) f

If you have more than one Privacy Manager Certificate on your computer installed from within PrivacyManager, you can specify one as the default certif

Simple Configuration ... 90Starting the background service ...

NOTE: A revoked Privacy Manager Certificate is not deleted. The certificate can still be used toview files that are encrypted.1. Open Privacy Manager,

3. When the Trusted Contact Invitation dialog box opens, read the text, and then click OK.An email is automatically generated.4. Enter the email addre

7. When you receive an email response from a recipient accepting the invitation to become aTrusted Contact, click Accept in the lower-right corner of

General tasksYou can use Privacy Manager with the following Microsoft products:●Microsoft Outlook● Microsoft OfficeUsing Privacy Manager in Microsoft

3. Click the down arrow next to Send Securely (Privacy in Outlook 2003), and then click Sign andSend.4. Authenticate using your chosen security login

Configuring Privacy Manager for Microsoft Office1. Open Privacy Manager, click Settings, and then click the Documents tab.– or –On the toolbar of a Mi

To add a suggested signer to a Microsoft Word or Microsoft Excel document:1. In Microsoft Word or Microsoft Excel, create and save a document.2. Click

3. Click the name of a Trusted Contact who will be able to open the document and view itscontents.NOTE: To select multiple Trusted Contact names, hold

Viewing an encrypted Microsoft Office documentTo view an encrypted Microsoft Office document from another computer, Privacy Manager must beinstalled o

3. On the Migration File page, click Browse to search for the file, and then click Next.4. Enter the password you used when you created the backup fil

Password changes using keyboard layout that is also supported ... 110Special key handling ...

80 Chapter 7 Privacy Manager for HP ProtectTools (select models only)

8 File Sanitizer for HP ProtectTools(select models only)File Sanitizer allows you to securely shred assets (for example: personal information or files

of the asset still remains on the hard drive until another asset overwrites that same area on the harddrive with new information.Free space bleaching

● Web browser quit—Shreds all selected Web-related assets, such as browser URL history,when you close a Web browser.● Key sequence—Allows you to speci

3. To view the assets that are selected for shredding, click View Details.a. Selected items will be shredded, and a confirmation message will be displ

NOTE: Files in this list are protected as long as they remain in the list.To remove an asset from the exclusions list, click the asset, and then click

General tasksYou can use File Sanitizer to perform the following tasks:●Use a key sequence to initiate shredding—This feature allows you to create a k

Using the File Sanitizer iconCAUTION: Shredded assets cannot be recovered. Carefully consider which items you select formanual shredding.1. Navigate t

– or –1. Open File Sanitizer, and then click Shred.2. Click the Shred now button.3. When the confirmation dialog box opens, click Yes.Manually activat

9 Device Access Manager for HPProtectTools (select models only)HP ProtectTools Device Access Manager controls access to data by disabling data transfe