HP dc73 Blade Client manual Embedded Security for ProtectTools

Page 66

Embedded Security for ProtectTools

Short description

Details

Solution

 

 

 

Encrypting folders, sub folders, and files on PSD causes error message.

If the user copies files and folders to the PSD and tries to encrypt folders/files or folders/subfolders, the Error Applying Attributes message appears. The user can encrypt the same files on the C:\ drive on an extra installed hard drive.

This is as designed.

Moving files/folders to the PSD automatically encrypts them. There is no need to “double-encrypt” the files/ folders. Attempting to double-encrypt them using on the PSD using EFS will produce this error message.

Cannot Take Ownership

If a drive is set up for multiple OS boot,

This is as designed, for security reasons.

With Another OS In

ownership can only be taken with the

 

MultiBoot Platform.

platform initialization wizard in one

 

 

operating system.

 

 

 

 

Unauthorized

Encrypting a folder does not stop an

This is as designed.

administrator can view,

unauthorized user with administrative

It is a feature of EFS, not the Embedded Security TPM.

delete, rename, or move

rights to view, delete, or move contents

the contents of encrypted

of the folder.

Embedded Security uses Microsoft EFS software, and

EFS folders.

 

EFS preserves file/folder access rights for all

 

 

administrators.

 

 

 

Encrypted folders with

Encrypted folders with EFS are

This is as designed.

EFS in Windows 2000 are

highlighted in green in Windows XP, but

It is a feature of EFS that it does not highlight encrypted

not shown highlighted in

not in Windows 2000.

green.

 

folders in Windows 2000, but it does in Windows XP.

 

 

This is true whether or not an Embedded Security TPM

 

 

is installed.

EFS does not require a password to view encrypted files in Windows 2000.

If a user sets up the Embedded Security, logs on as an administrator, then logs off and back on as the administrator, the user can subsequently see files/folders in Windows 2000 without a password. This occurs only in the first administrator account on Windows 2000. If a secondary administrator account is being logged into, this does not occur.

This is as designed.

It is a feature of EFS in Windows 2000. EFS in Windows XP, by default, will not let the user open files/folders without a password.

Software should not be installed on a restore with FAT32 partition.

If the user attempts to restore the hard drive using FAT32, there will be no encrypt options for any files/folders using EFS.

This is as designed.

Microsoft EFS is supported only on NTFS and will not function on FAT32. This is a feature of Microsoft's EFS and is not related to HP ProtectTools software.

Windows 2000 User can

Windows 2000 User can share to the

The PSD is not normally shared on the network, but it

share to the network any

network any PSD with the hidden ($)

can be through the hidden ($) share in Windows 2000

PSD with the hidden ($)

share. The hidden share can be

only. HP recommends always having the built-in

share.

accessed over the network using the

Administrator account password-protected.

 

hidden ($) share.

 

 

 

 

User is able to encrypt or

By design, the ACLs for this folder is not

This is as designed.

delete the recovery

set; therefore, a user can inadvertently or

Users have access rights to an emergency archive in

archive XML file.

purposely encrypt or delete the file,

 

making it inaccessible. Once this file has

order to save/update their Basic User Key backup copy.

 

been encrypted or deleted, no one can

Customers should adopt a 'best practices' security

 

use the TPM software.

approach and instruct users never to encrypt or delete

 

 

the recovery archive files.

HP ProtectTools

Encrypted files interfere with Symantec

Embedded Security EFS

Antivirus or Norton Antivirus 2005 virus

interaction with Symantec

scan. During the scan process, the Basic

Antivirus or Norton

User password prompt asks the user for

Antivirus produces longer

a password every 10 files or so. If the

encryption/decryption and

user does not enter a password, the

scan times.

Basic User password prompt times out,

 

allowing NAV2005 to continue with the

 

scan. Encrypting files using HP

 

ProtectTools Embedded Security EFS

To reduce the time required to scan HP ProtectTools Embedded Security EFS files, the user can either enter the encryption password before scanning or decrypt before scanning.

To reduce the time required to encrypt/decrypt data using HP ProtectTools Embedded Security EFS, the user should disable Auto-Protect on Symantec Antivirus or Norton Antivirus.

60 Chapter 7 Troubleshooting

ENWW

Image 66
Contents ProtectTools First Edition July Document Part Number Table of contents Embedded Security for HP ProtectTools Java Card Security for HP ProtectToolsBios Configuration for HP ProtectTools TroubleshootingDrive Encryption for HP ProtectTools Enww Introduction to security HP ProtectTools features Module Key featuresAccessing HP ProtectTools Security Restricting access to sensitive data Achieving key security objectivesProtecting against targeted theft Creating strong password policies Managing HP ProtectTools passwords Additional security elementsAssigning security roles Java Card PIN also protects access to HP ProtectTools Backup and Restore Creating a secure passwordBacking up credentials and settings Restoring credentials Configuring settings Credential Manager for HP ProtectTools Setup procedures Using the Credential Manager Logon WizardLogging on to Credential Manger Registering credentials Logging on for the first timeRegistering fingerprints Registering a Java Card, USB eToken, or virtual token Setting up the fingerprint readerUsing your registered fingerprint to log on to Windows Registering a USB eTokenCreating a virtual token Changing the Windows logon passwordGeneral tasks Changing a token PINManaging identity Clearing an identity from the systemLogging on to Windows with Credential Manager Using Windows LogonLocking the computer Adding an accountRemoving an account Using Single Sign OnUsing automatic registration Registering a new applicationModifying application properties Using manual drag and drop registrationManaging applications and credentials Removing an application from Single Sign OnUsing Application Protection Importing an applicationModifying credentials Restricting access to an application Changing restriction settings for a protected applicationRemoving protection from an application Enww Advanced tasks administrator only Specifying how users and administrators log onConfiguring custom authentication requirements Configuring credential propertiesConfiguring Credential Manager settings Select Start All Programs HP ProtectTools Security Manager Embedded Security for HP ProtectTools Select Embedded security device state and change to Enable Enabling the embedded security chipInitializing the embedded security chip Setting up the basic user account Using the Personal Secure Drive Encrypting files and foldersSending and receiving encrypted e-mail Changing the Basic User Key password Advanced tasks Creating a backup fileRestoring certification data from the backup file Backing up and restoringEnabling Embedded Security after permanent disable Changing the owner passwordResetting a user password Enabling and disabling Embedded SecurityMigrating keys with the Migration Wizard Java Card Security for HP ProtectTools Changing a Java Card PIN Selecting the card readerAdvanced tasks administrators only Assigning a Java Card PINSetting power-on authentication Assigning a name to a Java CardTo enable Java Card power-on authentication Disabling Java Card power-on authentication Creating a user Java CardBios Configuration for HP ProtectTools Managing boot options Enabling and disabling system configuration options Enww Managing HP ProtectTools add-on module settings Under Smart Card Security, click EnableClick Apply, and then click OK in the HP ProtectTools window Using DriveLock Enabling and disabling DriveLock hard drive protectionDriveLock Applications Changing the power-on password Managing Computer Setup passwordsSetting the power-on password Setting the setup passwordChanging the setup password Setting password optionsEnabling and disabling stringent security Enww Drive Encryption for HP ProtectTools Encryption management User management Recovery Right pane, click Click here to backup your keysCredential Manager for ProtectTools TroubleshootingSecurity Change password option, but, since Virtual Token duringConnect Click Advanced SettingsClick Service & Applications Click Java Cards and TokensReader to log on to Credential ManagerSelect Enable Save changes and exit F10 = ROM Based Setup message is displayedIt to Embedded Security Device-Enable Security Restore IdentityEmbedded Security for ProtectTools Select File Save Changes and Exit Being used by another Process cannot accessFile because it is ProcessOut with access denied Selects SPSystemBackup .xml Clicks Restore under BackupError has been detected Selected Backup Archive doesEnww Miscellaneous Click All Programs Click HP ProtectTools Security ManagerPower-on Computer Setup, the Power-on Authentication support Glossary Enww Access IndexEnww Enww
Related manuals
Manual 65 pages 2.14 Kb