HP dc73 Blade Client manual Power-on Computer Setup, the Power-on Authentication support

Page 73

Software Impacted—

Details

Solution

Short description

 

 

 

 

 

 

 

Allow Security Manager to complete services loading

 

 

message (seen at top of Security Manager window) and

 

 

all plug-ins listed in left column. To avoid failure, allow

 

 

a reasonable time for these plug-ins to load.

 

 

 

HP ProtectTools * General

Numerous risks are possible with

Administrators are encouraged to follow “best

—Unrestricted access or

unrestricted access to the client PC:

practices” in restricting end-user privileges and

uncontrolled administrator

deletion of PSD

restricting user access.

privileges pose security

Unauthorized users should not be granted

risk.

malicious modification of user

 

administrative privileges.

 

settings

 

 

disabling of security policies and

 

 

functions

 

 

 

 

BIOS and OS Embedded

If user does not validate a new password

This is functioning as designed; these passwords can

Security password are out

as the BIOS Embedded Security

be re-synchronized by changing the OS Basic User

of synch.

password, the BIOS Embedded Security

password and authenticating it at the BIOS Embedded

 

password reverts back to the original

Security password prompt.

 

embedded security password through

 

 

F10 BIOS.

 

Only one user can log on to the system after TPM preboot authentication is enabled in BIOS.

The TPM BIOS PIN is associated with the first user who initialize the user setting. If a computer has multiple users, the first user is, in essence, the administrator. The first user will have to give his TPM user PIN to other users to use to log in.

This is functioning as designed; HP recommends that the customer's IT department follow good security policies for rolling out their security solution and ensuring that the BIOS administrator password is configured by IT administrators for system level protection.

User has to change PIN to make TPM preboot work after a TPM factory reset.

User has to change PIN or create another user to initialize his user setting to make TPM BIOS authentication work after reset. There is no option to make TPM BIOS authentication work.

This is as designed, the factory reset clears the Basic User Key. The user must change his user PIN or create a new user to re-initialize the Basic User Key.

Power-on

In Computer Setup, the Power-on

authentication support

authentication support option is not

not set to default using

being reset to factory settings when

Embedded Security

using the Embedded Security Device

Reset to Factory

option Reset to Factory Settings. By

Settings

default, Power-on authentication

 

support is set to Disable.

The Reset to Factory Settings option disables Embedded Security Device, which hides the other Embedded Security options (including Power-on authentication support). However, after re-enabling Embedded Security Device, Power-on authentication support remained enabled.

HP is working on a resolution, which will be provided in future Web-based ROM SoftPaq offerings.

Security Power-On

Power-On Authentication prompts the

To be able to write to BIOS, the user must enter the

Authentication overlaps

user to log on to system using the TPM

BIOS password instead of the TPM password at the

BIOS Password during

password, but, if the user presses F10 to

Power-on Authentication window.

boot sequence.

access the BIOS, Read rights access

 

 

only is granted.

 

 

 

 

The BIOS asks for both

The BIOS asks for both the old and new

This is as designed. This is due to the inability of the

the old and new

passwords through Computer Setup

BIOS to communicate with the TPM, once the operating

passwords through

after changing the Owner password in

system is up and running, and to verify the TPM pass

Computer Setup after

Embedded Security Windows software.

phrase against the TPM key blob.

changing the Owner

 

 

password in Embedded

 

 

Security Windows

 

 

software.

 

 

 

 

 

ENWW

Miscellaneous 67

Page 72 Page 74
Image 73
Page 72 Page 74
Contents ProtectTools First Edition July Document Part Number Table of contents Java Card Security for HP ProtectTools Embedded Security for HP ProtectToolsTroubleshooting Bios Configuration for HP ProtectToolsDrive Encryption for HP ProtectTools Enww Introduction to security Module Key features HP ProtectTools featuresAccessing HP ProtectTools Security Achieving key security objectives Restricting access to sensitive dataProtecting against targeted theft Creating strong password policies Additional security elements Managing HP ProtectTools passwordsAssigning security roles Java Card PIN also protects access to Creating a secure password HP ProtectTools Backup and RestoreBacking up credentials and settings Restoring credentials Configuring settings Credential Manager for HP ProtectTools Using the Credential Manager Logon Wizard Setup proceduresLogging on to Credential Manger Logging on for the first time Registering credentialsRegistering fingerprints Using your registered fingerprint to log on to Windows Setting up the fingerprint readerRegistering a Java Card, USB eToken, or virtual token Registering a USB eTokenGeneral tasks Changing the Windows logon passwordCreating a virtual token Changing a token PINClearing an identity from the system Managing identityLocking the computer Using Windows LogonLogging on to Windows with Credential Manager Adding an accountUsing automatic registration Using Single Sign OnRemoving an account Registering a new applicationManaging applications and credentials Using manual drag and drop registrationModifying application properties Removing an application from Single Sign OnImporting an application Using Application ProtectionModifying credentials Changing restriction settings for a protected application Restricting access to an applicationRemoving protection from an application Enww Specifying how users and administrators log on Advanced tasks administrator onlyConfiguring credential properties Configuring custom authentication requirementsConfiguring Credential Manager settings Select Start All Programs HP ProtectTools Security Manager Embedded Security for HP ProtectTools Enabling the embedded security chip Select Embedded security device state and change to EnableInitializing the embedded security chip Setting up the basic user account Encrypting files and folders Using the Personal Secure DriveSending and receiving encrypted e-mail Changing the Basic User Key password Restoring certification data from the backup file Creating a backup fileAdvanced tasks Backing up and restoringResetting a user password Changing the owner passwordEnabling Embedded Security after permanent disable Enabling and disabling Embedded SecurityMigrating keys with the Migration Wizard Java Card Security for HP ProtectTools Selecting the card reader Changing a Java Card PINAssigning a Java Card PIN Advanced tasks administrators onlyAssigning a name to a Java Card Setting power-on authenticationTo enable Java Card power-on authentication Creating a user Java Card Disabling Java Card power-on authenticationBios Configuration for HP ProtectTools Managing boot options Enabling and disabling system configuration options Enww Under Smart Card Security, click Enable Managing HP ProtectTools add-on module settingsClick Apply, and then click OK in the HP ProtectTools window Enabling and disabling DriveLock hard drive protection Using DriveLockDriveLock Applications Setting the power-on password Managing Computer Setup passwordsChanging the power-on password Setting the setup passwordSetting password options Changing the setup passwordEnabling and disabling stringent security Enww Drive Encryption for HP ProtectTools Encryption management User management Right pane, click Click here to backup your keys RecoverySecurity Change password option, but, since TroubleshootingCredential Manager for ProtectTools Virtual Token duringClick Service & Applications Click Advanced SettingsConnect Click Java Cards and TokensManager Reader to log on to CredentialIt to Embedded Security Device-Enable F10 = ROM Based Setup message is displayedSelect Enable Save changes and exit Security Restore IdentityEmbedded Security for ProtectTools Select File Save Changes and Exit File because it is Process cannot accessBeing used by another ProcessOut with access denied Error has been detected Clicks Restore under BackupSelects SPSystemBackup .xml Selected Backup Archive doesEnww Click All Programs Click HP ProtectTools Security Manager MiscellaneousPower-on Computer Setup, the Power-on Authentication support Glossary Enww Index AccessEnww Enww
Related manuals
Manual 65 pages 2.14 Kb
Top Page Image Contents