HP 1105 Assigning security roles, Managing HP ProtectTools passwords

Additional security elements

Assigning security roles

In managing computer security, one important practice is to divide responsibilities and rights among various types of administrators and users.

NOTE: In a small organization or for individual use, these roles may all be held by the same person.

For HP ProtectTools, the security duties and privileges can be divided into the following roles:

●Security officer—Defines the security level for the company or network and determines the security features to deploy, such as Drive Encryption or Embedded Security.

●IT administrator—Applies and manages the security features defined by the security officer. Can also enable and disable some features. For example, if the security officer has decided to deploy Smart Cards, the IT administrator can enable both password and Smart Card mode.

●User—Uses the security features. For example, if the security officer and IT administrator have enabled Smart Cards for the system, the user can use the card for authentication.

Managing HP ProtectTools passwords

Most of the HP ProtectTools Security Manager features are secured by passwords. The following table lists the commonly used passwords, the software module where the password is set, and the password function.

The passwords that are set and used by IT administrators only are indicated in this table as well. All other passwords may be set by regular users or administrators.

HP ProtectTools password		Set in this	Function
		HP ProtectTools module

Password Manager logon		Password Manager	This password offers 2 options:
password			● It can be used in a separate logon to
			● It can be used in a separate logon to
			access Password Manager after
			logging on to Windows.
			● It can be used in place of the
			Windows logon process, allowing
			access to Windows and Password
			Manager simultaneously.

Basic User Key password		Embedded Security	Used to access Embedded Security
NOTE:	Also known as:		features, such as secure e-mail, file, and
NOTE:	Also known as:		folder encryption. When used for power-on
Embedded Security password			authentication, also protects access to the
			authentication, also protects access to the
			computer contents when the computer is
			turned on, restarted, or restored from
			hibernation.

Emergency Recovery Token		Embedded Security, by IT	Protects access to the Emergency
password		administrator	Recovery Token, which is a backup file for
NOTE:	Also known as:		the embedded security chip.
NOTE:	Also known as:
Emergency Recovery Token Key
password

Owner password		Embedded Security, by IT	Protects the system and the TPM chip from
		administrator	unauthorized access to all owner functions
			of Embedded Security.

ENWW	Additional security elements 9