Embedded Security for ProtectTools
Short description | Details | Solution |
|
|
|
Encrypting folders, sub folders, and files on PSD causes error message.
If the user copies files and folders to the PSD and tries to encrypt folders/files or folders/subfolders, the Error Applying Attributes message appears. The user can encrypt the same files on the C:\ drive on an extra installed hard drive.
This is as designed.
Moving files/folders to the PSD automatically encrypts them. There is no need to
Cannot Take Ownership | If a drive is set up for multiple OS boot, | This is as designed, for security reasons. |
With Another OS In | ownership can only be taken with the |
|
MultiBoot Platform. | platform initialization wizard in one |
|
| operating system. |
|
|
|
|
Unauthorized | Encrypting a folder does not stop an | This is as designed. |
administrator can view, | unauthorized user with administrative | It is a feature of EFS, not the Embedded Security TPM. |
delete, rename, or move | rights to view, delete, or move contents | |
the contents of encrypted | of the folder. | Embedded Security uses Microsoft EFS software, and |
EFS folders. |
| EFS preserves file/folder access rights for all |
|
| administrators. |
|
|
|
Encrypted folders with | Encrypted folders with EFS are | This is as designed. |
EFS in Windows 2000 are | highlighted in green in Windows XP, but | It is a feature of EFS that it does not highlight encrypted |
not shown highlighted in | not in Windows 2000. | |
green. |
| folders in Windows 2000, but it does in Windows XP. |
|
| This is true whether or not an Embedded Security TPM |
|
| is installed. |
EFS does not require a password to view encrypted files in Windows 2000.
If a user sets up the Embedded Security, logs on as an administrator, then logs off and back on as the administrator, the user can subsequently see files/folders in Windows 2000 without a password. This occurs only in the first administrator account on Windows 2000. If a secondary administrator account is being logged into, this does not occur.
This is as designed.
It is a feature of EFS in Windows 2000. EFS in Windows XP, by default, will not let the user open files/folders without a password.
Software should not be installed on a restore with FAT32 partition.
If the user attempts to restore the hard drive using FAT32, there will be no encrypt options for any files/folders using EFS.
This is as designed.
Microsoft EFS is supported only on NTFS and will not function on FAT32. This is a feature of Microsoft's EFS and is not related to HP ProtectTools software.
Windows 2000 User can | Windows 2000 User can share to the | The PSD is not normally shared on the network, but it |
share to the network any | network any PSD with the hidden ($) | can be through the hidden ($) share in Windows 2000 |
PSD with the hidden ($) | share. The hidden share can be | only. HP recommends always having the |
share. | accessed over the network using the | Administrator account |
| hidden ($) share. |
|
|
|
|
User is able to encrypt or | By design, the ACLs for this folder is not | This is as designed. |
delete the recovery | set; therefore, a user can inadvertently or | Users have access rights to an emergency archive in |
archive XML file. | purposely encrypt or delete the file, | |
| making it inaccessible. Once this file has | order to save/update their Basic User Key backup copy. |
| been encrypted or deleted, no one can | Customers should adopt a 'best practices' security |
| use the TPM software. | approach and instruct users never to encrypt or delete |
|
| the recovery archive files. |
HP ProtectTools | Encrypted files interfere with Symantec |
Embedded Security EFS | Antivirus or Norton Antivirus 2005 virus |
interaction with Symantec | scan. During the scan process, the Basic |
Antivirus or Norton | User password prompt asks the user for |
Antivirus produces longer | a password every 10 files or so. If the |
encryption/decryption and | user does not enter a password, the |
scan times. | Basic User password prompt times out, |
| allowing NAV2005 to continue with the |
| scan. Encrypting files using HP |
| ProtectTools Embedded Security EFS |
To reduce the time required to scan HP ProtectTools Embedded Security EFS files, the user can either enter the encryption password before scanning or decrypt before scanning.
To reduce the time required to encrypt/decrypt data using HP ProtectTools Embedded Security EFS, the user should disable
60 Chapter 7 Troubleshooting | ENWW |