HP G1 Guida di Avvio Rapido

HP ProtectToolsGetting Started

of USB devices, network connections, and so on. An example would be a situation where outsidevendors need access to company computers but should not b

Protecting against targeted theftAn example of targeted theft would be the theft of a computer containing confidential data andcustomer information at

Additional security elementsAssigning security rolesIn managing computer security (particularly for large organizations), one important practice is to

Creating a secure passwordWhen creating passwords, you must first follow any specifications that are set by the program. Ingeneral, however, consider

2 Getting startedTo configure settings for HP ProtectTools, use the HP Client Security Setup Wizard or the HPProtectTools Security Manager Setup Wizar

HP ProtectTools Security Manager Setup WizardNOTE: Administration of HP ProtectTools requires administrative privileges.The HP ProtectTools Security M

3 Easy Setup Guide for Small BusinessThis chapter is designed to demonstrate the basic steps to activate the most common and usefuloptions within HP P

To start saving web locations, user names, and passwords:1. As an example, navigate to a participating website or application, and then click the Pass

7. Select the desired user, and then click OK > OK > Apply.Your choice is displayed in the Users/Groups box.8. Select the Device Class that the

4 HP ProtectTools Security ManagerAdministrative ConsoleHP ProtectTools Security Manager software provides security features that help protect against

© Copyright 2012 Hewlett-PackardDevelopment Company, L.P.Bluetooth is a trademark owned by itsproprietor and used by Hewlett-PackardCompany under lice

4. Drive Encryption—If Drive Encryption for HP ProtectTools is installed, you can activateencryption on the primary drive:●Software encryption for a t

●The Administrative Console is launched for a configuration requiring administratorprivilege.●The Status Dashboard stays open after the User Console o

●About—Displays information about HP ProtectTools Security Manager, such as the versionnumber and copyright notice.●Main area—Displays application-spe

8. To return to the original settings, click Restore Defaults.9. Click Apply.Session PolicyTo define policies governing the credentials required to pe

SpareKeyYou can configure whether or not to allow SpareKey authentication for Windows logon, and managethe security questions that will be presented t

FaceIf a webcam is installed or connected to the computer, and if the Face Recognition program isinstalled, administrators can set the security level

c. Be sure that Initialize the smart card is selected.d. Enter your PIN, click Apply, and then follow the on-screen instructions.After the smart card

Contactless cardA contactless card is a small plastic card containing a computer chip. If a contactless card reader isconnected to the computer, if th

General tabThe following settings are available on the General tab:●Do not automatically launch the Setup Wizard for administrators—Select this option

5 HP ProtectTools Security ManagerHP ProtectTools Security Manager allows you to significantly increase the security of your computer.You can use prel

Table of contents1 Introduction to security ...

●My Computer—Manage the security of your computer with Device Access Manager.NOTE: This item is not displayed if the application is not installed.●Adm

Password Manager offers the following options:Manage tab●Add, edit, or delete logons.● Use Quick Links to launch your default browser and log on to an

NOTE: The administrator of this computer may have set up Security Manager to require more thanone credential when verifying your identity.Adding logon

Editing logonsTo edit a logon, follow these steps:1. Open the logon screen for a website or program.2. To display a dialog box where you can edit your

To add a logon to a category:1. Place your mouse pointer over the desired logon.2. Press and hold the left mouse button.3. Drag the logon into the lis

Password Manager icon settingsPassword Manager attempts to identify logon screens for websites and programs. When it detects alogon screen for which y

Available credentials can vary, depending on the security devices built into or connected to thiscomputer. Supported credentials, requirements, and cu

Enrolling your fingerprintsIf the administrator selected Fingerprints on the Choose your credentials screen and if yourcomputer has a fingerprint read

6. Click the Camera icon, and then follow the on-screen instructions to enroll your scene.NOTE: Be sure to look at your image, turning your head accor

LearningIf face logon is unsuccessful but you enter your password successfully, you may be prompted to savea series of images to increase the chances

Using Administrative Console ... 15Configurin

Administrators can initialize the smart card using the manufacturer’s software and HP ProtectToolsAdministrative Console. For more information, see th

NOTE: Only Bluetooth phone devices are supported.1. Be sure that Bluetooth functionality is enabled on the computer, and that the Bluetooth phone isse

NOTE: The Fingerprint tab is available only if the computer has a fingerprint reader and the correctdriver is installed.●Quick Actions—Use Quick Actio

To restore your data:1. Open the Security Manager User Console. For more information, see Opening Security Manageron page 23.2. On the left panel of t

6 Drive Encryption for HP ProtectTools(select models only)Drive Encryption for HP ProtectTools provides complete data protection by encrypting yourcom

General tasksActivating Drive Encryption for standard hard drivesStandard hard drives are encrypted using software encryption. Follow these steps to a

4. Under Drives to be encrypted, select the check box for the hard drive that you want to encrypt,and then click Next.5. To back up the encryption key

Deactivating Drive EncryptionAdministrators can use the HP ProtectTools Security Manager Setup Wizard to deactivate DriveEncryption. See the HP Protec

Supported smart cards● ActivIdentity Oberthur Cosmopol IC 64k V5.2●Gemalto Cyberflex Access 64k V2c●ActivIdentity Activkey SIM (Gemalto Cyberflex Acce

Hardware encryption◦ Encrypted◦Not encrypted (for additional drives)Using Enhanced Security with TPM (select models only)If the Trusted Platform Modul

Credential Manager ... 29Changing your Windows

NOTE: To save the encryption key, you must use a USB storage device with the FAT32 or FAT16format. A USB memory stick, Secure Digital (SD) Memory Card

To perform an HP SpareKey Recovery if you forget your password:1. Turn on the computer.2. When the Drive Encryption for HP ProtectTools page is displa

7 Device Access Manager for HPProtectTools (select models only)HP ProtectTools Device Access Manager controls access to data by disabling data transfe

Setup ProceduresConfiguring device accessHP ProtectTools Device Access Manager offers four views:●Simple Configuration—Allow or deny access to classes

Starting the background serviceThe first time a new policy is defined and applied, the HP ProtectTools Device Locking/Auditingbackground service start

The same user, the same group, or a member of the same group can be granted writeaccess or read+write access only for a device below this device in th

Allowing access for a user or a groupTo grant permission for a user or a group to access a device or a class of devices:1. In the left pane of HP Prot

4. Click Deny next to the group to be denied access.5. Navigate to the specific device to which access is to be allowed for the user in the device lis

JITA-enabled users will be able to access some devices for which policies created in the DeviceClass Configuration or Simple Configuration view have b

6. Select the Extendable check box.7. Click Apply.The user must log out and then log on again for the new JITA setting to be applied.Disabling a JITA

7 Device Access Manager for HP ProtectTools (select models only) ... 46Opening Device Access Ma

Device Administrators groupWhen Device Access Manager is installed, a Device Administrators group is created.The Device Administrators group is used t

◦Hard disk controller (HDC)◦ Human interface device (HID) class●Power◦Battery◦ Advanced power management (APM) support● Miscellaneous◦Computer◦Decoder

8 Theft recovery (select models only)Computrace for HP ProtectTools (purchased separately) allows you to remotely monitor, manage,and track your compu

9 Localized password exceptionsAt the Preboot Security level and the HP Drive Encryption level, password localization support islimited, as described

Password changes using keyboard layout that is alsosupportedIf the password is initially set with one keyboard layout, such as U.S. English (409), and

Language Windows BIOS Drive EncryptionSpanish 40a is not supported. Itnevertheless worksbecause the softwareconverts it to c0a. However,because of sub

GlossaryactivationThe task that must be completed before any of the Drive Encryption features are accessible. Drive Encryption isactivated using the H

domainA group of computers that are part of a network and share a common directory database. Domains are uniquelynamed, and each has a set of common r

PKIThe Public Key Infrastructure standard that defines the interfaces for creating, using, and administeringcertificates and cryptographic keys.power-

IndexAaccesscontrolling 46preventing unauthorized 5activatingDrive Encryption for self-encrypting drives 39Drive Encryption for standardhard drives 39

1 Introduction to securityHP ProtectTools Security Manager software provides security features that help protect againstunauthorized access to the com

JJITAconfiguration 51creating extendable for user orgroup 52creating for user or group 52disabling for user or group 53Just-in-time AuthenticationConf

Module Key featuresCredential Manager General users can perform the following functions:●Change user names and passwords.●Configure and change user cr

Password ManagerPassword Manager stores user names and passwords, and can be used to:●Save login names and passwords for Internet access or email.●Aut