HP ProtectTools Troubleshooting Guide
Page 3
...from the task tray, start menu, or control panel. HP ProtectTools Troubleshooting Guide Overview HP ProtectTools Security is a new technology offered by HP on the imaged drive for desktop. A properly enabled security system requires a TPM-enabled BIOS, versions 1.54 or greater, obtainable through a ... is present. ■ HP ProtectTools Embedded Security: This supports the TPM 1.2 hardware directly and is preinstalled on some Business PCs. Administrators are encouraged to use the provided CD to install the HP ProtectTools security products. All TPM functions are already installed on...
...from the task tray, start menu, or control panel. HP ProtectTools Troubleshooting Guide Overview HP ProtectTools Security is a new technology offered by HP on the imaged drive for desktop. A properly enabled security system requires a TPM-enabled BIOS, versions 1.54 or greater, obtainable through a ... is present. ■ HP ProtectTools Embedded Security: This supports the TPM 1.2 hardware directly and is preinstalled on some Business PCs. Administrators are encouraged to use the provided CD to install the HP ProtectTools security products. All TPM functions are already installed on...
HP ProtectTools Troubleshooting Guide
Page 4
...PSD is available on to the computer. ■ BIOS Configuration for ProtectTools: This configuration provides access to your TPM firmware. ■ HP Credential Manager for ProtectTools: This tool provides identity management and has security features that shipped with the installed product contain... login capability as opposed to passwords when logging on to Windows, such as using the Embedded Security software. ■ HP ProtectTools TPM Firmware Update Utility: This utility is unhidden, enabled with appropriate software installed with the latest software, firmware, driver, and...
...PSD is available on to the computer. ■ BIOS Configuration for ProtectTools: This configuration provides access to your TPM firmware. ■ HP Credential Manager for ProtectTools: This tool provides identity management and has security features that shipped with the installed product contain... login capability as opposed to passwords when logging on to Windows, such as using the Embedded Security software. ■ HP ProtectTools TPM Firmware Update Utility: This utility is unhidden, enabled with appropriate software installed with the latest software, firmware, driver, and...
HP ProtectTools Troubleshooting Guide
Page 5
..., providing significantly greater security than hacking onto the system's hard drive to extract the private keys is provided by HP ProtectTools Embedded Security. The TPM functions as a Cryptographic Service Provider (CSP). The bus consists of 4 bits of encryption and decryption. Breaking into the virtual drive. TCG supersedes TCPA TCPA Trusted ...
..., providing significantly greater security than hacking onto the system's hard drive to extract the private keys is provided by HP ProtectTools Embedded Security. The TPM functions as a Cryptographic Service Provider (CSP). The bus consists of 4 bits of encryption and decryption. Breaking into the virtual drive. TCG supersedes TCPA TCPA Trusted ...
HP ProtectTools Troubleshooting Guide
Page 6
...as designed. HP ProtectTools Embedded If a user sets up for all administrators. This is as designed. can view, delete, rename, or move contents of Microsoft's EFS and is not related to Applying Attributes double-encrypt them . It is a feature of EFS, not the Embedded Security TPM. It ... software. 4 www.hp.com Technical Reference Guide HP ProtectTools Embedded If the user attempts to restore Security-Software should the hard drive using on FAT32. This is true whether or not an Embedded Security TPM is as designed. This is as designed. EFS in require a ...
...as designed. HP ProtectTools Embedded If a user sets up for all administrators. This is as designed. can view, delete, rename, or move contents of Microsoft's EFS and is not related to Applying Attributes double-encrypt them . It is a feature of EFS, not the Embedded Security TPM. It ... software. 4 www.hp.com Technical Reference Guide HP ProtectTools Embedded If the user attempts to restore Security-Software should the hard drive using on FAT32. This is true whether or not an Embedded Security TPM is as designed. This is as designed. EFS in require a ...
HP ProtectTools Troubleshooting Guide
Page 7
... required to encrypt/decrypt encryption/decryption and user for a password every data using HP ProtectTools Embedded Security scan times 10 files or so. This is not supported. therefore, a user can use the TPM software. This is able to initialization. If the user does EFS, the user... (F10) Utility prior to encrypt or delete the recovery archive XML file By design, the ACLs for TPM module after system restore. Storage of the TPM fails. HP ProtectTools Embedded Security-User is as designed. The W2K only. Antivirus produces longer password prompt asks the To...
... required to encrypt/decrypt encryption/decryption and user for a password every data using HP ProtectTools Embedded Security scan times 10 files or so. This is not supported. therefore, a user can use the TPM software. This is able to initialization. If the user does EFS, the user... (F10) Utility prior to encrypt or delete the recovery archive XML file By design, the ACLs for TPM module after system restore. Storage of the TPM fails. HP ProtectTools Embedded Security-User is as designed. The W2K only. Antivirus produces longer password prompt asks the To...
HP ProtectTools Troubleshooting Guide
Page 8
...3. Embedded Security chip has already an Embedded Security owner. 5. Press F10 to recover from Security-Errors occur after enabling TPM Module Enabling the TPM module This is changed to anything else (French (Canada), for example), then the Encrypt selection will occur: • ... error is displayed: The Embedded security cannot be initialized first. Press F10 to reset the TPM module and cause possible loss of data. 6 www.hp.com Technical Reference Guide HP ProtectTools Embedded Security-Computer Setup (F10) Utility password can (F10) Utility password. There is...
...3. Embedded Security chip has already an Embedded Security owner. 5. Press F10 to recover from Security-Errors occur after enabling TPM Module Enabling the TPM module This is changed to anything else (French (Canada), for example), then the Encrypt selection will occur: • ... error is displayed: The Embedded security cannot be initialized first. Press F10 to reset the TPM module and cause possible loss of data. 6 www.hp.com Technical Reference Guide HP ProtectTools Embedded Security-Computer Setup (F10) Utility password can (F10) Utility password. There is...
HP ProtectTools Troubleshooting Guide
Page 9
... certificate issued; The user has to Security Platform Policies (both Machine and User) does not require a TPM password for more information. HP ProtectTools Embedded Security-No password required to change the Security Platform Policies Access to log off and back on...clicking the install button, installing it does not make it shows as a system without TPM user initialization. HP ProtectTools Troubleshooting Guide Software Impacted-Short description Details Solution / Workaround HP ProtectTools Embedded Security-The PSD password box is no longer available when the user resumes....
... certificate issued; The user has to Security Platform Policies (both Machine and User) does not require a TPM password for more information. HP ProtectTools Embedded Security-No password required to change the Security Platform Policies Access to log off and back on...clicking the install button, installing it does not make it shows as a system without TPM user initialization. HP ProtectTools Troubleshooting Guide Software Impacted-Short description Details Solution / Workaround HP ProtectTools Embedded Security-The PSD password box is no longer available when the user resumes....
HP ProtectTools Troubleshooting Guide
Page 10
... unless the if user has not initialized either without disabling the Basic User Key has already been initialized. HP ProtectTools Embedded During uninstallation, the user The Admin tool is used for disabling the TPM Security-During uninstall, has the option of uninstalling chip, but that occurred while the removable storage was not...
... unless the if user has not initialized either without disabling the Basic User Key has already been initialized. HP ProtectTools Embedded During uninstallation, the user The Admin tool is used for disabling the TPM Security-During uninstall, has the option of uninstalling chip, but that occurred while the removable storage was not...
HP ProtectTools Troubleshooting Guide
Page 12
...Short description Details Solution / Workaround HP ProtectTools Embedded Security-Application lock-ups occur when the connection with a TPM Module is lost When the TPM module is If system appears not to function properly or the damaged or the connection is TPM is not found, perform the ... Manager inspections to ensure the system is working to the damaged TPM. Click Start. 2. Click Broadcom TPM. (The device status should indicate This device is properly locks up. are useless for recovery. 10 www.hp.com Technical Reference Guide Click System. 4. The new files by...
...Short description Details Solution / Workaround HP ProtectTools Embedded Security-Application lock-ups occur when the connection with a TPM Module is lost When the TPM module is If system appears not to function properly or the damaged or the connection is TPM is not found, perform the ... Manager inspections to ensure the system is working to the damaged TPM. Click Start. 2. Click Broadcom TPM. (The device status should indicate This device is properly locks up. are useless for recovery. 10 www.hp.com Technical Reference Guide Click System. 4. The new files by...
HP ProtectTools Troubleshooting Guide
Page 13
... TCG Spec. Run the Platform and User configuration wizard. 3. Technical Reference Guide www.hp.com 11 Version = 1.2 -Vendor = Broadcom Corporation -FW Version = 2.18 (or greater) -TPM Device driver library version 2.0.0.9 (or greater) If the FW version does not match...download and update the TPM firmware. HP ProtectTools Troubleshooting Guide Software Impacted-Short description Details Solution / Workaround HP ProtectTools TPM Firmware Update Utility-The tool provided through HP support Web site reports ownership required Expected Behavior of TPM firmware Utility 1. Ensure...
... TCG Spec. Run the Platform and User configuration wizard. 3. Technical Reference Guide www.hp.com 11 Version = 1.2 -Vendor = Broadcom Corporation -FW Version = 2.18 (or greater) -TPM Device driver library version 2.0.0.9 (or greater) If the FW version does not match...download and update the TPM firmware. HP ProtectTools Troubleshooting Guide Software Impacted-Short description Details Solution / Workaround HP ProtectTools TPM Firmware Update Utility-The tool provided through HP support Web site reports ownership required Expected Behavior of TPM firmware Utility 1. Ensure...
HP ProtectTools Troubleshooting Guide
Page 14
... in the text box. Credential Manager local machine. Network Accounts option, a user can automate the logon to Infineon TPM User Authentication. All other accounts. If user selects Yes, then the location of SPEmRecToken automatically appears in Embedded Security ... Emergency Recovery Token should be retrieved from. 12 www.hp.com Technical Reference Guide HP ProtectTools Troubleshooting Guide Software Impacted-Short description Details Solution / Workaround HP ProtectTools Credential Using TPM authentication, the Using Credential Manager Single Sign On tools Manager...
... in the text box. Credential Manager local machine. Network Accounts option, a user can automate the logon to Infineon TPM User Authentication. All other accounts. If user selects Yes, then the location of SPEmRecToken automatically appears in Embedded Security ... Emergency Recovery Token should be retrieved from. 12 www.hp.com Technical Reference Guide HP ProtectTools Troubleshooting Guide Software Impacted-Short description Details Solution / Workaround HP ProtectTools Credential Using TPM authentication, the Using Credential Manager Single Sign On tools Manager...
HP ProtectTools Troubleshooting Guide
Page 17
...be granted • malicious modification of security policies and functions HP ProtectTools Embedded Hiding the TPM chip in the Hiding the TPM in the BIOS Security software loaded software cannot recognize the device. HP ProtectTools * General-Unrestricted access or uncontrolled administrator privileges pose ...produce on lack of PSD Unauthorized users should re-enable their TPM or remove the HP Embedded Security software through Add/remove programs. Technical Reference Guide www.hp.com 15 Customers wishing to the TPM three minutes after reboot. User must reboot the system in...
...be granted • malicious modification of security policies and functions HP ProtectTools Embedded Hiding the TPM chip in the Hiding the TPM in the BIOS Security software loaded software cannot recognize the device. HP ProtectTools * General-Unrestricted access or uncontrolled administrator privileges pose ...produce on lack of PSD Unauthorized users should re-enable their TPM or remove the HP Embedded Security software through Add/remove programs. Technical Reference Guide www.hp.com 15 Customers wishing to the TPM three minutes after reboot. User must reboot the system in...
HP ProtectTools Troubleshooting Guide
Page 18
...Restore under Backup option of Embedded Security produces this in BIOS: Security-Resetting System default hides the TPM to Open the Computer Setup (F10) Utility, navigate ROM to default hides TPM. HP ProtectTools Embedded Security-Security System restore error with : An internal Embedded Security error has been detected.... An is Also, user must select the correct .xml file to Unhide the TPM in future products. An Archive Backup can be restored individually. HP is used before the next default selected are not able to be restored. We are working to ...
...Restore under Backup option of Embedded Security produces this in BIOS: Security-Resetting System default hides the TPM to Open the Computer Setup (F10) Utility, navigate ROM to default hides TPM. HP ProtectTools Embedded Security-Security System restore error with : An internal Embedded Security error has been detected.... An is Also, user must select the correct .xml file to Unhide the TPM in future products. An Archive Backup can be restored individually. HP is used before the next default selected are not able to be restored. We are working to ...
HP ProtectTools Troubleshooting Guide
Page 20
...local drive. If the Automatic Backup is scheduled to use the mapped drive. HP ProtectTools Embedded The current 4.0 software was HP will address this issue in well as supporting HP Embedded Security GUI Desktop 1.2 implementations. Tasks > Scheduled Task. This is the default setting mapped ...Backup in AUTHORITY\SYSTEM to disable is still supported in the software interface for TPM 1.1 platforms. 18 www.hp.com Technical Reference Guide Security-Unable to designed for HP Notebook disable Embedded Security 1.1B implementations, as State temporarily in future releases.
...local drive. If the Automatic Backup is scheduled to use the mapped drive. HP ProtectTools Embedded The current 4.0 software was HP will address this issue in well as supporting HP Embedded Security GUI Desktop 1.2 implementations. Tasks > Scheduled Task. This is the default setting mapped ...Backup in AUTHORITY\SYSTEM to disable is still supported in the software interface for TPM 1.1 platforms. 18 www.hp.com Technical Reference Guide Security-Unable to designed for HP Notebook disable Embedded Security 1.1B implementations, as State temporarily in future releases.
HP ProtectTools Troubleshooting Guide
Page 21
... Credential Manager fills in the application name; When registering a password HP is used, this application. user can scroll to view the document name. Technical Reference Guide www.hp.com 19 When TPM authentication is researching workaround for future product enhancements. only 9 characters ...password to apply. Credential Manager automatically fills in the application name and the user enters the document name. HP ProtectTools Credential Manager-Login with TPM authentication does not give the Network Accounts option Using the Network Accounts option, a user can be viewed when...
... Credential Manager fills in the application name; When registering a password HP is used, this application. user can scroll to view the document name. Technical Reference Guide www.hp.com 19 When TPM authentication is researching workaround for future product enhancements. only 9 characters ...password to apply. Credential Manager automatically fills in the application name and the user enters the document name. HP ProtectTools Credential Manager-Login with TPM authentication does not give the Network Accounts option Using the Network Accounts option, a user can be viewed when...
HP ProtectTools Troubleshooting Guide
Page 23
...TPM login authentication for next product offering. This allows the card owner to ProtectTools Security PIN at Boot Manager > Smart Card on authentication to have any time. Click when smart card/token is functional for future product enhancements. This button is inserted. 5. HP... restrictions an option, allowing the invoked by Card BIOS Password the card owner, know a PIN to log-on the card. HP ProtectTools Credential Manager-Credential Manager opens out of Credential Manager upon smart card insertion. 1. system to go into S3 suspend Without smart...
...TPM login authentication for next product offering. This allows the card owner to ProtectTools Security PIN at Boot Manager > Smart Card on authentication to have any time. Click when smart card/token is functional for future product enhancements. This button is inserted. 5. HP... restrictions an option, allowing the invoked by Card BIOS Password the card owner, know a PIN to log-on the card. HP ProtectTools Credential Manager-Credential Manager opens out of Credential Manager upon smart card insertion. 1. system to go into S3 suspend Without smart...
HP ProtectTools Troubleshooting Guide
Page 24
... or auto logon admin. If user wishes to request PIN input, fonts/characters. Refresh the graphical user interface by the TPM. HP ProtectTools Credential If the TPM module is removed This is : HKEY_LOCAL_MACHINE/Software/Microsoft/ WindowsNT/CurrentVersion/WinLogon Å Use Registry Editor at 1, and Credential...appears whether or not fingerprint reader is installed or registered If user selects Windows The purpose of the desktop alert is to Credential Manager. 22 www.hp.com Technical Reference Guide characters for the name of the card owner, but Japanese name will be ...
... or auto logon admin. If user wishes to request PIN input, fonts/characters. Refresh the graphical user interface by the TPM. HP ProtectTools Credential If the TPM module is removed This is : HKEY_LOCAL_MACHINE/Software/Microsoft/ WindowsNT/CurrentVersion/WinLogon Å Use Registry Editor at 1, and Credential...appears whether or not fingerprint reader is installed or registered If user selects Windows The purpose of the desktop alert is to Credential Manager. 22 www.hp.com Technical Reference Guide characters for the name of the card owner, but Japanese name will be ...
HP ProtectTools Troubleshooting Guide
Page 25
...or resetting the TPM. 2. HP ProtectTools Credential Manager-Unable to log into Credential Manager after transitioning from Microsoft. The HP Credential Manager for ProtectTools fails to access the TPM if the TPM was reset to factory settings or replaced after the TPM Embedded Security Module... is configured. Enable and initialize the TPM. 4. Restore the user identity. Workaround...
...or resetting the TPM. 2. HP ProtectTools Credential Manager-Unable to log into Credential Manager after transitioning from Microsoft. The HP Credential Manager for ProtectTools fails to access the TPM if the TPM was reset to factory settings or replaced after the TPM Embedded Security Module... is configured. Enable and initialize the TPM. 4. Restore the user identity. Workaround...