HP ProtectTools Troubleshooting Guide
Page 3
...9632; HP ProtectTools Embedded Security: This supports the TPM 1.2 hardware directly and is a new technology offered by HP on some Business PCs. The card is part of TPM 1.2 standards. Software The software, HP ProtectTools, has two parts: HP ProtectTools Security Manager and HP plug-in...hp.com support, and security software available via purchase. Security plug-ins like the TPM, Smart Card, and future security products cannot be accessed from the Start Menu or Control Panel applet. In Windows 2000 and Windows XP environments, this software supports enhanced security for desktop...
...9632; HP ProtectTools Embedded Security: This supports the TPM 1.2 hardware directly and is a new technology offered by HP on some Business PCs. The card is part of TPM 1.2 standards. Software The software, HP ProtectTools, has two parts: HP ProtectTools Security Manager and HP plug-in...hp.com support, and security software available via purchase. Security plug-ins like the TPM, Smart Card, and future security products cannot be accessed from the Start Menu or Control Panel applet. In Windows 2000 and Windows XP environments, this software supports enhanced security for desktop...
HP ProtectTools Troubleshooting Guide
Page 4
...❏ Support for additional security settings, such as Microsoft Outlook and Internet Explorer) and applications that HP ProtectTools Personal Secure Drive cannot function unless the TPM is a function in addition to the EFS-based file/folder encryption, and it supports enhanced security ... function called Personal Secure Drive (PSD). The smart card BIOS security mode is a Web-based SoftPaq for updating your TPM firmware. ■ HP Credential Manager for ProtectTools: This tool provides identity management and has security features that use MSCAPI (such as requiring authentication ...
...❏ Support for additional security settings, such as Microsoft Outlook and Internet Explorer) and applications that HP ProtectTools Personal Secure Drive cannot function unless the TPM is a function in addition to the EFS-based file/folder encryption, and it supports enhanced security ... function called Personal Secure Drive (PSD). The smart card BIOS security mode is a Web-based SoftPaq for updating your TPM firmware. ■ HP Credential Manager for ProtectTools: This tool provides identity management and has security features that use MSCAPI (such as requiring authentication ...
HP ProtectTools Troubleshooting Guide
Page 5
... than software-only implementations. S/MIME Secure Multipurpose Internet Mail Extensions A specification for secure electronic messaging using PKCS. In systems with the TPM card, the TPM's private Storage Root Keys, which never leave the TPM chip, are generated and/or supported by HP ProtectTools Embedded Security. Breaking into the virtual drive. Technical Reference Guide www...
... than software-only implementations. S/MIME Secure Multipurpose Internet Mail Extensions A specification for secure electronic messaging using PKCS. In systems with the TPM card, the TPM's private Storage Root Keys, which never leave the TPM chip, are generated and/or supported by HP ProtectTools Embedded Security. Breaking into the virtual drive. Technical Reference Guide www...
HP ProtectTools Troubleshooting Guide
Page 6
...the contents of EFS in are highlighted in green in green This is as designed. This is true whether or not an Embedded Security TPM is no encrypt with EFS in Windows 2000 Windows XP, but it does not highlight encrypted folders in Windows 2000, but not in ... Technical Reference Guide This is supported only on FAT32. HP ProtectTools Embedded Security-Cannot Take Ownership With Another OS In Multi-Boot Platform If a drive is set up the This is a feature of EFS, not the Embedded Security TPM. in with FAT32 partition options for all administrators. This is as...
...the contents of EFS in are highlighted in green in green This is as designed. This is true whether or not an Embedded Security TPM is no encrypt with EFS in Windows 2000 Windows XP, but it does not highlight encrypted folders in Windows 2000, but not in ... Technical Reference Guide This is supported only on FAT32. HP ProtectTools Embedded Security-Cannot Take Ownership With Another OS In Multi-Boot Platform If a drive is set up the This is a feature of EFS, not the Embedded Security TPM. in with FAT32 partition options for all administrators. This is as...
HP ProtectTools Troubleshooting Guide
Page 7
... Security Initialization, an error message is not supported. The TPM must be through the hidden ($) share in order to save emergency recovery archive to initialization. Storage of the TPM fails. Technical Reference Guide www.hp.com 5 HP ProtectTools Embedded Security-User is not set; Users have access... rights to encrypt or delete the recovery archive XML file By design, the ACLs for TPM module after system restore. HP ProtectTools Embedded Encrypted files interfere with the scan. The W2K only. Once this folder is able to an emergency ...
... Security Initialization, an error message is not supported. The TPM must be through the hidden ($) share in order to save emergency recovery archive to initialization. Storage of the TPM fails. Technical Reference Guide www.hp.com 5 HP ProtectTools Embedded Security-User is not set; Users have access... rights to encrypt or delete the recovery archive XML file By design, the ACLs for TPM module after system restore. HP ProtectTools Embedded Encrypted files interfere with the scan. The W2K only. Once this folder is able to an emergency ...
HP ProtectTools Troubleshooting Guide
Page 8
... encrypt any data in the Windows 2000 French (France) environment. HP ProtectTools Embedded If there is a power loss while Perform the following procedure to recover from Security-Errors occur after enabling TPM Module Enabling the TPM module This is displayed: The Embedded 9. initialized since the 4. ... the Embedded ✎ Use the Arrow keys to select various menus, menu items, and to reset the TPM module and cause possible loss of data. 6 www.hp.com Technical Reference Guide If when right-clicking a file icon. Start or restart the computer. Press F10 to...
... encrypt any data in the Windows 2000 French (France) environment. HP ProtectTools Embedded If there is a power loss while Perform the following procedure to recover from Security-Errors occur after enabling TPM Module Enabling the TPM module This is displayed: The Embedded 9. initialized since the 4. ... the Embedded ✎ Use the Arrow keys to select various menus, menu items, and to reset the TPM module and cause possible loss of data. 6 www.hp.com Technical Reference Guide If when right-clicking a file icon. Start or restart the computer. Press F10 to...
HP ProtectTools Troubleshooting Guide
Page 9
... access The Data Recovery Policy is automatically encrypted information on the configured to designate an administrator as a system without TPM user initialization. HP ProtectTools Embedded Security-Microsoft EFS does not fully work in the case of the security settings used when encrypting the ... available when the user resumes. HP ProtectTools Embedded Security-No password required to change the Security Platform Policies Access to the Microsoft EFS. This is due to Security Platform Policies (both Machine and User) does not require a TPM password for the basic user password...
... access The Data Recovery Policy is automatically encrypted information on the configured to designate an administrator as a system without TPM user initialization. HP ProtectTools Embedded Security-Microsoft EFS does not fully work in the case of the security settings used when encrypting the ... available when the user resumes. HP ProtectTools Embedded Security-No password required to change the Security Platform Policies Access to the Microsoft EFS. This is due to Security Platform Policies (both Machine and User) does not require a TPM password for the basic user password...
HP ProtectTools Troubleshooting Guide
Page 10
... storage mediums The issue is not being processed by the operating system or other applications. HP ProtectTools Embedded During uninstallation, the user The Admin tool is used for disabling the TPM Security-During uninstall, has the option of uninstalling chip, but that dialog box, then... Troubleshooting Guide Software Impacted-Short description Details Solution / Workaround HP ProtectTools Embedded Security-Intermittent encrypt and decrypt error occurs: The process cannot access the file because it the Basic User Key and TPM or by first disabling the has not, then select Ok or Cancel ...
... storage mediums The issue is not being processed by the operating system or other applications. HP ProtectTools Embedded During uninstallation, the user The Admin tool is used for disabling the TPM Security-During uninstall, has the option of uninstalling chip, but that dialog box, then... Troubleshooting Guide Software Impacted-Short description Details Solution / Workaround HP ProtectTools Embedded Security-Intermittent encrypt and decrypt error occurs: The process cannot access the file because it the Basic User Key and TPM or by first disabling the has not, then select Ok or Cancel ...
HP ProtectTools Troubleshooting Guide
Page 12
...Short description Details Solution / Workaround HP ProtectTools Embedded Security-Application lock-ups occur when the connection with a TPM Module is lost When the TPM module is If system appears not to function properly or the damaged or the connection is TPM is not found, perform the... The Security Manager recovers and the user can run the self test and confirm damaged module. are useless for recovery. 10 www.hp.com Technical Reference Guide Attempting to resolve the xml-file-overwrite Security-Running Large Deployment on ProtectTools Embedded a previously initialized PC Security...
...Short description Details Solution / Workaround HP ProtectTools Embedded Security-Application lock-ups occur when the connection with a TPM Module is lost When the TPM module is If system appears not to function properly or the damaged or the connection is TPM is not found, perform the... The Security Manager recovers and the user can run the self test and confirm damaged module. are useless for recovery. 10 www.hp.com Technical Reference Guide Attempting to resolve the xml-file-overwrite Security-Running Large Deployment on ProtectTools Embedded a previously initialized PC Security...
HP ProtectTools Troubleshooting Guide
Page 13
... Microsoft .NET Framework 1.1 is a support download available at www.hp.com. Technical Reference Guide www.hp.com 11 Run the Platform and User configuration wizard. 3. HP ProtectTools Troubleshooting Guide Software Impacted-Short description Details Solution / Workaround HP ProtectTools TPM Firmware Update Utility-The tool provided through HP support Web site reports ownership required Expected Behavior of...
... Microsoft .NET Framework 1.1 is a support download available at www.hp.com. Technical Reference Guide www.hp.com 11 Run the Platform and User configuration wizard. 3. HP ProtectTools Troubleshooting Guide Software Impacted-Short description Details Solution / Workaround HP ProtectTools TPM Firmware Update Utility-The tool provided through HP support Web site reports ownership required Expected Behavior of...
HP ProtectTools Troubleshooting Guide
Page 14
...Reboots the machine. 4. Initializes owner and user and the restore process proceeds. HP ProtectTools Troubleshooting Guide Software Impacted-Short description Details Solution / Workaround HP ProtectTools Credential Using TPM authentication, the Using Credential Manager Single Sign On tools Manager-Using user is ...provided. Select the token location the Emergency Recovery Token should be retrieved from. 12 www.hp.com Technical Reference Guide When TPM authentication is used, this location is correct, the following error message is displayed: No Emergency Recovery Token...
...Reboots the machine. 4. Initializes owner and user and the restore process proceeds. HP ProtectTools Troubleshooting Guide Software Impacted-Short description Details Solution / Workaround HP ProtectTools Credential Using TPM authentication, the Using Credential Manager Single Sign On tools Manager-Using user is ...provided. Select the token location the Emergency Recovery Token should be retrieved from. 12 www.hp.com Technical Reference Guide When TPM authentication is used, this location is correct, the following error message is displayed: No Emergency Recovery Token...
HP ProtectTools Troubleshooting Guide
Page 17
.... Resolution: After the next reboot, the emulations fail to the ACPI table and Windows, and installed Broadcom TPM in BIOS makes the TPM invisible Security-Hiding the BIOS with the generated is still visible, but the error missing data. causes the ...disabling of security policies and functions HP ProtectTools Embedded Hiding the TPM chip in the Hiding the TPM in the BIOS Security software loaded software cannot recognize the device. HP ProtectTools Troubleshooting Guide Software Impacted-Short description Details Solution / Workaround HP ProtectTools Embedded The PSD is disabled...
.... Resolution: After the next reboot, the emulations fail to the ACPI table and Windows, and installed Broadcom TPM in BIOS makes the TPM invisible Security-Hiding the BIOS with the generated is still visible, but the error missing data. causes the ...disabling of security policies and functions HP ProtectTools Embedded Hiding the TPM chip in the Hiding the TPM in the BIOS Security software loaded software cannot recognize the device. HP ProtectTools Troubleshooting Guide Software Impacted-Short description Details Solution / Workaround HP ProtectTools Embedded The PSD is disabled...
HP ProtectTools Troubleshooting Guide
Page 18
...by setup.bat or through supplemental CD autorun, a general driver error is required. operate properly and makes TPM-encrypted data inaccessible. 16 www.hp.com Technical Reference Guide clicks Restore under Backup option of Embedded Security produces this in BIOS: Security-Resetting ...System default hides the TPM to Open the Computer Setup (F10) Utility, navigate ROM to default hides TPM. If a new system backup is working as designed and SPSystemBackup function properly; HP ProtectTools Embedded Security-Security System restore error with :...
...by setup.bat or through supplemental CD autorun, a general driver error is required. operate properly and makes TPM-encrypted data inaccessible. 16 www.hp.com Technical Reference Guide clicks Restore under Backup option of Embedded Security produces this in BIOS: Security-Resetting ...System default hides the TPM to Open the Computer Setup (F10) Utility, navigate ROM to default hides TPM. If a new system backup is working as designed and SPSystemBackup function properly; HP ProtectTools Embedded Security-Security System restore error with :...
HP ProtectTools Troubleshooting Guide
Page 20
... however, the backup fails without displaying notice of the failure. AUTHORITY\ SYSTEM for rights to designed for TPM 1.1 platforms. 18 www.hp.com Technical Reference Guide If the Automatic Backup is to change the NT Security-Automatic up Automatic Backup in...Security, it creates name)\(admin name). HP ProtectTools Embedded The current 4.0 software was HP will address this issue in the software interface for HP Notebook disable Embedded Security 1.1B implementations, as supporting HP Embedded Security GUI Desktop 1.2 implementations. When the administrator instead configures...
... however, the backup fails without displaying notice of the failure. AUTHORITY\ SYSTEM for rights to designed for TPM 1.1 platforms. 18 www.hp.com Technical Reference Guide If the Automatic Backup is to change the NT Security-Automatic up Automatic Backup in...Security, it creates name)\(admin name). HP ProtectTools Embedded The current 4.0 software was HP will address this issue in the software interface for HP Notebook disable Embedded Security 1.1B implementations, as supporting HP Embedded Security GUI Desktop 1.2 implementations. When the administrator instead configures...
HP ProtectTools Troubleshooting Guide
Page 21
... document so Credential Manager can click Options and select Prompt to select account for this option is researching workaround for future product enhancements. HP ProtectTools Credential Manager-Login with TPM authentication does not give the Network Accounts option Using the Network Accounts option, a user can select which password to apply. When creating...
... document so Credential Manager can click Options and select Prompt to select account for this option is researching workaround for future product enhancements. HP ProtectTools Credential Manager-Login with TPM authentication does not give the Network Accounts option Using the Network Accounts option, a user can select which password to apply. When creating...
HP ProtectTools Troubleshooting Guide
Page 23
... when smart card/token is researching a resolution for any time. Technical Reference Guide www.hp.com 21 When logging in using TPM authentication, the Back button skips the option to choose another authentication method If user using TPM login authentication for Credential Manager enters his/her password, the Back button does not work...
... when smart card/token is researching a resolution for any time. Technical Reference Guide www.hp.com 21 When logging in using TPM authentication, the Back button skips the option to choose another authentication method If user using TPM login authentication for Credential Manager enters his/her password, the Back button does not work...
HP ProtectTools Troubleshooting Guide
Page 24
...for manual or auto logon admin. authentication password and lock up the There is a BIOS limitation of the desktop alert is to further clarify this . HP ProtectTools Credential Manager-Credential Manager not being set for the name of the card owner, but Japanese name will...stays on to removing the TPM module. Fingerprint logon message appears whether or not fingerprint reader is working to add information in product help files to notify the logon, the following desktop user that fingerprint authentication is set as designed. HP ProtectTools Troubleshooting Guide Software ...
...for manual or auto logon admin. authentication password and lock up the There is a BIOS limitation of the desktop alert is to further clarify this . HP ProtectTools Credential Manager-Credential Manager not being set for the name of the card owner, but Japanese name will...stays on to removing the TPM module. Fingerprint logon message appears whether or not fingerprint reader is working to add information in product help files to notify the logon, the following desktop user that fingerprint authentication is set as designed. HP ProtectTools Troubleshooting Guide Software ...
HP ProtectTools Troubleshooting Guide
Page 25
... Credential Manager after transitioning from Microsoft. Install the Credential Manager. 5. Back up the user identity before replacing or resetting the TPM. 2. HP ProtectTools Troubleshooting Guide Software Impacted-Short description Details Solution / Workaround HP ProtectTools Credential The Windows Credential Manager-Credential Manager Welcome screen Manager logon window for more information on Windows XP SP1...
... Credential Manager after transitioning from Microsoft. Install the Credential Manager. 5. Back up the user identity before replacing or resetting the TPM. 2. HP ProtectTools Troubleshooting Guide Software Impacted-Short description Details Solution / Workaround HP ProtectTools Credential The Windows Credential Manager-Credential Manager Welcome screen Manager logon window for more information on Windows XP SP1...