Additional security elements
Assigning security roles
In managing computer security, one important practice is to divide responsibilities and rights among
various types of administrators and users.
NOTE: In a small organization or for individual use, these roles may all be held by the same person.
For HP ProtectTools, the security duties and privileges can be divided into the following roles:
●
Security officer—Defines the security level for the company or network and determines the
security features to deploy, such as Drive Encryption or Embedded Security.
● IT administrator—Applies and manages the security features defined by the security officer. Can
also enable and disable some features. For example, if the security officer has decided to deploy
Smart Cards, the IT administrator can enable both password and Smart Card mode.
●
User—Uses the security features. For example, if the security officer and IT administrator have
enabled Smart Cards for the system, the user can use the card for authentication.
Managing HP ProtectTools passwords
Most of the HP ProtectTools Security Manager features are secured by passwords. The following
table lists the commonly used passwords, the software module where the password is set, and the
password function.
The passwords that are set and used by IT administrators only are indicated in this table as well. All
other passwords may be set by regular users or administrators.
HP ProtectTools password Set in this
HP ProtectTools module
Function
Password Manager logon
password
Password Manager This password offers 2 options:
●
It can be used in a separate logon to
access Password Manager after
logging on to Windows.
● It can be used in place of the
Windows logon process, allowing
access to Windows and Password
Manager simultaneously.
Basic User Key password
NOTE: Also known as:
Embedded Security password
Embedded Security Used to access Embedded Security
features, such as secure e-mail, file, and
folder encryption. When used for power-on
authentication, also protects access to the
computer contents when the computer is
turned on, restarted, or restored from
hibernation.
Emergency Recovery Token
password
NOTE: Also known as:
Emergency Recovery Token Key
password
Embedded Security, by IT
administrator
Protects access to the Emergency
Recovery Token, which is a backup file for
the embedded security chip.
Owner password Embedded Security, by IT
administrator
Protects the system and the TPM chip from
unauthorized access to all owner functions
of Embedded Security.
ENWW Additional security elements 9