Short description Details Solution
Errors occur after
experiencing a power loss
while taking ownership
during the Embedded
Security Initialization.
If there is a power loss while initializing
the Embedded Security chip, the
following issues will occur:
●
When attempting to launch the
Embedded Security Initialization
Wizard, the following error is
displayed: The Embedded
security cannot be initialized
since the Embedded Security
chip has already an Embedded
Security owner.
●
When attempting to launch the User
Initialization Wizard, the following
error is displayed: The Embedded
security is not initialized. To use
the wizard, the Embedded
Security must be initialized first.
Perform the following procedure to recover from the
power loss:
NOTE: Use the Arrow keys to select various menus,
menu items, and to change values (unless otherwise
specified).
1. Start or restart the computer.
2. Press F10 when the F10=Setup message
appears on screen (or as soon as the monitor LED
turns green).
3. Select the appropriate language option.
4. Press Enter.
5. Select Security > Embedded Security.
6. Set the Embedded Security Device option to
Enable.
7. Press F10 to accept the change.
8. Select File > Save Changes and Exit.
9. Press ENTER.
10. Press F10 to save the changes and exit the F10
Setup utility.
Computer Setup (F10)
Utility password can be
removed after enabling
TPM Module.
Enabling the TPM module requires a
Computer Setup (F10) Utility password.
Once the module has been enabled, the
user can remove the password. This
allows anyone with direct access to the
system to reset the TPM module and
cause possible loss of data.
This is as designed.
The Computer Setup (F10) Utility password can only be
removed by a user who knows the password. However,
HP strongly recommends having the Computer Setup
(F10) Utility password protected at all times.
The PSD password box is
no longer displayed when
the system becomes
active after Standby status
When a user logs on the system after
creating a PSD, the TPM asks for the
Basic User password. If the user does
not enter the password and the system
goes into Standby, the password dialog
box is no longer available when the user
resumes.
This is by design.
The user has to log off and back on to view the PSD
password box again.
No password required to
change the Security
Platform Policies.
Access to Security Platform Policies
(both Machine and User) does not
require a TPM password for users who
have administrative rights on the system.
This is by design.
Any administrator can modify the Security Platform
Policies with or without TPM user initialization.
Microsoft EFS does not
fully work in Windows
2000.
An administrator can access encrypted
information on the system without
knowing the correct password. If the
administrator enters an incorrect
password or cancels the password
dialog, the encrypted file will open as if
the administrator had entered the correct
password. This happens regardless of
the security settings used when
encrypting the data. This occurs only in
the first administrator account on
Windows 2000.
The Data Recovery Policy is automatically configured
to designate an administrator as a recovery agent.
When a user key cannot be retrieved (as in the case of
entering the wrong password or canceling the Enter
Password dialog), the file is automatically decrypted
with a recovery key.
This is due to the Microsoft EFS. Please refer to
Microsoft Knowledge Base Technical Article Q257705
at
http://www.microsoft.com for more information.
The documents cannot be opened by a non-
administrator user
When viewing a
certificate, it shows as
non-trusted.
After setting up HP ProtectTools and
running the User Initialization Wizard, the
user has the ability to view the certificate
issued; however, when viewing the
Self-signed certificates are not trusted. In a properly
configured enterprise environment, EFS certificates are
issued by online Certification Authorities and are
trusted.
Embedded Security for HP ProtectTools 55
To Next Page
Loading...
Need help?
General
