DriveLock and Windows 7

Size: px
Start display at page:

Download "DriveLock and Windows 7"

Transcription

1 Why alone is not enough CenterTools Software GmbH 2011

2 Copyright Information in this document, including URL and other Internet Web site references, is subject to change without notice. Unless otherwise noted, the example companies, organizations, products, domain names, addresses, logos, people, places, and events depicted herein are fictitious, and no association with any real company, organization, product, domain name, address, logo, person, place, or event is intended or should be inferred. Complying with all applicable copyright laws is the responsibility of the user CenterTools Software GmbH. All rights reserved. CenterTools and and others are either registered trademarks or trademarks of CenterTools GmbH or its subsidiaries in the United States and/or other countries. The names of actual companies and products mentioned herein may be the trademarks of their respective owners. 2

3 Introduction Microsoft Window 7 represents a big advance in the Windows family of operating systems. Many of the new features in will help organizations with the tasks of administering and securing their network environments. However, some of new security features in only provide basic protection and are difficult to administer. When evaluating, most organizations will find that alone does not provide the protection they need. For effective data encryption, device control and application control, organizations will still need to depend on third-party solutions, such as CenterTools. This whitepaper compares the limited protection that is included in with the comprehensive protection mechanisms of. This includes the following functionality: Full Disk Encryption (BitLocker) Device control Removable media encryption (BitLocker To Go) Application control (AppLocker) Antivirus / Antimalware Security Management Full Disk Encryption BitLocker is the Full Disk Encryption feature that is included with certain versions of Windows Vista and. When configured correctly, BitLocker provides strong and effective protection for confidential data on internal hard drives. However, deployment is only feasible if all computers meet certain system requirements. Windows provides no central monitoring capabilities for BitLocker, and the sharing of pre-boot credentials among all users of a protected computer can significantly lower the security of data on shared computers. The following table describes the most important differences between BitLocker and Full Disk Encryption. Hardware requirements Supported client operating systems Smart card and token support For effective use of BitLocker the computer must contain a Trusted Platform Module (TPM) chip. While BitLocker can be used without a TPM chip, such configurations are not recommended by Microsoft, are difficult to use and are less secure. Only included with certain expensive editions of Windows Vista and. Smartcard and token authentication is not available during the pre-boot phase. requires no special hardware for Full Disk Encryption. Supported on all editions of Windows XP, Windows Vista and. supports many types of smart cards and tokens for pre-boot authentication. 3

4 Hardware changes Pre-boot security Single sign-on to Windows. Emergency logon Dealing with corrupted disks With BitLocker and a TPM chip, interrupts the boot process when certain hardware changes are detected. This may even include removing a laptop computer from a docking station. An administrator must manually reconfigure TPM settings to reenable the normal boot process. The disk encryption key is stored on a TPM chip and protected using a PIN that is specific to the computer. A user must enter the PIN before the disk can be accessed. Users who use multiple BitLocker-protected computers must remember several PINs. Any person who knows the PIN, including former employees, can access the computer indefinitely. requires users to authenticate twice, first during the pre-boot phase and then again at the Windows logon prompt. When a user has lost access to the computer, temporary access can be granted using a 40-character key until an administrator changes the PIN for the TPM. Any person who knows this key will be able to access the computer indefinitely. Many types of disk corruption can result in data that is permanently inaccessible or that requires lengthy and difficult procedures to decrypt the disk and restore access. Recovery is not possible if certain elements of the disk structure can no longer be read. can alert users to certain hardware changes that may indicate compromised security. If the hardware change was legitimate, administrators can centrally disable these warnings and update the configuration to the current state of the hardware. supports up to 200 distinct users on each computer for pre-boot authentication. Users only need to remember their Windows credentials to authenticate. When employees leave the organization, pre-boot accounts can be removed to prevent further access to protected computers. enables single sign-on. Users authenticate during the preboot phase using their Windows credentials and are then automatically logged on to Windows using the same credentials. Using a challenge/response mechanism, an administrator can provide one-time logon credentials to a user who forgot a password. Once the user changes his or her password, regular logon procedures can be used again. lets administrators remove encryption even from badly damaged disks to allow access to any data that can still be read from the physical disk. Fast Recovery lets administrators save important files from a damaged disk to removable media within minutes. The data can be copied to a different computer to allow users to continue their work quickly. 4

5 Central administration Administrators can centrally configure some basic BitLocker settings using Group Policy. Configuring exceptions for some computers can be very difficult. Even if BitLocker is centrally administered, a local administrator must still manually configure the TPM for each computer and initiate the disk encryption. Central storage of recovery keys An upgrade of the Active Directory operational mode and schema extensions may be required to store recovery keys in Active Directory. Helpdesk personnel must use domain administration tools to retrieve these keys. Monitoring Windows contains no tools for efficiently monitoring the status of encrypted drives across the network. Remote Wipe Windows provides no mechanism for remotely wiping a computer. settings can be easily centrally configured using Group Policy. At the same time, it is very easy to create exceptions for some computers. Disk encryption can be initiated from a central location without requiring local access to the computer. Recovery keys can be stored in the Enterprise Service and retrieved using intuitive helpdesk tools. No changes to Active Directory are required. The Control Center provides visibility for the encryption status across the enterprise. Administrators can mark a computer to be wiped. At the next connection of this computer to the Enterprise Service, all user logon data is purged and the computer is shut down. A remote wipe prevents any use of the computer, even by individuals who know a valid user name and password, except for administrators with access to a recovery certificate can use the computer. Full Disk Encryption Scenarios Not Supported By The following list contains just a few examples of common Full Disk Encryption requirements that can easily enable, but that are impossible or impractical to configure with : Single sign-on using Windows credentials. Sharing of computers with an encrypted hard disk by multiple users, while maintaining separate credentials for each user that can be revoked when a user leaves the organization. One-time passwords for emergency logon. Remote wiping of a computer 5

6 Device Control only provides rudimentary device control, which is difficult and tedious to administer. Rather than dynamically locking and unlocking devices for users based on a set of rules, restricts the installation of device drivers. This means that all required device drivers must be installed before device control is activated. Modifying rules at a later point is difficult or impossible. Also, granular rules are not available. Most rules apply broadly to certain device classes and the whitelisting of specific devices requires tedious editing of registry and Group Policy settings. The following table compares device control to the more advanced removable capabilities of. Allow users to install only authorized devices Prevent installation of prohibited devices. Control read and write permissions for removable media Requires administrators to manually create a list of allowed devices by installing them on a computer, recording hardware settings for each device, and then copying these settings into a GPO. This is not practical in an environment where multiple computer configurations are in use. Devices can only be controlled by model, but not based on device type or a specific serial number. can accomplish this, but excluding specific devices from a network is not a common scenario and is not practical. Devices that have already been installed can t be controlled. Only allows administrators to allow or deny all access to several types of removable devices. can scan computers for installed devices and then allows administrators to use this data to create white list policies. Administrators normally don t have to track down hardware identifiers of each allowed device. More important, can allow or deny access to entire device classes or allow access to a unique device based on its serial number. As with rules that allow access, can block access by device class, device serial number and user or group. Blocking takes effect even for devices that were installed before the policy is applied. Device information about prohibited drives can be collected from the Device Scanner database, so an administrator doesn t need to install the device on a computer and manually record the device information. recognizes more types of devices and provides more granular control. Read or Write access can be controlled based on user, file type or even a specific device. 6

7 Auditing of device usage Temporary unlocking of devices to enable exceptions can t do this s Device Scanner, Control Center and file shadowing capabilities satisfy the needs of most organizations for auditing device usage and collecting forensic evidence. can t do this enables online and offline unlocking of devices for a fixed period of time. This enables help desk personnel to respond in situations where legitimate access to removable devices is needed even if the currently active policy denies this access. Device Control Scenarios Not Supported By The following list contains just a few examples of common device control requirements that can easily enable, but that are impossible or impractical to configure with : All users may use any USB-connected mouse or keyboard, but not removable storage devices. Only administrators and help desk personnel are allowed to use removable storage devices. No executable files may be copied from removable media to a corporate computer, except by administrators. All data copied to USB flash drives must be encrypted. Administrators need to be alerted when a user uses a removable device contrary to company policy. Help desk personnel must be able to let a remote user copy a file to a USB flash drive even when the current policy normally prevents this. Users should only be allowed to use company-issued USB flash drives. Users should be allowed to listen to music CDs but they may not access CDs that contain data. Removable Media Encryption BitLocker To Go provides users with an easy method for encrypting all data on certain removable devices. However, other media, such as CDs and DVDs, cannot be encrypted, and access to data on encrypted drives is read-only on computers running earlier versions of windows. Encryption can be centrally enforced using Group Policy. Administrators can configure encryption enforcement and central backup of recovery information for encrypted drives. When enforcing encryption settings, organizations have to use a one size fits all approach because BitLocker does not allow exceptions to the policy settings. The recovery process for lost passwords by a recovery agent requires physical access to an 7

8 encrypted device. For end-user recovery, the user needs a recovery key that can be used to access a device indefinitely, even after the user has left the company. Encrypted device use cannot be monitored for compliance purposes. The following table compares BitLocker To Go to the more advanced removable media encryption capabilities of. Encryption of mobile data BitLocker To Go can transparently encrypt data on USB flash drives. But there are some limitations, such as the only supported file system on the USB flash drive is FAT. Universal access Only read access of encrypted devices is possible on a Windows XP or Vista client. can transparently encrypt all data copied to and from USB flash drives and other removable devices. can also enforce that only encrypted devices can be used on a computer. lets users create and access encrypted devices on computers running Windows XP or higher. With Mobile it is possible to use an encrypted USB drive also outside of a installation e.g. at Home. Device support Only USB media can be encrypted can encrypt any type of removable media and includes a wizard to burn encrypted CDs and DVDs. Encrypted containers can also be created on internal hard drives. Password recovery When a user forgets the encryption password, a designated recovery agent can access the data. If recovery information was stored in Active Directory, a 40 character password recovery key can also be retrieved and provided to the user. Any person who knows this key will be able to access the computer indefinitely. Monitoring has no meaningful method for monitoring the use of storage devices, whether they are encrypted and what data is copied to these devices. When a user forgets an encryption password, helpdesk personnel who have been provided with a recovery certificate can access the data. Using a challenge/response mechanism, an administrator can also provide a onetime code to allow a user to reset the password. includes extensive monitoring of encryption status, device use and file operations using the Control Center. Removable Media Encryption Scenarios Not Supported By The following list contains just a few examples of common removable media encryption scenarios that makes possible, but that are impossible or impractical to configure with : 8

9 Full read/write access to encrypted drives and media on computers running older versions of Windows Encryption of writable optical media, such as CR-R and DVD-R One-time codes for data recovery Central monitoring and reporting of removable media encryption Enforced encryption for certain drives while allowing other drives to remain unencrypted Enforcing encryption for some users while allowing other users to access unencrypted media Application Control Application Control lets administrators control which applications users can start and prevents unauthorized applications from running on a computer. includes AppLocker, the much improved successor to the Software Restriction Policies that were available in earlier versions of Windows. When administrators define which applications are allowed to run on a computer, all other applications are automatically blocked. AppLocker can be effective for enforcing application use on highly standardized desktops that require only few applications to run. However, it is not practical to manage this feature in diverse computing environments that are typical of today s IT environments. The following table compares AppLocker to the more advanced removable media encryption capabilities of. System Requirements Defining which applications are allowed to run or prevented from running Works only with and requires at least one Domain Controller running Windows Server 2008 R2. An upgrade of the Active Directory operational mode and schema extensions may be required. Administrators can specify applications based on a software publisher, the hash of a specific file or a file location. Publisher rules are very flexible and can be used to allow all signed programs, all programs from the same software publisher, multiple software versions or just one specific version of one application. Application files in the same folder can be added to a rule in a single step. Works on Windows XP, windows Vista and. There is no Active Directory or domain controller version requirement. can use the same types of rules as. In addition, builtin rules for common files, such as all Windows files, can be used to quickly create whitelist rules. File owner rules make it easy to allow users to run all applications that were installed by an administrator or installation account. 9

10 Rule creation Maintaining application rules Granularity Auditing and Monitoring All applications must be added manually to whitelists or blacklists. Even in a small network this can be a lengthy and tedious task. Most new applications need to be manually added to the rules before users can run them. Software publisher rules can be configured so they don t need to be updated when a new version of the software is installed. Each set of AppLocker rules is enforced on all computers that a Group Policy Object applies to. The policy may contain separate permissions for different users and groups. Successful and denied blocked attempts to start an application are recorded in the local Windows Event Log only. can scan a reference computer for all applications that are currently installed and automatically create a whitelist template for that allows all of these applications to run. Applications can also be added from an online database containing hashes for over a million applications. rules that are based on software publisher certificates can also be configured to automatically allow updated versions of a program. In addition, file owner rules automatically allow newer application to run if they were installed by an administrator or other designated user. In addition to specifying permissions for users and groups, policies allow for much more granularity. For example, policies may apply only when a computer is connected to a certain network or during certain times of the day. The Control Center lets administrators centrally audit application use on all client computers and create detailed reports. Application Control Scenarios Not Supported By The following list contains just a few examples of common application control scenarios that makes possible, but that are impossible or impractical to configure with : Automatically whitelisting all application that are installed using designated administrators or service accounts Blacklist or whitelist rules based on a company-wide database of applications Rules based on an online database of millions of applications Rules based on whitelist templates that include all executable files that are part of complex applications Rule enforcement based on network location (office traveling, etc.) 10

11 Antivirus / Antimalware has no built-in protection against viruses and many other types of malicious software. To be protected, organizations need to purchase, install and administer a separate product. contains fully integrated protection against viruses and other malicious software. Antivirus requires minimal computer resources and has industry-leading detection rates. Administration and monitoring are tightly integrated with s other features. Security Management While each of the features described in this whitepaper can be centrally managed using Group Policy administrators will have to become familiar with the intricacies of component. Setting up the central storage of recovery keys is difficult and involves different steps for Full Disk Encryption and removable media encryption. Microsoft s tools for recovering these keys are unintuitive and limited. There is also no effective mechanism for central monitoring and reporting, uses an integrated console for configuring all settings and key recovery. This management console is intuitive and has been designed to guide administrators through most common tasks to prevent errors that could impact user productivity. The management console also contains powerful tools for troubleshooting policy enforcement. The Control Center lets administrators create comprehensive reports on user activity and contains sophisticated drill-down functionality that enables forensic analysis. Conclusion Organizations that are very small or have an extremely limited hardware base may find that is sufficient for controlling device usage. However, CenterTools believes that does not address the device control and security requirements of the vast majority of companies and organizations, Furthermore, when using the features built into, granular device control requires an inordinate amount of administrative resources. Organizations that migrate to will find that additional software is required to provide effective and meaningful control of mobile devices. provides granular and comprehensive device control. It is easy to implement, easy to administer and easy to use. 11

DriveLock and Windows 8

DriveLock and Windows 8 Why alone is not enough CenterTools Software GmbH 2013 Copyright Information in this document, including URL and other Internet Web site references, is subject to change without notice. Unless otherwise

More information

MCTS Guide to Microsoft Windows 7. Chapter 7 Windows 7 Security Features

MCTS Guide to Microsoft Windows 7. Chapter 7 Windows 7 Security Features MCTS Guide to Microsoft Windows 7 Chapter 7 Windows 7 Security Features Objectives Describe Windows 7 Security Improvements Use the local security policy to secure Windows 7 Enable auditing to record security

More information

Windows BitLocker Drive Encryption Step-by-Step Guide

Windows BitLocker Drive Encryption Step-by-Step Guide Windows BitLocker Drive Encryption Step-by-Step Guide Microsoft Corporation Published: September 2006 Abstract Microsoft Windows BitLocker Drive Encryption is a new hardware-enhanced feature in the Microsoft

More information

Do "standard tools" meet your needs when it comes to providing security for mobile PCs and data media?

Do standard tools meet your needs when it comes to providing security for mobile PCs and data media? Product Insight Do "standard tools" meet your needs when it comes to providing security for mobile PCs and data media? Author Version Document Information Utimaco Product Management Device Security 4.30.00

More information

MBAM Self-Help Portals

MBAM Self-Help Portals MBAM Self-Help Portals Authoring a self-help portal workflow for BitLocker Recovery Using Microsoft BitLocker Administration and Monitoring (MBAM) Technical White Paper Published: September 2011 Priyaa

More information

DriveLock Quick Start Guide

DriveLock Quick Start Guide Be secure in less than 4 hours CenterTools Software GmbH 2012 Copyright Information in this document, including URL and other Internet Web site references, is subject to change without notice. Unless otherwise

More information

Encrypting with BitLocker for disk volumes under Windows 7

Encrypting with BitLocker for disk volumes under Windows 7 Encrypting with BitLocker for disk volumes under Windows 7 Summary of the contents 1 Introduction 2 Hardware requirements for BitLocker Driver Encryption 3 Encrypting drive 3.1 Operating System Drive 3.1.1

More information

Disk Encryption. Aaron Howard IT Security Office

Disk Encryption. Aaron Howard IT Security Office Disk Encryption Aaron Howard IT Security Office Types of Disk Encryption? Folder Encryption Volume or Full Disk Encryption OS / Boot Volume Data Volume Managed or Unmanaged Key Backup and Data Assurance

More information

Check Point FDE integration with Digipass Key devices

Check Point FDE integration with Digipass Key devices INTEGRATION GUIDE Check Point FDE integration with Digipass Key devices 1 VASCO Data Security Disclaimer Disclaimer of Warranties and Limitation of Liabilities All information contained in this document

More information

GoldKey Software. User s Manual. Revision 7.12. WideBand Corporation www.goldkey.com. Copyright 2007-2014 WideBand Corporation. All Rights Reserved.

GoldKey Software. User s Manual. Revision 7.12. WideBand Corporation www.goldkey.com. Copyright 2007-2014 WideBand Corporation. All Rights Reserved. GoldKey Software User s Manual Revision 7.12 WideBand Corporation www.goldkey.com 1 Table of Contents GoldKey Installation and Quick Start... 5 Initial Personalization... 5 Creating a Primary Secure Drive...

More information

HP ProtectTools User Guide

HP ProtectTools User Guide HP ProtectTools User Guide Copyright 2007 Hewlett-Packard Development Company, L.P. Microsoft and Windows are U.S. registered trademarks of Microsoft Corporation. Intel is a trademark or registered trademark

More information

BitLocker/Active Directory Encryption Procedure Department: Information Security Office Version: 1.0 Last Revised: 09/26/2011

BitLocker/Active Directory Encryption Procedure Department: Information Security Office Version: 1.0 Last Revised: 09/26/2011 BitLocker/Active Directory Encryption Procedure Department: Information Security Office Version: 1.0 Last Revised: 09/26/2011 Purpose To provide a step-by-step procedure for encrypting installed laptop

More information

Oracle Enterprise Single Sign-on Technical Guide An Oracle White Paper June 2009

Oracle Enterprise Single Sign-on Technical Guide An Oracle White Paper June 2009 Oracle Enterprise Single Sign-on Technical Guide An Oracle White Paper June 2009 EXECUTIVE OVERVIEW Enterprises these days generally have Microsoft Windows desktop users accessing diverse enterprise applications

More information

Whitepaper Enhancing BitLocker Deployment and Management with SimplySecure. Addressing the Concerns of the IT Professional Rob Weber February 2015

Whitepaper Enhancing BitLocker Deployment and Management with SimplySecure. Addressing the Concerns of the IT Professional Rob Weber February 2015 Whitepaper Enhancing BitLocker Deployment and Management with SimplySecure Addressing the Concerns of the IT Professional Rob Weber February 2015 Page 2 Table of Contents What is BitLocker?... 3 What is

More information

HP ProtectTools Embedded Security Guide

HP ProtectTools Embedded Security Guide HP ProtectTools Embedded Security Guide Document Part Number: 364876-001 May 2004 This guide provides instructions for using the software that allows you to configure settings for the HP ProtectTools Embedded

More information

MICROSOFT BITLOCKER ADMINISTRATION AND MONITORING (MBAM)

MICROSOFT BITLOCKER ADMINISTRATION AND MONITORING (MBAM) MICROSOFT BITLOCKER ADMINISTRATION AND MONITORING (MBAM) MICROSOFT BITLOCKER ADMINISTRATION AND MONITORING (MBAM) Microsoft BitLocker Administration and Monitoring (MBAM) provides a simplified administrative

More information

How to Encrypt your Windows 7 SDS Machine with Bitlocker

How to Encrypt your Windows 7 SDS Machine with Bitlocker How to Encrypt your Windows 7 SDS Machine with Bitlocker ************************************ IMPORTANT ******************************************* Before encrypting your SDS Windows 7 Machine it is highly

More information

Chapter 1 Scenario 1: Acme Corporation

Chapter 1 Scenario 1: Acme Corporation Chapter 1 Scenario 1: Acme Corporation In This Chapter Description of the Customer Environment page 18 Introduction to Deploying Pointsec PC page 20 Prepare for Deployment page 21 Install Pointsec PC page

More information

Using BitLocker As Part Of A Customer Data Protection Program: Part 1

Using BitLocker As Part Of A Customer Data Protection Program: Part 1 Using BitLocker As Part Of A Customer Data Protection Program: Part 1 Tech Tip by Philip Cox Source: searchsecuritychannel.com As an information security consultant, one of my jobs is to help my clients

More information

Course 6292A: Installing and Configuring Windows 7 Client. About this Course. Audience Profile

Course 6292A: Installing and Configuring Windows 7 Client. About this Course. Audience Profile Course 6292A: Installing and Configuring Windows 7 Client Length: 3 Days Language(s): English Audience(s): IT Professionals Level: 200 Technology: Windows 7 Type: Course Delivery Method: Instructor-led

More information

Management of Hardware Passwords in Think PCs.

Management of Hardware Passwords in Think PCs. Lenovo Corporation March 2009 security white paper Management of Hardware Passwords in Think PCs. Ideas from Lenovo Notebooks and Desktops Workstations and Servers Service and Support Accessories Introduction

More information

Table Of Contents. - Microsoft Windows - WINDOWS XP - IMPLEMENTING & SUPPORTING MICROSOFT WINDOWS XP PROFESSIONAL...10

Table Of Contents. - Microsoft Windows - WINDOWS XP - IMPLEMENTING & SUPPORTING MICROSOFT WINDOWS XP PROFESSIONAL...10 Table Of Contents - - WINDOWS SERVER 2003 MAINTAINING AND MANAGING ENVIRONMENT...1 WINDOWS SERVER 2003 IMPLEMENTING, MANAGING & MAINTAINING...6 WINDOWS XP - IMPLEMENTING & SUPPORTING MICROSOFT WINDOWS

More information

Technical Note Creating a Windows PE Recovery CD

Technical Note Creating a Windows PE Recovery CD Technical Note Creating a Windows PE Recovery CD CenterTools Software GmbH 2010 Copyright Information in this document, including URL and other Internet Web site references, is subject to change without

More information

SafeGuard Enterprise Web Helpdesk. Product version: 6.1

SafeGuard Enterprise Web Helpdesk. Product version: 6.1 SafeGuard Enterprise Web Helpdesk Product version: 6.1 Document date: February 2014 Contents 1 SafeGuard web-based Challenge/Response...3 2 Scope of Web Helpdesk...4 3 Installation...5 4 Allow Web Helpdesk

More information

Managing and Maintaining a Microsoft Windows Server 2003 Environment

Managing and Maintaining a Microsoft Windows Server 2003 Environment Managing and Maintaining a Microsoft Windows Server 2003 Environment Course 2273: Five days; Blended (classroom/e-learning) Introduction Elements of this syllabus are subject to change. This course combines

More information

SafeGuard Enterprise Web Helpdesk. Product version: 6 Document date: February 2012

SafeGuard Enterprise Web Helpdesk. Product version: 6 Document date: February 2012 SafeGuard Enterprise Web Helpdesk Product version: 6 Document date: February 2012 Contents 1 SafeGuard web-based Challenge/Response...3 2 Installation...5 3 Authentication...8 4 Select the Web Helpdesk

More information

etoken Single Sign-On 3.0

etoken Single Sign-On 3.0 etoken Single Sign-On 3.0 Frequently Asked Questions Table of Contents 1. Why aren t passwords good enough?...2 2. What are the benefits of single sign-on (SSO) solutions?...2 3. Why is it important to

More information

ManageEngine Desktop Central Training

ManageEngine Desktop Central Training ManageEngine Desktop Central Training Course Objectives Who Should Attend Course Agenda Course Objectives Desktop Central training helps you IT staff learn the features offered by Desktop Central and to

More information

Table of Contents. TPM Configuration Procedure... 2. 1. Configuring the System BIOS... 2

Table of Contents. TPM Configuration Procedure... 2. 1. Configuring the System BIOS... 2 Table of Contents TPM Configuration Procedure... 2 1. Configuring the System BIOS... 2 2. Installing the Infineon TPM Driver and the GIGABYTE Ultra TPM Utility... 3 3. Initializing the TPM Chip... 4 3.1.

More information

ProtectDrive. User Manual Revision: B00

ProtectDrive. User Manual Revision: B00 ProtectDrive User Manual Revision: B00 THIS PAGE INTENTIONALLY LEFT BLANK ProtectDrive User Manual Preface Preface Copyright All intellectual property is copyright. All trademarks and product names used

More information

RSA Authentication Agent 7.2 for Microsoft Windows Installation and Administration Guide

RSA Authentication Agent 7.2 for Microsoft Windows Installation and Administration Guide RSA Authentication Agent 7.2 for Microsoft Windows Installation and Administration Guide Contact Information Go to the RSA corporate web site for regional Customer Support telephone and fax numbers: www.rsa.com

More information

ZENworks 11 Support Pack 4 Full Disk Encryption Agent Reference. May 2016

ZENworks 11 Support Pack 4 Full Disk Encryption Agent Reference. May 2016 ZENworks 11 Support Pack 4 Full Disk Encryption Agent Reference May 2016 Legal Notice For information about legal notices, trademarks, disclaimers, warranties, export and other use restrictions, U.S. Government

More information

EMBASSY Remote Administration Server (ERAS) BitLocker Deployment Guide

EMBASSY Remote Administration Server (ERAS) BitLocker Deployment Guide EMBASSY Remote Administration Server (ERAS) BitLocker Deployment Guide BitLocker Deployment Guide Document Version 0.0.0.5 http://www.wave.com ERAS v 2.8 Wave Systems Corp. 2010 Contents Contents... 2

More information

Training Guide: Configuring Windows8 8

Training Guide: Configuring Windows8 8 Training Guide: Configuring Windows8 8 Scott D. Lowe Derek Schauland Rick W. Vanover Introduction System requirements Practice setup instructions Acknowledgments Errata & book support We want to hear from

More information

Lesson Plans Microsoft s Managing and Maintaining a Microsoft Windows Server 2003 Environment

Lesson Plans Microsoft s Managing and Maintaining a Microsoft Windows Server 2003 Environment Lesson Plans Microsoft s Managing and Maintaining a Microsoft Windows Server 2003 Environment (Exam 70-290) Table of Contents Table of Contents... 1 Course Overview... 2 Section 0-1: Introduction... 4

More information

SecureDoc for Mac v6.1. User Manual

SecureDoc for Mac v6.1. User Manual SecureDoc for Mac v6.1 User Manual Copyright 1997-2012 by WinMagic Inc. All rights reserved. Printed in Canada Many products, software and technologies are subject to export control for both Canada and

More information

For Managing Central Deployment, Policy Management, Hot Revocation, Audit Facilities, and Safe Central Recovery.

For Managing Central Deployment, Policy Management, Hot Revocation, Audit Facilities, and Safe Central Recovery. Investment and Governance Division 614.995.9928 tel Ted Strickland, Governor 30 East Broad Street, 39 th Floor 614.644.9152 fax R. Steve Edmonson, Director / State Chief Information Officer Columbus, Ohio

More information

Innovative Secure Boot System (SBS) with a smartcard.

Innovative Secure Boot System (SBS) with a smartcard. Managed Security Services Desktop Security Services Secure Notebook Desktop Security Services. Secure Notebook. Today s business environment demands mobility, and the notebook computer has become an indispensable

More information

Managing BitLocker Encryption

Managing BitLocker Encryption Managing BitLocker Encryption WWW.CREDANT.COM Introduction Organizations are facing a data security crisis. Despite decades of investment in security, breaches of sensitive information continue to dominate

More information

ICT Professional Optional Programmes

ICT Professional Optional Programmes ICT Professional Optional Programmes Skills Team are a Microsoft Academy with new training rooms and IT labs in our purpose built training centre in Ealing, West London. We offer a range of year-long qualifications

More information

Sophos SafeGuard Disk Encryption, Sophos SafeGuard Easy Demo guide

Sophos SafeGuard Disk Encryption, Sophos SafeGuard Easy Demo guide Sophos SafeGuard Disk Encryption, Sophos SafeGuard Easy Demo guide Product version: 5.60 Document date: April 2011 Contents 1 Introduction...3 2 Requirements...5 3 The demo configuration package...6 4

More information

How Endpoint Encryption Works

How Endpoint Encryption Works WHITE PAPER: HOW ENDPOINT ENCRYPTION WORKS........................................ How Endpoint Encryption Works Who should read this paper Security and IT administrators Content Introduction to Endpoint

More information

SafeGuard Easy startup guide. Product version: 7

SafeGuard Easy startup guide. Product version: 7 SafeGuard Easy startup guide Product version: 7 Document date: December 2014 Contents 1 About this guide...3 2 About Sophos SafeGuard (SafeGuard Easy)...4 2.1 About Sophos SafeGuard (SafeGuard Easy) 7.0...6

More information

How to enable Disk Encryption on a laptop

How to enable Disk Encryption on a laptop How to enable Disk Encryption on a laptop Skills and pre-requisites Intermediate IT skills required. You need to: have access to, and know how to change settings in the BIOS be confident that your data

More information

Convenience and security

Convenience and security Convenience and security ControlSphere is a computer security and automation solution designed to protect user data and automate most of authentication tasks for the user at work and home environments.

More information

IronKey Enterprise Management Service Admin Guide

IronKey Enterprise Management Service Admin Guide IronKey Enterprise Management Service Admin Guide Last Updated May 2015 Thank you for choosing IronKey Enterprise Management Service by Imation. Imation s Mobile Security Group is committed to creating

More information

etoken TMS (Token Management System) Frequently Asked Questions

etoken TMS (Token Management System) Frequently Asked Questions etoken TMS (Token Management System) Frequently Asked Questions Make your strong authentication solution a reality with etoken TMS (Token Management System). etoken TMS provides you with full solution

More information

HP ProtectTools Security Manager - v2.0

HP ProtectTools Security Manager - v2.0 HP ProtectTools Security Manager - v2.0 Introduction...2 The security dilemma...2 HP ProtectTools Security Manager...3 Security Software Modules for HP ProtectTools...4 Embedded Security for HP ProtectTools...5

More information

Windows 7, Enterprise Desktop Support Technician

Windows 7, Enterprise Desktop Support Technician Course 50331D: Windows 7, Enterprise Desktop Support Technician Page 1 of 11 Windows 7, Enterprise Desktop Support Technician Course 50331D: 4 days; Instructor-Led Introduction This four-day instructor-ledcourse

More information

SafeGuard Enterprise Web Helpdesk

SafeGuard Enterprise Web Helpdesk SafeGuard Enterprise Web Helpdesk Product version: 5.60 Document date: April 2011 Contents 1 SafeGuard web-based Challenge/Response...3 2 Installation...5 3 Authentication...8 4 Select the Web Help Desk

More information

Introducing Windows 8

Introducing Windows 8 Introducing Windows 8 Introduction Very Aggressive Change Building block for the future and future of devices Biggest Obstacle: Where is!?!? The New User Experience Start Screen Full screen Start Menu

More information

GFI EndPointSecurity 4.3. Getting Started Guide

GFI EndPointSecurity 4.3. Getting Started Guide GFI EndPointSecurity 4.3 Getting Started Guide http://www.gfi.com E-mail: info@gfi.com Information in this document is subject to change without notice. Companies, names, and data used in examples herein

More information

Spector 360 Deployment Guide. Version 7.3 January 3, 2012

Spector 360 Deployment Guide. Version 7.3 January 3, 2012 Spector 360 Deployment Guide Version 7.3 January 3, 2012 Table of Contents Deploy to All Computers... 48 Step 1: Deploy the Servers... 5 Recorder Requirements... 52 Requirements... 5 Control Center Server

More information

SafeGuard Enterprise User help. Product version: 6.1

SafeGuard Enterprise User help. Product version: 6.1 SafeGuard Enterprise User help Product version: 6.1 Document date: January 2014 Contents 1 About SafeGuard Enterprise 6.1...3 2 SafeGuard Enterprise on Windows endpoints...5 3 Security best practices...7

More information

Windows 7, Enterprise Desktop Support Technician Course 50331: 5 days; Instructor-led

Windows 7, Enterprise Desktop Support Technician Course 50331: 5 days; Instructor-led Lincoln Land Community College Capital City Training Center 130 West Mason Springfield, IL 62702 217-782-7436 www.llcc.edu/cctc Windows 7, Enterprise Desktop Support Technician Course 50331: 5 days; Instructor-led

More information

ACER ProShield. Table of Contents

ACER ProShield. Table of Contents ACER ProShield Table of Contents Revision History... 3 Legal Notices... 4 Executive Summary... 5 Introduction... 5 Protection against unauthorized access... 6 Why ACER ProShield... 7 ACER ProShield...

More information

HP Commercial Notebook BIOS Password Setup

HP Commercial Notebook BIOS Password Setup HP Commercial Notebook BIOS Password Setup Table of Contents: Introduction... 1 Preboot Passwords... 2 Multiple User Architecture in BIOS... 2 Preboot Password Setup... 3 Password Change... 4 Forgotten

More information

The safer, easier way to help you pass any IT exams. Exam : 70-688. Managing and Maintaining Windows 8. Title : 1 / 19

The safer, easier way to help you pass any IT exams. Exam : 70-688. Managing and Maintaining Windows 8. Title : 1 / 19 Exam : 70-688 Title : Managing and Maintaining Windows 8 Version : Demo 1 / 19 1.DRAG DROP Your company recently purchased 25 new laptops. All 25 laptops have the same hardware configuration and do not

More information

HP ProtectTools. Getting Started

HP ProtectTools. Getting Started HP ProtectTools Getting Started Copyright 2012 Hewlett-Packard Development Company, L.P. Bluetooth is a trademark owned by its proprietor and used by Hewlett-Packard Company under license. Intel is a trademark

More information

CA DLP. Stored Data Integration Guide. Release 14.0. 3rd Edition

CA DLP. Stored Data Integration Guide. Release 14.0. 3rd Edition CA DLP Stored Data Integration Guide Release 14.0 3rd Edition This Documentation, which includes embedded help systems and electronically distributed materials, (hereinafter referred to as the Documentation

More information

How Drive Encryption Works

How Drive Encryption Works WHITE PAPER: HOW DRIVE ENCRYPTION WORKS........................................ How Drive Encryption Works Who should read this paper Security and IT administrators Content Introduction to Drive Encryption.........................................................................................

More information

Course Description. Course Audience. Course Page - Page 1 of 7

Course Description. Course Audience. Course Page - Page 1 of 7 Course Page - Page 1 of 7 Troubleshooting and Supporting Windows 7 in the Enterprise M-6293 Length: 3 days Price: $1,695.00 Course Description This three-day instructor-led course will teach IT Professionals,

More information

IBM Security Access Manager for Enterprise Single Sign-On Version 8.2.1. User Guide IBM SC23-9950-05

IBM Security Access Manager for Enterprise Single Sign-On Version 8.2.1. User Guide IBM SC23-9950-05 IBM Security Access Manager for Enterprise Single Sign-On Version 8.2.1 User Guide IBM SC23-9950-05 IBM Security Access Manager for Enterprise Single Sign-On Version 8.2.1 User Guide IBM SC23-9950-05

More information

Course 20688A: Managing and Maintaining Windows 8

Course 20688A: Managing and Maintaining Windows 8 Course 20688A: Managing and Maintaining Windows 8 Length: 5 Days Audience(s): IT Professionals Level: 200 Delivery Method: Instructor-led (classroom) About this Course In this course, students learn how

More information

Troubleshooting and Supporting Windows 7 in the Enterprise

Troubleshooting and Supporting Windows 7 in the Enterprise Course 6292A: Troubleshooting and Supporting Windows 7 in the Enterprise Length: 3 Days Language(s): English Audience(s): IT Professionals Level: 300 Technology: Windows 7 Type: Course Delivery Method:

More information

"Charting the Course... ... to Your Success!" MOC 50331 D Windows 7 Enterprise Desktop Support Technician Course Summary

Charting the Course... ... to Your Success! MOC 50331 D Windows 7 Enterprise Desktop Support Technician Course Summary Description Course Summary This course provides students with the knowledge and skills needed to isolate, document and resolve problems on a Windows 7 desktop or laptop computer. It will also help test

More information

Sophos Disk Encryption License migration guide. Product version: 5.61 Document date: June 2012

Sophos Disk Encryption License migration guide. Product version: 5.61 Document date: June 2012 Sophos Disk Encryption License migration guide Product version: 5.61 Document date: June 2012 Contents 1 About this guide...3 2 Add encryption to an existing Sophos security solution...5 3 SDE/SGE 4.x

More information

PGP Desktop Version 10.2 for Windows Maintenance Pack Release Notes

PGP Desktop Version 10.2 for Windows Maintenance Pack Release Notes PGP Desktop Version 10.2 for Windows Maintenance Pack Release Notes Thank you for using this Symantec Corporation product. These Release Notes contain important information regarding this release of PGP

More information

www.rohos.com Two-factor authentication Free portable encryption for USB drive Hardware disk encryption Face recognition logon

www.rohos.com Two-factor authentication Free portable encryption for USB drive Hardware disk encryption Face recognition logon Two-factor authentication Free portable encryption for USB drive Hardware disk encryption Face recognition logon Secure Windows and Mac login by USB key www.rohos.com Rohos Logon Key Secure two-factor

More information

PGP Whole Disk Encryption Training

PGP Whole Disk Encryption Training PGP Whole Disk Encryption Training Agenda WDE Overview Licensing Universal Server & Client Basics Installation Password Recovery OS Maintenance Support Questions 2 Whole Disk Encryption Protects against:

More information

Mobile Device Security and Encryption Standard and Guidelines

Mobile Device Security and Encryption Standard and Guidelines Mobile Device Security and Encryption Standard and Guidelines University Mobile Computing and Device best practices are currently defined as follows: 1) The use of any sensitive or private data on mobile

More information

Symantec Enterprise Security Manager Baseline Policy Manual for CIS Benchmark. For Windows Server 2008 (Domain Member Servers and Domain Controllers)

Symantec Enterprise Security Manager Baseline Policy Manual for CIS Benchmark. For Windows Server 2008 (Domain Member Servers and Domain Controllers) Symantec Enterprise Security Manager Baseline Policy Manual for CIS Benchmark For Windows Server 2008 (Domain Member Servers and Domain Controllers) Symantec Enterprise Security Manager Baseline Policy

More information

BitLocker Encryption for non-tpm laptops

BitLocker Encryption for non-tpm laptops BitLocker Encryption for non-tpm laptops Contents 1.0 Introduction... 2 2.0 What is a TPM?... 2 3.0 Users of non-tpm University laptops... 2 3.1 Existing Windows 7 laptop users... 2 3.2 Existing Windows

More information

Firmware security features in HP Compaq business notebooks

Firmware security features in HP Compaq business notebooks HP ProtectTools Firmware security features in HP Compaq business notebooks Embedded security overview... 2 Basics of protection... 2 Protecting against unauthorized access user authentication... 3 Pre-boot

More information

When enterprise mobility strategies are discussed, security is usually one of the first topics

When enterprise mobility strategies are discussed, security is usually one of the first topics Acronis 2002-2014 Introduction When enterprise mobility strategies are discussed, security is usually one of the first topics on the table. So it should come as no surprise that Acronis Access Advanced

More information

Course Description. Course Audience. Course Outline. Course Page - Page 1 of 12

Course Description. Course Audience. Course Outline. Course Page - Page 1 of 12 Course Page - Page 1 of 12 Windows 7 Enterprise Desktop Support Technician M-50331 Length: 5 days Price: $2,795.00 Course Description This five-day instructor-led course provides students with the knowledge

More information

McAfee Endpoint Encryption (SafeBoot) User Documentation

McAfee Endpoint Encryption (SafeBoot) User Documentation TABLE OF CONTENTS Press the CTRL key while clicking on topic to go straight to the topic in this document. I. Introduction... 1 II. Installation Process Overview... 1 III. Checking for a Valid Current

More information

NE-2273B Managing and Maintaining a Microsoft Windows Server 2003 Environment

NE-2273B Managing and Maintaining a Microsoft Windows Server 2003 Environment NE-2273B Managing and Maintaining a Microsoft Windows Server 2003 Environment Summary Duration Vendor Audience 5 Days Microsoft IT Professionals Published Level Technology 05 October 2005 200 Microsoft

More information

Symantec Enterprise Security Manager Baseline Policy Manual for CIS Benchmark

Symantec Enterprise Security Manager Baseline Policy Manual for CIS Benchmark Symantec Enterprise Security Manager Baseline Policy Manual for CIS Benchmark For Windows Server 2008 Domain Controllers Version: 3.0.0 Symantec Enterprise Security Manager Baseline Policy Manual for

More information

SafeGuard Easy upgrade guide. Product version: 7

SafeGuard Easy upgrade guide. Product version: 7 SafeGuard Easy upgrade guide Product version: 7 Document date: December 2014 Contents 1 About this guide...3 2 Check the system requirements...4 3 Download installers...5 4 About upgrading...6 4.1 Upgrade

More information

Smart TPM. User's Manual. Rev. 1001 12MD-STPM-1001R

Smart TPM. User's Manual. Rev. 1001 12MD-STPM-1001R Smart TPM User's Manual Rev. 1001 12MD-STPM-1001R We recommend that you download the latest version of the Smart TPM utility from GIGABYTE's website. If you have installed Ultra TPM earlier, you can install

More information

RSA Authentication Agent 7.1 for Microsoft Windows Installation and Administration Guide

RSA Authentication Agent 7.1 for Microsoft Windows Installation and Administration Guide RSA Authentication Agent 7.1 for Microsoft Windows Installation and Administration Guide Contact Information Go to the RSA corporate web site for regional Customer Support telephone and fax numbers: www.rsa.com

More information

RSA Authentication Manager 8.1 Help Desk Administrator s Guide

RSA Authentication Manager 8.1 Help Desk Administrator s Guide RSA Authentication Manager 8.1 Help Desk Administrator s Guide Contact Information Go to the RSA corporate website for regional Customer Support telephone and fax numbers: www.emc.com/domains/rsa/index.htm

More information

The Benefits of an Industry Standard Platform for Enterprise Sign-On

The Benefits of an Industry Standard Platform for Enterprise Sign-On white paper The Benefits of an Industry Standard Platform for Enterprise Sign-On The need for scalable solutions to the growing concerns about enterprise security and regulatory compliance can be addressed

More information

Configuring and Administering Windows 7

Configuring and Administering Windows 7 Configuring and Administering Windows 7 Length: 5 days Overview This five-day instructor-led course provides students with the knowledge and skills to configure and administer Microsoft Windows 7 as a

More information

MS 50292: Administering and Maintaining Windows 7

MS 50292: Administering and Maintaining Windows 7 MS 50292: Administering and Maintaining Windows 7 Description: This five-day instructor-led course provides students with the knowledge and skills to successfully administer, maintain, and troubleshoot

More information

MS-50292: Administering and Maintaining Windows 7. Course Objectives. Required Exam(s) Price. Duration. Methods of Delivery.

MS-50292: Administering and Maintaining Windows 7. Course Objectives. Required Exam(s) Price. Duration. Methods of Delivery. MS-50292: Administering and Maintaining Windows 7 This five-day instructor-led course provides students with the knowledge and skills to successfully install, maintain, and troubleshoot Windows 7 computers.

More information

Navigating Endpoint Encryption Technologies

Navigating Endpoint Encryption Technologies Navigating Endpoint Encryption Technologies Whitepaper November 2010 THIS WHITE PAPER IS FOR INFORMATIONAL PURPOSES ONLY, AND MAY CONTAIN TYPOGRAPHICAL ERRORS AND TECHNICAL INACCURACIES. THE CONTENT IS

More information

Managing Applications, Services, Folders, and Libraries

Managing Applications, Services, Folders, and Libraries Lesson 4 Managing Applications, Services, Folders, and Libraries Learning Objectives Students will learn to: Understand Local versus Network Applications Remove or Uninstall an Application Understand Group

More information

RSA Authentication Manager 7.1 Security Best Practices Guide. Version 2

RSA Authentication Manager 7.1 Security Best Practices Guide. Version 2 RSA Authentication Manager 7.1 Security Best Practices Guide Version 2 Contact Information Go to the RSA corporate web site for regional Customer Support telephone and fax numbers: www.rsa.com. Trademarks

More information

NetWrix Password Manager. Quick Start Guide

NetWrix Password Manager. Quick Start Guide NetWrix Password Manager Quick Start Guide Contents Overview... 3 Setup... 3 Deploying the Core Components... 3 System Requirements... 3 Installation... 4 Windows Server 2008 Notes... 4 Upgrade Path...

More information

Designing and Deploying Connected Device Solutions for Small and Medium Business

Designing and Deploying Connected Device Solutions for Small and Medium Business Designing and Deploying Connected Device Solutions for Small and Medium Business HPATA Connected Devices Study Guide Rev 1.1 Table of Contents 1.1 Describe and recognize common desktop virtualization technologies

More information

AD Self-Service Suite for Active Directory

AD Self-Service Suite for Active Directory The Dot Net Factory AD Self-Service Suite for Active Directory Version 3.6 The Dot Net Factory, LLC. 2005-2011. All rights reserved. This guide contains proprietary information, which is protected by copyright.

More information

Active Directory Benefits for Smaller Enterprises

Active Directory Benefits for Smaller Enterprises Active Directory Benefits for Smaller Enterprises Microsoft Corporation Published: September 2004 Abstract Microsoft Active Directory (AD) has been available since early 2000, and while most organizations

More information

Course 50322B: Configuring and Administering Windows 7

Course 50322B: Configuring and Administering Windows 7 Course 50322B: Configuring and Administering Windows 7 Length: Delivery Method: 5 Days Instructor-led (classroom) About this Course This five-day instructor-led course provides students with the knowledge

More information

Maintaining a Microsoft Windows Server 2003 Environment

Maintaining a Microsoft Windows Server 2003 Environment Maintaining a Microsoft Windows Server 2003 Environment Course number: 2275C Course lenght: 3 days Course Outline Module 1: Preparing to Administer a Server This module explains how to administer a server.

More information

Windows Small Business Server 2003 Upgrade Best Practices

Windows Small Business Server 2003 Upgrade Best Practices Windows Small Business Server 2003 Upgrade Best Practices Microsoft Corporation Published: May 2005 Version: 1 Abstract To ensure a successful upgrade from the Microsoft Windows Small Business Server 2003

More information

DigitalPersona Pro Enterprise

DigitalPersona Pro Enterprise DigitalPersona Pro Enterprise Version 5.3 Frequently Asked Questions 2012 DigitalPersona, Inc. All Rights Reserved. All intellectual property rights in the DigitalPersona software, firmware, hardware and

More information

Password Manager Windows Desktop Client

Password Manager Windows Desktop Client Password Manager Windows Desktop Client EmpowerID provides an extension that allows organizations to plug into Password Manager to customize the Windows logon experience beyond that supplied by the standard

More information

Implementing and Supporting Microsoft Windows XP Professional

Implementing and Supporting Microsoft Windows XP Professional Implementing and Supporting Microsoft Windows XP Professional Key Data Course #: 2272C Number of Days: 5 Format: Instructor-led The purpose of this course is to address the implementation and desktop support

More information