Utimaco SafeGuard Easy Installation Instructions for Notre Dame installer v2.5 The information below explains how to install Utimaco SafeGuard Easy hard drive encryption on a Windows machine. IBM/Lenovo owners, please see Special Information for IBM/Lenovo Laptop owners at the end of this document before proceeding. System Requirements Hardware PC with Intel Pentium or similar Minimum 25MB free hard-disk space Operating System Microsoft Windows XP/2000 Microsoft Windows 2003 Server Standard Edition Network All Microsoft-supported networks Preparing for Installation Do the following before installation: 1. If using a local account, the windows logon password must be at least 8 characters. Having a shorter password will cause a windows blue screen of death after encryption. 2. Disconnect any external storage devices you do not wish to have encrypted. Some are detected as hard drives instead of removable devices. DO NOT REBOOT if external drives are being encrypted! You must wait for the encryption to finish before restarting and completing the installation. 3. You need to decrypt any EFS encrypted files or folders before encrypting with Safeguard Easy. 4. ND SafeGuard Easy CD. 5. Know the local windows Administrator account/password of the machine to be encrypted 6. ND Backup utility, included on cd, or other back-up option. You must back-up your pertinent files prior to beginning the encryption process. 7. Lenovo/IBM laptops -- Rescue and Recovery software must be version 3 or higher. This update must occur prior to installation of SafeGuard, otherwise, SafeGuard will not install.
Installation 1. Log in to Windows with an administrator account. 2. Insert the Utimaco installation CD. Double-click on the UtimacoND file that is included on the Utimaco installation CD. 3. Select Install NDBackup Utility v1.4, click Install. If you use another method for backing up the user data, do so and proceed to step 6. 4. Click OK, when installation completes. 5. Run the ND Backup for Windows from the shortcut on the desktop to backup the My Documents folder of the current user. Repeat as necessary for each user that logs into the computer. See the Help and Instructions in ND Backup for Windows for more information. 6. If closed relaunch UtimacoND from installation CD 7. If you are installing on a machine requiring multiple Preboot logins see Appendix A before continuing. 8. Select Standard install, then click Install 9. The disk will be checked for bad sectors before the installation begins. If bad sectors are found on the hard disk the installation will abort. Either run chkdsk to fix the errors or replace the failing drive. 10. The local password policy will be updated to require 8+ character length passwords for all future passwords and SafeGuard will be installed. 11. Once successfully completed, the workstation will reboot twice automatically. 12. Within a few minutes, a SafeGuard Easy encryption status window appears and the encryption process begins. Once the drive(s) have been encrypted, the status box appears indicating that encryption completed successfully. Depending on the speed and size of your hard drive(s), this process can take several hours. You may continue to work while the encryption process runs; however, it is advised that this process should run overnight. a. The computer may be shutdown and restarted during the encryption process and it will pick up where it left off. (If you have left external storage devices attached DO NOT shutdown or restart until encryption is complete. There is high probability that data will be lost on these drives. Wait to continue the install until the encryption is finished.) It is recommended that you do not hibernate the system while the drive is being encrypted as this could potentially cause problems when returning from hibernation. 13. Once the drive has started to be encrypted login if needed then restart the machine. 14. After rebooting, SafeGuard Easy displays a logon dialog, referred to as Pre-boot Authentication or the PBA. 15. Activate the SafeGuard Easy User account as follows a. At the PBA, type in the username user<enter> with the password of usersecure<enter>. You will then be prompted to enter a newuser ID. i. If you are using a local account, type in that login ID and password. Otherwise, if the machine is on the domain,the NetID is to be typed in. b. You will then be asked for a new password. Enter the password associated with the account name you just entered. Enter it a second time to confirm and press enter. c. Once completed, the workstation will boot to windows own authentication. 16. Login to Windows as you normally do. 17. Click Yes at the SafeGuard Easy Secure Auto Logon dialog.. This allows SafeGuard Easy to automatically log on to Windows using your credentials
18. Backup the SafeGuard Easy system kernel. You will be asked if you want to create a Backup of the kernel, click Yes. Afterwards, backup the kernel to Netfile using the NDBackup utility. a. It is very important to backup the system kernel when changes have occurred to the PBA username/password. 19. If setting up multiple PBA login accounts return to Appendix A step 5.
Special Information for IBM/Lenovo Laptop owners With SafeGuard Easy version 4.50 it is possible to authenticate at PBA level using the fingerprint reader of certain IBM/Lenovo hardware. Biometric authentication will only be supported by IBM/Lenovo notebook and desktop PC series that have been released since fall 2005. *Supported Devices:* The notebook series are: Z60/61, T60/61, X60/61 The desktop series are: ThinkCentre A51, A52, M51, M52, M52e *Not supported devices:* - Lenovo 3000 notebook series (as it uses an FP sensor from a different vendor) - R52 - X41 - T43 Additional requirements for Fingerprint reader: - Safeguard Easy v4.3 - ThinkVantage FingerPrint Software 5.5.0+ (on Utimaco CD in the Lenovo folder) - Possible BIOS upgrade required (recommended by Utimaco). IBM/Lenovo Rescue and Recovery must also be updated to one of the following versions: - Rescue and Recovery with Rapid Restore 4.0 (Build 033) - Rescue and Recovery 3.0 (Build 3.00.0029.00) (on Utimaco CD in the Lenovo folder) Prior to upgrading Rescue and Recovery, you ll also need to run a Hard Disk Defragmentation found under the System Tools folder, under the Accessories folder on the Start Menu To Install Fingerprint support for select Lenovo Systems: 1. Update the Fingerprint software to version 5.5 a. This is provided in the installation CD in the Lenovo folder 2. Register at least two fingers with the software 3. Run UtimacoND from CD 4. Select Install with Lenovo Fingerprint Reader Support', click Install 5. When finished restart the computer 6. The PBA two line login will be replaced with a prompt to Start Authentication via Fingerprint reader (press any key to continue) 7. Swipe the first finger you want to link to Safeguard Easy 8. Now enter your pre-boot authentication credentials you want linked to this fingerprint 9. You will be prompted to press F6 to link another fingerprint, press F6 and repeat from step 7 as needed. Press any other key to continue to finish and continue. Note: Should you need the normal login after activating the fingerprint login press [ESC] to use your ID and password.
Appendix A During the installation the HDOIT account password is set to a random password. This is done to prevent the possibility of lost passwords possibly compromising the security of the machine. In order to set up multiple PBA logins you need to prevent this until after the additional accounts have been created. Do this following these steps: 1. Click the Options link in the lower right of the main screen. 2. Uncheck Reset HDOIT account password automatically 3. Click the Installation link to return to the installation page 4. Return to Step 8 and continue with the installation 5. Follow the instructions in the Adding additional users to SafeGuard Easy Preboot Authentication to add the additional users a. The HDOIT password is hdoitsecure 6. When finished creating additional users relaunch UtimacoND from the installation CD 7. Click the Options link in the lower right 8. Uncheck Reset HDOIT account password automatically 9. Click Set HDOIT Password to secure the HDOIT account. 1. 10.Finished.