My Document
Contents
1. 2 Click the Removable Media Encryption Settings tab 3 Choose how you want users to be able to handle encrypted removable media created on this machine e To have encrypted removable media available only to those who are logged in to a device with SecureDoc installed on it and who have access to the key used to encrypt the removable media clear the Encrypted media can be accessed with a password option e To have encrypted removable media available to anyone who is logged in to a device with SecureDoc or SecureDoc MediaViewer installed on it and who knows the password check the Encrypted media can be accessed with a password option you are prompted for the password when encrypting media You will need to share this password with other users but those users do not need the encryption key itself 4 Choose the key and mode to be used to encrypt removable media it is advisable not to use the key that is used to encrypt your bootable disk for these purposes 5 Click Apply CD DVD Encryption Settings Use this function to define the key to be used to encrypt CDs DVDs Encryption occurs automatically whenever CDs DVDs are burned This option is available only if CD DVD encryption is enabled see Setting Removable Media Options on page 42 1 Inthe Control Center click Drive Encryption then Media Encryption Settings 2 Click the CD DVD Settings tab WinMagic Inc SecureDoc Enterprise User Manual rn Working with2. Chapter 6 Using File and Folder Encryption About SecureDoc File and Folder Encryption Note Enterprise users may not have access to this feature or may have a local or networked folder encrypted automatically Consult your administrator to find out what File and Folder Encryption features have been configured for you Overview SecureDoc File and Folder Encryption is installed along with SecureDoc and can be used whether or not your computer has its hard disk encrypted and whether or not Boot Logon has been installed You will need a key file however This feature can be used to protect folders on the local disk using any encryption key on the computer Once a folder is protected all users who could normally see the folder can see what files it contains but to do anything with the folder or its contents users need both e access rights in Windows to the folder e tobe logged in to a key file containing the key used to encrypt the folder File and Folder Encryption Rules The following general rules apply to SecureDoc File and Folder Encryption e Encrypting a folder encrypts everything currently in that folder e Anything moved copied to or created in an encrypted folder is encrypted automatically e Ifa child folder of an encrypted parent is copied or moved to a parent folder encrypted with another key the child folder becomes encrypted by that parent s key e An encrypted folder or file copied or moved to an unencr
3. decrypting removable media 45 decryption 9 disk access conditions for locking or monitoring 26 drives viewing encryption status of 39 DriveTrust passwords backing up 36 DriveTrust passwords protecting 36 WinMagic Inc SecureDoc Enterprise User Manual Index AN encrypting removable media 45 encryption initial 9 viewing status of 39 encryption keys export and view privileges 15 privileges 15 export and view key privilege 15 Export HWE File 36 file and folder encryption about automatic 50 automatic 50 rules 50 folders decrypting 51 encrypting 50 initial encryption 9 key file backup 10 changing password 34 36 key files about 8 keys about 8 locked computer 12 locking conditions for 26 logo Boot Logon customizing 30 modify key privilege 15 modify password privilege 15 modify profile privilege 15 monitoring disk access 26 WinMagic Inc SecureDoc Enterprise User Manual Index KN password changing 34 36 privilege 15 password recovery expiry of password 60 password rules 59 about 9 password security policy 59 password synchronization 12 passwords protecting 36 PBA 11 privilege convert 15 export and view key 15 modify key 15 modify password 15 modify profile 15 select profile 15 protection methods 61 protection TPM 31 recovery media about 10 using 36 removable media about 42 enabling 42 encrypting 45 settings 43 removable media container accessing 48 remova
4. 8 Ji Maintenance Troubleshooting SA Removing SecureDoc From Your System N a To view online help in the Control Center click General then Help Removing SecureDoc From Your System Note User created files including key files and the SecureDoc folder will not be deleted automatically by these processes To completely remove SecureDoc from your computer 1 Decrypt all encrypted drives 2 Uninstall Boot Logon in the Control Center click Boot Control then Install Uninstall Boot Logon then the Uninstall tab or from Boot logon press F3 click Configuration then click Uninstall 3 Uninstall SecureDoc using the Windows Control Panel 4 Delete the default folder for SecureDoc Disk Encryption e g C Program Files WinMagic SecureDoc NT WinMagic Inc SecureDoc Enterprise User Manual Chapter5 Working with Removable Media About Encrypting Decrypting Removable Media You can choose to encrypt removable media either using full disk encryption all contents of the media will be encrypted or container encryption only the files and folders you place in a container on the removable media will be encrypted Your system may have been configured to automatically encrypt all USB devices and or removable media either with or without waiting for a response from you Consult your administrator for guidance You can protect removable media either with a password or a key If you use a key the key used to encrypt remova
5. Creating Key Files Creating Key Files with Control Center 1 In Control Center click Key Management then Create key file 2 Choose whether to create a password based or token based key file Create Key File Select Type of key file you want to create Password based SecureDoc key file Info SecureDoc supports many forms and methods of authentication The common element is the key file which can be protected by any of e A User ID and strong password A Token and Pin Certificate e Biometrics oF combination of the above Each key file contains one or more encryption keys and each key cryptographically protects endpoint data such as Disk drives removable media USB memory sticks DVD CD media etc Password Rules Next gt gt 3 Toset the password rules for this key file click Password Rules For more about password rules see See Appendix A Password Rules on page 59 Token Based Key Files 1 Ifyou choose Token based you are prompted for token information Choose the token type slot and slot Choose from the available methods for protection see See Appendix B Protection Methods on page 61 Note Password fields and options appear once a token is selected 2 Enter the token password and choose whether or not you want a user password used in addition to the token password to gain access to the encrypted computer 3 Click Login Token then click Next The Object Label field appears W
6. or In the Control Center click Boot Control then User Management select a user and click Change Password The Change Key file Password screen appears or From Boot Logon check Change Password Maintenance Troubleshooting Changing Your Self Help Answers Enter your Old Password to the current key file then enter and confirm the New Password If the key file was created using password rules that allow a password hint enter or change a Password Hint that can help you recall a password To view the password rules in effect for your key file click Password Rules Click OK Changing Your Self Help Answers This function is available only to key files set up for self help answers and to which you are logged on 1 In Control Center click General then Start Page or In the Control Center click Boot Control then User Management select a user with a key file that has self help answers in it and click Change Self Help Answers Click N The Self Help screen appears showing only the questions to which an answer was originally given Click in any row to enter a new answer Note that whether or not those answers appear in plain text depends on the option setting see Masking Key Input on page 30 T Self Help Dialog Lo ea smj In case of a forgotten password you can regain access to the system by answering self help recovery questions aE Please provide answers to the questions below making sure that only
7. In the navigation pane click Drive Encryption then Encryption Management You see a new screen with a box for each drive fixed or removable media on your computer Name Drive Letter C Pa Encrypted Encrypted No O Bootlogon F Removable Operation Encrypt Conversion Mode Thorough v Encryption Key AES key 3 L No Recovery The list of drives available for you to encrypt or decrypt uses the following conventions e encrypted disks have an e and the name of the key used to encrypt them following their name WinMagic Inc SecureDoc Enterprise User Manual Maintenance Troubleshooting ll Decrypting Encrypting ALL Disks L e hard disks are named HD1 HD2 and so on e partitions are identified by their drive letter C D and so on Note If you do not see a piece of removable media after you have inserted it click the refresh button S If you check No Recovery then no recovery data is created during the encryption process This speeds up the encryption process This option is useful if you need to quickly encrypt a new disk Do not select this option if the disk contains critical data The default setting for this option is set in the installation package This option is applied for the initial encryption of the disk Decrypting Encrypting ALL Disks This feature allows the users with Administrator rights to decrypt encrypt all the device s disks in a single process To decrypt encrypt AL
8. Select the key s to be imported and click Import Keys The selected key s are added to the key file s list Creating Backup Key File A backup key file can be used if you forget your password or make an error when changing your password The backup contains your encryption keys and requires no password or token to gain access so it must be kept safe and secure at all times 1 In Control Center click Key Management then Key file Management 2 Locate and log on to the key file you want to manage and click Login 3 Click Create Backup key file A new screen appears WinMagic Inc SecureDoc Enterprise User Manual ih I Using SecureDoc NA Managing Users Backup key file This will create a backup key file for which NO p PASSWORD and NO TOKEN INSERTED is required This key file can be used in the event that you forgot your teo password This file must be stored in VERY secure place as access to this file poses a security risk Backup Key file Information Your Password Backup file path C SecurDoc dbk L 4 Enter the password for the key file again 5 Choose a location and file name by default the file is called Securdoc dkb 6 Click OK Note that a backup key file is not the same thing as a copy a copy requires the key file password to access Managing Users Use this function to add users accounts and key files to your computer and to the Control Center features change t
9. key file you want to export then click Export key file 2 You are prompted to choose the destination for the exported file Sharing Encrypted Files with Other Users Enterprise users can depending on configuration share files and folders from a fully encrypted disk with other users 1 Right click on selected files or folders and choose SecureDoc SFX 2 When prompted enter a password 3 Give the resulting zip file to another user along with the password That user can extract decrypted versions of the files in the compressed file Using Specialized Devices Specialized Keyboards Use this function if you have an atypical keyboard layout In the Control Center click Boot Control then Advanced Settings Click the Keyboard Layout tab If appropriate check Non standard keyboard and choose what layout to map it to AU Ne To automatically retrieve the Windows keyboard layout while installing Boot Logon check Automatically get 5 To use a foreign keyboard check Foreign keyboard support Note You can also choose a different keyboard at preboot see Using Boot Logon on page 11 Tablet PC Use this function if your computer is a Tablet computer and you want to use the Tablet s on screen keyboard for SecureDoc functions You must also use the V4 bootloader see Choosing V5 or V4 Loader on page 29 1 Inthe Control Center click Boot Control then Advanced Settings 2 Click the Tablet PC tab 3 From the Tablet P
10. token based keyfiles WinMagic Inc SecureDoc Enterprise User Manual Chapter4 Maintenance Troubleshooting Windows 8 Refresh Reset Behavior Windows 8 Refresh Reset will have different behaviors with SecureDoc e Refresh in Windows Encrypted refresh machine is still encrypted e Reset in Windows Encrypted Reset Machine is still encrypted after reset e Reset to Plain Text This can be done by pressing F11 at PBU and clicking yes on the fol lowing page At this point the machine will remove PBU e It will load Windows Recovery gt WinRE gt User can reset to plain text Recovering from a Lost Password If your administrator has set up your key file for password recovery when you click Forgot Password you may see one or two new buttons offering ways to recover the password Self Help Password Recovery 1 Click Self Help Answer 2 Answer the correct answers to the questions that appear using the answers you used when you created the key file Note The text you type may be visible or may appear as asterisks depending on the option setting see Masking Key Input on page 30 3 Click Login The answers are compared to those you gave at installation or changed since then see Changing Your Self Help Answers on page 35 If you answered any of the questions incorrectly you are returned to the screen to try again If you successfully answered all of the questions Windows starts up as normal You a
11. 2200 100 0000 00 LL meme 47 Accessing Encrypted Removable Media 47 Working with Removable Media Container Encryption 2 47 If Automatic Encryption is Enabled _ 2 222 222 2220 220 22 cee ceec cece ceecceeceeeceeeceeeees 47 Creating the Container _ 2 2 2 2 220220 22cccccc cece cece ccc cc ccc cee cece ceeeseeeeeesseeseeeseeees 47 Mounting and Unmounting Container __ 20 22 20 2000 cece cececccececceececceececseeecceetcesees 48 Decrypting Contents of Container _ 2 20 22 200 20 cece cceecccecccecccecccecececceeseeeeeeseeeee 48 Accessing Container Contents a 48 Removing a Container 0000000000 000000000000000 A0000 aAA AALALA AA AALALA DAAL Laana annan nanna 49 Viewing the Removable Media Log 20 naoa 2cccceccecccecccceeccceeeccceeecesettcseeteeeeess 49 Using File and Folder Encryption _ 2 2 0 0 2 00 0 0 2 c cc ccecececececcccccecececececcetecececeeees 50 About SecureDoc File and Folder Encryption 50 OVERVIEW AA nee debe see ade ye AA neon segus 50 File and Folder Encryption Rules 50 Encrypting Folders 2 2 50 Decrypting Folders 2 200 200 cc cccc cece cccccccecccceeeeeceeeeceetecceeereceetecceetccsttteeseteeees 51 Advanced Functions o occ nen eee cece cnc cnet eeeeeeees 52 Options
12. Control Center click Tools then Disk Access Control 2 On the Profile Options tab click Edit 3 Follow the instructions as for a new profile To create a profile 1 From the Control Center click Tools then Disk Access Control WinMagic Inc SecureDoc Enterprise User Manual PN Using SecureDoc YA Controlling Use of USB Devices on Computer 322 2 Onthe Profile Options tab click Create New Profile Create New Profile Enter New Profile Name Drive Lock Monitor Log write access Restrictions Removable media U CD DVD O C system drive 3 Enter a name for the profile 4 Onthe appropriate row click one or more control option s to be applied For example click in the Monitor column of the removable media row to monitor access to removable media Note For users of BlackArmor devices do not lock those devices If you chose Lock choose a restriction from the Restrictions drop down list in the appropriate row The effect of a condition is shown in the following table Access to Encrypted Restricti A Non E Disk estriction ccess to Non Encrypted Disks Disks Read Only unless Encrypted read only full Note Locking write access to an NTFS file system drive will lock both reading and writing since even opening a document on an NTFS drive will write information to the drive 5 Click Create 6 To activate the profile on the Current Profile tab click Select a Different Profile then c
13. From This Computer L A 23 Preventing Users from Accessing This Computer 02222222 e cece eee ee eee eee eeeee 23 Exporting A User s Key File _ 2 2 2 2 2 0 2202 2c cece ccc ccec cece cence cecececceeceeeseetseeeseeeeees 24 Sharing Encrypted Files with Other Users _ 2 00 220 ccccececccccecccececceecceceeteceettseeeteees 24 Using Specialized Devices 2 2 22 200 200 20cccecceecccec cee ccce cece cececeeeceeeceeseeeeseeseeeseeess 24 Specialized Keyboards 2 2 2 2 2002 20c20cccec cece ccecccec cece cece ceeeceeeseeeseesseesseeseeees 24 Tablet PC oc pace ite et ee ete eae ae MGa aan an Sa ua aka aa 24 PCMCIA Reader 2 20 2 00 aoaaa cece cccccccececcceeecceereceeetceceeteceeerecettcceetteseetteseeees 25 Controlling Access to Computer Disks a 25 About Disk Access Control 2 2 2200 cece cece ceccccccecceecccceceecetteceereceetteeettcseeerees 25 Setting up Disk Access Control 2 2 2 2 20 220 0220ccecccec cece ccecccecceeceeeeceesseeseeeeseeseees 25 Controlling Use of USB Devices on Computer 26 Trust Control LU 28 Simplifying Login 29 Synchronizing Passwords 2 2cecccceeccececcececcceccccecececeeecceetecseetecseeteeseeee 29 Customizing Boot Logon 2 22 e anana aoaaa aaa oDDD LLALL DLLD LLADD LLDD L DD LaaLa 29 Making Usernames Case Sensitive 29 Choosing V5 or V4 Lo
14. Only in Consultation with SES Administrator The following options should be used only in consultation with the SES administrator Custom Error Message Options 5 General Allow to login the boot key file automatically Boot Control 5 Advanced Settings 5 General Settings tab Enable traditional boot logon Boot Control 5 Advanced Settings 5 General Settings tab Simplified sign on Boot Control 5 Advanced Settings 5 General Settings tab Automatically continue interrupted encryption Boot Control 5 Advanced Settings 5 General Settings tab Communication screen Audit Log Certificate Validation Options On Demand Key Provisioning and On Demand Key Requests Options 5 Media Encryption Advanced Options Options Options for Use with WinMagic Technical Support The following options should be used only in consultation with Win Magic technical support MBR access mode Boot Control 5 Advanced Settings 5 General Settings tab Virtual MBR Boot Control 5 Advanced Settings 5 General Settings tab Special BIOS mode Boot Control 5 Advanced Settings 5 General Settings tab Special Y mode Boot Control 5 Advanced Settings 5 General Settings tab all options on the Advanced Settings tab of the Boot Control screen WinMagic Inc SecureDoc Enterprise User Manual Chapter8 For Users of BlackArmor Devices Introduction BlackArmor devices are factory encrypted You can use SecureDoc to manage such devices complementing the initial passwo
15. Removable Media Working with Removable Media FDE Removable Media Encryption Settings CD DVD Encryption Settings CD DVD Settings Slot 81 AES key Select protection keys for CD DVD encryption Encrypted CD DVD can be accessed with a password Enter password for CD DVD 3 Choose a key to be used for the encryption it is advisable not to use the key that is used to encrypt your bootable disk 4 Choose how you want to be able to access encrypted CD DVDs created on this machine e To have encrypted CDs DVDs available only to those who are logged in to a device with SecureDoc installed on it and who have access to the key used to encrypt the removable media clear the Encrypted CD DVD can be accessed with a password option e To have encrypted CDs DVDs usable to anyone using a SecureDoc encrypted device and who has the appropriate password check the Encrypted CD DVD can be accessed with a password option and enter a password For security reasons the CD DVD password will be erased when the computer is rebooted Every time you turn on your computer and burn a CD DVD you need to enter the password again or a new password You may will need to share this password with other users 5 Click Apply Working with Removable Media FDE If Automatic Encryption is Enabled If automatic encryption is enabled this may have been set up by your administrator when you insert removable media you w
16. answers click Change Self Help Answers and follow the steps in Changing Your Self Help Answers on page 35 e To create backup key file click Create Backup key file and follow the steps in see Creating Backup Key File on page 21 e To view but not change password rules click Password Rules See Appendix A Password Rules on page 59 for more details Managing Key Files on a Token 1 In Key Manager or Control Center click Key Management then Token key file Management WinMagic Inc SecureDoc Enterprise User Manual oo Using SecureDoc Managing Key Files Login Token Selection fa IN Slot Selection s Vv y Token Password Key Files on Token Select a file 2 Choose the appropriate token type and slot enter the Password and click Login A list of the key files on that token appear 3 Toadda key file click Add To remove a key file click Remove To export a key file click Export Managing Other Key Files Use this function if you have multiple key files on your computer and want to control what slot they belong in 1 In Control Center click Key Management then Additional Key files WinMagic Inc SecureDoc Enterprise User Manual Using SecureDoc Managing Key Files a Slot User Userslot1 User slot 2 Key file sg User slot 3 af User slot 4 sg User slot 5 sg User slot 6 sg User slot 7 sg User slot 8 S System slot0 user System slot1
17. be defined for a key file and revealed at Boot Logon and when logging on to Control Center This feature may have been configured for you e Self help password recovery can be defined for a key file This uses a series of questions and answers gathered at encryption time or when a key file using self help password is being managed If the password is forgotten the user can answer the questions again and if successful gain access toa protected computer This feature may have been defined for you Administrator supported password recovery is also available WinMagic Inc SecureDoc Enterprise User Manual Chapter2 Accessing an SD Protected Computer Using Boot Logon Depending on your configuration you may or may not see SecureDoc s PreBoot Authentication screen Boot Logon before you log on to Windows If Auto Login has been configured for you you will have to log on to Windows only once for all subsequent times after you authenticate to Boot Logon your Windows environment launches You can use Boot Logon to e establish a wireless connection e log on to an encrypted device e perform administrative tasks e recover a forgotten password see See Recovering from a Lost Password on page 34 e change your password See Changing a Key File Password on page 34 Note If you are unable to logon you may be able to press F3 then click Save Log You will be prompted to save a log file that you can then share with your administrato
18. even been assigned the password field is disabled If the device has been managed by Maxtor or was managed by SecureDoc but that management has been removed enter the most recent password used to manage the device 5 Click Setup A confirmation message appears Manual Management 1 Insert the BlackArmor device in the computer A new screen appears WinMagic Inc SecureDoc Enterprise User Manual For Users of BlackArmor Devices Mi Sharing the BlackArmor Device Ng SecureDoc BlackArmor Managment BlackArmor SN 2HCO29TL This BlackArmor device is currently not managed by SecureDoc Encryption Management Do you wish to manage access to this device through SecureDoc Click Cancel Open the Encryption Management screen in the Control Center click Drive Encryption then Encryption Management 4 Select the BlackArmor device It will be named HD2 HD3 or something similar the hard disk is always named HD1 5 From the Action list choose Manage BlackArmor device with key then choose the encryption key 6 Click Start A new screen appears SecureDoc BlackArmor Managment BlackArmor SN 2HC029T1 3 This BlackArmor device is currently not managed by SecureDoc Enaypiken Management Do you wish to manage access to this device through SecureDoc 7 Click OK 8 Anew screen appears SecureDoc BlackArmor Setup SN 2HC029T1 SecureDoc Management for BlackArmor To manage access to this BlackArmor device through
19. for Use Only in Consultation with SES Administrator 52 Options for Use with WinMagic Technical Support aoa aaaaa aaoo aoaaa aaoo o anaana oona aaa aaan 52 For Users of BlackArmor DEVICES 53 Introduction a 53 Automatic Management a 53 Manual Management 2220 ccccccccccccccecceccccceccecececcceerceceeccettectectsseeteees 53 Sharing the BlackArmor Device _ 2 20 22ccccccccececccecccccecccceeeccceeecccettectecteeeettees 54 Using the Managed Device 2 2 0 22 20 220cc20cceccccecceccceecceceeeeeeeeeeeeeeeseeeeeetesees 55 Handling Unexpected Events 2 22 222 200220ccc0cccecccecccecccecececeeececeseeececsseeeeeeeeens 55 Removing Device from SecureDoc Management 0222 00222 cee cece ce cece cece ecceeeeceee 55 SecureDoc OSA Users 57 WinMagic Inc SecureDoc Enterprise User Manual Installing SecureDoc _ 2 22 2220 20 cee cc cece ence ence cece cece cece eee eeeceeeeeeeceecseeseeeesecseeesees 57 Changing Your Password 2220 00 wamama mamaaa Wama 57 Uninstalling SecureDoc 2 22 222 e cece ccc c cece ccecccecccececceecerceceereesettcccettcsectrseetees 58 Appendix A Password Rules 2 2 2 2 0 0 22 2 2 0 ccececcececcececcececcececececeseceeseseees 59 Password Security Policy 22 22 20 2 ccc cece ce eccccecccececcceeeeccececceetecetetcccettceeeteceeeees 59 Password Rules Screen 59 P
20. mii mmmmm mili miwani miili meme 34 Challenge Response Password Recovery 2 2222memmmmemee 34 Using Rescue and Recovery Lenovo Devices 0222 e cece eee cece cece eee cee eeeeeee eee 34 Changing a Key File Password 2200 0 0 mmama wamama wamama ma mamii 34 Changing Your Self Help Answers 2 220 20 cccccceccccceeccccececceececceetcecetteceettceeeteees 35 Working with Recovery Media 22 2ccccccecccccecceeccceeececeeteceeceecsettsseeteceeess 36 Creating Recovery Media 36 Using Recovery Media _ 2 2 200cccecccceeccececcceccccceececetcececerecececeeettesetteeeeees 36 Recovery Media for Self Encrypting Drives SEDs a 36 Working with Crypto Erase 20 c cece cece ccc ccceeecececceccecececetecceetceceeteccteteesetee 36 About Crypto Erase 1 2 2 20 2202 c 2c cece ccc ence ence ence ccc e ccc eeceeec cece DIDDL D DIDDII I 202222 36 Setting up Crypto Erase 2 2 2 20 ec cece cece ccc ce aaa AAAA DDAL LAAD LLDD DDD DLLD DDD Laana 36 Crypto Erasing Your Computer _ 22 222 20 220 c22cccecccec ccc ceecccecceeceeescetseetseeesees 37 Crypto Erasing aSED 12 22 2 220 ccc ccc ccc cece ence eee e ccc ee cece cece cece cece eeeceeeeeeeeeeeseees 37 Diagnostics sco ccs yates Nag nh ag a AG Oe alpen tee dds NE Anata MA tee ea 37 Enabling Debug Logs ua 38 Collecting Support Information and Logs ua 38 Vie
21. several times if it continues to fail there may be a problem with file network sharing Consult your system administrator 4 Ifcopying is successful a Registration Computer Form screen opens Enter the user name provided by your administrator 5 Modify other field as needed and click Submit 6 You see a confirmation or error messages 7 Depending on your password rules you may be prompted to change the initial password Encryption will start A SecureDoc installation in Progress screen will be visible until the installation is completed approximately 5 minutes Changing Your Password 1 At PBA check the Change password option then enter your username and password and press Enter You will be prompted to enter a new password and to confirm it Click Save A confirmation message appears Click OK WinMagic Inc SecureDoc Enterprise User Manual SecureDoc OSA Users NG Uninstalling SecureDoc N a SN Uninstalling SecureDoc 1 At PBA enter your username and password but press F8 instead of Enter The SecureDoc Boot Configuration Menu opens 2 Click Uninstall You are prompted to confirm 3 Click Yes The screen will remain open for a minute then the computer will power off When it restarts you will no longer see PBA WinMagic Inc SecureDoc Enterprise User Manual Appendix Appendix A Password Rules Password Security Policy The goal of a policy enforced when passwords are created or ch
22. the appropriate values Note that e numeric characters are the numbers 0 9 e non alphanumeric characters are any character except A Z a z and 0 9 Non alphanumeric characters include and soon 2 Inthe Contain at most area e Specify the maximum number of repeated characters allowed in a password A value of O means any number of consecutive characters is allowed for example passssssword would be allowed A value of 1 means no consecutive characters are allowed for example password would not be allowed A value of 2 means no more than two consecutive letters are allowed for example the password passsword would not be allowed However PASSsword would be allowed because the third s is a different case e Specify the maximum number of consecutive characters allowed in common between the old password and a new one For example if you specify a maximum of 2 consecutive characters and the old password was PASSWORD a new password of WORLDMAP would not be allowed because there are three consecutive characters WOR in the old and new password However WoRLDMAP would be allowed because the o is a different case General Options Use these options to set up password expiry Causing passwords to expire after a period of time increases security since it requires passwords to be changed at regular intervals people tend to choose from a limited set of possible passwo
23. token based Authentication Communication Lock computer when token is removed Audi Log Credertial pronder Media Encryption Advanced Options Setting Credential Provider Options The following table describes the options aa begin Check to have Windows login information stored so that logging into boot logon automatically logs users into Windows as well single sign on Set the amount of time to wait before timing out automatic login Automatically log in to Windows will time out after x Automatically login to windows will time out after x mins Optional mins This functionality allows you to permit and manage Single Sign on SSO when using Smart Cards or Tokens Having authenticated with a Smart Card or Windows users can single sign on with Smart Card Token the user s underlying credentials will be or Token accessed and utilized to complete the single sign on process transitioning the user into the Windows desktop directly without requiring further authentication Automatically log in to Windows with credentials entered at boot logon Use SecureDoc Logon credentials to log into Only users having SecureDoc credentials may login Windows at Windows login Check to ensure that only users with SecureDoc credentials can access the system check to have SecureDoc screen lock take effect whenever the token is removed and to require users to insert their token to dismiss screen lock Lock computer when token is removed
24. with Removable Media FDE From Windows Explorer 1 Using Windows Explorer navigate to the removable media you want to encrypt right click on it and choose Encrypt Media 2 You are prompted to choose whether to encrypt the removable media with a password you will be prompted for the password before encryption a certificate both or neither g Media Access Settings n Do you want the encrypted media to be accessed with a password and or a certificate V Encrypted media can be accessed with a password Encrypted media can be accessed with a certificate This dialog box won t show if user is not allowed to change settings o Gana ee 3 You are prompted to confirm the encryption request 4 What happens next depends on the choices made e If you chose neither password or certificate protection encryption begins immediately e If you chose to protect the removable media with a password you are prompted to choose the password SecureDoc Media Encryption s Please provide a password for your removable device Password Confirm password Note If conversion is interrupted the password will not be applied However a password can still be added after the media is fully encrypted 4 Note To see the password rules in effect for this password click Password Rules e If you chose to protect the removable media with a certificate you are prompted to choose the c
25. B Protection Methods Description Windows may store certificates in a particular folder If you use this method users are prompted to chose from the list of certificates stored on their Windows computer SecureDoc Enterprise User Manual Appendix Glossary Term admin key file Algorithm Auto Login Boot Logon Control Center Definition A key file with full privileges for an encrypted device including the ability to create additional key files A detailed sequence of actions to perform some task named after a Persian mathematician Al Khawarizmi Technically an algorithm must reach a result after a finite number of steps thus ruling out brute force search methods for certain problems The term is also used loosely for any sequence of actions which may or may not terminate SecureDoc Client function that requires users to log on to Boot Logon after which SecureDoc Client automatically logs on to the SecureDoc Client Screen Lock and the Windows Login Each key file enabled on an individual device is assigned a number in Boot Control This number can be used to select the key file to be used at Boot Logon SecureDoc Client application that authenticates users to key files before giving them access to an encrypted device Also known as pre boot authentication prompt SecureDoc Client application used on client computers to perform SecureDoc Client management functions such as changing a password
26. C support list choose the appropriate manufacturer If your manufacturer and model are not listed the on screen keyboard may not be supported this means that if you do not have a physical keyboard you cannot use SecureDoc 4 Click Apply WinMagic Inc SecureDoc Enterprise User Manual e 3 Using SecureDoc YA Controlling Access to Computer Disks 2 PCMCIA Reader If Boot Logon has problems locating a PCMCIA reader in a laptop it may be an addressing problem You may need to change the PCMCIA I O address on their laptop to the default address D0000000 to help SecureDoc detect it You then need to do the following 1 Inthe Control Center click Boot Control then Advanced Settings 2 Click the General Settings tab 3 Check Change PCMCIA I O Address if zero 4 Click Apply Controlling Access to Computer Disks About Disk Access Control You can lock or monitor different functions performed on the different disks both encrypted and not encrypted on your computer You can monitor but not lock your boot disk using one or all of the following control options Setting Description Lock means to restrict access in specific ways You cannot lock the first boot drive or the system drive of the disk where SecureDoc resides You should not lock disks to which Windows and other applications may need to write For removable media lock means limiting the ability to work with the removable media if the media is not locked th
27. Debug logs are for troubleshooting purpose it may affect your machine s performance Turn it on only if when it is required by IT Help support personnel and please remember to turn it off when it is no longer needed or it will be turned off automatically after 48 hours Note A reboot will be needed to make the change effective when you turn on off debug log Enabling Debug Logs 1 UI AUN Open SD Control Center Select the General tab on the left menu Select the Diagnostics tab The Diagnostics screen appears Select the Enable debug log checkbox Click OK Note A reboot will be needed to make the change effective when you turn on off this checkbox Collecting Support Information and Logs There may be occasions where when seeking assistance from Win Magic Technical Support a support member may request detailed device level logs to aid in trouble shooting issues on a given device SecureDoc offers an easy way to aggregate these logs after which they can be sent to Win Magic Technical Support There exists a batch file named col lectClientSupportInfo bat in folder C Program Files WinMagic SecureDoc NT Support This file allows the end users upon SES Administrator request to collect automatically aggregated device level detail logs These logs may be required by WinMagic Support to troubleshoot issues on that device To collect support information and logs 1 2 3 Go to C Program Files WinMagic SecureDoc NT Su
28. F3 click Configuration then set Switch back to PBA to Yes Note You can also use this feature to force use of V5 boot loader exclusively or to use the V4 boot loader and V5 as an upgrade before Boot Logon loads press a to switch to the V4 loader Using UEFI Driver Hook This option permits the SD Client Administrators to enable disable the driver binding for UEFI devices By leaving this option disabled SecureDoc s own logic will be used to manage such devices which will work better for devices that do not have full implementations of Driver Binding By enabling this option the assumption is that the devices receiving this profile will have full implementations of Driver Binding for UEFI UEFI driver binding is special protocol providing functions for starting and stopping drivers as well as a function for determining whether a given driver can manage a particular controller Note By default the UEFI driver hook is not enabled 1 Inthe Control Centre click Boot Control then Advanced Settings 2 Onthe General Settings tab select the Use UEFI driver hook checkbox Masking Key Input By default the user name entered at Boot Logon and answers to any self help password recovery questions are shown in plain text while the password is shown in asterisks You can choose to have all user input to Boot Logon masked 1 Inthe Control Centre click Boot Control then Advanced Settings 2 Onthe General Settings tab choose Mask
29. F3 to show additional functions e Configuration use to modify boot configuration most of these settings should be changed only in consultation with WinMagic Technical Support or to uninstall SecureDoc see See Removing SecureDoc From Your System on page 41 e Save Log use to save information related to login attempts for troubleshooting purposes e Information use to see details about your Network Interface Controller and any SES related messages Note By default your SecureDoc account will be locked after 15 failed login attempts Another user can login to your locked computer but you will need administrative help to unlock it for your use Your installation may use a different value You can change the value if you wish See Changing Maximum Number of Failed Logins on page 31 Identifying Your Keyboard Tablets Only Click to choose a different keyboard Note You can also change the keyboard layout in the Control Center see Using Specialized Devices on page 24 Using the V4 Boot Logon SecureDoc includes two Boot Logon versions If Boot Logon fails reboot and press the a key while the computer boots up That will invoke the V4 version of Boot Logon instead To avoid having to manually invoke the V4 version in the future you can set SecureDoc to use the V4 version of Boot Logon all the time see Choosing V5 or V4 Loader on page 29 Entering a Temporary Password Single Sign on and Password Synchronizat
30. L discs 1 Open SD Control Center 2 Select the Encryption Management tab 3 Select the Decrypt All Encrypt All button located at the bottom right of the window A confirmation message All disks have been set for decryption SecureDoc Control Center will now terminate will appear 4 Click OK SSS TOE ZA a nh Encryption Management 4 G Encryptce Managemest EG a Create Recovery Meda Media Ercrypbon Sethngs Name KOI e KHOI k Drive Letter C KHOI key 1759 p Q Ercrypted Yes Encrypted Yes le Boctisgon ON Removable No Pa Name HO2 e KHOI k Drive Letter E e KHOI key _f759 Encrypted Yes Encrypted Yes Bootlogon ON Removable Yes a p Operation Encrypt Conversion Mode Thorough Encryption Key AES KHOI key _f7 Renee nama vee SEES EE Deleting Temporary Files PH1 PH2 This option allows users to delete the temporary files PH1 PH2 that are generated during encryption process If the encryption process is disrupted for any reason e g computer shutdown these PH1 PH2 files will be stored in the respective disks USBs and may prevent them from being encrypted To delete the temporary files click the Remove PH1 PH2 button located in the Encryption Management screen Getting More Information about SecureDoc Control Centre To view the version and other details in the Control Center click General then About WinMagic Inc SecureDoc Enterprise User Manual
31. Launch the SecureDoc interface from Start gt SecureDoc Control Center You use the SecureDoc interface to encrypt removable media as well as to perform encryption management tasks Use the navigation pane on the left of the screen to choose a function to perform Click groups to expand them then click the function s name The corresponding data screen appears in the right pane Encryption Terms and Concepts Using SecureDoc doesn t require detailed knowledge about encryption and how it works However it is useful to understand some basic terms and concepts Keys and Key Files Like a physical key an encryption key is used to lock and unlock secured information Encryption keys are stored in key files you can think of them as the key ring that holds your keys To access encrypted media you need to log on to the key file containing the key used to encrypt the media WinMagic Inc SecureDoc Enterprise User Manual Introduction to SecureDoc X a Password Rules KAA user KEY FILES KEY COMPUTER The key file identified during encryption of your fixed disk is your default key file A key file can contain multiple keys and the same key can exist in multiple key files For example you might want to share with other users the key used to encrypt removable media but not the key used to encrypt your fixed disk If you have both keys in the same key file you would create or acquire key files for the other users and copy i
32. NA Graphical Identification and Authentication SecureDoc Client replaces Window s GINA with its own Contains the encryption keys user privileges password rules and key file other information for a specific user Can be stored on a token Encrypted itself and protected using a password or token A hint to help the user recall their password Should not contain the password itself and should not contain enough information that password hint someone other than the authorized user could guess For example name of your first pet This option is checked and cleared in password rules Process of enabling users with a lost or forgotten password to regain access to their PC Once user is validated through answers to challenge questions they can continue to boot and log on to Windows but are immediately prompted to specify a new password Key that identifies which administrators have administrative access to Protection Key A 3 which encryption keys removable media Refers to USB firewall drives CD DVDs flash and SD cards and PCMCIA Jaz and Zip drives SecureDoc Client function that uses a screen saver for added security Screen Lock The screen saver requires users to log on to their key file or for token based key files to insert their token to continue working with the computer Self encrypting hard disk with embedded hardware encryption SED functionality See WinMagic web site for details on which of these drives are suppor
33. RSA keys on the token to protect the key files During login SecureDoc uses the entered password to log in to the token SecureDoc uses the on token RSA private key to decrypt and encrypt data Note that you can change the token s password using third party card management or PKI software SecureDoc does not have to know that the password has been changed As long as the entered password can login to the correct token with the correct RSA private key you can log in to SecureDoc If the card has been lost and the card management software can create another card and place the same encryption RSA keys on it you can use the new token to login to the SecureDoc key file If the token does not have encryption capability use this method The token is used to store a strong PIN of 256 bits generated randomly at the time of creation The PIN is used to access the key file During login SecureDoc uses the entered password to log in to the token and obtain the PIN stored in the token to access SecureDoc key files This method changes the tokens thus is not recommended if the enterprise relies on other third party card management or PKI systems to manage tokens For password recovery the key file cannot be recreated You need to initialize a new token and create a new key file including the encryption key used to encrypt the user s computer During login SecureDoc uses the RSA private key on the token as in method 1 Unlike in method 1 Se
34. SecureDoc provide tha MSID and the password ein Ta naaa in Enter the 25 character identification code ikapu MSID printed on the BlackArmor drive label eengoaeanra0an anggad Enter BlackArmor password 9 Ifthe device is in the manufactured state no password has even been assigned the password field is disabled If the device has been managed by Maxtor or was managed by SecureDoc but that management has been removed enter the most password used to manage the device 10 Click Setup A confirmation message appears Sharing the BlackArmor Device If you have used a group key to manage the BlackArmor device that key can unlock the device on any SecureDoc computer that received the group key To share the device with computers that do not already have the key used to manage it 1 Copy the key file whose key manages the device to the computers that are to share that device WinMagic Inc SecureDoc Enterprise User Manual N For Users of BlackArmor Devices Using the Managed Device AZ 2 On each computer that is to share the device add the key file see Adding Users to This Computer on page 23 Using the Managed Device Once the device has been set up for SecureDoc management when it is inserted into a SecureDoc machine where the user is logged in to the key used to manage the device it is automatically unlocked without a password being required It may be necessary to wait for up to 30 seconds for the d
35. SecureDoc Enterprise V6 5 WINMAGIC DATA SECURITY Copyright 1997 2014 by WinMagic Inc All rights reserved Printed in Canada Many products software and technologies are subject to export control for both Canada and the United States of America WinMagic advises all customers that they are responsible for familiarizing themselves with these regulations Exports and re exports of WinMagic Inc products are subject to Canadian and US export controls administered by the Canadian Border Services Agency CBSA and the Commerce Department s Bureau of Industry and Security BIS For more information visit WinMagic s web site or the web site of the appropriate agency WinMagic SecureDoc SecureDoc Enterprise Server Compartmental SecureDoc SecureDoc PDA SecureDoc Personal Edition SecureDoc RME SecureDoc Removable Media Encryption SecureDoc Media Viewer SecureDoc Express SecureDoc for Mac MySecureDoc MySecureDoc Personal Edition Plus MySecureDoc Media PBConnex and SecureDoc Central Database are trademarks and registered trademarks of WinMagic Inc registered in the US and other countries All other registered and unregistered trademarks herein are the sole property of their respective owners 2014 WinMagic Inc All rights reserved Acknowledgements This product includes cryptographic software written by Antoon Bosselaers Hans Dobbertin Bart Preneel Eric Young eay mincom oz au and Joan Daemen and Vincent Rijmen creators
36. Synonym for process of encrypting a full disk Crypto erase Includes local or network disk RAIDs and magneto optical drives n Settings to control or monitor read write access to both encrypted and disk access profile non encrypted disks The process that checks the computer s boot files to make sure they have not been tampered with or corrupted on boot up Depending on the user s privileges the user may or may not be able to proceed if disk integrity is in doubt disk integrity check emergency disk encryption key WinMagic Inc Remove the encryption key from an encrypted device rendering it inaccessible Aka zeroize Used to restore Boot Logon on a client computer This would be necessary if something happens to the computer s MBR and Boot Logon is missing leaving the computer inaccessible The files for this disk are returned from the client computer on receipt of installation package The disk can be any removable media except a diskette USB stick CD etc The mechanism used to encrypt decrypt a user s disks or removable media Can act on a set of disks a single partition a single disk etc Can be assigned to different users in different forms e g to user Ain a key file to user Bin a smart card to user Cin a USB device and to user SecureDoc Enterprise User Manual Glossary EN Term Definition Din a key file protected by user D s Entrust profile Must be stored in a key file GI
37. a System slot 2 System slot 3 System slot 4 System slot 5 System slot 6 System slot 7 Login to Slot Password Logout from Slot Key List 2 To remove a key file from its current slot select it and click Logout To adda key file to a slot select the slot navigate to the Key file enter the password then click Login Adding Keys to An Existing Key File You can either create new keys for an existing key file or import keys from another key file 1 In Control Center click Key Management then Key file Management 2 Locate and log on to the key file you want to manage and click Login 3 Click Key Management A new screen appears showing the keys currently in the key file WinMagic Inc SecureDoc Enterprise User Manual Using SecureDoc Nf Creating Backup Key File PAN Key File Management Add new key to your key chain Key Name Your key chain active at this moment e To create a key and add it to the key file enter a key name in the Key Name field and click Generate e To remove a key from the key file select it and click Delete Note Deleting a key that is used to access encrypted media will make that media inaccessible e To import a key from another key file click Import Click L and browse to the location of the key file containing the key you want to import enter the Password and click Login A list of keys in that key file appears
38. ader 22 2 222 220 2ecccccc cece ccc cccc cece cece 00000000 0000000000222222 29 Using UEFI Driver Hook 2 2 220 ccc ee ccc ec eccecceccecceccecceceereceeereeceetecettrceeeteeceteees 30 Masking Key Input _ 22 2 2 20 22 0cc ec cccccecccccccccecceceeeeeceeeeecececccestcceetteceettcseeteees 30 Boot Text and Color 30 Changing Maximum Number of Failed Logins 22222 31 Use 0f Token 2 ANAL OAK AA NANA BIAG ENNA A tes eps crete EC EA fa sere 31 Converting a Key File to TPM Protection mmama 31 Hiding SecureDoc Icon from System Tray meme oann 32 Controlling Number of Users of Boot Logon 2 2 00 200cccecccececcecccccceecececeectectceeeteees 32 Updating Boot Logon 2 20 22 202200220 cece cece cece cece eee DDD DLLD DIDDL LIDD LLDD DILD 20022222222 32 Credential Provider Options 2 22 222 ccc ceccccececcceccceceeccecececetecceettcsceteecettessetee 32 Setting Credential Provider Options 33 WinMagic Inc SecureDoc Enterprise User Manual I Maintenance Troubleshooting 0 2 2 2 0c cc ec ec cece cececececcccecececestceeceteseceseees 34 Windows 8 Refresh Reset Behavior _ 0 2 2 2 200 ccccccececccececcecceceeececeeececeeteeeeeseeees 34 Recovering from a Lost Password 222 lema 34 Self Help Password Recovery
39. anged is to prevent certain types of attack on protected devices Here are some common attacks e Guess Attack may be successful if personal information like phone number license plate number pet s name etc is used as a password Such a password may be easily guessed by anyone who has access to this information e Brute Force Attack may be successful if the password is too short allowing an attacker to try all possible combinations in a feasible time e Dictionary Attack may be successful if the password is a word of a real language geographical name name of a person etc Modern information technologies provide capability to find equivalents of such passwords for known authentication mechanisms The following rules help prevent these attacks e Password must be at least 8 characters long protects against Brute Force Attack e Password must contain at least one character that is a lower case letter upper case letter digit or special character protects against Brute Force and Dictionary Attacks e Password hint feature must be disabled protects against Guess Attack e Self Help Password Recovery feature must be disabled protects against Guess Attack Configure your password rules and key file options so they enforce this policy Password Rules Screen Password Composition 1 Inthe Contain at least area specify the minimum number of characters and type of characters to be used in a password Click the arrows or type
40. as been successfully converted to TPM protection 5 From now on when you access Boot Logon you will see an indication that it is accessing TPM Hiding SecureDoc Icon from System Tray 1 From the Control Center click Options then Advanced Options 2 Check the SecureDoc icon will not appear in system tray option Controlling Number of Users of Boot Logon Use this function to change the maximum number of users of Boot Logon on this machine 1 Inthe navigation pane click Boot Control then Install Uninstall Boot Logon then the Update tab Update Boot Logon isa Update Lusak Update Boot Logon SecureDoc installs boot logon to permit log in at boot With full disk encryption logging in with the correct key file s is necessary to start Windows At boot logon SecureDoc will be unable to read the Windows key files currently used to log in with the whole disk may be encrypted SecureDoc stores the boot key files in a protected place SecureDoc space Boot Control can be configured to permit a maximum number of users between 16 and 200 By default Boot Control is set to 40 users Boot Logon Options Maximum number of users 40 2 Choose the number of users key files you want to have access to this computer 3 Click Update You are prompted to update your recovery media insert the media used originally during encryption it will be overwritten with updated information Updating Boot Logon Us
41. assword Composition 2 2 2220 cecccccecccccecceccccceccccceececeeececeeteceeeteseetteseetees 59 General Options __ 2 22 2 2 e cece cece cece cc cecccececccetecceeteeceteeceetceeeetretttesestesseess 59 Password Recovery Options 22 22 22 200c22cccecccecccecceecccecceececeeeeseceseetseeseeees 60 OtherOptons Aka ie et IA O een a Re GN NGA ee Ea 60 Appendix B Protection Methods 2 20 0 02 22 cece ec ec ccc ccccccececececececeececeseees 61 MSS aan a cee eras se at e ee ea eee ot 63 Lk PAA AA AU 65 WinMagic Inc SecureDoc Enterprise User Manual Chapter 1 Introduction to SecureDoc About SecureDoc SecureDoc stops unauthorized users from gaining access to confidential data on your notebook or desktop computer or on your removable media USB drive CD and or DVD Once SecureDoc is installed and set up on your computer you and other users must be authenticated using password hardware token smart card biometric or PKI before even attempting to log on to Windows this is called Pre Boot Authentication PBA SecureDoc is installed automatically on your computer and configured by your administrator As a SecureDoc user you have access to WinMagic s MagicSync product which allows you to encrypt and securely share files that are stored in a cloud storage provider See the separate MagicSync online help About Boot Logon Boot Logon is the SecureDoc mechanism that performs Pre Bo
42. ble media FDE accessing encrypted 47 decrypting 47 removing media decrypting 45 removing SecureDoc 41 SecureDoc OSA 57 SED users 57 select profile privilege 15 self help answers changing 35 WinMagic Inc SecureDoc Enterprise User Manual single sign on 12 T TPM protection 31 U uninstalling SecureDoc 41 USB drive blocking access to 25 Ww wireless access 11 write access preventing 25 WinMagic Inc SecureDoc Enterprise User Manual
43. ble media may be any of the following e the key used to encrypt your hard disk recommended only if the removable media will either not be shared or will be shared only with users who you also allow access to your hard disk e aspecific key you select and may have shared with others by creating their own key file and importing the key into it e the key chosen by your administrator which may or may not be shared with others your machine may be set to automatically encrypt You can allow access to removable media in any of the following ways e only to individuals who have the encryption key used to encrypt it and who can login to the key file holding that key e only to individuals who know the appropriate password e only to individuals who have access to the certificate you specified at encryption time e only to individuals with either access to the certificate or who know the appropriate password Other individuals will need either SecureDoc or the free Win Magic MediaViewer application along with access to the necessary key or password to view encrypted removable media Setting Removable Media Options 1 On the Control Center click Options then Media Encryption WinMagic Inc SecureDoc Enterprise User Manual Working with Removable Media 44 Configuring Removable Media Encryption Settings Media Encryption Options Removable Media Settings Automatic Encryption L Automatically encrypt removable media when connected If
44. cccececececcceeeneceetceceteecetecsettceeeeteceetresseteees 8 SecureDoc s Encryption Features __ 2 20 2 2 22 c cece eee eee cence eee aooaa aaao 8 About the SecureDoc Interface 2 mmmmmmm meme eee eeeeeees 8 Encryption Terms and Concepts 8 Keys and Key Fil 8 More About Key Files 2 20 220 e cece cece cece cececccecccccececceeececereecettrecettresetteseetees 9 About the Encryption Decryption Process 22222 cccc cece cece cc ccceeeccecccceceeeeeeees 9 Password Rules 2 2 20 20 c cc eccceecccecccccececceececceccecceteececececeterecettecetteseettsseetees 9 Key File Privileges 2 2 2 0 ooo cece cece ccc cece ccc cecccccccecececectecceenescettcseeteceettecsettceeetseees 9 About Recovery Media 2 0 2 2cccccccccccccececceceeceeeccceeeteceetecsececetettceettseeess 10 About Password Recovery 2 0 22 20 ccccccececcceeccceecccceceeceeereceetecseetcecetteseeteseeeees 10 Accessing an SD Protected Computer 11 Using Boot Logon 2 22 220 20ccec cece ccc ccc cece cece cece cece cece cece DLLD LLDD LLDD LLLI L22022 11 Connecting Wirelessly 2 2 22 22 2 0 20ccc0c cece cence cnc cce cece DDD rnrn 11 Logging OM ah oe a eee st elie eg eee ae Ree eo AA 11 Accessing Administrative Functions 22 12 Identifying Your Keyboard Tablets Only _ 2 20 20 ccccccecccccecccceececcececceetcceetes
45. click Boot Control then Advanced Settings 2 On the Crypto erase Settings tab check Enable Pre Boot Crypto erase keystroke sequences WinMagic Inc SecureDoc Enterprise User Manual Maintenance Troubleshooting 4 Diagnostics A General Settings KeyboardLayout Advanced Settings Crypto erase Settings V Enable Pre Boot Crypto erase keystroke sequence Crypto erase keystroke sequence Keyl Each of the function keys at left can be pa either a single function key e g F4 ora Key2 combination of one of the following keys CTRL ALT SHIFT plus a function key Key3 e g ALT F9 SHIFT F6 Crypto erase Cancellation Upon entering the Crypto erase key sequence defined above the user will be given a certain time in seconds defined here to cancel the Crypto erase function Allow user 0 seconds to cancel Crypto erase request A value of 0 means crypto erase cannot be cancelled once requested 3 Specify the three key strokes to be used for this purpose Supported keys are Function keys F1 F2 etc alone or in conjunction with the Shift Ctrl or Alt key For example the sequence could be SHIFT F1 CTRL F2 and F3 4 Toallow time to cancel the Crypto erase function enter the number of seconds of delay before the Crypto erase will be carried out During this time if the sequence is re entered the Crypto erase is cancelled 5 Click Apply Crypto Erasing Your Computer At pr
46. confirm the deletion click Delete Note that the key file itself is not deleted Preventing Users from Accessing This Computer You may want to lock certain users out from having access to this computer even if they still have valid keys for instance if someone has left the company Use this function to create a list of users to be locked out These users at boot time see a message that tells them they cannot log on You can create the list of WinMagic Inc SecureDoc Enterprise User Manual Using SecureDoc Sharing Encrypted Files with Other Users JS users to lock out but the list does not take effect unless you choose to enable it in this screen You cannot add the key file you are logged in with to the locked list To lock out a user 1 Inthe User Management screen click Lock User The lock user screen appears with the lock list enabled and the name of the selected user in the first field 2 Toadd the user to the locked list click Lock If a user name does not appear in the first field you can type it in the field then click Lock If necessary click OK and select another user clicking Lock to display the lock user screen again and clicking Lock to add the selected user to the list 3 To have the list take effect be sure that Enable Locked Users List is checked when you click OK Exporting A User s Key File This function creates a copy of a user s key file 1 Inthe User Management screen select the user
47. cureDoc uses the certificate stored on the token to perform the RSA public key encryption The token must contain the certificate but it doesn t have to have the public key For password recovery you only need to initialize a new token make sure the private key from the MS CA is created on the card and give the user the new card The user can then restore their old token based key file because the token you gave them contains the private key that can decrypt their original key file During login SecureDoc uses the RSA private key on the token as in method 1 Unlike in method 1 and 3 SecureDoc uses the certificate from a file This token based key file does not need the token to be present This is the preferred method for creating key files for an enterprise with PKI systems A SecureDoc administrator can create key files for thousands of users without having to have the tokens or the password to the tokens If you use this method the interface changes to enable you to browse to the certificate file Some tokens can use secret keys instead of RSA keys You can use these secret keys to protect the key file as well SecureDoc needs the token inserted when creating the key file During login SecureDoc uses the entered password to log in to the token and uses the on token secret key to access the SecureDoc key file SecureDoc Enterprise User Manual Method Method 6 Use certificate from Windows Store WinMagic Inc Appendix
48. e Control Center click Tools then Trust Control Trust Control Trusted Devices VID Name PID Name VendorID ProductID HWE Attribute Add gt gt 2 Toload the default list click Load Default List The list is populated with information provided by WinMagic You can add to this list remove an item from the list or clear the entire list To add a specific item click Add You are prompted to either enter the device details or trust a device model WinMagic Inc SecureDoc Enterprise User Manual PN Using SecureDoc Simplifying Login sy Trust Control Select to trust a device model or distinct device Enter device details to trust Trust a device model e g Kingston DataTraveler 2 0 3 Ifyou select Enter device details to trust when you click Next you are prompted to enter identifying information about the device If you select Trust a device model when you click Next you see a list of the device models currently connected to your computer Select a model and click Add Selected Device Model Simplifying Login Synchronizing Passwords You can choose to synchronize your Windows and SecureDoc key file passwords so that changes made to either password are automatically made to the other one 1 Inthe Control Center click Options then General 2 Check Synchronize SecureDoc with Windows password 3 Optionally also check Synchronize with matching windows Accounts only to have password synchron
49. e boot or after Windows has started you can Crypto erase your computer by pressing the defined key sequence This takes effect immediately If done at pre boot login will be denied If done after Windows has started Windows will crash as soon as the sequence is entered Depending on your settings you may be able to cancel the Crypto erase Crypto Erasing a SED 1 In Control Center click Drive Encryption then Encryption Management 2 Select the box representing the SED you plan to crypto erase 3 Click Crypto Erase Diagnostics The Diagnostics screen in SecureDoc Control Center provides a regular non admin user with the ability to enable detailed logging in the SecureDoc Client environment This will normally only be needed when requested by WinMagic SecureDoc technical support to provide detailed log information for analysis Once enabled because of the additional load that detailed logging places on the computer this feature is designed to disable itself automatically after 48 hours on the assumption that two days of detailed log information should normally provide adequate additonal information to aid in troubleshooting WinMagic Inc SecureDoc Enterprise User Manual Maintenance Troubleshooting dl Collecting Support Information and Logs JS SD Control Center UN SecureDoc SSS AA WI Gy Mm su N ka Diagnostics Tj General Start Page Audit Log Diagnostics Enable debug log About
50. e this function to change the maximum number of users of Boot Logon on this machine 1 From the Control Center click Boot Control then Install Uninstall Boot Logon then the Update tab Choose the number of users key files you want to have access to this computer Click Update You are prompted to update your recovery media insert the media used originally during encryption it will be overwritten with updated information Credential Provider Options Options in the Credential Provider tab affect the way Boot Logon functions on all Vista Windows 7 Windows 8 client devices that are controlled by the settings encapsulated within the device profile To access the Credential Provider Options screen open the SecureDoc Control Center select Options tab on the left menu then click Credential provider WinMagic Inc SecureDoc Enterprise User Manual Using SecureDoc Nf Credential Provider Options 22 Credential Provider Options Credenbal Provider Define whether credentials entered at Boot Logon automate User Logon into Windows Automabcally log in t Windows wath Credentials entered at Boot Logon Windows users can single sign on with Smart Card or Token Automate logn to windows wil tme out after 3 mra Define how SecureDoc credentials are used to authenticate at Windows Logon ni gw Optoas Use SeaureDoc credentials to log into Windows Only users having SecureDoc Credentials may log in at Windows Logon General AdSbonel opbons for
51. e user can encrypt continued interrupted conversion and decrypt the media potentially exposing sensitive data When you lock media you can choose the specific restriction Monitor means to notify the user when someone tries to access the drive A warning message that the file is being accessed pops up immediately to any user currently logged in and to the user who triggered the monitored event Monitor Log Write Access means to track writing to media in a log file The log file is Log Write called wr Log and resides in the UserData folder of SecureDoc It Access contains the date the data was written and to which file the sector modified and the name of the logged on user Disk access control can be used for example to e block all write access to a USB drive thereby preventing data from leaving the device or preventing data being written to it while on the Internet e block read write access to a USB drive thereby preventing others from loading software onto the machine This function protects against accidents rather than malicious attacks If a disk is not encrypted restricting access to it is not enough a user could still boot from removable media and bypass the restriction altogether Setting up Disk Access Control Disk Access Control is defined as a profile SecureDoc comes with a default profile which applies the profile settings determined by your administrator To modify the default profile 1 From the
52. ed and token based key files differs Managing Key Files 1 In Control Center click Key Management then Key file Management 2 To manage a password based key file click the tab identify and enter the password for the key file you want to manage and click Login To manage a token based key files click the 8 tab choose the appropriate token type and slot enter teh Password and click Login WinMagic Inc SecureDoc Enterprise User Manual Using SecureDoc Managing Key Files KN Key File Management Login Key file path Name Key file password Create new encryption keys add keys to Key Key Management File s Change Password Change your SecureDoc Password Pa n The answers to these questions can help you Change Self Help Answers recover from a lost or forgotten password 5 A backup key file can help recovery from disk Erai air en GrasteiBackupikestle problems Store itin a safe location Use this option to view rules for password quality Password Rules complexity retention duration and other attributes 3 Choose from the following actions e To add keys to the key file click Key Management and follow the procedures in Adding Keys to An Existing Key File on page 20 e To change the key file s password click Change Password or Change Token Password and follow the steps as in Changing a Key File Password on page 34 e To change the key file s self help recovery
53. een tampered with or corrupted on boot up Use of the Control Center to create an emergency disk recovery media to restore the Master Boot Record See Creating Recovery Media on page 36 Create Emergency Disk WinMagic Inc SecureDoc Enterprise User Manual 8 d Using SecureDoc A Creating Key Files LLN 9 Make your selections and click Next List of keys in this key file New Key Name 10 Add keys to the key file e To create a key and add it to the key file enter a key name in the New Key Name field and click Add e Toimport a key from another key file click Import Click L and browse to the location of the key file containing the key you want to import enter the Password and click Login A list of keys in that key file appears Select the key s to be imported and click Import Keys The selected key s are added to the key file s list WinMagic Inc SecureDoc Enterprise User Manual jas Using SecureDoc Managing Key Files LI Import Keys Login to key file Key file Password Select keys Login to key file on Token WA Import Keys Cancel Note If Boot Logon has not yet been installed you need to log out of Control Center and log in again to see the added key 11 Click Next then Finish A prompt tells you the key file was created Managing Key Files You can manage key files from Control Center Management of password bas
54. ees 12 Using the V4 Boot Logon 2 12 Entering a Temporary Password Single Sign on and Password Synchronization 12 Using SecureDoc aa neu ctdeds eine siceaubtenvadedeneees es 13 Choosing a Language 22 222 2 200cc0cccec cece cence cee ccecececececceeceeeeececeeeeeeteeeeeeeeees 13 Creating Key Files l l n 000 000a 000000000000000 noonoo oona DIDDL DDD DDD D DDD D DLDI DLD DLD r nrin 13 Creating Key Files with Control Center _ 2 2 222 222 220 22cccecccecceecceeeceeecceceeeeseeseees 13 Managing Key Files a 17 Managing Key Files 2 2 20 2202 200c20cccccccecccecceecccecceecceeceeeceeeseeeseeeeeseeesseeees 17 Managing Key Files on a Token 2 2 0 20 200c20c cece ccecccecccecceecececeeeseceeeetseeeeeees 18 Managing Other Key Files 19 Adding Keys to An Existing Key File 20 Creating Backup Key File 2 21 Managing Users 2 2 22 200c20ccceccceccce cece cece cece ceeec eee ceceeeeeeeceeeeeceesseeeeeeseeees 22 WinMagic Inc SecureDoc Enterprise User Manual Changing a User s Key File Password 2 2 2 2 22 220 200ccecceecccecccecceeeeceeeeesseeseeeees 23 Changing a User s Self Help Password Recovery Answers 2 meme e 23 Adding Users to This Computer 2 2 22 2 20 20 220c cece cece ceecceecceeccecceeseeeseetseeeee 23 Deleting Users
55. ertificate from those stored on your machine choose the appropriate Certificate Store to display the certificates in that store then add them to the Recipients list WinMagic Inc SecureDoc Enterprise User Manual PN Working with Removable Media Working with Removable Media Container Encryption 322 Secure Recipients Serach for Recipient Certificates Recipients FE Common Name e mail Address e mail Address 5 If encryption is interrupted the password if used may not be assigned If this happens when encryption is complete you can use the Encryption Management feature of the Control Center to apply a password to the encrypted media Decrypting Removable Media Do one of the following e In Windows Explorer right click on the encrypted removable media and choose Decrypt Media You are prompted to confirm Windows 32 only e Inthe Control Center Encryption Management screen select the removable media s box and choose the Decrypt Operation Note In order to improve user experience when needing to decrypt media SecureDoc uses the fast decryption option which in this case means that all sectors that contain data will be decrypted back into Clear text but any sectors that are marked as not containing data will remain encrypted since those sectors are considered to not contain data This will substantially shorten the time required to decrypt sparsely used media by n
56. ery reliable and SecureDoc does not let applications overwrite its information However we have experienced improper use of recovery media such as using outdated media or media created for another computer in which case the boot disk is no longer accessible We strongly recommend you contact WinMagic Technical Support before using the emergency disk To use recovery media insert it and change your BIOS settings to boot from the USB Note Itis vital that the recovery media used in this procedure was created for the specific machine on which this procedure will be performed Recovery Media for Self Encrypting Drives SEDs Note For SED users only You must have the Create Emergency Disk privilege to perform the following function To export 1 In Control Center click Boot Control then Import Export FDE Recovery Info then the Export tab 2 Browse to the location where the recovery information is to be stored and enter confirm the password You will need the password to import the key file which contains the files HWEkeyfile dbk and SDHWE enc To import 1 In Control Center click Boot Control then Import Export FDE Recovery Info then the Import tab 2 Browse to the location where the recovery information is stored and enter the password Working with Crypto Erase About Crypto Erase Note Crypto erasing a device removes the encryption keys from it rendering it inaccessible Setting up Crypto Erase 1 In Control Center
57. evice to be unlocked When a SecureDoc managed device is inserted into a machine without SecureDoc the password for the key used to manage the device needs to be entered in the Maxtor Manager screen v Unlock Drive st alindan de Manto Baca nara aurar IONN p rte you panned and aka Via emma wt Ree Femane Cancel pr Maxtor Handling Unexpected Events If you attempt to use the BlackArmor device on a machine that does not have SecureDoc on it you need to know the password for the device Since normally SecureDoc simply unlocks the device you may have forgotten this password To solve this issue 1 Return to the machine with SecureDoc on it and change the password 2 Return to the machine without SecureDoc on it and insert the device 3 When prompted enter the newly created password If you lose the shared key used to manage the BlackArmor device you can request it from your SES administrator 4 SecureDoc will report the name of the key when the device is inserted For example SecureDoc Unable to unlock BlackArmor SN 2HC029TL device Please perform the following steps 1 Go to SecureDoc Control Center and login to the correct hey file which contains key Gina KI 2 Click Unlock BlackArmor button on SecureDoc Control Center 5 Ask your administrator for the key and copy it to your machine then add it to your computer see Adding Users to This Computer on page 23 6 Re insert the dev
58. heir password or self help answers or lock the key files so they cannot access the computer In the Control Center click Boot Control then User Management WinMagic Inc SecureDoc Enterprise User Manual Using SecureDoc y Managing Users 3 User Management wA Administrators and Users with keys on this system User User Name pa Add Us 2 william Delete User Lock Unlock Users User Information User Name User Number Change Password Change Self Help Answers Export key file Changing a User s Key File Password You can change the password of the key file of any user select it in the User Management screen and click Change Password then follow the instructions in Changing a Key File Password on page 34 Changing a User s Self Help Password Recovery Answers You can change the self help password recovery answers if any for any user select it in the User Management screen and click Change Self Help Answers then follow the instructions in Changing Your Self Help Answers on page 35 Adding Users to This Computer 1 Toaddauser existing key file in the User Management screen click Add User 2 Click and navigate to the user s key file Optionally click Get User Information 3 Click Add Deleting Users From This Computer 1 Toremove auser existing key file select it in the User Management screen and click Delete User 2 User information appears to
59. hoose it from the list Controlling Use of USB Devices on Computer You can choose to block all but specific authorized USB devices from being used with your computer This feature is required for USB storage devices attached to ports if you enable Port Control such devices are locked by default until they are authorized through Port Control Note If you are using a token based key file and want to use the Port Control feature you must add your token to the list of authorized devices 1 From the Control Center click Tools then Port Control WinMagic Inc SecureDoc Enterprise User Manual Using SecureDoc NS a N Controlling Use of USB Devices on Computer 2 Click Install necessary only the first time you use this feature You are prompted to reboot 3 After rebooting return to the Port Control screen and click Manage A new screen appears Port Control Enable Disable Port Control Enable Port Control Disable Port Control WARNING If using a token based key file ensure the token is added to the list of authorized devices so the token based key file will continue to function properly Authorized Devices Description VendorID ProductID Serial Number Human interface devices Mice Keyboard 4 Ifnecessary click Enable Port Control 5 Click Add 6 You are prompted to choose an authorization method Port Control Select to authorize a device class device model or distinc
60. ice It will unlock automatically Removing Device from SecureDoc Management 1 Before you begin be sure you know the password associated with the key file controlling the device This may either be the password given when the key was created or the password as changed following the procedure above 2 Open the Encryption Management screen in the Control Center click Drive Encryption then Encryption Management WinMagic Inc SecureDoc Enterprise User Manual For Users of BlackArmor Devices Removing Device from SecureDoc Management 3 Insert the BlackArmor device Select the device 5 From the Action list choose Remove BlackArmor device from SecureDoc management and click Start 6 Aconfirmation message appears WinMagic Inc SecureDoc Enterprise User Manual Chapter9 SecureDoc OSA Users Installing SecureDoc 1 Boot the SED device from USB or from the PXE server check with your administrator for which to use The SecureDoc Install Uninstall screen opens showing the available menu of options SecureDoc Install Uninstall SecureDoc Uninstall Hardware encrypted drive status Linux command Line Shutdown About Network Status Ready Note SecureDoc OSA supports English only 2 Wait for the Network Status at the bottom of the screen to read Ready 3 Click SecureDoc Install SecureDoc OSA will try to copy the configuration files locally If copying fails you can try this process
61. ill be prompted depending on how this function has been set up You may be e able to remove the media before encryption occurs e prompted to enter the password for the key used to encrypt the media e prompted to enter a password that will allow the encrypted media to be accessed on a machine without SecureDoc If removable media is not set to encrypt automatically you can encrypt or decrypt it from either the Control Center or Windows Explorer CD DVDs will be encrypted at the same time they are burned Working with Removable Media FDE Using Control Center 1 Insert the removable media into your computer 2 Logon tothe Control Center using a key file containing the key you want to use to encrypt the removable media 3 Inthe Control Center click Drive Encryption then Encryption Management Select the box for the removable media WinMagic Inc SecureDoc Enterprise User Manual PN Working with Removable Media 4 Working with Removable Media FDE 222 5 Choose the Encrypt Operation 6 Choose a Conversion Mode mode see Introduction to SecureDoc on page 8 7 Choose the Encryption Key to be used one of the keys in the key file to which you are logged in Note Ifencryption of the removable media is interrupted and the media is accessible via password the password will not be applied although it can use the Encryption Management feature of the Control Center to apply a password to the encrypted media later Working
62. inMagic Inc SecureDoc Enterprise User Manual VN Using SecureDoc Creating Key Files J 4 From the Object Label list choose the key from the token that you want to use for encryption Click Next and follow the steps as for password based key files in Password Based Key Files on page 14 Password Based Key Files 1 Ifyou choose Password based when you click Next you are prompted to enter the key file details Key file path User ID Password Re Enter Password Hint L Key file expires on 10 30 2012 with warning day s earlier Use self help password recovery 2 Click L and browse to the location where you want to create your key file entering a key file name 3 Entera User ID and password in both the Password and Re Enter Password fields to be used for accessing the key file The User ID is a maximum of 64 characters and not by default case sensitive The password should be a strong password that satisfies the password rules you established earlier 4 If your password rules included enabling the password hint enter a Hint that you can display if you forget your password Be sure the hint does not contain enough information for an illegitimate user to guess your password Click Password Rules and make sure that Disable password hint is cleared 5 Tohavethe key file expire by a certain date check the Key File Expires On option and choose the expiry date and the number of da
63. ion If your ActiveDirectory administrator has changed your password and provided you with a temporary one you will need to re establish the password synchronization between Windows and SecureDoc If you reboot your machine after receiving a temporary password 1 You will see the SecureDoc login again 2 Enter your original key file password the login will fail 3 Enter it again you will see the Windows Login including the Use cached Credentials option to be used if the computer is temporarily not on the network for Vista Win 7 4 Enter your temporary password and when prompted enter a new password 5 When you reboot again you will be able to access Windows without specifying a password If you simply lock after receiving a temporary password 1 Enter your temporary password in the Windows Login the login will fail and the computer will lock Switch users The SecureDoc Login screen appears as it did when you first booted an encrypted computer Enter your original key file password the login will fail Enter it again you will see the Windows Login and can proceed as normal UI AUN WinMagic Inc SecureDoc Enterprise User Manual Chapter3 Using SecureDoc Choosing a Language You can choose the language used for the SecureDoc interface right click on the SecureDoc icon in the system tray and choose SecureDoc Language Selection then choose the language to be used for the client interface Boot Logon or both
64. ization done only if the name of your Windows account is the same as your SecureDoc account name name of the key file you use to access your encrypted computer 4 Click OK Customizing Boot Logon Making Usernames Case Sensitive By default the username you enter at Boot Logon is not case sensitive If you want to make it case sensitive 1 Inthe Control Centre click Boot Control then Advanced Settings 2 Onthe General Settings tab choose User ID is case sensitive 3 Click Apply The next time you reboot the username will require you to enter it considering the case Choosing V5 or V4 Loader SecureDoc includes two Boot Logon versions By default SecureDoc is configured to use the V5 loader and if it fails use the V4 loader as fallback If you consistently find the V4 version is needed for your computer this is rare you can set SecureDoc to use the older V4 version of Boot Logon all the time WinMagic Inc SecureDoc Enterprise User Manual 6 3 Using SecureDoc YA Using UEFI Driver Hook Jo Note Consult with your administrator before choosing to use the V4 boot loader It does not support all Enterprise features 1 Inthe Control Centre click Boot Control then Advanced Settings 2 Onthe General Settings tab choose Use V4 Boot Loader only 3 Click Apply The next time you reboot the V4 Boot Logon will be used This function is also available from the Boot Logon Configuration screen at Boot Logon press
65. key file input 3 Click Apply The next time you reboot the masking will be used Boot Text and Color Boot text and color options control the way Boot Logon appears These options enable you to customize Boot Logon to reflect your personal preferences If you plan to use a customized background the graphic file needs to meet these requirements e 24 bit bitmap bmp format e 1024 x 768 pixels e when zipped SecureDoc zips the file for you no larger than 0 5MB you will be warned if your file exceeds this size Only computers with a high resolution monitor the most common type will display the customized logo other monitors will shown the default Boot Logon display 1 Inthe navigation pane click Boot Control then Boot Text and Color WinMagic Inc SecureDoc Enterprise User Manual Using SecureDoc Coal Converting a Key File to TPM Protection Customize Boot Logon V Update boot screen background image when updating Boot Logon Text Color Black a Import Customized Background Customized backgrounds and text colors will apply to computers that support high resolution at boot time Choose a text color The results are previewed Optionally click Import Customized Background and browse to the location of a graphic file to use as the background for the Boot Logon screen See file requirements above Check Update boot screen background image when updating Boot Logon the new background will appear at the
66. king with Removable Media Viewing the Removable Media Log a 14 SecureDoc Encrypted USB Drive Viewer Container File Help Decrypt to Delete Date modified 2 png 31 10 2012 7 30 AM 3 png 31 10 2012 7 31 AM 4 png 31 10 2012 7 31 AM e Toadda file to the container click Add e Toopen a file select it and click Open Any changes you make to the file are saved back to the encrypted container e Todecrypt a file select it and click Decrypt to then choose the destination for the decrypted file Removing a Container Note Be sure to back up any data from the encrypted container that you want to retain Once you remove an encrypted container all data in that container is lost and cannot be recovered 1 Browse the removable media to locate the folder SSDCE If you cannot see it set your folder options to show hidden files folders and drives 2 Delete the folder All data in the container will be lost Viewing the Removable Media Log If the RME audit log is enabled this log file tracks removable media functions for removable media under full disk encryption container encryption and or for removable media under file and folder encryption The log shows the user who performed the operation the operation type create delete write rename and other useful information To view the log open the USBLogTxt txt file located in the SecureDoc installation folder WinMagic Inc SecureDoc Enterprise User Manual
67. ld 3 Set the minimum number of questions a user must answer for self help password recovery in the For self help password recovery field Other Options 1 Set the Maximum number of passwords to be saved in the key file s password history New passwords are checked against the key history file to prevent any duplicates from being created For example if you set the history to 5 any new password cannot have been used in the past 5 times the password was changed 2 Ifyou are using token based key files enter a value in the After a token based key file s password field When doing password recovery on a token based key file a password based key file is created and used in place of the token based key file This option determines how long the user can use the password determined by this process before having to run password recovery again or switch to using a token Note The password for the actual token can only be changed after the token is authenticated and only if the token vendor supports this functionality Password rule settings apply to all key files created after the settings have been modified WinMagic Inc SecureDoc Enterprise User Manual Appendix Appendix B Protection Methods Method Method 1 Use Token RSA Keys Method 2 Token contains PIN Method 3 Use Certificate on token Method 4 Use Certificate on file Method 5 Use Symmetric Keys WinMagic Inc Description SecureDoc uses the
68. mport the removable media key from your key file into the other key files Alternatively you could have different key files for different purposes logging onto each key file as needed More About Key Files Key files have a DBK extension juser dbk sdadmin dbk etc and are protected by a password or token You can store key files in a variety of locations such as your computer s hard disk removable media or a token As long as your removable media is kept in a secure location storing key files on removable media provides more security than storing them on the hard disk With key files on removable media a hacker who has access to a computer does not have access to the keys used to encrypt it Their only option is to attack and break the encryption algorithm a nearly impossible task Key files are themselves encrypted Key files can be further protected with a certificate or protection key stored on a token or smart card About the Encryption Decryption Process During encryption data is read encrypted then written back on the same sector Once this process is complete any data read is automatically and transparently decrypted and any data written is automatically and transparently encrypted Note Initial encryption is called conversion Once a file is accessed it is decrypted in memory If this file is saved elsewhere other than the encrypted area it remains in plain text For example if you open a file on your encr
69. next Boot Logon Changing Maximum Number of Failed Logins By default SecureDoc sets a maximum of 15 failed logins to Boot Logon After that maximum number is reached the key file is automatically locked regardless of its permissions An administrator key or password recovery needs to be used to unlock the device Any time a successful login of another key file takes place the locked key file will be unlocked and the count begins again If you want to change the default number 1 From the Control Center click Boot Control then Advanced Settings 2 Change the value of Maximum number of failed logins 3 Click OK Use of Token If your key file is on a token you can have Boot Logon look on the token rather than the hard disk Optionally you can have Boot Logon remember the key file on the token last used 1 From the Control Center click Options then General 2 Check Default to use Key file Token at boot logon 3 Optionally check If using Key file Token option remember key file to be used next time 4 Click OK Converting a Key File to TPM Protection 1 From the Control Center click Options then General WinMagic Inc SecureDoc Enterprise User Manual Using SecureDoc 4 Hiding SecureDoc Icon from System Tray J 2 Check the Use TPM chip if available option 3 Reboot your computer and log in as usual to Boot Logon 4 When you log on to Windows you will see a message indicating your key file h
70. no default key client s own key will be used Method to use Full media FFE Container Based 9 Encrypt immediately Encrypt after 10 second s L Enable RME audit log L Allow user to change the default media encryption settings L Encrypted media can be accessed with a password CD DVD Encryption Settings L Enable CD DVD encryption E Allow user to change the default CD DVD encryption settings Encrypted CD DVD can be accessed with a password 2 To automatically encrypt removable media with the key you are logged on to when the media is inserted check the Automatically encrypt option This option is required for container encryption 3 Choose the type of encryption you want to use note that FFE encryption is not available If you choose Container based specify the percentage of available free space on the removable media that the container is to use Note that even with a setting of 100 there will be space available for the media viewer that allows the encrypted media to be accessed on a machine without SecureDoc installed 4 To enable the removable media audit log check Enable RME audit log The log is stored locally as USBLogTxt txt under the SecureDoc installation folder 5 To be able to override these settings for individual pieces of media check Allow user to change the default media encryption settings Optionally check Encrypted media can be accessed with a password you can override this setting
71. of Key Manager to generate delete and import keys and to make Modify Key key file backups Automatically enables the Export and View Key privilege Use of Key Manager to work with encryption keys copy a key file to a Export and View Key floppy disk and to export keys to other key files Automatically enables the Modify Key privilege kapang the SecureDoc audit log see Viewing the Audit Log on Use of Control Center to set up disk access profiles which control or monitor read write access to both encrypted and non encrypted disks See Controlling Access to Computer Disks on page 25 Automatically enables the Select Profile privilege Modify Profile Application of disk access profile See Controlling Access to Computer select Profile Disks on page 25 Automatically enables the Modify Profile privilege Ability to decrypt encrypt removable media SeeYWorking with Removable Media on page 42 Users must also be granted administrative rights in Windows Convert Removable Media Enables administrative user to use the Control Center to decrypt encrypt hard disks Users must also be granted administrative rights in Windows Automatically enables the Disk Integrity Check and Create Emergency Disks privileges Convert Hard Disk Continued use of SecureDoc if the disk integrity check fails The Disk Disk Integrity Check integrity check process checks the computer s boot files to make sure they have not b
72. of the Rijndael AES algorithm This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit http www OpenSSL org WinMagic would like to thank these developers for their software contributions Contacting WinMagic WinMagic 5600A Cancross Court Mississauga Ontario L5R 3E9 toll free 1 888 879 5879 phone 905 502 7000 fax 905 502 7001 Sales sales winmagic com Marketing marketing winmagic com Human Resources hr winmagic com Technical Support support winmagic com For information info winmagic com For billing inquiries finance winmagic com Who Should Read this Document This document explains how to use SecureDoc in an enterprise environment and is intended for either end users or administrators It describes features available in all SecureDoc editions with edition specific features clearly labelled Note that some features may not be available in some environments or to some users This document assumes a basic working knowledge of Windows based computer systems It explains only SecureDoc specific procedures you may also need to consult separate documentation such as that provided by a token manufacturer WinMagic Inc SecureDoc Enterprise User Manual Introduction to SecureDoc u ee ee ee eens 8 About SecureDoc ooo aoaaa aaao aoaaa cee cccceceeceeceececteeeeteeeeeteeeeeteceeereetetteeeetesees 8 About Boot Logon 2 22 22 cece cece cc cc
73. on the Media Encryption Settings screen see Configuring Removable Media Encryption Settings on page 43 if necessary 6 To enable encryption of CDs DVDs check Enable CD DVD encryption and Allow user to change the default CD DVD encryption settings Optionally check Encrypted CD DVD can be accessed with a password you can override this setting on the Media Encryption Settings screen see Configuring Removable Media Encryption Settings on page 43 if necessary 7 Click OK Configuring Removable Media Encryption Settings Use this function to control encryption of specific removable media and or CD DVD This function is available only once you have enabled it see Setting Removable Media Options on page 42 and provides a way of temporarily overriding the general removable media settings Log on to Control Center with the key file containing the key to be used for removable media Removable Media Encryption Settings 1 Inthe Control Center click Drive Encryption then Media Encryption Settings You see a new screen WinMagic Inc SecureDoc Enterprise User Manual gps Working with Removable Media 4 Configuring Removable Media Encryption Settings 22 Removable Media Encryption Settings CD DVD Encryption Settings Removable Media Settings _ Encrypted media can be accessed with a password Default Media Encryption Key Slot 81 AES key v Conversion Mode Standard encrypts only used disk space Fas
74. ot Authentication Whether or not you see Boot Logon as well as your normal Windows logon depends on how SecureDoc has been configured You can choose the language used for Boot Logon right click on the SecureDoc icon in the system tray and choose SecureDoc Language Selection then choose the language to be used for the client interface Boot Logon or both SecureDoc s Encryption Features In addition to allowing you to encrypt your fixed disk you can use SecureDoc to encrypt e removable media USB CD DVD encrypted either automatically or manually for individual or shared use see Working with Removable Media on page 42 e individual files and folders locally on a network or on a USB device using File and Folder Encryption see Using File and Folder Encryption on page 50 SecureDoc performs full disk encryption for fixed and removable media This provides the most secure and comprehensive protection for data However file and folder encryption has a useful role to play in a comprehensive strategy for data at rest encryption It is effective in protecting data files in transit securing information sharing and defending against internal threats By shielding data files in transit file transfers e mail attachments etc File and Folder Encryption provides a strong complement to full disk encryption particularly when the functions are integrated under a single management scheme About the SecureDoc Interface
75. ot requiring the decryption of sectors that do not contain live data Accessing Encrypted Removable Media You must have SecureDoc or the free WinMagic MediaViewer application installed to work with encrypted removable media When you insert the encrypted removable media in your computer you may be prompted for the password of the key used to encrypt it If the encryption was done using PKI and you have the appropriate public certificate you will not be prompted for a password Working with Removable Media Container Encryption If Automatic Encryption is Enabled If automatic encryption for container is enabled this may have been set up by your administrator when you insert removable media you will be prompted for a password that will allow access to the container from a machine that does not have SD If a key has not already been associated with the container you will also be prompted to choose a key Creating the Container When removable media container encryption is enabled the first time you insert removable media in your computer you will be prompted to create a container WinMagic Inc SecureDoc Enterprise User Manual Working with Removable Media fh Working with Removable Media Container Encryption 22 ts Protect your USB drive as Create protection password Password Confirm password Select protection key AES key 1 Enter a password used to access the contents of the containe
76. pport Right click on the collectClientSupportiInfo bat file Select Run as administrator A file called lt name gt wmSupportFile zip file is created at desktop The lt name gt is a placeholder for the name of the current user so this will be replaced with e g johndoe_wmSupportFile zip WinMagic Inc SecureDoc Enterprise User Manual Maintenance Troubleshooting Nf Viewing the Audit Log EM G T da Program Files WinMagic SecureDec NT gt Support We Fortes BO Desktop F y colectChentSuppoctinio 3 Downloads npFies sa Recent places e Hemegreup A Tha PC Siy Network Viewing the Audit Log The audit log records actions done in the Control Center including logging in installation and encryption tasks 1 Inthe Control Center click General then Audit Log 2 View the log You can sort the information by clicking on the column heading 3 To export the audit log s contents click Export Audit File and choose the location of the exported log Viewing Encryption Status Use this function to get a quick view of all the drives fixed and removable you have access to their encryption status and whether or not they have Boot Logon installed You may also be able to use this function to encrypt or decrypt a fixed drive or removable media or to re encrypt a fixed disk Encrypting a fixed disk that is already encrypted does not encrypt the disk twice but decrypts it and then re encrypts it with the new key
77. pted by users This is an important safety precaution in case a user leaves the company without decrypting information or without leaving their encryption keys and passwords behind Note You can lock specific users even if they have a valid key see Creating Backup Key File on page 21 WinMagic Inc SecureDoc Enterprise User Manual N Introduction toSecureDoc X About Recovery Media AZ About Recovery Media If anything happens to the computer s master boot record MBR and the Boot Logon screen is missing the computer could be left inaccessible Recovery media has been created for you Recovery media is specific to the individual computer do not use recovery media unless you are sure it was created on your computer Note Because recovery media requires no password or token to access it it presents a large security risk Keep recovery media in a secure location at all times Keep your recovery media updated or you could encounter problems with restoring data SecureDoc prompts you to create recovery media every time the SecureDoc space is modified such as when Boot Logon is updated You can create recovery media any time from the Control Center Note Special recovery media is needed for self encrypting drives SEDs see Recovery Media for Self Encrypting Drives SEDs on page 36 About Password Recovery SecureDoc provides several mechanisms for allowing you to recover a lost password e A password hint can
78. r for troubleshooting purposes Connecting Wirelessly You may be able to connect to the SecureDoc Enterprise Server to authenticate following these steps This feature is not available for Windows 8 A 1 At the Boot Logon screen click the wireless icon A new screen opens 2 Ifyou have connected wirelessly before you will see your previous choices select the appropriate choice and click Connect then click Back to return to the Boot Logon screen so you can enter your username password If this is your first time connecting wirelessly or if previous wireless settings are not appropriate follow the steps below 3 Choose your Wireless Adapter Type then click Scan to scan for available wireless networks Information about the found networks appears on the screen 4 When you see your wireless network select it and if necessary click Settings to make any changes to your network settings 5 Click Connect to connect to your wireless network A new screen opens 6 Enter your wireless access Password and click Save Once you are connected you should see a prompt telling you that you are connected Click Return to go back to the SecureDoc Boot Logon screen Enter your username password and press Enter or click Login If the username password matches the one stored in the SES database your computer continues to load Windows If you enter an inaccurate password you may see a password hint If you forgot your password click Forgot Passwo
79. r from a computer that does not have SecureDoc installed Note that the password you set must follow password rules 2 Choose a key used to access the contents of the container from a computer that has SecureDoc installed 3 Click OK Encryption of the container begins a progress bar is shown 5 The container is automatically mounted and shown as a separate drive in Windows Explorer 4 Hard Disk Drives 1 Local Disk C adn 95 1 GB free of 111 GB 4 Devices with Removable Storage 2 Removable Disk D SD USB E o gt MP 151 MB free of 476 MB mY 176 MB free of 176 MB Mounting and Unmounting Container Right click on a container and choose Un mount The container is closed and only the unencrypted portion of the USB is listed in Windows Explorer To mount it again right click and choose Mount encrypted container Decrypting Contents of Container Move or copy files out of the container Accessing Container Contents On a computer with SecureDoc installed simply insert the USB key If you are not logged on to a key file containing the key used to encrypt the container you are prompted for that key On a computer without SecureDoc installed on it locate and run the RMCE Viewer exe this was automatically created on the unencrypted portion of the USB when the container was created The container contents are shown in the viewer window WinMagic Inc SecureDoc Enterprise User Manual Wor
80. rd and follow the appropriate password recovery steps Logging On If desired choose the language of the SecureDoc interface from the list Enter the userID and password provided to you and press ENTER or click Login The userID is not case sensitive Depending on configuration you may be able to press ENTER in the UserID field to use a default userID If the key needed to access the protected computer is stored on removable media or in a different key file enter the full path to the key file s location removable media will need to be inserted as well as the key file WinMagic Inc SecureDoc Enterprise User Manual G Accessing an SD Protected Computer YA Accessing Administrative Functions KET name username If you protected your key file with a token or Smart Card or if the key file is stored on a token you are prompted to insert the token or Smart Card Note The key file user ID name must be in DOS format 8 3 If your key file is on a USB drive be sure that the device is detected in DOS If login is successful your computer continues to load Windows If you enter an inaccurate password you may see a password hint If you forgot your password click Forgot Password and follow the appropriate password recovery steps Note The icon indicates your connection status to the network a red dot indicates you are not connected a green dot indicates a connection exists Accessing Administrative Functions Press
81. rd if any assigned to the device with one associated with a digital key You can choose to manage BlackArmor devices either automatically or manually e Automatic management protects the device with the key you are currently logged on to SecureDoc with or in an SES environment the personal key assigned to you If you are not using Boot Logon you must create a key for these purposes and log in to it for automatic management to work e Manual management protects the device with the key of your choice The most typical reason for manually managing a device is to share it with others You may want to create a shared or group key and use it for such purposes Automatic Management 1 Insert the BlackArmor device in the computer A new screen appears SecureDoc BlackArmor Managment BlackArmor SN 2HC029T1 x This BlackArmor device is currently not managed by SecureDoc Encryption Management Do you wish to manage access to this device through SecureDoc 2 Click OK Anew screen appears SecureDoc BlackArmor Setup SN 2HCO29TL r SecureDoc Management for BlackArmor To manage access to this BlackArmor device through SecureDoc provide the MSID and the password Aa MT masama Enter the 25 character identification code Paro MSID printed on the BlackArmor drive label Enter BlackArmor password 3 Enter the MSID located on the back of the BlackArmor device 4 Ifthe device is in the manufactured state no password has
82. rds that may be easily guessed by someone familiar with that person s patterns or may write down or share their password Setting password expiry options diminishes these risks WinMagic Inc SecureDoc Enterprise User Manual Appendix A Password Rules 4 Password Rules Screen 1 Ifyou are acting as administrator to several users of this computer to require users to change their password when they first log on to SecureDoc check the Change initial password option Note that users must have the Modify Password privilege to do this 2 Toset a minimum number of days for which a password must be kept enter a value in the Password must be retained for field You will be prompted for a new password after that number of days Alternatively set Password will expire in and indicate the number of warning days You will be prompted for a new password after that number of days If you also check the Enforce password expiry option however the key file will permanently expire when its password expires Uses will need access to a different key file containing the appropriate encryption key to access media encrypted using the expired key file use with caution in a single user environment Password Recovery Options 1 To prevent password hints from being available check the Disable Password Hint option 2 Set the minimum total length of characters used in answers to self help authentication questions in the For self help password recovery fie
83. re immediately required to assign a new password and password hint Challenge Response Password Recovery 1 Contact your SES administrator and answer the password recovery questions they ask you 2 Reboot enter your user ID then click Forgot Password and Challenge Response 3 Anew screen opens 4 Read your administrator the challenge text you see The administrator will read you a response number 5 Enter the response number in the Response field and click Login If the response number is entered correctly your computer continues to boot 6 Once the operating system loads you are prompted to change your password Using Rescue and Recovery Lenovo Devices If you use this utility to create a custom disk image that includes a service partition that service partition must be at least twice as large as the required contents to allow Rescue and Recovery to back up the partition If there is not enough space available in the service partition the Rescue and Recovery backup process will warn you that the available disk space is insufficient for the backup If this happens accept the warning all partitions will be successfully backed up except the service partition Changing a Key File Password This function applies only to key files to which you are logged on WinMagic Inc SecureDoc Enterprise User Manual 4 AI In the Control Center click General then Start Page then available only when Boot Logon has been installed
84. t device ce Authorize a device dass e g Printers storage _ Authorize a device model e g Kingston DataTraveler 2 0 D Authorize a specific device e g Kingston DataTraveler 2 0 with serial number 1234 WinMagic Inc SecureDoc Enterprise User Manual on Using SecureDoc 4 Trust Control BEST If you choose this authorization When you click Next you need to Choose a class of devices e g modems Note that if you device class then also authorize specific devices those devices must be of an authorized class in order to be accessible Choose from the list of currently and or previously connected devices to authorize Authorization is based on device model the device s vendor ID and product ID Note that more than one device could have the same IDs as the one you are intending to authorize Choose from the list of currently and or previously connected devices to authorize Authorization is based on the device s vendor ID product ID and serial number This uniquely identifies the device specific device 7 Each authorized item is listed on the Port Control screen You can remove an authorized device if necessary select it and click Remove 8 When Port Control has been configured to your satisfaction click Apply You can disable and or uninstall Port Control if necessary Trust Control If using Disk Access Control you can prevent the use of all but specific SEDs on your computer 1 From th
85. ted SFcureDoe Client See Control Center Control Center self help password Function that enables users to recover without administrator help recovery from a lost password or token A password that is difficult for a person or program to guess Passwords are made strong by being long no shorter than eight characters and including a mixture of alphabetic and numeric strong password characters mixing cases as desired It is important to not have a password that corresponds to a recognizable word or phrase particularly a user s name or login ID The password also should be able to be remembered by the user to avoid writing passwords down token In security terms a physical device such as a smart card Remove the encryption key from an encrypted device rendering it zeroize F a w inaccessible Aka Crypto erase Password Recovery WinMagic Inc SecureDoc Enterprise User Manual Appendix Index accessing wirelessly 11 automatic encryption removable media container 47 removable media FDE 45 background for Boot Logon 31 backup key file about 10 basics SecureDoc 8 BlackArmor devices 53 blocking access to USB drive 25 Boot Logon 11 customized background 31 customized logo for 30 UEFI driver hook 30 updating 32 CD DVD encryption settings 44 container creating 47 decrypting 48 mounting and unmounting 48 removing 49 conversion 9 convert privilege 15 Crypto erase computer 37 cryto erase SED 37
86. wing the Audit Log 39 Viewing Encryption Status 2 0 22 2 20 220 c20ccecc cece cece cece cece 00000000L LL00 000002022222 39 Decrypting Encrypting ALL Disks 2 2 2 2 200 cece ccecceccccccececeeecececececetececeteeeetssees 40 Deleting Temporary Files PH1 PH2 2 2 2 2 220 0220 cece cece cece cece cee ceecccecceeeceeseeeeeeeee 40 Getting More Information about SecureDoc Control Centre 40 Removing SecureDoc From Your System a 41 Working with Removable Media 0 0 0 0 0 2 c ll cececececcccccececececeececeseseees 42 About Encrypting Decrypting Removable Media 222220 000 0 0 0 0 nonno nnononno011111221211 42 Setting Removable Media Options mmama mamaaa 42 Configuring Removable Media Encryption Settings 43 Removable Media Encryption Settings 43 CD DVD Encryption Settings 22 22 2 0 22 2 2002 ccc ccc cece cece cece cee ce cece eeeeeceeesseeeeeeseees 44 WinMagic Inc SecureDoc Enterprise User Manual I Working with Removable Media FDE 2 00 0 2 0 0 meme mmmmmm meme aaa 45 If Automatic Encryption is Enabled 222222222222200222222 45 Working with Removable Media FDE Using Control Center 45 Working with Removable Media FDE From Windows Explorer 46 Decrypting Removable Media
87. you know the answers NOTE Answers to these questions are CASE SENSITIVE and must e be entered in the same case as entered here Questions Question Answer 1 What is your favorite musical gro The Beats 2 What is your favorite dessert Ice Cream 3 What is was your pet s name 4 Who was your childhood hero Superman 5 What is your favorite motion pict f To ensure that these questions and their answers are linked to your profile please authenticate yourself by entering your UserID and Password below M UserID self help Password 4 Enter the UserID and password for the key file WinMagic Inc SecureDoc Enterprise User Manual EN Maintenance Troubleshooting YA Working with Recovery Media J 5 The answers you gave at installation are displayed Click in the answer field and enter a new answer Keep in mind that answers are case sensitive when recovering your password you will need to enter answers exactly as entered here 6 Click OK Working with Recovery Media Creating Recovery Media A 1 In Control Center click General then Start Page then available only once Boot Logon has been installed or In Control Centre click Drive Encryption then Create Recovery Media 2 You are prompted to specify the path where the recovery media will be created Using Recovery Media WinMagic has never experienced a case when recovery media was needed probably because hard disks are v
88. ypted hard drive and save it to an unencrypted network folder the network version is not encrypted Password Rules Password rules can be used to ensure that passwords are secure for example are made up of a mixture of numbers and letters are changed regularly Password rules apply to a specific key file For more about passwords see See Appendix A Password Rules on page 59 Key File Privileges Key files are associated with specific privileges that determine what the user of that key file can and cannot do Privileges fall into two basic categories user and administrator admin SecureDoc features are available only to someone who logged on to the computer using a key file that has administrator privileges Key files created through the Key File Wizard are admin key files If your computer was encrypted by someone else you may have a user key file which enables you to read and write to encrypted disks and change the password of your key file but nothing else Note Users who log in with a user key file can create new key files for their personal use and have all administrator privileges for those key files However these key files do not contain the key used to encrypt the hard disk and so can be used only for removable media Administrator key files may contain the encryption keys for multiple users such as those in a department or division This ensures that administrators on behalf of the enterprise can always access data encry
89. ypted location becomes decrypted Note The above rules do not apply if the movement is within the same partition If a file or folder is moved from one part of a partition to another part of the same partition the file s encryption status will not change Encrypting Folders 1 Right click on the SecureDoc icon in the Windows task bar and choose SecureDoc Folder Encryption WinMagic Inc SecureDoc Enterprise User Manual Using File and Folder Encryption 4 Decrypting Folders N 9 SecureDoc FFE Add About Status a C FFE Test key Not encrypted 2 A list of folders that are currently protected is shown For Enterprise users these may have been configured by your administrator 3 Click Add and navigate to the folder you want to encrypt choosing the key to be used Edit Folder Configuration 4 To have the change take effect reboot Note The SecureDoc Folder Encryption screen shows the status of the folder encryption encrypted encrypting or unknown reboot has not been done Decrypting Folders Before you remove encryption from a folder it is advisable to move the files in it to a new unencrypted folder To remove encryption from the folder select it and click Remove then reboot WinMagic Inc SecureDoc Enterprise User Manual Chapter 7 Advanced Functions This chapter lists features that are to be used only under specific circumstances Options for Use
90. ys prior to that date that a warning will appear when that key file is used 6 To use self help password recovery for a forgotten password first click Password Rules again and choose how many questions should be answered and the minimum total length of the answers Then check the Use self help password recovery option you are prompted to acknowledge the need to enter self help answers Click OK and answer the appropriate number of questions 7 Click Next WinMagic Inc SecureDoc Enterprise User Manual N Using SecureDoc YA Creating Key Files BEE Key file Privileges Admin Rights Details V Modify Password v Modify Profile v Convert Removable Media V Modify Key v Select Profile v Convert Hard Disk v Export and View Key v Disk Integrity Check V View Transition Log V Create Emergency Disk Info The options above define the permissions available to the user through the key file being created Clicking the User radio button will set the minimum or typical permissions suitable for the average user Clicking the Administrator radio button will set ALL the permission checkboxes to a checked or enabled state 8 You are prompted to choose whether the key file should have user or administrator rights and the specific rights for the key file Privilege Key File Allows Modify Password Use of SecureDoc to change the key file password User key files have only this privilege Use
Download Pdf Manuals
Related Search