Decrypt HP Client Security / HP Drive Encryption - or clone encrypted drive...

Similar Messages

• File Encryption with Client Security Solution

  Hello,
  We've been using ThinkVntage Client Security Solution for file encryption for a while now.  I'm setting up some new laptops running Client Security Soliution 8.2 and I can't seem to find the option for data protection/file encryption.  I checked a ocuple of users that are using file encryption and they were running Client Security Solution 7.x.  Did they remove this feature from 8.x?  

  Unless the latest edition was released before my previous post then your statement is incorrect.  My computer was using the latest edition because I downloaded it form your site only a few days before the post.  Since my initial post I have had to replace my laptop and Lenovo, unfortuantely, treats Canadians like **bleep** step children so I had to buy an HP.  If you can pass on a message, Lenovo lost the sale of a very high end system a few days ago becuase of a corporate choice to only sell a stripped down selection of computers to Canadians.  You have a good 5 years or so now to think on that and come up with a better solution than cripling your Canadian resellers.

• Can't uninstall HP Client security in order to upgrade from Windows 8.1 to Windows 10

  I have HP Probook 450 G2 and my Computer wants to upgrade from Windows 8.1 to Windows 10. But when it begins the upgrade process, I get the message, that 'HP Client Security manager' isn't compatible with Windows 10 and that it must be uninstalled. In order to uninstall it, I first must uninstall HP drive encryption. But to uninstall 'HP drive encryption' all partitions must be decrypted. I have two partition encrypted. hp drive encryption successfully decyrpted C partition with windows, but it can't decrypt H: partition (it has 60 GB data from my dropbox account). In Drive security it says H partition it's decyrpting, but there are no %. Only gray bar. It's been so for 5 days now. I tried to encrypt the H partition again and it did it in 1 second. After the reboot there was a sign Encrypted next to the partition lettter. I than again tried to decrypt H partition and it again won't do it. There' s only a gray bar without % and a sentence that partition is beeing decrypted next to the drive letter. I must decrypt this partition in order to uninstall 'HP drive encryption'. 'HP drive encryption' must be uninstaled in order to uninstall 'HP Client Securtiy Manager'. 'HP Client Securtiy Manager' must be uninstalled in order to upgrade from Windows 8.1 to Windows 10.

  Actually it's H partition that hp drive encryption is decrypting 5 days now (without % sign). I have only my dropbox data there.  I could format that partition and downlad the data from dropbox again (it would take 1 day to download 60 GB of the data again from dropbox). D partition is HP recovery partition but I don't have any problems with it yet (i made a letter mistake in first post). I also made HP recovery media on USB stick. Will hp drive encryption automaticaly update the status of H partition from 'Decrypting' to 'decyrpted', if I format the H: partition? Will drive encyrption login window (WinMagic’s Pre-boot UEFI) (before the windows login) automatically be removed, if I format the H: partition? Will FilterBootOrder (FBO) variable automatically be removed, if I format the H: partition?I imagine this is automaticaly done via decrytion of all partitions/disk in HP client security (which doesn't work correct at my computer). Maybe afterwards the H: partition is formated and HP drive encryption status updated, I can then uninstall hp drive encryption and hp client security and install win10. This is another option.

• How do I launch and Reset Client Security Solution?

  W510, Windows 7 Professional, 64 bit, and I like using the Password Manager feature with fingerprint security.  During a recent printer installation I had to set-up a Windows Password (I never had one before). Now upon logging in, Client Security Solution continually provides error message ("Your windows password was changed recently. Please enter your Windows password to synchronize with Client Security Solution" - but it doesn't recognize anything I enter, including the current password. I can ignore the message but now I am locked out of some encrypted files.
  Lenovo Document ID#HT004617 correctly addresses this problem; but I'm stuck on their Solution Step #4 (Launch Client Security Solution) -  I'm supposed to launch the program, click advanced, and then select "Reset Security Settings."  Problem is there are over 4 dozen executable files in the (2) qty Client Security Solution sub-directories (c:/program Files (x86)/Lenovo/Client Security Solution and c:/Program Files/Lenovo/Client Security Solution) and I have yet to find one that properly launches the CSS program. (CSS is not available from the Lenovo ThinkVantage Tools menu). 
  How do I start CSS?  
  I keep machine up to date, ThinkVantage Fingerprint software #5.9.3, PW Manager version 3.20.0335.00. Machine is under warranty but Lenovo Support thus far unable to tell me what to do!
  I'm sure somebody here knows the right CSS file to run, and specific procedure to synchronize the Password, would sure appreciate some help on this, thank you!
  Solved!
  Go to Solution.

  Been away working, now back...
  It was an HP8500 Printer that started all of this.  I find it difficult to believe that a (simple?) printer install could do so much collateral damage...
  BACK TO MY ORIGINAL QUESTION - How do I reset CSS?  Per furnished Lenovo documentation, (found on the hard drive) CSS was never installed on Windows 7 machines (for some Lenovo reason).  I can export PWs to external drive but still have no idea how to launch the CSS files (of which several executable files came pre-loaded on my machine).
  As far as being locked out of files, Finale composition software now says (upon trying to open files) "You don't have permission to open this file. Contact the file owner or administrator to obtain permission.."
  Worst case, I can re-build my Finale composiitons, but I'm still annoyed with the Lenovo log-in screen constantly asking me to enter a password that I don't know!
  I am very dissapointed with purchased LENOVO WARRANTY SUPPORT - the people I've talked to have no idea about what I'm trying to explain to them.

• Unable to recognize integrated smartcard reader by Client Security Solution

  Hi, I have a W510 with an integrated smartcard reader. I tried to setup a new smart card, but at Client security solution ver. 8.30 over a windows 7  64 bits, is not recognized. Accessing the CSS software, I choose the Advance menu, an the option "Setup smartcard" always remains not highlighted, that means that the CSS software doesn't recognize the Smartcard/smartcard reader. The smart card reader driver is recognized by the system devices and it's installed well, the system said that is working correctly but I'm not able to access the "setup smartcard" option at CSS SW. I updated everything from Lenovo site and still doesn't work. Someone has any clue or idea about this? I'm trying to setup a Encryption Smart Card, I don't  have idea about what kind, but it's new from an Omnibook (a pack with 5 smartcards) and it comes label with "an imagineCard Solution" label. it has a round chip instead a square chip like the credit cards.
  I really appreciate all your advices about this.
  Ebert Toxqui
  For roadwarriors, no options... Only the best!
  *W520 Corei7, Win Pro 64 , 16 GB RAM, SSD 128 Gb, 500 Gb 2nd HDD, FHD, 2GB VRAM Nvidia
  *T61p 6459CTO T9300 2.5 GHz /Vista Ultimate 32bits, 4 GB KINGSTON RAM, 15.4" WUXGA w/Intel Turbo memory, NVIDIA Quadro FX 256 RAM
  160 gb HD, 9 cell battery
  *LENOVO T61 7662CTO T7300 2.0 GHz /Vista Ultimate 32bits, 3 GB KINGSTON RAM, 14.1" WXGA w/Intel Turbo memory, NVIDIA Quadro NVS 128 RAM,
  160 gb HD, 7 cell battery
  *Thinkpad T42 Pentium M 735 1.7 Ghz, 1GB RAM /Win XP SP2,ATI RADEON 7500 32 Mb, 15", WiFi,Bluetooth, 40 Gb HD

  Yes, CSS software has the option to setup a smart card (as is mentioned at CSS deployment guide from Lenovo for CSS 8.3), but the software doesn't recognized the smartcard once I plug into the Thinkpad. The main purpose  for the smart card will be authenticate the user using smartcard allowing to work when it's inserted and stop to work once it's retired from the laptop. The chip and all security options are enable using CSS.
  Please let me know how to solve this or give me the software/middleware to recognize the smart card for W510.
  Thnaks in advance.
  Ebert Toxqui
  For roadwarriors, no options... Only the best!
  *W520 Corei7, Win Pro 64 , 16 GB RAM, SSD 128 Gb, 500 Gb 2nd HDD, FHD, 2GB VRAM Nvidia
  *T61p 6459CTO T9300 2.5 GHz /Vista Ultimate 32bits, 4 GB KINGSTON RAM, 15.4" WUXGA w/Intel Turbo memory, NVIDIA Quadro FX 256 RAM
  160 gb HD, 9 cell battery
  *LENOVO T61 7662CTO T7300 2.0 GHz /Vista Ultimate 32bits, 3 GB KINGSTON RAM, 14.1" WXGA w/Intel Turbo memory, NVIDIA Quadro NVS 128 RAM,
  160 gb HD, 7 cell battery
  *Thinkpad T42 Pentium M 735 1.7 Ghz, 1GB RAM /Win XP SP2,ATI RADEON 7500 32 Mb, 15", WiFi,Bluetooth, 40 Gb HD

• Bit locker security issues (easy to crack) disk encryption?

  Bit locker security issues (easy to crack) disk encryption?
  Problem 1: When the PC run I think its too easy to get  malicious users (with usb pendrive) or spyware to get the encryption key (fast and easy)
  youtube.com/watch?v=0npTlOq6q_0
  Problem2:not resistant with bruteforce attacks
  youtube.com/watch?v=zvaJxnvbGic
  Problem 3: not resistant with boot hacking
  Im using DriveCrypt plus pack and searched security issues in bit locker.The bit locker allow you the bruteforce/dic attack easy.I think  It would be much safer 1. (I think the keys stored somewhere that is easily read) 2. Do not just be enough password
  need a password+file combination to decrypt the disk. DriveCrypt plus pack use a file+password combination if you know the password but you wont have the file you can not decrypt the disk (protect with bruteforce attack).On system boot protected bruteforce
  attak you can crash the (boot).If the boot system crash you can not decrypt the disk just the password you need the file+password combination plus to decrypt it. I am not a programmer but I see the BitLocker ( easy security catches to crack the disk encryption).Im
  tested DriveCrypt and I can not get the key that easy (Problem 1). I have not tested it in greater depth just trying to (catches to crack software encryption).

  Where is your question, sir?
  If the question were "is it easy to crack", the answer is "no". Your videos make use of several assumptions and ingredients and permissions that a normal attacker does not have.
  "Problem 3" is not clear, please describe what scenario you are talking about.

• BitLocker AutoUnlock second drive (after creating a new OS drive image and then encrypting)

  Hi
  Sorry, not sure which forum to put this question in, so I pick the Security.
  I have a question about the Bit Locker autounlock.
  I have been using BitLocker on Win7 and Win2008.  The autounlock has worked fine.  I have two separate disks (c:\ and e:\).  Using one USB I can unlock the c:\ and then it will auto unlock the second disk.  No problems.  
  However, I had to create a new OS image, and then re encrypt the c:\ (OS drive).  I used the same USB.  When the computer boots up, I can manually unlock the e:\, but it will not let me autounlock the e:\.  I keep getting the "element
  not found" message.
  Any help would be appreciative.
  Thanks

  Thank you for your reply...but that was not what I was looking for.
  I understand, and have setup, how to auto unlock the second drive.  My question is, does the second disk have to be present when the OS drive is encrypting?  Scenario:
  Set 1:
  Original OS Drive (OOD) - already encrypted
  Original Second Drive (OSD) - already encrypted and auto unlocked.
  Set 2:
  New OS Drive (NOD) - encrypted
  Original Second Drive (OSD) - encrypted previously and auto unlocked.
  Using Set 2, I have encrypted the NOD, and was able to auto unlock the OSD while it was present.  However, since I have multiple OSD's, I then inserted another OSD with the NOD.  I am able to unlock this drive, but not able to auto unlock it. 
  I get the dreaded "Element not Found" message.  I am assuming that when the OS drive is encrypting, it somehow attaches to the OSD....therefore it can auto unlock it.  If I add another OSD, it will not be able to auto unlock it.
  Hope this makes sense.  Thanks again.

• Encrypt a second hard drive with ecryptfs

  Hey folks,
  I already encrypted my home directory as describend in the wiki here: https://wiki.archlinux.org/index.php/EC … 8simple.29
  mount says
  /home/.ecryptfs/michael/.Private on /home/michael type ecryptfs (rw,nosuid,nodev,relatime,ecryptfs_fnek_sig=11111111111111111111,ecryptfs_sig=aaaaaaaaaaaaaaaa,ecryptfs_cipher=aes,ecryptfs_key_bytes=16,ecryptfs_unlink_sigs)
  MY GOAL IS: Encrypt a Folder "encrypted" on a second hard drive in my pc, that gets autodecrypted when i login with my login password on gdm. the partition on that hard drive is sdb1, just for future references
  Long story short: I tried several ways to adapt the encryption of the home folder to the folder on sdb1. the wiki did not help me much with this (encryption was working but nothing like automaticaly decrypt on logon or smthg(.
  then i found the ecryptfs readme file: http://ecryptfs.sourceforge.net/README and read the PAM MODULE section.
  it points that i had to add my passphrase for the encrypted folder in sdb1 to the session keyring using ecryptfs-manager.
  Then, log in as the regular
  user. Manually add your passphrase to the user session keyring via the
  ecryptfs-manager utility.
  i also added the line in my fstab:
  /run/media/michael/Seagate/.encrypted /run/media/michael/Seagate/encrypted ecryptfs user,noauto,rw,relatime,ecryptfs_sig=bbbbbbbbbbbbbbb,ecryptfs_cipher=aes,ecryptfs_key_bytes=16,ecryptfs_unlink_sigs
  after that, i could easily mount the folder through nautilus or with the `mount -i /run/media/michael/Seagate/encrypted` command.
  the bad thing is: after loging off and on again, the mount again didnt work until i added the passphrase for the sdb1 folder again to the ecryptfs-manager.
  Before adding the passphrase:
  michael@tyron ~ (@ ✹master)$ keyctl show
  Session Keyring
  18821945 --alswrv 1000 -1 keyring: _uid_ses.1000
  980991344 --alswrv 1000 -1 \_ keyring: _uid.1000
  809041303 --alswrv 1000 100 \_ user: aaaaaaaaaaaaaaa
  1033993612 --alswrv 1000 100 \_ user: ?????????????
  after adding the passphrase
  michael@tyron ~ (@ ✹master)$ keyctl show
  Session Keyring
  18821945 --alswrv 1000 -1 keyring: _uid_ses.1000
  980991344 --alswrv 1000 -1 \_ keyring: _uid.1000
  809041303 --alswrv 1000 100 \_ user: aaaaaaaaaaaaaaaa
  1033993612 --alswrv 1000 100 \_ user: ???????????????
  367799740 --alswrv 1000 100 \_ user: bbbbbbbbbbbbbb
  Where aaaaa.. is the key for my home dir and bbbbb... the key for the folder on sdb1 These keys are identical to the keys listed in fstab/mount.
  (Phrases are both the same but the key differs, i think because of a salt or something)
  The ecryptfs readmy also pointed, that i have to insert
  auth required pam_ecryptfs etc.
  in pam.d/gdm-password, login and system-auth (like its documented in the arch wiki), what i already did for encrypting my home folder. but i double checked it.
  now i'm lost - i thought with these pam modules, the decryption works automaticaly on system logon. it doesnt, but gives me a strange error message until i reenter my passphrase for sdb1 to the ecryptfs-manager
  Can you tell me how to manage my problem or where my mistake is?
  Tank you for reading this wall of text i really hope for any answers!
  Kind regards,
  --michael

  A couple of questions which I wonder about:
  1. What is your fstab line for sdb1?
  2. Did you try to let PAM automount it on login via ~/.bash_profile as described in the readme? I am not sure it works, if you login and only mount manually afterwards.
  3. Which PAM mount options did you use? The ones from the wiki link directly or which one from this section? 6b?

• X61 - Vista Business - Client Security Solution Error - There was a problem connecting to the TPM

  During startup my x61 has been displaying the following message, 'Client Security Solution' - "There was a problem connecting to the TPM (security device) ont his computer. It is possile that anti-virus or firewall software is blocking the connection. A missing or disabled device driver could also cause this problem. Please refer to the online documentation for more information".
  I have spent an extraordinary amount of time and effort to find identify the cause and a solution for this problem. It occurs whether or not virus software is enabled or disabled and numerous calls to Lenovo, Symantec, Kaspersky, and Microsoft have resulted in finger pointing and no answers. None of the vendors acknowledge the problem yet this same issue is a significant topic of concern as found in various blogs and 'help' sites. Lenovo thought it was hardware and changed the motherboard. Lenovo told me to call Microsoft since it was a Vista issue. Microsoft told me to call Lenovo since Vista Business was preinstalled on the machine. Lenovo told me to call Microsoft and so it goes. I removed Symantec's anti-virus and replaced it with Kaspersky.
  The strangest thing is that the module works intermitently and it seems that everytime a Lenovo update is performed (via Thinkvantage) the problem reoccurs for sometime.
  Does anyone out there have an understanding of the cause and a potential solution???

  I have the same problem on an X 60 platform, which only surfaced in the last two weeks subsequent to running all of the Lenovo updates.   Prior to this, I had reinstalled all programs, starting with the Recovery Disks for the Think Pad.  Everything, including start up, was exceptionally fast.  Once I ran the most recent BIOS updates, along with several others, this error message surfaced.  It is intermittent, however, and I have not noted an issue.
  In reviewing several other Message Boards, I have seen this issue raised several times.  Here is a link to a thread where the individual did achieve a solution through Lenovo, but their response is nonspecific as to what they did:   (http://forums.lenovo.com/lnv/board/message?board.id=T400_series_ThinkPads&message.id=7143&query.id=1...

• "Client Security Solution" problem - not accepting password

  Hi everyone
  I have t 61
  and every time I start it ' I get a massage to enter my windows password to enroll on client security solution.
  The password is the same as the log on onto win .
  And when I fill it get an error .
  If somebody can help ?

  While this is likely a software issue, it is always helpful to know which model system and what OS you are running.
  Sometimes solutions are driver or OS dependent.
  So, what model  Lenovo 3000 systems are you both running?  Vista or XP? 
  Message Edited by Mark_Lenovo on 12-11-2007 06:36 AM
  ThinkPads: S30, T43, X60t, X1, W700ds, IdeaPad Y710, IdeaCentre: A300, IdeaPad K1
  Mark Hopkins
  Program Manager, Lenovo Social Media (Services)
  twitter @lenovoforums
  English Community   Deutsche Community   Comunidad en Español   Русскоязычное Сообщество

• How to securely workaround problem w/ ThinkVantage Client Security PW MGR & Windows PW Chg

  For those of you who have an authentication problem with ThinkVantage Password Manager after changing your Windows password, I would recommend uninstalling the Client Security - Password Manager application (if you just need the Password Manager and not the entire security suite) and install the Lenovo Password Manager.
  It would help to have an exported list of your passwords so you can re-import them into the new Lenovo Password Manager.  If you don't have an exported list and are locked out of ThinkVantage Password Manager, click on the box "I forgot my password" and answer your three security questions (if you enabled that feature during setup), then you can open the Password Manager and export your list.
  (Soapbox On:  it would have been nice if someone had recommended this as an option instead of shutting down discussion by saying we don't talk about subverting passwords.  I understand that is taboo, however other options should have been offered which are "kosher" as the above.  Soapbox Off.)
  Gary Grathen

  Been away working, now back...
  It was an HP8500 Printer that started all of this.  I find it difficult to believe that a (simple?) printer install could do so much collateral damage...
  BACK TO MY ORIGINAL QUESTION - How do I reset CSS?  Per furnished Lenovo documentation, (found on the hard drive) CSS was never installed on Windows 7 machines (for some Lenovo reason).  I can export PWs to external drive but still have no idea how to launch the CSS files (of which several executable files came pre-loaded on my machine).
  As far as being locked out of files, Finale composition software now says (upon trying to open files) "You don't have permission to open this file. Contact the file owner or administrator to obtain permission.."
  Worst case, I can re-build my Finale composiitons, but I'm still annoyed with the Lenovo log-in screen constantly asking me to enter a password that I don't know!
  I am very dissapointed with purchased LENOVO WARRANTY SUPPORT - the people I've talked to have no idea about what I'm trying to explain to them.

• Smart card with Thinkvantage Client Security Solutions doesnt work

  Dear all,
  I have the Lenovo Gemalto Expesscard54 Smart card reader (41N3043). I purchased some .Net smart cards from Gemalto also. I have installed the drivers for both the smart card reader and the smart card minidrivers, as well as the PKCS#11 Drivers from Gemalto.
  However when I try to setup a smart card using Thinkvanage Client Security, the selection remains greyed out. What is the problem?
  When I try to run the executable css_smartcard.exe, I am told PKCS#11 Module is not installed. How do I install the module as there is no command to choose where the driver path is.
  Essentially I am wondering how to use smart cards on the client security software. The documentation, even the CSS deployment guide, has so little information on this.

  I should add that I am using Windows 7 and my CSS version is 8.3, I can also verify my smart card works for other applications, only thinkvantage CSS 8.3 does not work.

• Client Security Solution

  Hi,
  I bought X60 a year ago but with recent restores, everytime I boot up there's a message :
  [Client Security Solution : There was a problem connecting to a critical service. It is possible that anti-virus or firewall software is blocking connection. Also, check to make sure that the TPM device driver is installed and enabled].
  I have tried disable firewall both from XP and AV but still. I don't know how to identify TPM device driver or whether it exist/not.
  Anyone know how to resolve this ?
  thanks,
  -bw

  I had the same problem with an X60 running XP and this adjustment to the BIOS stopped the error message:
  Restart your computer.
  Press F1 when the blue button prompt comes up.
  Use the down arrow key to highlight Security and hit Enter.
  From Security choose Security Chip.
  If the Current Setting is Disabled then this is your problem.
  Hit Enter and select Inactive.
  Finally hit F10.
  Message Edited by gorak on 06-06-2008 10:44 AM

• Client security solution TPM error message

  I'm running XP on my T61 thinkpad and recently I started getting the following error message upon starting my computer:
  "There was a problem connecting to the TPM (security device) on this computer. It is possible that anti-virus or firewall software is blocking the connection. A missing or disabled device driver could also cause this problem. Please refer to the online documentation for more information."
  My thinkpad has also been starting to blue screen lately but I'm not sure if this is connected to the client security solution problem or not. If anyone has any suggestions I'd really appreciate it!

  Who has client security, restore and fingerprint reader all working together?  I did updates and when one works the other doesn’t.  If I could find all three that work I would be happy.  If you give me your versions numbers that works on yours that would be great.  I have a T60 running XP

• Hp client security manager 8.2 or later

  Hi, I have Windows 7 Professional 64 bit OS installed and I have downloaded and installed all drivers from hp website shown specifically against my "HP ProBook 450 G2 NOTEBOOK PC" Device manager shows that all the drivers are installed correctly I have installed the driver for the fingerprint scanner from this file p66915.exe. So far i couldn't see anything happening with the Fingerprint scanner. On Device manager under "Biomatric" it is showing as Validity Sensor with driver version 4.5.133.0 with the device status "This device is working properly". But in Control Panel under the "Biomatric Devices" it is saying that "Windows did not find any biomatric devices on this computer. You might need to attach your device or install device drivers" What am i missing? to enable the fingerprint scanner. From some blog, i could see that its asking to install "HP Device Access Manager" , which i have downloaded from HP site again. But this time, when i tried installing "sp65592exe", it gives me an error saying "This security application cannot be installed until the HP Client Security Manager  or later is installed."I couldn't find any link for the same which is having a version that is greater than 8.1.  I have also tried installingDigital Persona Identity and also HP Simplepass 8.0  but with no luck Please help me out for the same.  Regards, Sanoob

  Thank you paul. This one did trigger the finger print scanner and allowed me to enroll my finger prints and also enables to log on with it to the system. Still strange that, why it is showing like this on control panel  Thank you though...