HP Dc7800 Protect Tools User Guide - Page 73
Software Impacted, Short description, Details, Solution, Power-on, authentication support
UPC - 883585764365
View all HP Dc7800 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 73 highlights
Software Impacted- Short description Details Solution Allow Security Manager to complete services loading message (seen at top of Security Manager window) and all plug-ins listed in left column. To avoid failure, allow a reasonable time for these plug-ins to load. HP ProtectTools * General -Unrestricted access or uncontrolled administrator privileges pose security risk. Numerous risks are possible with unrestricted access to the client PC: ● deletion of PSD ● malicious modification of user settings ● disabling of security policies and functions Administrators are encouraged to follow "best practices" in restricting end-user privileges and restricting user access. Unauthorized users should not be granted administrative privileges. BIOS and OS Embedded Security password are out of synch. If user does not validate a new password as the BIOS Embedded Security password, the BIOS Embedded Security password reverts back to the original embedded security password through F10 BIOS. This is functioning as designed; these passwords can be re-synchronized by changing the OS Basic User password and authenticating it at the BIOS Embedded Security password prompt. Only one user can log on to the system after TPM preboot authentication is enabled in BIOS. The TPM BIOS PIN is associated with the first user who initialize the user setting. If a computer has multiple users, the first user is, in essence, the administrator. The first user will have to give his TPM user PIN to other users to use to log in. This is functioning as designed; HP recommends that the customer's IT department follow good security policies for rolling out their security solution and ensuring that the BIOS administrator password is configured by IT administrators for system level protection. User has to change PIN to make TPM preboot work after a TPM factory reset. User has to change PIN or create another user to initialize his user setting to make TPM BIOS authentication work after reset. There is no option to make TPM BIOS authentication work. This is as designed, the factory reset clears the Basic User Key. The user must change his user PIN or create a new user to re-initialize the Basic User Key. Power-on authentication support not set to default using Embedded Security Reset to Factory Settings In Computer Setup, the Power-on authentication support option is not being reset to factory settings when using the Embedded Security Device option Reset to Factory Settings. By default, Power-on authentication support is set to Disable. The Reset to Factory Settings option disables Embedded Security Device, which hides the other Embedded Security options (including Power-on authentication support). However, after re-enabling Embedded Security Device, Power-on authentication support remained enabled. HP is working on a resolution, which will be provided in future Web-based ROM SoftPaq offerings. Security Power-On Authentication overlaps BIOS Password during boot sequence. Power-On Authentication prompts the user to log on to system using the TPM password, but, if the user presses F10 to access the BIOS, Read rights access only is granted. To be able to write to BIOS, the user must enter the BIOS password instead of the TPM password at the Power-on Authentication window. The BIOS asks for both the old and new passwords through Computer Setup after changing the Owner password in Embedded Security Windows software. The BIOS asks for both the old and new passwords through Computer Setup after changing the Owner password in Embedded Security Windows software. This is as designed. This is due to the inability of the BIOS to communicate with the TPM, once the operating system is up and running, and to verify the TPM pass phrase against the TPM key blob. ENWW Miscellaneous 67