HP 2210b ProtectTools - Windows Vista and Windows XP - Page 80

Power-on, authentication support, Reset to Factory, Settings, Reset to Factory Settings

Get HP 2210b - Notebook PC PDF manuals and user guides View all HP 2210b manuals
Add to My Manuals
Save this manual to your list of manuals

Page 80 highlights

Software Impacted- Short description Details Solution an error is returned when upper right of the screen to close closing the Security Security Manager before all plug-in Manager interface. applications have finished loading. Manager. Since PTHOST.exe is the shell housing the other applications (plug-ins), it depends on the ability of the plug-in to complete its load time (services). Closing the shell before the plug-in has had time to complete loading is the root cause. Allow Security Manager to complete the services loading message (seen at top of Security Manager window) and all plug-ins listed in left column. To avoid failure, allow a reasonable time for these plug-ins to load. HP ProtectTools- Unrestricted access or uncontrolled administrator privileges pose security risk. Numerous risks are possible with unrestricted access to the client PC, including the following: ● Deletion of PSD ● Malicious modification of user settings ● Disabling of security policies and functions Administrators are encouraged to follow "best practices" in restricting end-user privileges and restricting user access. Unauthorized users should not be granted administrative privileges. The BIOS and OS Embedded Security passwords are out of synch. If a user does not validate a new password as the BIOS Embedded Security password, the BIOS Embedded Security password reverts back to the original embedded security password through f10 BIOS. This is functioning as designed; these passwords can be re-synchronized by changing the OS Basic User password and authenticating it at the BIOS Embedded Security password prompt. Only one user can log on to the system after TPM preboot authentication is enabled in BIOS. The TPM BIOS PIN is associated with the first user who initializes the user setting. If a computer has multiple users, the first user is, in essence, the administrator. The first user will have to give his TPM user PIN to other users to use to log on. This is functioning as designed; HP recommends that the customer's IT department follow good security policies for rolling out their security solution and ensuring that the BIOS administrator password is configured by IT administrators for system level protection. The user has to change their PIN to make TPM preboot work after a TPM factory reset. The user has to change their PIN or create another user to initialize their user setting to make TPM BIOS authentication work after reset. There is no option to make TPM BIOS authentication work. This is as designed; the factory reset clears the Basic User Key. The user must change his user PIN or create a new user to re-initialize the Basic User Key. Power-on authentication support is not set to default using Embedded Security Reset to Factory Settings In Computer Setup, the Power-on authentication support option is not being reset to factory settings when using the Embedded Security Device option Reset to Factory Settings. By default, Power-on authentication support is set to Disable. The Reset to Factory Settings option disables Embedded Security Device, which hides the other Embedded Security options (including Power-on authentication support). However, after reenabling Embedded Security Device, Power-on authentication support remains enabled. HP is working on a resolution, which will be provided in future Web-based ROM SoftPaq offerings. 74 Chapter 8 Troubleshooting ENWW

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
Software Impacted—
Short description
Details
Solution
an error is returned when
closing the Security
Manager interface.
upper right of the screen to close
Security Manager before all plug-in
applications have finished loading.
Manager. Since PTHOST.exe is the shell housing the
other applications (plug-ins), it depends on the ability of
the plug-in to complete its load time (services). Closing
the shell before the plug-in has had time to complete
loading is the root cause.
Allow Security Manager to complete the services
loading message (seen at top of Security Manager
window) and all plug-ins listed in left column. To avoid
failure, allow a reasonable time for these plug-ins to
load.
HP ProtectTools—
Unrestricted access or
uncontrolled administrator
privileges pose security
risk.
Numerous risks are possible with
unrestricted access to the client PC,
including the following:
Deletion of PSD
Malicious modification of user
settings
Disabling of security policies and
functions
Administrators are encouraged to follow “best
practices” in restricting end-user privileges and
restricting user access.
Unauthorized users should not be granted
administrative privileges.
The BIOS and OS
Embedded Security
passwords are out of
synch.
If a user does not validate a new
password as the BIOS Embedded
Security password, the BIOS Embedded
Security password reverts back to the
original embedded security password
through
f10
BIOS.
This is functioning as designed; these passwords can
be re-synchronized by changing the OS Basic User
password and authenticating it at the BIOS Embedded
Security password prompt.
Only one user can log on
to the system after TPM
preboot authentication is
enabled in BIOS.
The TPM BIOS PIN is associated with
the first user who initializes the user
setting. If a computer has multiple users,
the first user is, in essence, the
administrator. The first user will have to
give his TPM user PIN to other users to
use to log on.
This is functioning as designed; HP recommends that
the customer's IT department follow good security
policies for rolling out their security solution and
ensuring that the BIOS administrator password is
configured by IT administrators for system level
protection.
The user has to change
their PIN to make TPM
preboot work after a TPM
factory reset.
The user has to change their PIN or
create another user to initialize their user
setting to make TPM BIOS
authentication work after reset. There is
no option to make TPM BIOS
authentication work.
This is as designed; the factory reset clears the Basic
User Key. The user must change his user PIN or create
a new user to re-initialize the Basic User Key.
Power-on
authentication support
is not set to default using
Embedded Security
Reset to Factory
Settings
In Computer Setup, the
Power-on
authentication support
option is not
being reset to factory settings when
using the Embedded Security Device
option
Reset to Factory Settings
. By
default,
Power-on authentication
support
is set to
Disable
.
The
Reset to Factory Settings
option disables
Embedded Security Device, which hides the other
Embedded Security options (including
Power-on
authentication support
). However, after reenabling
Embedded Security Device,
Power-on authentication
support
remains enabled.
HP is working on a resolution, which will be provided in
future Web-based ROM SoftPaq offerings.
74
Chapter 8
Troubleshooting
ENWW