HP EliteDesk 800 G8 TamperLock User Guide - Page 8

Policy settings

Get HP EliteDesk 800 G8 PDF manuals and user guides View all HP EliteDesk 800 G8 manuals
Add to My Manuals
Save this manual to your list of manuals

Page 8 highlights

4 Policy settings You can use HP Client Management tools to view and configure HP TamperLock policies as BIOS settings. The associated settings control the HP TamperLock capability enablement as well as the actions taken when the cover is removed. Table 4-1 TamperLock policy settings Settings Description Default HP Recommended Cover opening sensor ● Disabled-No action taken when cover is removed. Disabled ● Notify the user-Displays warning message on the next startup when the cover is opened. ● Administrator Credential-This setting requires entering the administrator password or the one-time-PIN (when HP Sure Admin is enabled) before continuing startup after the cover is opened. To enable this setting, you must set a password or enable HP Sure Admin Enhanced BIOS Authentication Mode with a local access key set. ● Administrator Password-Same behavior as Administrator Credential (This setting name is present to maintain compatability with earlier setting management software that supported the cover opening sensor). Administrator Credential or Administrator Password Power off upon cover opening Only available when cover opening sensor is not set to Disabled. Disabled Disabled-if system is in on or sleep state when cover is removed, it remains in that state. Enabled-the system immediately turns off if the cover is removed while the system is on or sleep (S3 or Modern Standby). Enabled Clear TPM on boot after cover opening Only available when cover opening sensor is not disabled. Disabled ● Disabled-No change to TPM state when cover is removed. ● Enabled-TPM is cleared on the next startup after the cover is removed. All customer keys in the TPM are cleared. NOTE: Enable this setting only when manual recovery is possible from remote backup or when you do not want recovery. If BitLocker is enabled, the drive cannot be decrypted without the BitLocker recovery key. Depends on Customer requirements. Pre-boot DMA protection Thunderbolt Only-Input-Output Memory Thunderbolt Only All PCI-Devices Management Unit (IOMMU) hardware-based DMA 4 Chapter 4 Policy settings

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
4
Policy settings
You can use HP Client Management tools to view and configure HP TamperLock policies as BIOS settings. The
associated settings control the HP TamperLock capability enablement as well as the actions taken when the
cover is removed.
Table 4-1
TamperLock policy settings
Settings
Description
Default
HP Recommended
Cover opening sensor
Disabled
—No action taken when cover is
removed.
Notify the user
—Displays warning message
on the next startup when the cover is
opened.
Administrator Credential
—This setting
requires entering the administrator
password or the one-time-PIN (when HP
Sure Admin is enabled) before continuing
startup after the cover is opened. To enable
this setting, you must set a password or
enable HP Sure Admin Enhanced BIOS
Authentication Mode with a local access key
set.
Administrator Password
—Same behavior
as Administrator Credential (This setting
name is present to maintain compatability
with earlier setting management software
that supported the cover opening sensor).
Disabled
Administrator Credential or
Administrator Password
Power off upon cover
opening
Only available when cover opening sensor is not
set to Disabled.
Disabled
—if system is in on or sleep state when
cover is removed, it remains in that state.
Enabled
—the system immediately turns off if the
cover is removed while the system is on or sleep
(S3 or Modern Standby).
Disabled
Enabled
Clear TPM on boot after
cover opening
Only available when cover opening sensor is not
disabled.
Disabled
—No change to TPM state when
cover is removed.
Enabled
—TPM is cleared on the next
startup after the cover is removed. All
customer keys in the TPM are cleared.
NOTE:
Enable this setting only when
manual recovery is possible from remote
backup or when you do not want recovery. If
BitLocker is enabled, the drive cannot be
decrypted without the BitLocker recovery
key.
Disabled
Depends on Customer
requirements.
Pre-boot DMA protection
Thunderbolt Only
—Input-Output Memory
Management Unit (IOMMU) hardware-based DMA
Thunderbolt Only
All PCI-Devices
4
Chapter 4
Policy settings