Home » HP Manuals » Desktops » HP Xw4600 » Manual Viewer

HP Xw4600 HP xw4600 Workstation - Service and Technical Reference Guide - Page 56

DriveLock applications, Using DriveLock - safe mode

UPC - 883585516483

Add to My Manuals
Save this manual to your list of manuals

Page 56 highlights

DriveLock uses an industry-standard security feature that prevents unauthorized access to the data on an ATA hard drive. DriveLock has been implemented as an extension to Computer Setup (F10) functions. It is only available when hard drives that support the ATA security command set are detected. On HP workstations, it is not available when the SATA emulation mode is RAID+AHCI or RAID. DriveLock is intended for HP customers for whom data security is a paramount concern. For such customers, the cost of a hard drive and the loss of the data stored on it is inconsequential when compared to the damage that could result from unauthorized access to its contents. In order to balance this level of security with the practical need to address the issue of a forgotten password, the HP implementation of DriveLock employs a two-password security scheme. One password is intended to be set and used by a system administrator, while the other is typically set and used by the end-user. There is no "back door" that can be used to unlock the drive if both passwords are lost. Therefore, DriveLock is most safely used when the data contained on the hard drive is replicated on a corporate information system or is regularly backed up. In the event that both DriveLock passwords are lost, the hard drive is rendered unusable. For users who do not fit the previously defined customer profile, this may be an unacceptable risk. For users who do fit this profile, it may be a tolerable risk, given the nature of the data stored on the hard drive. DriveLock applications The most practical use of the DriveLock security feature is in a corporate environment. The system administrator would be responsible for configuring the hard drive, which involves setting the DriveLock master password and a temporary user password. In the event that the user forgets the user password or the equipment is passed on to another employee, the master password can always be used to reset the user password and regain access to the hard drive. HP recommends that corporate system administrators who choose to enable DriveLock also establish a corporate policy for setting and maintaining master passwords. This should be done to prevent a situation where an employee intentionally or unintentionally sets both DriveLock passwords before leaving the company. In such a scenario, the hard drive is rendered unusable and requires replacement. Likewise, by not setting a master password, system administrators might find themselves locked out of a hard drive and unable to perform routine checks for unauthorized software, other asset control functions, and support. For users with less stringent security requirements, HP does not recommend enabling DriveLock. Users in this category include personal users, or users who do not maintain sensitive data on their hard drives as a common practice. For these users, the potential loss of a hard drive resulting from forgetting both passwords is much greater than the value of the data DriveLock has been designed to protect. Access to Computer Setup (F10) and DriveLock can be restricted through the setup password. By specifying a setup password and not giving it to end users, system administrators are able to restrict users from enabling DriveLock. Using DriveLock When one or more hard drives that support the ATA security command set are detected, the DriveLock option appears under the Security menu in Computer Setup (F10). You are presented with options to set the master password and to enable DriveLock. A user password must be provided to enable DriveLock. Since the initial configuration of DriveLock is typically performed by a system administrator, a master password should be set first. HP encourages system administrators to set a master password whether they plan to enable DriveLock or not. This gives the administrator the ability to modify DriveLock settings if the drive is locked in the future. Once the master password is set, the system administrator might enable DriveLock or choose to leave it disabled. If a locked hard drive is present, POST requires a password to unlock the device. If a power-on password is set and it matches the device's user password, POST does not prompt the user to re-enter the password. Otherwise, the user is prompted to enter a DriveLock password. For a cold-boot, use the 46 Chapter 4 System management ENWW

Section	Page
Product overview	11
Product features	12
System board architecture	12
Workstation components	12
Front panel components	14
Rear panel components	15
Serial number and COA label location	16
Maximizing the airflow	16
Workstation specifications	17
Power supply description	17
Power supply specifications	18
Power consumption and heat dissipation	18
System fans	19
Resetting the power supply	19
Environmental specifications	19
ENERGY STAR Qualification	19
Dual- and quad-core processors	20
HP Cool Tools	21
Setting up the operating system	22
Setting up the Microsoft operating system	23
Installing or upgrading device drivers	23
Transferring files and settings to your Windows workstation	23
Setting up Red Hat Enterprise Linux	24
Installing with the HP driver CD	24
Installing and customizing Red Hat-enabled workstations	25
Verifying hardware compatibility	25
Setting up Novell SLED	25
Updating the workstation	25
Updating the workstation after first boot	25
Upgrading the BIOS	25
Determining current BIOS	26
Upgrading BIOS	27
Upgrading device drivers	27
Restoring the operating system	28
Restore methods	28
Ordering backup software	29
Restoring Windows Vista	29
Ordering the RestorePlus! media	29
Restoring the operating system	29
Restoring Windows XP Professional	30
Creating RestorePlus! media	30
Creating HP Backup and Recovery (HPBR) media	31
Restoring the operating system	32
Using RestorePlus!	32
Using HPBR	32
Using the recovery partition	32
Restoring Novell SLED	32
Creating restore media	32
System management	34
Computer Setup (F10) Utility	34
BIOS ROM	36
Using the Computer Setup (F10) Utility	36
Computer Setup (F10) Utility menu	37
Workstation management	43
Initial workstation configuration and deployment	44
Installing a remote system	44
Replicating the setup	44
Copying a setup configuration to a single workstation	45
Copying a setup configuration to multiple workstations	46
Updating and managing software	47
HP Client Manager Software	47
Altiris Client Management Solutions	47
System Software Manager	47
Proactive Change Notification	48
Subscriber’s Choice	48
ROM Flash	49
Remote ROM Flash	49
HPQFlash	49
FailSafe Boot Block ROM	50
Asset tracking and security	51
Password security	52
Establishing a setup password using the Computer Setup (F10) Utility	52
Establishing a power-on password using workstation setup	52
Entering a power-on password	53
Entering a Setup Password	53
Changing a power-on or setup password	53
Deleting a power-on or setup password	55
National keyboard delimiter characters	55
Clearing passwords	55
DriveLock	55
DriveLock applications	56
Using DriveLock	56
Hood Sensor (Smart Cover Sensor) (optional)	58
Setting the Hood Sensor protection level	58
Hood Lock (Smart Cover Lock) (optional)	58
Locking the Hood Lock	58
Unlocking the Hood Lock	59
Using the FailSafe key	59
Cable lock (optional)	59
Security lock (Padlock loop) (optional)	59
Universal chassis clamp lock (optional)	59
Fault notification and recovery	59
Drive Protection System	60
ECC fault prediction	60
Thermal sensors	60
Dual-state power button	60
Removal and replacement procedures	61
Warnings and cautions	61
Service considerations	62
Cautions, warnings, and safety precautions	62
ESD information	62
Generating static	62
Preventing ESD equipment damage	63
Personal grounding methods and equipment	63
Grounding the work area	64
Recommended ESD prevention materials and equipment	64
Tools and software requirements	64
Screws	65
Special handling of components	65
Cables and connectors	66
Hard drives	66
Lithium coin cell battery	66
Customer Self-Repair	66
Predisassembly procedures	67
System board components	67
Removing and replacing components	68
Disassembly order	69
Security lock (Padlock loop) (optional)	69
Removing the security lock	70
Cable lock (optional)	70
Removing the cable lock	70
Universal chassis clamp lock (optional)	70
Removing the chassis clamp lock	71
Side access panel	71
Removing the side access panel	71
Replacing the side access panel	72
Hood Sensor (Smart Cover Sensor) (optional)	73
Removing the Hood Sensor	73
Smart Cover Lock solenoid (optional)	73
Removing the Smart Cover Lock solenoid	73
Front bezel	74
Removing the front bezel	75
Replacing the front bezel	75
Bezel blanks	75
Removing bezel blanks	75
Front panel I/O device assembly	76
Removing the front panel I/O device assembly	76
Installing the front panel I/O device assembly	77
Power button assembly	78
Removing the power button assembly	78
System speaker	79
Removing the system speaker	79
Power supply	80
Removing the power supply	80
System fan assembly	81
Removing the system fan assembly	81
Memory	82
Removing a memory module	82
Installing a memory module	83
Supported DIMM configurations	83
Memory module requirements	83
Required DIMM installation order	84
Installing a memory module	84
PCI card slots	86
PCI card support bracket	86
Removing a PCI card support bracket	87
Installing a PCI card support bracket	87
PCI Express cards	88
Removing a PCI Express card	88
Installing a PCI Express card	89
PCI card	90
Removing a PCI card	90
Installing a PCI card	91
IEEE-1394 card (optional)	92
Removing an IEEE-1394 card	92
Front PCI card guide and fan removal (optional)	93
Removing the front PCI card guide and fan	93
Battery	94
Removing the battery	95
Installing the battery	95
Power connections to drives	96
Optical drive (minitower configuration)	97
Notice for Blu-ray optical drives	97
Blu-ray movie playback	97
Blu-ray movie playback compatibility and update	97
Removing an optical drive (minitower configuration)	98
Installing an optical drive (minitower configuration)	99
Optical drive (desktop configuration)	100
Removing an optical drive (desktop configuration)	100
Installing an optical drive (desktop configuration)	101
Diskette drive (optional)	102
Removing a diskette drive	102
SAS hard drive	103
Removing a SAS hard drive	103
Installing a SAS hard drive	105
SATA hard drive	107
Removing a SATA hard drive	107
Installing a SATA hard drive	108
Installing SATA hard drives in the optical drive bays (optional)	110
Processor heatsink	111
Removing the processor heatsink	111
Installing the processor heatsink	113
System processor	113
Removing a system processor	113
Installing a system processor	114
System board	115
Removing the system board	115
Installing the system board	116
Product recycling	116
System diagnostics and troubleshooting	117
HP troubleshooting resources and tools	117
HP Support Assistant	117
HP Help and Support Center	117
E-support	118
Troubleshooting a problem	118
Instant Support and Active Chat	118
Customer Advisories, Customer and Security Bulletins, and Customer Notices	118
Product Change Notifications	119
Helpful hints	119
At startup	119
During operation	119
Customizing the monitor display	120
Customer Self Help	120
Help and Support Center	120
HP SoftPaq Download Manager	121
Diagnostic LED codes	121
Troubleshooting scenarios and solutions	123
Solving minor problems	123
Solving power supply problems	124
Testing power supply	124
Solving diskette problems	126
Solving hard drive problems	127
Solving display problems	128
Solving audio problems	130
Solving printer problems	131
Solving keyboard and mouse problems	132
Solving front panel component problems	133
Solving hardware installation problems	134
Solving network problems	135
Solving memory problems	136
Solving processor problems	137
Solving DVD problems	137
Solving Internet access problems	138
Troubleshooting checklist	139
LED color definitions	140
Self-troubleshooting with HP Vision Field Diagnostics	140
Overview	141
Downloading and accessing HP Vision Field Diagnostics	142
Accessing HP Vision Field Diagnostics on the workstation	143
Creating and using a bootable USB key	143
Creating and using a bootable DVD	143
Using the HP Memory Test utility	143
User interface	144
Survey tab	144
Test tab	146
Status tab	148
History tab	148
Errors tab	148
Help tab	149
Saving and printing information in HP Vision Field Diagnostics	150
POST error messages	150
Configuring RAID devices	156
Maximum hard drive configurations	156
Configuring SATA RAID devices	157
Attaching SATA HDDs	157
Configuring system BIOS	158
Creating RAID volumes	159
Configuring SAS RAID devices	160
Supported configurations	160
SAS RAID 0 configuration	161
SAS RAID 1 configuration	162
SAS RAID 1E configuration	163
Deleting RAID volumes	164
Configuring password security and resetting CMOS	165
Preparing to configure passwords	165
Resetting the password jumper	165
Clearing and Resetting the CMOS	166
Using the CMOS Button	166
Using the Computer Setup (F10) Utility to Reset CMOS	167
Appendix A—Connector pins	168
Connector pin descriptions	168
Appendix B—System board designators	178
Appendix C—Routine care	180
General cleaning safety precautions	180
Cleaning the workstation case	180
Cleaning the keyboard	180
Cleaning the monitor	181

Match case Limit results 1 per page

DriveLock uses an industry-standard security feature that prevents unauthorized access to the data on

an ATA hard drive. DriveLock has been implemented as an extension to Computer Setup (F10)

functions. It is only available when hard drives that support the ATA security command set are detected.

On HP workstations, it is not available when the SATA emulation mode is RAID+AHCI or RAID.

DriveLock is intended for HP customers for whom data security is a paramount concern. For such

customers, the cost of a hard drive and the loss of the data stored on it is inconsequential when compared

to the damage that could result from unauthorized access to its contents.

In order to balance this level of security with the practical need to address the issue of a forgotten

password, the HP implementation of DriveLock employs a two-password security scheme. One

password is intended to be set and used by a system administrator, while the other is typically set and

used by the end-user. There is no "back door" that can be used to unlock the drive if both passwords

are lost. Therefore, DriveLock is most safely used when the data contained on the hard drive is replicated

on a corporate information system or is regularly backed up. In the event that both DriveLock passwords

are lost, the hard drive is rendered unusable. For users who do not fit the previously defined customer

profile, this may be an unacceptable risk. For users who do fit this profile, it may be a tolerable risk,

given the nature of the data stored on the hard drive.

DriveLock applications

The most practical use of the DriveLock security feature is in a corporate environment. The system

administrator would be responsible for configuring the hard drive, which involves setting the DriveLock

master password and a temporary user password. In the event that the user forgets the user password

or the equipment is passed on to another employee, the master password can always be used to reset

the user password and regain access to the hard drive.

HP recommends that corporate system administrators who choose to enable DriveLock also establish

a corporate policy for setting and maintaining master passwords. This should be done to prevent a

situation where an employee intentionally or unintentionally sets both DriveLock passwords before

leaving the company. In such a scenario, the hard drive is rendered unusable and requires replacement.

Likewise, by not setting a master password, system administrators might find themselves locked out of

a hard drive and unable to perform routine checks for unauthorized software, other asset control

functions, and support.

For users with less stringent security requirements, HP does not recommend enabling DriveLock. Users

in this category include personal users, or users who do not maintain sensitive data on their hard drives

as a common practice. For these users, the potential loss of a hard drive resulting from forgetting both

passwords is much greater than the value of the data DriveLock has been designed to protect.

Access to Computer Setup (F10) and DriveLock can be restricted through the setup password. By

specifying a setup password and not giving it to end users, system administrators are able to restrict

users from enabling DriveLock.

Using DriveLock

When one or more hard drives that support the ATA security command set are detected, the DriveLock

option appears under the Security menu in Computer Setup (F10). You are presented with options to

set the master password and to enable DriveLock. A user password must be provided to enable

DriveLock. Since the initial configuration of DriveLock is typically performed by a system administrator,

a master password should be set first. HP encourages system administrators to set a master password

whether they plan to enable DriveLock or not. This gives the administrator the ability to modify DriveLock

settings if the drive is locked in the future. Once the master password is set, the system administrator

might enable DriveLock or choose to leave it disabled.

If a locked hard drive is present, POST requires a password to unlock the device. If a power-on password

is set and it matches the device’s user password, POST does not prompt the user to re-enter the

password. Otherwise, the user is prompted to enter a DriveLock password. For a cold-boot, use the

Chapter 4

System management

ENWW