HP Z840 Maintenance and Service Guide - Page 47
SATA hard drive security, DriveLock applications, WARNING
View all HP Z840 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 47 highlights
Feature Removable Media Boot Control USB Interface Control Power-On Password Setup Password Purpose Prevents booting from removable media drives Prevents transfer of data through the integrated USB interface Prevents use of the computer until the password is entered (applies to initial system startup and restarts) Prevents reconfiguration of the computer (through Computer Setup (F10) Utility) until the password is entered SATA hard drive security HP computers include the HP DriveLock facility for SATA hard drives to prevent unauthorized access to data. WARNING! Enabling DriveLock can render a SATA hard drive permanently inaccessible if the master password is lost or forgotten. No method exists to recover the password or access the data. DriveLock has been implemented as an extension to Computer Setup (F10) Utility functions. It is only available when hard drives that support the ATA security command set are detected. On HP computers, it is not available when the SATA emulation mode is RAID. DriveLock is for HP customers for whom data security is the paramount concern. For such customers, the cost of a hard drive and the loss of the data stored on it is inconsequential when compared to the damage that could result from unauthorized access to its contents. To balance this level of security with the need to address the issue of a forgotten password, the HP implementation of DriveLock employs a two-password security scheme. One password is intended to be set and used by a system administrator, while the other is typically set and used by the user. No "back door" can be used to unlock the drive if both passwords are lost. Therefore, DriveLock is most safely used when the data contained on the hard drive is replicated on a corporate information system or is regularly backed up. If both DriveLock passwords are lost, the hard drive is inaccessible. For users who do not fit the previously defined customer profile, this outcome might not be acceptable. For users who fit this profile, the outcome might be a tolerable risk, given the nature of the data stored on the hard drive. DriveLock applications The most practical use of DriveLock is in a corporate environment. The system administrator would be responsible for configuring the hard drive, which involves setting the DriveLock master password and a temporary user password. If the system administrator forgets the user password or if the equipment is passed on to another employee, the master password can be used to reset the user password and restore access to the hard drive. HP recommends that corporate system administrators who enable DriveLock also establish a corporate policy for setting and maintaining master passwords. This precaution will prevent loss of information if an employee sets both DriveLock passwords before leaving the company. In such a scenario, the hard drive is inaccessible and must be replaced. Likewise, by not setting a master password, system administrators might find themselves locked out of a hard drive and unable to perform routine checks for unauthorized software, other asset control functions, and support. For users with less stringent security requirements, HP does not recommend enabling DriveLock. Users in this category include personal users, or users who do not maintain sensitive data on their hard drives as a common practice. For these users, the potential loss of a hard drive resulting from forgetting both passwords is much greater than the value of the data DriveLock protects. Desktop management 37