HP dx7200 HP Client Management Interface Technical White Paper - Page 22
Security
View all HP dx7200 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 22 highlights
Security While the HP Client Management Interface provides a high level of control over client management instrumentation, that power must be guarded to prevent malicious, unauthorized usage. HP CMI relies on two forms of authorization: OS level security and the BIOS administrative (F10 Setup) password assigned to each client system. Either of these security measures can be used alone, or combined to create an additional level of protection over the interface. Preserving Password Integrity Many of the example applications of HP CMI presented in the previous section contained the encoded password "E302E020304" that corresponds to the keyboard scan codes for the keys "abc123". Notice that this is a form of encoding, not encryption. These examples were presented in this manner to convey the simplicity in developing custom solutions based on HP CMI. However, in an enterprise environment you probably do not want to leave traces of the Setup Password credential scattered throughout your script files. To help preserve the integrity of the Setup Password credential, HP recommends using one of the following strategies. Remote Execution Executing scripts and applications from a central location such as an administrative console is more practical and secure than distributing sample scripts to individual clients through software deployment mechanisms and executing them locally. WMI supports remote invocation from any Windows system and follows the same domain and local system security policies. The calling interface is secured with stream based encryption. And by default remote method execution is prevent from WMI for all but domain administrator accounts. Use Dynamic Arguments Another method to preserve password integrity is to avoid carrying extra copies of the Setup Password in code, regardless of whether that code is script-based or complied. The following code fragment demonstrates using command-line arguments to modify BIOS settings. Const wbemFlagReturnImmediately = 16 Const wbemFlagForwardOnly = 32 lFlags = wbemFlagReturnImmediately + wbemFlagForwardOnly Dim oArguments, strSetting, strValue, strPassword set oArguments = WScript.Arguments strSetting = oArguments(0) strValue = oArguments(1) strPassword = oArguments(2) strService = "winmgmts:{impersonationlevel=impersonate}//" strComputer = "." strNamespace = "/root/HP/InstrumentedBIOS" strQuery = "select * from HP_BIOSSettingInterface" Set objWMIService = GetObject(strService & _ strComputer & strNamespace) 22