HP xw3400 HP xw3400 Workstation - Service and Technical Reference Guide - Page 51

DriveLock, Using DriveLock, DriveLock applications

Get HP xw3400 - Workstation PDF manuals and user guides View all HP xw3400 manuals
Add to My Manuals
Save this manual to your list of manuals

Page 51 highlights

If the system is equipped with an embedded security device, refer to the HP ProtectTools Security Manager Guide at www.hp.com. DriveLock DriveLock is an industry-standard security feature that prevents unauthorized access to the data on ATA hard drive. DriveLock has been implemented as an extension to Computer Setup. It is only available when hard drives that support the ATA Security command set are detected. DriveLock is intended for HP customers for whom data security is the paramount concern. For such customers, the cost of the hard drive and the loss of the data stored on it is inconsequential when compared with the damage that could result from unauthorized access to its contents. In order to balance this level of security with the practical need to accommodate a forgotten password, the HP implementation of DriveLock employs a two-password security scheme. One password is intended to be set and used by a system administrator while the other is typically set and used by the end-user. There is no "back-door" that can be used to unlock the drive if both passwords are lost. Therefore, DriveLock is most safely used when the data contained on the hard drive is replicated on a corporate information system or is regularly backed up. In the event that both DriveLock passwords are lost, the hard drive is rendered unusable. For users who do not fit the previously defined customer profile, this may be an unacceptable risk. For users who do fit the customer profile, it may be a tolerable risk given the nature of the data stored on the hard drive. Using DriveLock When one or more hard drives that support the ATA Security command set are detected, the DriveLock option appears under the Security menu in Computer Setup. The user is presented with options to set the master password or to enable DriveLock. A user password must be provided in order to enable DriveLock. Since the initial configuration of DriveLock is typically performed by a system administrator, a master password should be set first. HP encourages system administrators to set a master password whether they plan to enable DriveLock or keep it disabled. This will give the administrator the ability to modify DriveLock settings if the drive is locked in the future. Once the master password is set, the system administrator may enable DriveLock or choose to keep it disabled. If a locked hard drive is present, POST will require a password to unlock the device. If a power-on password is set and it matches the device's user password, POST will not prompt the user to re-enter the password. Otherwise, the user will be prompted to enter a DriveLock password. On a cold boot, either the master or the user password may be used. On a warm boot, enter the same password used to unlock the drive during the preceding cold-boot. Users will have two attempts to enter a correct password. On a cold boot, if neither attempt succeeds, POST will continue but the drive will remain inaccessible. On a warm boot or restart from Windows, if neither attempt succeeds, POST will halt and the user will be instructed to cycle power. DriveLock applications The most practical use of the DriveLock security feature is in a corporate environment. The system administrator would be responsible for configuring the hard drive which would involve, among other things, setting the DriveLock master password and a temporary user password. In the event that the user forgets the user password or the equipment is passed on to another employee, the master password can always be used to reset the user password and regain access to the hard drive. HP recommends that corporate system administrators who choose to enable DriveLock also establish a corporate policy for setting and maintaining master passwords. This should be done to prevent a situation where an employee intentionally or unintentionally sets both DriveLock passwords before leaving the company. In such a scenario, the hard drive would be rendered unusable and require replacement. Likewise, by not setting a master password, system administrators may find themselves locked out of a hard drive and unable to perform routine checks for unauthorized software, other asset control functions, and support. ENWW Asset tracking and security 41

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176
  • 177
  • 178
  • 179
  • 180
  • 181
  • 182
If the system is equipped with an embedded security device, refer to the
HP ProtectTools Security Manager
Guide
at
www.hp.com
.
DriveLock
DriveLock is an industry-standard security feature that prevents unauthorized access to the data on ATA
hard drive. DriveLock has been implemented as an extension to Computer Setup. It is only available when
hard drives that support the ATA Security command set are detected. DriveLock is intended for HP
customers for whom data security is the paramount concern. For such customers, the cost of the hard drive
and the loss of the data stored on it is inconsequential when compared with the damage that could result
from unauthorized access to its contents. In order to balance this level of security with the practical need
to accommodate a forgotten password, the HP implementation of DriveLock employs a two-password
security scheme. One password is intended to be set and used by a system administrator while the other
is typically set and used by the end-user. There is no "back-door" that can be used to unlock the drive if
both passwords are lost. Therefore, DriveLock is most safely used when the data contained on the hard
drive is replicated on a corporate information system or is regularly backed up. In the event that both
DriveLock passwords are lost, the hard drive is rendered unusable. For users who do not fit the previously
defined customer profile, this may be an unacceptable risk. For users who do fit the customer profile, it
may be a tolerable risk given the nature of the data stored on the hard drive.
Using DriveLock
When one or more hard drives that support the ATA Security command set are detected, the DriveLock
option appears under the Security menu in Computer Setup. The user is presented with options to set the
master password or to enable DriveLock. A user password must be provided in order to enable DriveLock.
Since the initial configuration of DriveLock is typically performed by a system administrator, a master
password should be set first. HP encourages system administrators to set a master password whether they
plan to enable DriveLock or keep it disabled. This will give the administrator the ability to modify DriveLock
settings if the drive is locked in the future. Once the master password is set, the system administrator may
enable DriveLock or choose to keep it disabled.
If a locked hard drive is present, POST will require a password to unlock the device. If a power-on
password is set and it matches the device’s user password, POST will not prompt the user to re-enter the
password. Otherwise, the user will be prompted to enter a DriveLock password. On a cold boot, either
the master or the user password may be used. On a warm boot, enter the same password used to unlock
the drive during the preceding cold-boot. Users will have two attempts to enter a correct password. On a
cold boot, if neither attempt succeeds, POST will continue but the drive will remain inaccessible. On a
warm boot or restart from Windows, if neither attempt succeeds, POST will halt and the user will be
instructed to cycle power.
DriveLock applications
The most practical use of the DriveLock security feature is in a corporate environment. The system
administrator would be responsible for configuring the hard drive which would involve, among other
things, setting the DriveLock master password and a temporary user password. In the event that the user
forgets the user password or the equipment is passed on to another employee, the master password can
always be used to reset the user password and regain access to the hard drive.
HP recommends that corporate system administrators who choose to enable DriveLock also establish a
corporate policy for setting and maintaining master passwords. This should be done to prevent a situation
where an employee intentionally or unintentionally sets both DriveLock passwords before leaving the
company. In such a scenario, the hard drive would be rendered unusable and require replacement.
Likewise, by not setting a master password, system administrators may find themselves locked out of a
hard drive and unable to perform routine checks for unauthorized software, other asset control functions,
and support.
ENWW
Asset tracking and security
41