Lenovo PC 300PL Using your Personal Computer - PC300PL - 6592 - Page 65

Enabling and Disabling Enhanced Security

Get Lenovo PC 300PL PDF manuals and user guides View all Lenovo PC 300PL manuals
Add to My Manuals
Save this manual to your list of manuals

Page 65 highlights

in a highly-protected, nonvolatile, security EEPROM module that is separate from CMOS memory and the EEPROM module that stores system programs. (Refer to "System Programs" on page 28 for information on system programs.) When your administrator password and boot sequence are locked in the security EEPROM, they remain intact even if the battery in your computer expires or is removed by someone. Enhanced security can be enabled or disabled only when you update system programs. The procedure for enabling enhanced security is explained under "Enabling and Disabling Enhanced Security" on page 52. If enhanced security is enabled and you have not set an administrator password, your computer will operate as if enhanced security were disabled. If enhanced security is enabled and you have set an administrator password, your computer will operate as follows: The contents of the security EEPROM (your administrator password and boot sequence) will be protected from failure of the battery and CMOS memory. The security EEPROM will be protected from unauthorized access because it locks after your computer is turned on and the system programs have completed their startup routine. Once it is locked, the security EEPROM cannot be read from or written to by any software application or system software until the computer is turned off and back on again. In a networking environment, this might prevent certain functions from being performed remotely on your computer. There is an extra measure of protection for the system programs in your computer. Normally, the entire contents of the system programs EEPROM is write protected with a soft lock. A soft lock allows the POST/BIOS update utility to function in a network environment. Enhanced security adds a hard lock. With a hard lock, when your computer is turned on and the system programs startup routine is completed, the POST/BIOS update utility is locked and cannot be unlocked until the computer is turned off and back on again and the administrator password is entered. Note that, in a networking environment, this prevents the system programs in your PC from being updated remotely. Someone must be present at your computer to turn it on and off in order to unlock the POST/BIOS update utility. A tamper-detection feature will alert you if the cover of your computer has been removed. This feature will work if your computer is on or off when the cover is removed. If the cover has been removed, a prompt for your administrator password will appear on the screen, and your PC will remain in a halted state until your administrator password is entered. Chapter 4. Configuring Your Computer. 51

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
in a highly-protected, nonvolatile, security EEPROM module that is separate from
CMOS memory and the EEPROM module that stores system programs.
(Refer to
“System Programs” on page
28 for information on system programs.)
When your
administrator password and boot sequence are locked in the security EEPROM, they
remain intact even if the battery in your computer expires or is removed by
someone.
Enhanced security can be enabled or disabled only when you update system
programs.
The procedure for enabling enhanced security is explained under
“Enabling and Disabling Enhanced Security” on page
52.
If enhanced security is enabled and you have not set an administrator password,
your computer will operate as if enhanced security were disabled.
If enhanced
security is enabled and you have set an administrator password, your computer will
operate as follows:
±
The contents of the security EEPROM (your administrator password and boot
sequence) will be protected from failure of the battery and CMOS memory.
±
The security EEPROM will be protected from unauthorized access because it
locks after your computer is turned on and the system programs have
completed their startup routine.
Once it is locked, the security EEPROM cannot
be read from or written to by any software application or system software until
the computer is turned off and back on again.
In a networking environment,
this might prevent certain functions from being performed remotely on your
computer.
There is an extra measure of protection for the system programs in your
computer.
Normally, the entire contents of the system programs EEPROM is
write protected with a
soft lock
.
A soft lock allows the POST/BIOS update
utility to function in a network environment.
Enhanced security adds a
hard
lock
.
With a hard lock, when your computer is turned on and the system
programs startup routine is completed, the POST/BIOS update utility is locked
and cannot be unlocked until the computer is turned off and back on again and
the administrator password is entered.
Note that, in a networking environment,
this prevents the system programs in your PC from being updated remotely.
Someone must be present at your computer to turn it on and off in order to
unlock the POST/BIOS update utility.
±
A tamper-detection feature will alert you if the cover of your computer has been
removed.
This feature will work if your computer is on or off when the cover
is removed.
If the cover has been removed, a prompt for your administrator
password will appear on the screen, and your PC will remain in a halted state
until your administrator password is entered.
Chapter
4.
Configuring Your Computer.
51