Setup Password
|
Allows to set and enable a setup (administrator) password.
note:
If the setup password is set, it is required to change Computer Setup options, flash the
ROM, and make changes to certain plug and play settings under Windows
|
Power-On
Password
|
Allows to set and enable a power-on password. The power-on password prompt appears after
a power cycle or reboot. If the user does not enter the correct power-on password, the unit will not
boot.
|
Password Options(This selection appears
only if a power-on
password or setup
password is set.)
|
Allows to enable/disable:
-
Lock Legacy Resources (determines whether or not Windows Device Manager is allowed to
change resource settings for serial and parallel ports).
-
Setup Browse Mode (appears if a setup password is set) (allows viewing, but not changing,
the F10 Setup Options without entering setup password). Default is enabled.
-
Password prompt on F9, F11 & F12 (requires setup password to use these boot functions).
Default is enabled.
-
Network Server Mode. Default is disabled.
-
Stringent Password (enabling the stringent password disables the ability to reset the password
by moving the jumper on the system board). Default is disabled.
caution:
If you enable the stringent security feature and you forget the setup password or
the power-on password, the computer is inaccessible and can no longer be used.
If you lose or forget the password, the system board must be replaced. This scenario is not
covered under warranty.
To prevent the computer from becoming permanently unusable, record your configured setup
password or power-on password in a safe place away from your computer. Without these
passwords, the computer cannot be unlocked.
|
Device Security
|
Allows to set Device Available/Device Hidden (default is Device Available) for:
|
USB Security
|
Allows to set Enabled/Disabled (default is Enabled) for:
-
Front USB Ports
-
Rear USB Ports
-
Accessory USB Ports
|
Slot Security
|
Allows to disable any PCI Express slot. Default is enabled.
|
Network Boot
|
Enables/disables the computer’s ability to boot from an operating system installed on a network
server. (Feature available on NIC models only; the network controller must be either a PCI
expansion card or embedded on the system board.) Default is enabled.
|
System IDs
|
Allows to set:
-
Asset tag (18-byte identifier), a property identification number assigned by the company to the
computer.
-
Ownership tag (80-byte identifier) displayed during POST.
-
Universal Unique Identifier (UUID) number. The UUID can only be updated if the current
chassis serial number is invalid. (These ID numbers are normally set in the factory and are used
to uniquely identify the system.)
-
Keyboard Layout (language).
|
Master Boot Record
Security
|
Enables/disables Master Boot Record (MBR) security.
The MBR contains information needed to successfully boot from a disk and to access the data stored
on the disk. Master Boot Record Security may prevent unintentional or malicious changes to the
MBR, such as those caused by some viruses or by the incorrect use of certain disk utilities. It also
allows you to recover the "last known good" MBR, should changes to the MBR be detected when
the system is restarted.
When MBR Security is enabled, the BIOS prevents any changes being made to the MBR of the
current bootable disk while in MS-DOS or Windows Safe Mode.
note:
Most operating systems control access to the MBR of the current bootable disk; the BIOS
cannot prevent changes that may occur while the operating system is running.
Restores the backup Master Boot Record to the current bootable disk. Default is disabled.
Only appears if all of the following conditions are true:
caution:
Restoring a previously saved MBR after a disk utility or operating system has modified
the MBR, may cause the data on the disk to become inaccessible. Only restore a previously saved
MBR if you are confident that the current bootable disk's MBR has been corrupted or infected with a
virus.
|
System Security
(these options are
hardware dependent)
|
Data Execution Prevention (enable/disable) - Helps prevent operating system security breaches.
Default is enabled.
Virtualization Technology (VTx) (enable/disable) - Controls the virtualization features of the
processor. Changing this setting requires turning the computer off and then back on. Default is
disabled.
Virtualization Technology Directed I/O (VTd) (enable/disable) - Controls virtualization DMA
remapping features of the chipset. Changing this setting requires turning the computer off and then
back on. Default is disabled.
Button Retask Password Protection (enable/disable) - Controls whether or not the Setup password
must be provided to WMI methods used to re-task the function of the side panel buttons.
|
DriveLock Security
|
Allows you to assign or modify a master or user password for hard drives. When this feature is
enabled, the user is prompted to provide one of the DriveLock passwords during POST. If neither is
successfully entered, the hard drive will remain inaccessible until one of the passwords is
successfully provided during a subsequent cold-boot sequence.
note:
This selection will only appear when at least one drive that supports the DriveLock feature
is attached to the system.
|
Secure Boot
Configuration
|
This is a feature of Windows 8.
-
Legacy Support: Enable/Disable. Allows to turn off all legacy support on the computer,
including booting to DOS, running legacy graphics cards, booting to legacy devices, and so
on. If set to disable, legacy boot options in Storage > Boot Order are not displayed.
Default is enabled.
-
Secure Boot: Enable/Disable. Allows to make sure an operating system is legitimate
before booting to it, making Windows resistant to malicious modification from preboot to full
OS booting, preventing firmware attacks. UEFI and Windows Secure Boot only allow code
signed by pre-approved digital certificates to run during the firmware and OS boot process.
Default is disabled, except for Windows 8 systems which have this setting enabled. Secure
Boot enabled also sets Legacy Support to disabled.
-
Key Management: This option manages the custom key settings.
-
Clear Secure Boot Keys: Do not Clear/Clear. Allows to delete any previously loaded
custom boot keys. Default is Do not Clear.
-
Key Ownership: HP Keys/Custom Keys. Selecting Custom Mode allows to modify
the contents of the secure boot signature databases and the platform key (PK) that verifies
kernels during system start up, allowing you to use alternative operating systems.
Selecting HP Keys causes the computer boot using the preloaded HP-specific boot keys.
Default is HP Keys.
-
Fast Boot: Enable/Disable. Fast boot disables the ability to interrupt boot, such as pressing f
keys to access items before the operating system loads. Default is disabled.
note:
If Windows 8 detects a serious error, it will interrupt the boot process automatically
and display advanced boot options.
From Windows 8, press Shift and select Restart to access the screen that lets you
boot to a device or troubleshoot your computer.
|