User Guide HP Sure Admin
© Copyright 2019 HP Development Company, L.P. Apple is a trademark of Apple Computer, Inc., registered in the U.S. and other countries. Google Play is a trademark of Google LLC. Confidential computer software. Valid license from HP required for possession, use or copying. Consistent with FAR 12.211 and 12.212, Commercial Computer Software, Computer Software Documentation, and Technical Data for Commercial Items are licensed to the U.S. Government under vendor's standard commercial license.
Table of contents 1 Getting started ............................................................................................................................................. 1 Using HP Sure Admin ............................................................................................................................................. 1 Disabling HP Sure Admin .......................................................................................................................................
iv
1 Getting started HP Sure Admin enables IT administrators to securely manage sensitive device firmware settings using certificates and public key cryptography for both remote and local management of settings instead of a password. HP Sure Admin consists of the following pieces: ● Target PC: The platforms to manage that support Enhanced BIOS Authentication Mode.
2 Creating and managing keys Complete Security provisioning within MIK prior to enabling Enhanced BIOS Authentication Mode. Enhanced BIOS Authentication Mode must be enabled to create and export keys. To enable BIOS Authentication Mode: ▲ Open the HP Sure Admin plug-in and select Enhanced BIOS Authentication Mode to create and export keys.
5. Select Next. The summary page displays the HP Sure Admin settings that you entered. 6. Select Save Policy. NOTE: The policy saves when a message “Saved successfully” appears. 7. Navigate to the folder where you saved the key and distribute it to the HP Sure Admin phone app user using a method that is available to that user on that device such as email. This user will also need the passphrase to import the key. HP recommends to use different distribution mechanisms for the key and the passphrase.
6. Select Browse, and choose where to export the path in the system. 7. Select Create Key. NOTE: Your key is successfully added to the specified OneDrive folder and exported to the specified local folder when a notification icon appears next to the Create Key button with the message Key successfully created. 8. Select Next. The summary page displays HP Sure Admin settings that you entered. 9. Select Save Policy. NOTE: The policy saves when a message Saved successfully appears.
3 Phone setup Download the HP Sure Admin phone app from either Google Play or Apple store. ● Download HP Sure Admin from the Google store for Android phones. ● Download HP Sure Admin from the Apple store for iOS phones. Using HP Sure Admin phone app to unlock BIOS The HP Sure Admin mobile app replaces use of the BIOS password for local access to BIOS setup by providing a one-time PIN obtained by scanning the QR code presented by the target machine.
Table 3-1 Error Codes 6 Error code Description 100 General error. 101 Unable to read QR Code json. Either the string is not a valid json or the data is invalid. 102 QR Code image scanned is invalid. Unable to read QR Code image file. 103 QR Code image scanned is invalid. The image file does not have json payload. 104 Unable to read QR Code json. Either the string is not a valid json or the data in the QR image is invalid.
