Desktop Management Guide Business Desktops Document Part Number: 361202-001 May 2004 This guide provides definitions and instructions for using security and Intelligent Manageability features that are preinstalled on select models.
© Copyright 2004 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Microsoft and Windows are trademarks of Microsoft Corporation in the U.S. and other countries. The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty.
Contents Desktop Management Guide Initial Configuration and Deployment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 Remote System Installation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 Software Updating and Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 HP Client Manager Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Contents Drive Protection System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41 Surge-Tolerant Power Supply. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42 Thermal Sensor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42 Index iv www.hp.
Desktop Management Guide HP Intelligent Manageability provides standards-based solutions for managing and controlling desktops, workstations, and notebook PCs in a networked environment. HP pioneered desktop manageability in 1995 with the introduction of the industry’s first fully manageable desktop personal computers. HP is a patent holder of manageability technology.
Desktop Management Guide Initial Configuration and Deployment The computer comes with a preinstalled system software image. After a brief software “unbundling” process, the computer is ready to use. You may prefer to replace the preinstalled software image with a customized set of system and application software. There are several methods for deploying a customized software image. They include: ■ Installing additional software applications after unbundling the preinstalled software image.
Desktop Management Guide Remote System Installation Remote System Installation allows you to start and set up the system using the software and configuration information located on a network server by initiating the Preboot Execution Environment (PXE).
Desktop Management Guide Software Updating and Management HP provides several tools for managing and updating software on desktops and workstations—HP Client Manager Software, Altiris Client Management Solutions, System Software Manager; Proactive Change Notification; and Subscriber's Choice.
Desktop Management Guide ■ ■ ❏ Microsoft Windows XP Professional or Home Edition migration ❏ System deployment ❏ Personality migrations Help Desk and Problem Resolution ❏ Managing help desk tickets ❏ Remote troubleshooting ❏ Remote problem resolution ❏ Client disaster recovery Software and Operations Management ❏ Ongoing desktop management ❏ HP system SW deployment ❏ Application self-healing For more information and details on how to download a fully-functional 30-day evaluation versi
Desktop Management Guide are supported by SSM are denoted with a special icon on the driver download Web site and on the Support Software CD. To download the utility or to obtain more information on SSM, visit http://www.hp.com/go/ssm.
Desktop Management Guide ROM Flash The computer comes with a programmable flash ROM (read only memory). By establishing a setup password in the Computer Setup (F10) Utility, you can protect the ROM from being unintentionally updated or overwritten. This is important to ensure the operating integrity of the computer. Should you need or want to upgrade the ROM, you may: Ä ■ Order an upgraded ROMPaq diskette from HP. ■ Download the latest ROMPaq images from HP driver and support page, http://www.hp.
Desktop Management Guide HPQFlash The HPQFlash utility is used to locally update or restore the system ROM on individual PCs through a Windows operating system. For more information on HPQFlash, visit http://www.hp.com/support/files and enter the name of the computer when prompted. FailSafe Boot Block ROM The FailSafe Boot Block ROM allows for system recovery in the unlikely event of a ROM flash failure, for example, if a power failure were to occur during a ROM upgrade.
Desktop Management Guide 3. Turn on the computer. If no ROMPaq diskette or ROMPaq CD is found, you will be prompted to insert one and restart the computer. If a setup password has been established, the Caps Lock light will turn on and you will be prompted to enter the password. 4. Enter the setup password. If the system successfully starts from the diskette and successfully reprograms the ROM, then the three keyboard lights will turn on. A rising tone series of beeps also signals successful completion. 5.
Desktop Management Guide Replicating the Setup The following procedures give an administrator the ability to easily copy one setup configuration to other computers of the same model. This allows for faster, more consistent configuration of multiple computers. procedures require a diskette drive or a supported USB flash ✎ Both media device, such as an HP Drive Key. Copying to Single Computer Ä CAUTION: A setup configuration is model-specific.
Desktop Management Guide 8. Turn on the computer to be configured. 9. As soon as the computer is turned on, press and hold the F10 key until you enter Computer Setup. Press Enter to bypass the title screen, if necessary. 10. Click File > Replicated Setup > Restore from Removable Media, and follow the instructions on the screen. 11. Restart the computer when the configuration is complete. Copying to Multiple Computers Ä CAUTION: A setup configuration is model-specific.
Desktop Management Guide 5. As soon as the computer is turned on, press and hold the F10 key until you enter Computer Setup. Press Enter to bypass the title screen, if necessary. you do not press the F10 key at the appropriate time, you must ✎ Ifrestart the computer and press and hold the F10 key again to access the utility. If you are using a PS/2 keyboard, you may see a Keyboard Error message—disregard it. 6. If you are using a a diskette, insert it now. 7.
Desktop Management Guide Creating a Bootable Device Supported USB Flash Media Device Supported devices, such as an HP Drive Key or a DiskOnKey, have a preinstalled image to simplify the process of making them bootable. If the USB flash media device being used does not have this image, use the procedure later in this section (see “Unsupported USB Flash Media Device” on page 16). Ä CAUTION: Not all computers can be booted from a USB flash media device.
Desktop Management Guide ■ ❏ 64MB DiskOnKey ❏ 128MB HP Drive Key ❏ 128MB DiskOnKey ❏ 256MB HP Drive Key ❏ 256MB DiskOnKey A bootable DOS diskette with the FDISK and SYS programs. If SYS is not available, FORMAT may be used, but all existing files on the USB flash media device will be lost. 1. Turn off the computer. 2. Insert the USB flash media device into one of the computer's USB ports and remove all other USB storage devices except USB diskette drives. 3.
Desktop Management Guide 8. At the A:\ prompt, enter SYS x: where x represents the drive letter noted above. Ä CAUTION: Be sure that you have entered the correct drive letter for the USB flash media device. After the system files have been transferred, SYS will return to the A:\ prompt. Go to step 13. 9. Copy any files you want to keep from your USB flash media device to a temporary directory on another drive (for example, the system's internal hard drive). 10.
Desktop Management Guide Unsupported USB Flash Media Device Ä CAUTION: Not all computers can be booted from a USB flash media device. If the default boot order in the Computer Setup (F10) Utility lists the USB device before the hard drive, the computer can be booted from a USB flash media device. Otherwise, a bootable diskette must be used.
Desktop Management Guide 4. Plug in the power cord and turn on the computer. 5. As soon as the computer is turned on, press and hold the F10 key until you enter Computer Setup. Press Enter to bypass the title screen, if necessary. you do not press the F10 key at the appropriate time, you must ✎ Ifrestart the computer and press and hold the F10 key again to access the utility. If you are using a PS/2 keyboard, you may see a Keyboard Error message—disregard it. 6.
Desktop Management Guide 14. As soon as the computer is turned on, press and hold the F10 key until you enter Computer Setup. Press Enter to bypass the title screen, if necessary. 15. Go to Advanced > PCI Devices and re-enable the PATA and SATA controllers that were disabled in step 6. Put the SATA controller on its original IRQ. 16. Save the changes and exit. The computer will boot to the USB flash media device as drive C.
Desktop Management Guide Dual-State Power Button With Advanced Configuration and Power Interface (ACPI) enabled, the power button can function either as an on/off switch or as a standby button. The stand-by feature does not completely turn off power, but instead causes the computer to enter a low-power standby state. This allows you to power down quickly without closing applications and to return quickly to the same operational state without any data loss.
Desktop Management Guide World Wide Web Site HP engineers rigorously test and debug software developed by HP and third-party suppliers, and develop operating system specific support software, to ensure performance, compatibility, and reliability for HP computers. When making the transition to new or revised operating systems, it is important to implement the support software designed for that operating system.
Desktop Management Guide Asset Tracking and Security Asset tracking features incorporated into the computer provide key asset tracking data that can be managed using HP Systems Insight Manager, HP Client Manager or other system management applications. Seamless, automatic integration between asset tracking features and these products enables you to choose the management tool that is best suited to the environment and to leverage the investment in existing tools.
Desktop Management Guide The following table and sections refer to managing security features of the computer locally through the Computer Setup (F10) Utilities. Security Features Overview Option Setup Password Description Allows you to set and enable setup (administrator) password. ✎ If the setup password is set, it is required to change Computer Setup options, flash the ROM, and make changes to certain plug and play settings under Windows.
Desktop Management Guide Security Features Overview (Continued) Option Embedded Security Description Allows you to: • Enable/disable the Embedded Security device. • Reset the device to Factory Settings. This feature is supported on select models only. See HP ProtectTools Embedded Security Guide, on the Documentation CD for more information.
Desktop Management Guide Security Features Overview (Continued) Option DriveLock Description Allows you to assign or modify a master or user password for MultiBay hard drives (not supported on SCSI hard drives). When this feature is enabled, the user is prompted to provide one of the DriveLock passwords during POST. If neither is successfully entered, the hard drive will remain inaccessible until one of the passwords is successfully provided during a subsequent cold-boot sequence.
Desktop Management Guide Security Features Overview (Continued) Option Save Master Boot Record Description Saves a backup copy of the Master Boot Record of the current bootable disk. Only appears if MBR Security is enabled. Restore Master Boot Record Restores the backup Master Boot Record to the current bootable disk. ✎ Only appears if all of the following conditions are true: • MBR Security is enabled. • A backup copy of the MBR has been previously saved.
Desktop Management Guide Password Security The power-on password prevents unauthorized use of the computer by requiring entry of a password to access applications or data each time the computer is turned on or restarted. The setup password specifically prevents unauthorized access to Computer Setup, and can also be used as an override to the power-on password. That is, when prompted for the power-on password, entering the setup password instead will allow access to the computer.
Desktop Management Guide Establishing a Power-On Password Using Computer Setup Establishing a power-on password through Computer Setup prevents access to the computer when power is turned on, unless the password is entered. When a power-on password is set, Computer Setup presents Password Options under the Security menu. Password options include Password Prompt on Warm Boot. When Password Prompt on Warm Boot is enabled, the password must also be entered each time the computer is rebooted. 1.
Desktop Management Guide If you enter the password incorrectly, a broken key icon appears. Try again. After three unsuccessful tries, you must turn off the computer, then turn it on again before you can continue. Entering a Setup Password If the system is equipped with an embedded security device, refer to HP ProtectTools Embedded Security Guide, on the Documentation CD. If a setup password has been established on the computer, you will be prompted to enter it each time you run Computer Setup. 1.
Desktop Management Guide Changing a Power-On or Setup Password If the system is equipped with an embedded security device, refer to HP ProtectTools Embedded Security Guide, on the Documentation CD. 1. Turn on or restart the computer. If you are in Windows, click Start > Shut Down > Restart the Computer. 2. To change the Power-On password, go to step 3. To change the Setup password, as soon as the computer is turned on, press and hold the F10 key until you enter Computer Setup.
Desktop Management Guide Deleting a Power-On or Setup Password If the system is equipped with an embedded security device, refer to HP ProtectTools Embedded Security Guide, on the Documentation CD. 1. Turn on or restart the computer. If you are in Windows, click Start > Shut Down > Restart the Computer. 2. To delete the Power-On password, go to step 3. To delete the Setup password, as soon as the computer is turned on, press and hold the F10 key until you enter Computer Setup.
Desktop Management Guide National Keyboard Delimiter Characters Each keyboard is designed to meet country-specific requirements. The syntax and keys that you use to change or delete the password depend on the keyboard that came with the computer. National Keyboard Delimiter Characters Arabic / Greek - Russian / Belgian = Hebrew .
Desktop Management Guide DriveLock DriveLock is an industry-standard security feature that prevents unauthorized access to the data on MultiBay hard drives. DriveLock has been implemented as an extension to Computer Setup. It is only available when DriveLock-capable hard drives are detected. DriveLock is intended for HP customers for whom data security is the paramount concern.
Desktop Management Guide password. Otherwise, the user will be prompted to enter a DriveLock password. Either the master or the user password may be used. Users will have two attempts to enter a correct password. If neither attempt succeeds, POST will continue but the drive will remain inaccessible. DriveLock Applications The most practical use of the DriveLock security feature is in a corporate environment where a system administrator provides users with MultiBay hard drives for use in some computers.
Desktop Management Guide Smart Cover Sensor CoverRemoval Sensor, available on select models, is a combination of hardware and software technology that can alert you when the computer cover or side panel has been removed. There are three levels of protection, as described in the following table. Smart Cover Sensor Protection Levels Level Setting Description Level 0 Disabled Smart Cover Sensor is disabled (default).
Desktop Management Guide Setting the Smart Cover Sensor Protection Level To set the Smart Cover Sensor protection level, complete the following steps: 1. Turn on or restart the computer. If you are in Windows, click Start > Shut Down > Restart. 2. As soon as the computer is turned on, press and hold the F10 key until you enter Computer Setup. Press Enter to bypass the title screen, if necessary.
Desktop Management Guide Locking the Smart Cover Lock To activate and lock the Smart Cover Lock, complete the following steps: 1. Turn on or restart the computer. If you are in Windows, click Start > Shut Down > Restart. 2. As soon as the computer is turned on, press and hold the F10 key until you enter Computer Setup. Press Enter to bypass the title screen, if necessary.
Desktop Management Guide Using the Smart Cover FailSafe Key If you enable the Smart Cover Lock and cannot enter the password to disable the lock, you will need a Smart Cover FailSafe Key to open the computer cover. You will need the key in any of the following circumstances: Ä ■ Power outage ■ Startup failure ■ PC component failure (such as processor or power supply) ■ Forgotten password CAUTION: The Smart Cover FailSafe Key is a specialized tool available from HP.
Desktop Management Guide Master Boot Record Security The Master Boot Record (MBR) contains information needed to successfully boot from a disk and to access the data stored on the disk. Master Boot Record Security detects and reports unintentional or malicious changes to the MBR, such as those caused by some computer viruses or by the incorrect use of certain disk utilities. It also allows you to recover the “last known good” MBR, should changes to the MBR be detected when the system is restarted.
Desktop Management Guide Each time the computer is turned on or restarted, the BIOS compares the MBR of the current bootable disk to the previously saved MBR. If changes are detected and if the current bootable disk is the same disk from which the MBR was previously saved, the following message is displayed: 1999—Master Boot Record has changed. Press any key to enter Setup to configure MBR Security.
Desktop Management Guide Before You Partition or Format the Current Bootable Disk Ensure that MBR Security is disabled before you change partitioning or formatting of the current bootable disk. Some disk utilities, such as FDISK and FORMAT, attempt to update the MBR. If MBR Security is enabled when you change partitioning or formatting of the disk, you may receive error messages from the disk utility or a warning from MBR Security the next time the computer is turned on or restarted.
Desktop Management Guide Fingerprint Identification Technology Eliminating the need to enter user passwords, HP Fingerprint Identification Technology tightens network security, simplifies the login process, and reduces the costs associated with managing corporate networks. Affordably priced, it is not just for high-tech, high-security organizations anymore. ✎ Support for Fingerprint Identification Technology varies by model. For more information, visit: http://h18004.www1.hp.com/products/security/.
Desktop Management Guide Surge-Tolerant Power Supply An integrated surge-tolerant power supply provides greater reliability when the computer is hit with an unpredictable power surge. This power supply is rated to withstand a power surge of up to 2000 volts without incurring any system downtime or data loss. Thermal Sensor The thermal sensor is a hardware and software feature that tracks the internal temperature of the computer.
Index A D access to computer, controlling 21 Altiris 4 asset tracking 21 deleting password 30 delimiter characters, table 31 deployment tools, software 2 diagnostic tool for hard drives 41 disk, cloning 2 DiskOnKey see also HP Drive Key bootable 13 to 18 drive, protecting 41 Drivelock 32 to 33 dual-state power button 19 B bootable device creating 13 to 18 DiskOnKey 13 to 18 HP Drive Key 13 to 18 USB flash media device 13 to 18 bootable disk, important information 40 C cable lock provision 40 cautions c
Index keyboard delimiter characters, national 31 keyboard lights, ROM, table 9 power-on password changing 29 deleting 30 entering 27 Preboot Execution Environment (PXE) 3 preinstalled software image 2 Proactive Change Notification (PCN) 6 protecting hard drive 41 protecting ROM, caution 7 PXE (Preboot Execution Environment) 3 L R locking Smart Cover Lock 36 recovering system 8 recovery, software 2 Remote ROM Flash 7 remote setup 3 Remote System Installation, accessing 3 ROM invalid 8 keyboard lights,
Index setting 26 Smart Cover FailSafe Key, ordering 37 Smart Cover Lock 35 to 37 locking 36 unlocking 36 Smart Cover Sensor 34 protection levels 34 setting 35 software asset tracking 21 Computer Setup Utilities 10 Drive Protection System 41 FailSafe Boot Block ROM 8 Fault Notification and Recovery 41 integration 2 Master Boot Record Security 38 to 39 recovery 2 Remote ROM Flash 7 Remote System Installation 3 System Software Manager 6 updating multiple machines 6 SSM (System Software Manager) 5 surge-tolera
