Desktop Management Guide Business PCs
© Copyright 2008 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Microsoft, Windows, and Windows Vista are either trademarks or registered trademarks of Microsoft Corporation in the United States and/or other countries. Intel and vPro are trademarks of Intel Corporation in the U.S. and other countries. The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services.
About This Book This guide provides definitions and instructions for using security and manageability features that are preinstalled on some models. WARNING! Text set off in this manner indicates that failure to follow directions could result in bodily harm or loss of life. CAUTION: Text set off in this manner indicates that failure to follow directions could result in damage to equipment or loss of information. NOTE: Text set off in this manner provides important supplemental information.
iv About This Book ENWW
Table of contents 1 Desktop Management Overview 2 Initial Configuration and Deployment HP Software Agent ............................................................................................................................... 3 Altiris Deployment Solution Agent ........................................................................................................ 3 3 Remote System Installation 4 Software Updating and Management HP Client Management Interface ........................................
Copying to Multiple Computers .......................................................................................................... 18 Creating a Bootable Device ................................................................................................................ 19 Supported USB Flash Media Device ................................................................................. 19 Unsupported USB Flash Media Device ............................................................................
1 Desktop Management Overview HP Client Management Solutions provides standards-based solutions for managing and controlling desktops, workstations, and notebook PCs in a networked environment. HP pioneered desktop manageability in 1995 with the introduction of the industry’s first fully manageable desktop personal computers. HP is a patent holder of manageability technology.
2 Initial Configuration and Deployment The computer comes with a preinstalled system software image. After a brief software “unbundling” process, the computer is ready to use. You may prefer to replace the preinstalled software image with a customized set of system and application software. There are several methods for deploying a customized software image. They include: ● Installing additional software applications after unbundling the preinstalled software image.
HP Software Agent The management agent used by both HP Client Automation Standard and Enterprise Editions is preloaded on the computer. When installed, it enables communication with the HP management console. To install the HP Software Agent: 1. Click Start. 2. Click All Programs. 3. Click HP Manageability. 4. Click Radia Management Agent Readme. 5. Review and follow the instructions contained in the Readme file to install the HP Software Agent.
3 Remote System Installation Remote System Installation allows you to start and set up the system using the software and configuration information located on a network server by initiating the Preboot Execution Environment (PXE).
4 Software Updating and Management HP provides several tools for managing and updating software on desktops, workstations, and notebooks: ● HP Client Management Interface ● HP SoftPaq Download Manager ● HP System Software Manager ● HP ProtectTools Security Manager ● HP Client Automation Starter, Standard, and Enterprise Editions ● HP Client Manager from Symantec ● Altiris Client Management Suite ● HP Client Catalog for Microsoft System Center & SMS Products ● HP Backup and Recovery Manage
HP Client Management Interface is based on industry standards that include Microsoft Windows Management Interface (MS WMI), Web-Based Enterprise Management (WBEM), System Management BIOS (SMBIOS), and Advanced Configuration and Power Interface (ACPI). HP CMI is a foundation technology utilized in HP Client Management Solutions. With HP CMI, HP gives you flexibility in choosing how you manage your HP client computers.
HP System Software Manager HP System Software Manager (SSM) is a free utility that automates remote deployment of device drivers and BIOS updates for your networked HP business PCs. When SSM runs, it silently (without user interaction) determines the revision levels of drivers and BIOS installed on each networked client system and compares this inventory against system software SoftPaqs that have been tested and stored in a central file store.
HP Client Automation Starter and Standard Editions HP Client Automation is a hardware and software management solution for Windows Vista, Windows XP and HP Thin Client environments that is easy to use and quick to deploy, while providing a strong foundation for future requirements.
HP Client Manager from Symantec HP Client Manager from Symantec, developed with Altiris, is available free for all supported HP business desktop, notebook, and workstation models. SSM is integrated into HP Client Manager, and enables central tracking, monitoring, and management of the hardware aspects of HP client systems.
Altiris Client Management Suite Altiris Client Management Suite is an easy-to-use solution for full life-cycle software management of desktops, notebooks, and workstations.
HP Backup and Recovery Manager The HP Backup and Recovery Manager is an easy-to-use, versatile application that allows you to back up and recover the primary hard drive on the PC. The application works within Windows to create backups of Windows, all applications, and all data files. Backups can be scheduled to occur automatically at designated intervals, or they can be initiated manually. Important files can be archived separately from regular backups.
Management Technology Models include either vPro technology or standard technology. Both allow for better discovery, healing, and protection of networked computing assets. Both technologies allow PCs to be managed whether the system is on, off, or the operating system is hung.
This hot-key enters the Intel Management Engine BIOS Execution (MEBx) setup utility. This utility allows the user to configure various aspects of the management technology.
Verdiem Surveyor Verdiem Surveyor is a software solution that helps manage PC energy costs. Surveyor measures and reports how much energy each PC consumes. It also provides control over PC power settings enabling administrators to easily implement energy saving strategies across their networks. An HP SoftPaq containing the Surveyor agent may be downloaded from the HP Support site and installed on supported commercial desktop models.
5 ROM Flash The computer's BIOS is stored in a programmable flash ROM (read only memory). By establishing a setup password in the Computer Setup (F10) Utility, you can protect the ROM from being unintentionally updated or overwritten. This is important to ensure the operating integrity of the computer. Should you need or want to upgrade the BIOS, you may download the latest BIOS images from the HP driver and support page, http://www.hp.com/support/files.
6 Boot Block Emergency Recovery Mode Boot Block Emergency Recovery Mode permits system recovery in the unlikely event of a ROM flash failure. For example, if a power failure were to occur during a BIOS upgrade, the ROM flash would be incomplete. This would render the system BIOS unusable. The Boot Block is a flash-protected section of the ROM that contains code that checks for a valid system BIOS image when the system is turned on. ● If the system BIOS image is valid, the system starts normally.
7 Replicating the Setup The following procedures give an administrator the ability to easily copy one setup configuration to other computers of the same model. This allows for faster, more consistent configuration of multiple computers. NOTE: Both procedures require a diskette drive or a supported USB flash drive. Copying to Single Computer CAUTION: A setup configuration is model-specific. File system corruption may result if source and target computers are not the same model.
Copying to Multiple Computers CAUTION: A setup configuration is model-specific. File system corruption may result if source and target computers are not the same model. For example, do not copy the setup configuration from a dc7xxx PC to a dx7xxx PC. This method takes a little longer to prepare the configuration diskette or USB flash media device, but copying the configuration to target computers is significantly faster.
Creating a Bootable Device Supported USB Flash Media Device Supported devices have a preinstalled image to simplify the process of making them bootable. All HP or Compaq and most other USB flash media devices have this preinstalled image. If the USB flash media device being used does not have this image, use the procedure later in this section (see Unsupported USB Flash Media Device on page 20).
10. At the A:\ prompt, enter FORMAT /S X: where X represents the drive letter noted before. CAUTION: Be sure that you have entered the correct drive letter for the USB flash media device. FORMAT will display one or more messages and ask you each time whether you want to proceed. Enter Y each time. FORMAT will format the USB flash media device, add the system files, and ask for a Volume Label. 11. Press Enter for no label or enter one if desired. 12.
6. Go to Advanced > PCI Devices to disable both the PATA and SATA controllers. When disabling the SATA controller, note the IRQ to which the controller is assigned. You will need to reassign the IRQ later. Exit setup, confirming the changes. SATA IRQ: __________ 7. Insert a bootable DOS diskette with FDISK.COM and either SYS.COM or FORMAT.COM into a diskette drive and turn on the computer to boot to the DOS diskette. 8. Run FDISK and delete any existing partitions on the USB flash media device.
8 Dual-State Power Button With Advanced Configuration and Power Interface (ACPI) enabled, the power button can function either as an on/off switch or as a standby button. The standby feature does not completely turn off power, but instead causes the computer to enter a low-power standby state. This allows you to power down quickly without closing applications and to return quickly to the same operational state without any data loss.
9 HP Web Site Support HP engineers rigorously test and debug software developed by HP and third-party suppliers, and develop operating system specific support software, to ensure performance, compatibility, and reliability for HP computers. When making the transition to new or revised operating systems, it is important to implement the support software designed for that operating system.
10 Industry Standards HP management solutions integrate with other systems management applications, and are based on industry standards, such as: 24 ● Web-Based Enterprise Management (WBEM) ● Windows Management Interface (WMI) ● Wake on LAN Technology ● ACPI ● SMBIOS ● Pre-boot Execution (PXE) support Chapter 10 Industry Standards ENWW
11 Asset Tracking and Security Asset tracking features incorporated into the computer provide key asset tracking data that can be managed using HP Systems Insight Manager, HP Client Manager, HP Configuration Management Solution, HP Client Configuration Manager, or other system management applications.
Table 11-1 Security Features Overview (continued) NOTE: This password does not appear on warm boots , such as Ctrl+Alt+Delete or Restart from Windows, unless enabled in Password Options (see below). Password Options Allows you to: (This selection appears only if a power-on password or setup password is set.
Table 11-1 Security Features Overview (continued) System IDs DriveLock Security Allows you to set: ● Asset tag (18-byte identifier), a property identification number assigned by the company to the computer. ● Ownership tag (80-byte identifier) displayed during POST. ● Chassis serial number or Universal Unique Identifier (UUID) number. The UUID can only be updated if the current chassis serial number is invalid.
Table 11-1 Security Features Overview (continued) requires turning the computer off and then back on. This option allows the user to limit OS control of the Embedded Security Device. ● Reset of Embedded Security Device through OS (some models) (enable/disable) - This option allows the user to limit the operating system ability to request a Reset to Factory Settings of the Embedded Security Device. Changing this setting requires turning the computer off and then back on.
3. Select Security, then select Setup Password and follow the instructions on the screen. 4. Before exiting, click File > Save Changes and Exit. Establishing a Power-On Password Using Computer Setup Establishing a power-on password through Computer Setup prevents access to the computer when power is turned on, unless the password is entered. When a power-on password is set, Computer Setup presents Password Options under the Security menu. Password options include Password Prompt on Warm Boot.
If you enter the password incorrectly, a broken key icon appears. Try again. After three unsuccessful tries, you must turn off the computer, then turn it on again before you can continue. Changing a Power-On or Setup Password If the system is equipped with an embedded security device, refer to the HP ProtectTools Security Manager Guide at http://www.hp.com. 1. Turn on or restart the computer. If you are in Windows, click Start > Shut Down > Restart the Computer. 2.
NOTE: Refer to National Keyboard Delimiter Characters on page 31 for information about the alternate delimiter characters. The power-on password and setup password may also be changed using the Security options in Computer Setup. National Keyboard Delimiter Characters Each keyboard is designed to meet country-specific requirements. The syntax and keys that you use to change or delete the password depend on the keyboard that came with the computer.
Using DriveLock When one or more hard drives that support the ATA Security command set are detected, the DriveLock option appears under the Security menu in Computer Setup. The user is presented with options to set the master password or to enable DriveLock. A user password must be provided in order to enable DriveLock. Since the initial configuration of DriveLock is typically performed by a system administrator, a master password should be set first.
Smart Cover Sensor Cover Removal Sensor, available on some models, is a combination of hardware and software technology that can alert you when the computer cover or side panel has been removed. There are three levels of protection, as described in the following table. Table 11-2 Smart Cover Sensor Protection Levels Level Setting Description Level 0 Disabled Smart Cover Sensor is disabled (default).
Locking the Smart Cover Lock To activate and lock the Smart Cover Lock, complete the following steps: 1. Turn on or restart the computer. If you are in Windows, click Start > Shut Down > Restart. 2. As soon as the computer is turned on, press F10 before the computer boots to the operating system to enter Computer Setup. Press Enter to bypass the title screen, if necessary.
Cable Lock Provision The rear panel of the computer (some models) accommodates a cable lock so that the computer can be physically secured to a work area. For illustrated instructions, please see the Hardware Reference Guide. Fingerprint Identification Technology Eliminating the need to enter user passwords, HP Fingerprint Identification Technology tightens network security, simplifies the login process, and reduces the costs associated with managing corporate networks.
Index A access to computer, controlling 25 Altiris AClient 3 Client Management Suite 10 Deployment Solution Agent 3 asset tracking 25 B Backup and Recovery Manager 11 BIOS Boot Block Emergency Recovery Mode 16 HPQFlash 15 Remote ROM Flash 15 Boot Block Emergency Recovery Mode 16 bootable device creating 19 USB flash media device 19 C cable lock provision 35 change notification 14 changing operating systems, support 23 changing password 30 clearing password 31 Client Management Interface 5 Client Manager fr
entering 29 setting 29 Preboot Execution Environment (PXE) 4 preinstalled software image 2 Proactive Change Notification (PCN) 14 protecting hard drive 35 ProtectTools Security Manager 7 PXE (Preboot Execution Environment) 4 R Recovery Mode, Boot Block Emergency 16 recovery, software 2 Remote ROM Flash 15 remote setup 4 Remote System Installation 4 retired solutions 14 ROM flash 15 S security cable lock 35 DriveLock 31 features, table 25 fingerprint identification technology 35 password 28 ProtectTools Secu
