Manualshelf

HP Z230 Workstation - Maintenance and Service Guide

ManualsBrandsHP ManualsDesktopsHP Z230 Small Form Factor Workstation
51525354555657585960
DriveLock applications
The most practical use of DriveLock is in a corporate environment. The system administrator would be
responsible for configuring the hard drive, which involves setting the DriveLock master password and a
temporary user password. If you forget the user password or if the equipment is passed on to another
employee, the master password can be used to reset the user password and regain access to the hard drive.
HP recommends that corporate system administrators who enable DriveLock also establish a corporate
policy for setting and maintaining master passwords. This should be done to prevent a situation where an
employee sets both DriveLock passwords before leaving the company. In such a scenario, the hard drive is
unusable and requires replacement. Likewise, by not setting a master password, system administrators
might find themselves locked out of a hard drive and unable to perform routine checks for unauthorized
software, other asset control functions, and support.
For users with less stringent security requirements, HP does not recommend enabling DriveLock. Users in
this category include personal users, or users who do not maintain sensitive data on their hard drives as a
common practice. For these users, the potential loss of a hard drive resulting from forgetting both passwords
is much greater than the value of the data DriveLock protects.
Access to Computer Setup (f10) Utility and DriveLock can be restricted through the setup password. By
specifying a setup password and not giving it to users, system administrators can restrict users from
enabling DriveLock.
Using DriveLock
When hard drives that support the ATA security command set are detected, DriveLock appears under the
Security menu in the Computer Setup (f10) Utility menu. You are presented with options to set the master
password and to enable DriveLock. You must provide a user password to enable DriveLock. Because the
initial configuration of DriveLock is typically performed by a system administrator, a master password should
be set first.
HP encourages system administrators to set a master password whether they plan to enable DriveLock or
not. This gives the administrator the ability to modify DriveLock settings if the drive is locked in the future.
After the master password is set, the system administrator can enable DriveLock or leave it disabled.
If a locked hard drive is present, POST requires a password to unlock the device. If a power-on password is
set and it matches the device’s user password, POST does not prompt the user to re-enter the password.
Otherwise, the user is prompted to enter a DriveLock password.
For a cold start, use the master or user password. For a warm start, enter the same password used to unlock
the drive during the preceding cold start.
Users have two attempts to enter a correct password. During cold start, if neither attempt succeeds, POST
continues but the drive remains inaccessible. During a warm-start or restart from Windows, if neither
attempt succeeds, POST halts and the user is instructed to cycle power.
44 Chapter 2 System management