HP 6930p - EliteBook - Core 2 Duo 2.8 GHz User Manual page 98

Software Impacted—
Short description
an error is returned when
closing the Security
Manager interface.
HP ProtectTools—
Unrestricted access or
uncontrolled administrator
privileges pose security
risk.
The BIOS and OS
Embedded Security
passwords are out of
synch.
Only one user can log on
to the system after TPM
preboot authentication is
enabled in BIOS.
The user has to change
their PIN to make TPM
preboot work after a TPM
factory reset.
Power-on
authentication support
is not set to default using
Embedded Security
Reset to Factory
Settings
92 Chapter 9 Troubleshooting
Details
upper right of the screen to close
Security Manager before all plug-in
applications have finished loading.
Numerous risks are possible with
unrestricted access to the client PC,
including the following:
●
Deletion of PSD
● Malicious modification of user
settings
●
Disabling of security policies and
functions
If a user does not validate a new
password as the BIOS Embedded
Security password, the BIOS Embedded
Security password reverts back to the
original embedded security password
through f10 BIOS.
The TPM BIOS PIN is associated with
the first user who initializes the user
setting. If a computer has multiple users,
the first user is, in essence, the
administrator. The first user will have to
give his TPM user PIN to other users to
use to log on.
The user has to change their PIN or
create another user to initialize their user
setting to make TPM BIOS
authentication work after reset. There is
no option to make TPM BIOS
authentication work.
In Computer Setup, the Power-on
authentication support option is not
being reset to factory settings when
using the Embedded Security Device
option Reset to Factory Settings. By
default, Power-on authentication
support is set to Disable.
Solution
Manager. Since PTHOST.exe is the shell housing the
other applications (plug-ins), it depends on the ability of
the plug-in to complete its load time (services). Closing
the shell before the plug-in has had time to complete
loading is the root cause.
Allow Security Manager to complete the services
loading message (seen at top of Security Manager
window) and all plug-ins listed in left column. To avoid
failure, allow a reasonable time for these plug-ins to
load.
Administrators are encouraged to follow "best
practices" in restricting end-user privileges and
restricting user access.
Unauthorized users should not be granted
administrative privileges.
This is functioning as designed; these passwords can
be re-synchronized by changing the OS Basic User
password and authenticating it at the BIOS Embedded
Security password prompt.
This is functioning as designed; HP recommends that
the customer's IT department follow good security
policies for rolling out their security solution and
ensuring that the BIOS administrator password is
configured by IT administrators for system level
protection.
This is as designed; the factory reset clears the Basic
User Key. The user must change his user PIN or create
a new user to re-initialize the Basic User Key.
The Reset to Factory Settings option disables
Embedded Security Device, which hides the other
Embedded Security options (including Power-on
authentication support). However, after reenabling
Embedded Security Device, Power-on authentication
support remains enabled.
HP is working on a resolution, which will be provided in
future Web-based ROM SoftPaq offerings.