BIOS Users/Passwords, and One Step Log-On
There are currently three types of BIOS users:
BIOS administrator is created in F10 and includes the following privileges:
Manage other BIOS users
Full access to F10 BIOS policy and settings
Control F10 access of other users by setting security level
Unlock the system when other BIOS users fail the preboot authentication
BIOS users are created by BIOS administrator in F10 and are OS independent.
BIOS user privilege includes:
Use of BIOS password to authenticate and boot the BIOS
Use of BIOS password to access F10 based on permission setup by the
HP ProtectTools Users
ProtectTools users are created by the HP ProtectTools security solution from within
Windows. Users are registered in Windows and the user information and
communicated to both Full Volume Encryption and BIOS. This group of uses cannot
change their password in F10.
ProtectTools user privilege includes:
Use his/her Windows password and other security tokens to authenticate
and boot the BIOS and if enabled, can log all the way into Windows.
Use his/her Windows password to access F10 based on the permission
setup by the BIOS administrator
Pre-boot has been enhanced by combining security tokens (such as biometrics,
smart cards and passwords) and enablement of multi-user access. HP business
notebooks offer a range of pre-boot authentication solutions, allowing businesses
to provide an additional layer of protection against unauthorized access, including
attackers attempting to boot the system from a device other than the primary hard
Enhanced pre-boot security is an integral component of the overall authentication
process; user accounts created in Windows are also automatically made available
in the pre-boot environment. With multi-factor pre-boot authentication, once the
notebook is powered on, the end-user is required to provide a user name, then
authenticate using one or more factors (such as a password, a fingerprint swipe or
smart card). The notebook then logs the user all the way into Windows, a process
known as One-Step Logon.