Clearing Passwords; Drivelock - HP xw4600 Service And Technical Reference Manual

Clearing passwords

If you forget your password, you cannot access the workstation. See
on page 149

DriveLock

WARNING!
password is lost or forgotten. No method exists to recover the password or access the data.
DriveLock uses an industry-standard security feature that prevents unauthorized access to the data on
an ATA hard drive. DriveLock has been implemented as an extension to Computer Setup (F10)
functions. It is only available when hard drives that support the ATA security command set are detected.
On HP workstations, it is not available when the SATA emulation mode is RAID+AHCI or RAID.
DriveLock is intended for HP customers for whom data security is a paramount concern. For such
customers, the cost of a hard drive and the loss of the data stored on it is inconsequential when compared
to the damage that could result from unauthorized access to its contents.
In order to balance this level of security with the practical need to address the issue of a forgotten
password, the HP implementation of DriveLock employs a two-password security scheme. One
password is intended to be set and used by a system administrator, while the other is typically set and
used by the end-user. There is no "back door" that can be used to unlock the drive if both passwords
are lost. Therefore, DriveLock is most safely used when the data contained on the hard drive is replicated
on a corporate information system or is regularly backed up. In the event that both DriveLock passwords
are lost, the hard drive is rendered unusable. For users who do not fit the previously defined customer
profile, this may be an unacceptable risk. For users who do fit this profile, it may be a tolerable risk,
given the nature of the data stored on the hard drive.
DriveLock applications
The most practical use of the DriveLock security feature is in a corporate environment. The system
administrator would be responsible for configuring the hard drive, which involves setting the DriveLock
master password and a temporary user password. In the event that the user forgets the user password
or the equipment is passed on to another employee, the master password can always be used to reset
the user password and regain access to the hard drive.
HP recommends that corporate system administrators who choose to enable DriveLock also establish
a corporate policy for setting and maintaining master passwords. This should be done to prevent a
situation where an employee intentionally or unintentionally sets both DriveLock passwords before
leaving the company. In such a scenario, the hard drive is rendered unusable and requires replacement.
Likewise, by not setting a master password, system administrators might find themselves locked out of
a hard drive and unable to perform routine checks for unauthorized software, other asset control
functions, and support.
For users with less stringent security requirements, HP does not recommend enabling DriveLock. Users
in this category include personal users, or users who do not maintain sensitive data on their hard drives
as a common practice. For these users, the potential loss of a hard drive resulting from forgetting both
passwords is much greater than the value of the data DriveLock has been designed to protect.
Access to Computer Setup (F10) and DriveLock can be restricted through the setup password. By
specifying a setup password and not giving it to end users, system administrators are able to restrict
users from enabling DriveLock.
ENWW
for instructions about clearing passwords.
Enabling DriveLock can render a hard drive permanently inaccessible if the master
Resetting the password jumper
Workstation management 45