HP ProDesk 400 G1 Maintenance And Service Manual page 68

Table 5-3 Computer Setup—Security (continued)
Network Boot
System IDs
System Security (these
options are hardware
dependent)
60 Chapter 5 Computer Setup (F10) Utility
Enables/disables the computer's ability to boot from an operating system installed on a network server.
Default is enabled.
Allows you to set:
●
Product Name
●
Serial Number
●
Asset tag (18-byte identifier), a property identification number assigned by the company to the
computer.
●
Ownership tag (80-byte identifier) displayed during POST.
●
Universal Unique Identifier (UUID) number. The UUID can only be updated if the current chassis
serial number is invalid. (These ID numbers are normally set in the factory and are used to uniquely
identify the system.)
●
Family Name
●
Feature Byte
●
Build ID
●
Keyboard locale setting for System ID entry.
NOTE: Available options are displayed depending on system configuration.
Data Execution Prevention (enable/disable) - Helps prevent operating system security breaches. Default
is enabled.
Virtualization Technology (enable/disable) - Controls the virtualization features of the processor.
Changing this setting requires turning the computer off and then back on. Default is disabled.
Embedded Security Device (some models) (enable/disable) - Permits activation and deactivation of the
Embedded Security Device. Changing this setting requires turning the computer off and then back on.
NOTE: To configure the Embedded Security Device, a Setup password must be set.
●
Reset to Factory Settings (some models) (Do not reset/Reset) - Resetting to factory defaults will
erase all security keys. Changing this setting requires turning the computer off and then back on.
Default is Do not reset.
CAUTION: The embedded security device is a critical component of many security schemes.
Erasing the security keys will prevent access to data protected by the Embedded Security Device.
Choosing Reset to Factory Settings may result in significant data loss.
●
Measure boot variables/devices to PCR1 - Typically, the computer measures the boot pathand saves
collected metrics to PCR5 (a register in the Embedded Security Device). Bitlockertracks changes to
any of these metrics, and forces the user to re-authenticate if it detectsany changes. Enabling this
feature lets you set Bitlocker to ignore detected changes to bootpath metrics, thereby avoiding re-
authentication issues associated with USB keys inserted in a port. Default is enabled.
OS management of Embedded Security Device (some models) (enable/disable) - This option allows the
user to limit operating system control of the Embedded Security Device. Changing this setting requires
turning the computer off and then back on. This option allows the user to limit OS control of the
Embedded Security Device. Default is enable.
●
Reset of Embedded Security Device through OS (some models) (enable/disable) - This option allows
the user to limit the operating system ability to request a Reset to Factory Settings of the
Embedded Security Device. Changing this setting requires turning the computer off and then back
on. Default is disable.
NOTE: To enable this option, a Setup password must be set.
●
No PPI provisioning (Windows 8.1 only) - This option lets you set Windows 8.1 to bypass the PPI
(Physical Presence Interface) requirement and directly enable and take ownership of the TPM on
first boot. You cannot change this setting after TPM is owned/initialized, unless the TPM is reset.
Default is disabled for non-Windows 8.1 systems, and enabled for Windows 8.1.