34 www.hp.com Desktop Management Guide
Desktop Management Guide
DriveLock
DriveLock is an industry-standard security feature that prevents
unauthorized access to the data on ATA hard. DriveLock has been
implemented as an extension to Computer Setup. It is only available
when hard drives that support the ATA Security command set are
detected. DriveLock is intended for HP customers for whom data
security is the paramount concern. For such customers, the cost of the
hard drive and the loss of the data stored on it is inconsequential when
compared with the damage that could result from unauthorized access
to its contents. In order to balance this level of security with the
practical need to accommodate a forgotten password, the HP
implementation of DriveLock employs a two-password security
scheme. One password is intended to be set and used by a system
administrator while the other is typically set and used by the end-user.
There is no "back-door" that can be used to unlock the drive if both
passwords are lost. Therefore, DriveLock is most safely used when
the data contained on the hard drive is replicated on a corporate
information system or is regularly backed up. In the event that both
DriveLock passwords are lost, the hard drive is rendered unusable.
For users who do not fit the previously defined customer profile, this
may be an unacceptable risk. For users who do fit the customer
profile, it may be a tolerable risk given the nature of the data stored on
the hard drive.
Using DriveLock
The DriveLock option appears under the Security menu in Computer
Setup. The user is presented with options to set the master password
or to enable DriveLock. A user password must be provided in order
to enable DriveLock. Since the initial configuration of DriveLock is
typically performed by a system administrator, a master password
should be set first. HP encourages system administrators to set a
master password whether they plan to enable DriveLock or keep
it disabled. This will give the administrator the ability to modify
DriveLock settings if the drive is locked in the future. Once the
master password is set, the system administrator may enable
DriveLock or choose to keep it disabled.
If a locked hard drive is present, POST will require a password to
unlock the device. If a power-on password is set and it matches the
device’s user password, POST will not prompt the user to re-enter the
password. Otherwise, the user will be prompted to enter a DriveLock
To Next Page
Loading...
