Table 5-3 Computer Setup—Security (continued)
NOTE: You must disable AMT before trying to hide the network controller.
●
SATA ports (varies by model)
USB Security Allows you to set Enabled/Disabled (default is Enabled) for:
●
Front USB Ports
●
Rear USB Ports
Slot Security Allows you to disable any PCI Express slot. Default is enabled.
Network Boot Enables/disables the computer’s ability to boot from an operating system installed on a network server.
(Feature available on NIC models only; the network controller must be either a PCI expansion card or
embedded on the system board.) Default is enabled.
System IDs Allows you to set:
●
Product name
●
Serial number
●
Universal Unique Identifier (UUID) number. The UUID can only be updated if the current chassis
serial number is invalid. (These ID numbers are normally set in the factory and are used to uniquely
identify the system.)
●
SKU number
●
Family name (view only)
●
Asset tag (18-byte identifier), a property identification number assigned by the company to the
computer.
●
Ownership tag (80-byte identifier) displayed during POST.
●
Feature byte (view only)
●
Keyboard locale
System Security (these
options are hardware
dependent)
NOTE: Available options are displayed depending on system configuration.
Data Execution Prevention (enable/disable) - Helps prevent operating system security breaches. Default
is enabled.
Virtualization Technology (VTx/VTd) (enable/disable) - VTx Controls the virtualization features of the
processor. Changing this setting requires turning the computer off and then back on. VTd controls
virtualization DMA remapping features of the chipset. Changing this setting requires turning the
computer off and then back on. Default is disabled.
Embedded Security Device (enable/disable) - Permits activation and deactivation of the Embedded
Security Device.
NOTE: To configure the Embedded Security Device, a Setup password must be set.
●
Reset to Factory Settings (Do not reset/Reset) - Resetting to factory defaults will erase all security
keys and leave the device in a disabled state. Changing this setting requires that you restart the
computer. Default is Do not reset.
CAUTION: The embedded security device is a critical component of many security schemes.
Erasing the security keys will prevent access to data protected by the Embedded Security Device.
Choosing Reset to Factory Settings may result in significant data loss.
●
Measure boot variables/devices to PCR1 - Typically, the computer measures the boot path and
saves collected metrics to PCR5 (a register in the Embedded Security Device). Bitlocker tracks
changes to any of these metrics, and forces the user to re-authenticate if it detects any changes.
Enabling this feature lets you set Bitlocker to ignore detected changes to boot path metrics, thereby
avoiding re-authentication issues associated with USB keys inserted in a port. Default is enabled.
Computer Setup (F10) Utilities 59
To Next Page
Loading...
