TY2008 AARP HP Laptop BIOS Settings

TY2008 AARP HP Laptop BIOS Settings
This document specifies the recommended BIOS Setup Program settings for
the HP Laptop computers that were purchased by the AARP Foundation for
AARP Tax-Aide volunteer use in the years starting with 2005.
WARNING!
Erroneous changes to BIOS Setup Program settings can render the
computer inoperable. BIOS Setup Program changes should only be
undertaken by qualified volunteer leaders, normally Technology
Specialists or TCS-designated Technology Coordinators.
An issue that is common to all of these models is the recommended value of
the BIOS Administrator or Setup Password. Some models call this the BIOS
Administrator Password, while other models call it the BIOS Setup Password.
Note that this password is not a Windows login password. Whatever it is
called, it is the password that allows changes to be made to the BIOS Setup
Program settings. When these machines initially came to us new, they did not
have a BIOS Administrator or Setup Password enabled. It is important that
the BIOS Administrator or Setup Password be ENABLED and set to a value
that is known to the TCS for the state or sub-state where the computer is
assigned. If the TCS has not specified a different value for this password in
their sub-state, it should be set to the value of the BIOS Supervisor Password
contained in the 2007 password letter for the IRS computer loan program
laptops, even though the AARP computers do not belong to the IRS.
Because of differences in the BIOS settings from one model to another, there
is a separate section of this document for each model that was purchased in
recent years:
•
•
•
•
Page 2 - 2005
Page 3 - 2006
Page 5 - 2007
Page 7 - 2008
• Page 9 - 2008
HP Compaq nx6110
HP Compaq nx6310
HP Compaq 6715b
HP Compaq nc6000 (refurbished)
HP Compaq 6735s
National Technology Committee
TaxAideTech@aarp.org
01/13/2009
Page 1 of 10
TY2008 AARP HP Laptop BIOS Settings
BIOS Settings for model HP Compaq nx6110
1. Just after power on, use the F10 key to enter the BIOS Setup Program. You may
need to use the Computer BIOS (Administrator) Password provided by your state
Technology Specialist.
2. In the Advanced, Boot Options section, disable Multi-boot
3. In the Advanced, Device Options section, enable all except disable Swap Fn/Ctrl
keys
4. In the Security, Device Security section, disable all three of these boot device
options
5. In the Security, Administrator Password section, establish the Administrator
Password if it is not already established. Use the value specified by your state
Technology Specialist. Be careful when doing this! Do not share this
password with your users.
6. In the Security, Power-On Password section, disable the Power-On password by
changing it to <no entry>. That means, do not enter anything – just hit ENTER
for the new password.
a. Use of encryption makes the use of this password unnecessary.
7. In the Security, Password Options section, enable both
a. Require Password on Restart and
b. Stringent Security - Don’t be deterred by the warnings; just don’t forget the
Administrator Password that you are establishing.
8. In File, Save Changes and Exit.
National Technology Committee
TaxAideTech@aarp.org
01/13/2009
Page 2 of 10
TY2008 AARP HP Laptop BIOS Settings
BIOS Settings for model HP Compaq nx6310
1. Just after power on, use the F10 key to enter the BIOS Setup Program. You may
need to use the Computer BIOS (Setup) Password provided by your state
Technology Specialist.
2. In the System Configuration, Boot Options section, disable the following:
a.
b.
c.
d.
CD-ROM Boot
Floppy Boot
Internal Network Adapter Boot
Multi-boot
3. In the System Configuration, Device Configurations section, enable all except
disable Swap Fn/Ctrl keys
4. In the System Configuration, Built-In Device Options section:
a. Embedded WLAN Device Radio
i. If you NEVER want this machine on a wireless network, disable the
radio here, for security sake.
ii. If you EVER want this machine on a wireless network, enable the
radio here.
b. Enable LAN/WLAN Switching. This will disable the WLAN Device Radio
whenever an Ethernet cable is plugged into the computer. If, however, you
want to use Internet Connection Sharing on this computer, you will need to
leave this option disabled so that both adapters can operate at the same
time.
c. Disable Wake on LAN.
5. In the System Configuration, Port Options section, leave all three of these
Enabled.
6. In the Security, System IDs Section, Set the first line of the Notebook Ownership
Tag section to “AARP TAX-AIDE” and the second line to “T-“ followed by the
AARP Asset Tag number from the tag on the outside of the machine. You may
have done this already.
7. In the Security, Setup Password section, establish the Setup Password if it is not
already established. Use the value specified by your state Technology
Specialist. Be careful when doing this! Do not share this password with your
National Technology Committee
TaxAideTech@aarp.org
01/13/2009
Page 3 of 10
TY2008 AARP HP Laptop BIOS Settings
users.
8. In the Security, Power-On Password section, disable the Power-On password by
changing it to <no entry>. That means, do not enter anything – just hit ENTER
for the new password.
a. Use of encryption makes the use of this password unnecessary.
9. In the Security, Password Options section, enable both
a. Require Password on Restart and
b. Stringent Security - Don’t be deterred by the warnings; just don’t forget the
BIOS Setup Password that you are establishing.
10. In File, Save Changes and Exit.
National Technology Committee
TaxAideTech@aarp.org
01/13/2009
Page 4 of 10
TY2008 AARP HP Laptop BIOS Settings
BIOS Settings for model HP Compaq 6715b
1. Just after power on, use the F10 key to enter the BIOS Setup Program. You may
need to use the Computer BIOS (Setup) Password provided by your state
Technology Specialist.
2. In the System Configuration, Boot Options section, disable the following:
a. CD-ROM Boot
b. Floppy Boot
c. Internal Network Adapter Boot
d. Multi-boot
3. In the System Configuration, Device Configurations section, enable all except:
a. Disable Swap Fn/Ctrl keys
b. Disable Windows VISTA Direct App Launch
c. Ignore Parallel Port mode, since there is no parallel port
4. In the System Configuration, Built-In Device Options section:
a. Embedded WLAN Device Radio
i. If you NEVER want this machine on a wireless network, disable the
radio here, for security sake.
ii. If you EVER want this machine on a wireless network, enable the
radio here.
b. Enable Network Interface Controller (LAN)
c. Enable LAN/WLAN Switching. This will disable the WLAN Device Radio
whenever an Ethernet cable is plugged into the computer. If, however, you
want to use Internet Connection Sharing on this computer, you will need to
leave this option disabled so that both adapters can operate at the same
time.
d. Disable Wake on LAN.
e. Enable Optical Disk Drive
f. Disable Fingerprint Device, since there is no fingerprint device.
5. In the System Configuration, Port Options section, leave all of these Enabled,
except:
a. Disable Parallel Port, since there is no parallel port.
6. In the Security, System IDs Section, Set the first line of the Notebook Ownership
Tag section to “AARP TAX-AIDE” and the second line to “T-“ followed by the
AARP Asset Tag number from the tag on the outside of the machine. You may
have done this already.
National Technology Committee
TaxAideTech@aarp.org
01/13/2009
Page 5 of 10
TY2008 AARP HP Laptop BIOS Settings
7. In the Security, Setup Password section, establish the Setup Password if it is not
already established. Use the value specified by your state Technology
Specialist. Be careful when doing this! Do not share this password with your
users.
8. In the Security, Power-On Password section, disable the Power-On password by
changing it to <no entry>. That means, do not enter anything – just hit ENTER
for the new password.
a. Use of encryption makes the use of this password unnecessary.
9. In the Security, Password Options section, enable both
a. Require Password on Restart and
b. Stringent Security - Don’t be deterred by the warnings; just don’t forget the
BIOS Setup Password that you are establishing.
10. Do not establish DriveLock Passwords.
11. Leave Smart Card Power-On Support Disabled.
12. Do not change the TPM Embedded Security settings.
13. In File, Save Changes and Exit.
National Technology Committee
TaxAideTech@aarp.org
01/13/2009
Page 6 of 10
TY2008 AARP HP Laptop BIOS Settings
BIOS Settings for model HP Compaq nc6000
1. Just after power on, use the F10 key to enter the BIOS Setup Program. You may
need to use the Computer BIOS (Administrator) Password provided by your state
Technology Specialist.
2. In the Advanced, Boot Options section, disable Multi-boot
3. In the Advanced, Device Options section:
a. Num lock state at boot = Off
b. Disable Swap Fn/Ctrl keys
c. Enable multiple pointing devices
d. Disable USB legacy support
e. Parallel Port Mode = ECP
f. Intel Speed-step technology = Automatic
g. Disable fan always on when on AC power
4. In the Security, Device Security section, enable all options except:
a. Disable CD-ROM boot
b. Disable Floppy boot
c. Disable Internal network adapter boot
5. In the Security, Administrator Password section, establish the Administrator
Password if it is not already established. Use the value specified by your state
Technology Specialist. Be careful when doing this! Do not share this
password with your users.
6. In the Security, Power-On Password section, disable the Power-On password by
changing it to <no entry>. That means do not enter anything – just hit ENTER for
the new password.
a. Use of encryption makes the use of this password unnecessary.
7. In the Security, Password Options section, enable both
a. Require Password on Restart and
b. Stringent Security - Don’t be deterred by the warnings; just don’t forget the
Administrator Password that you are establishing.
8. In the Security, Embedded Security section,
a. Disable the Embedded Security Device
National Technology Committee
TaxAideTech@aarp.org
01/13/2009
Page 7 of 10
TY2008 AARP HP Laptop BIOS Settings
9. In the Security, System IDs section,
a. Set the Asset Tag to the manufacturer’s Serial Number from the label on
the bottom of the case.
b. Set the first line of the Notebook Ownership Tag section to “AARP TAXAIDE” and the second line to “T-“ followed by the AARP Asset Tag number
from the tag on the outside of the machine.
10. In File, Save Changes and Exit.
National Technology Committee
TaxAideTech@aarp.org
01/13/2009
Page 8 of 10
TY2008 AARP HP Laptop BIOS Settings
BIOS Settings for model HP Compaq 6735s
1. Just after power on, use the Esc key and then the F10 key to enter the BIOS
Setup Program. You may need to use the Computer BIOS (Administrator)
Password provided by your state Technology Specialist.
2. In the System Configuration, Boot Options section, disable the following:
a. CD-ROM Boot
b. SD Card Boot
c. Floppy Boot
d. PXE Internal NIC Boot
Make the Notebook Hard Drive the first item in the Boot Order.
3. In the System Configuration, Device Configurations section:
a. Disable USB Legacy Support
b. Disable Fan Always on when A/C Power
c. Set SATA Device Mode to AHCI
d. Disable UEFI Boot Mode
4. In the System Configuration, Built-In Device Options section:
a. Enable Wireless Button State
b. Embedded WLAN Device (radio)
i. If you NEVER want this machine on a wireless network, disable the
radio here, for security sake.
ii. If you EVER want this machine on a wireless network, enable the
radio here.
c. Enable Network Interface Controller (LAN)
d. Enable LAN/WLAN Switching. This will disable the WLAN Device Radio
whenever an Ethernet cable is plugged into the computer. If, however, you
want to use Internet Connection Sharing on this computer, you will need to
leave this option disabled so that both adapters can operate at the same
time.
e. Disable Wake on LAN.
f. Enable Notebook Upgrade Bay (Optical Disk Drive)
g. Enable Modem Device.
5. In the System Configuration, Port Options section, leave all of these Enabled.
6. In the System Configuration, Set Security Level section, leave these as they are.
National Technology Committee
TaxAideTech@aarp.org
01/13/2009
Page 9 of 10
TY2008 AARP HP Laptop BIOS Settings
7. In the Security, System IDs Section, Set the first line of the Notebook Ownership
Tag section to “AARP TAX-AIDE” and the second line to “T-“ followed by the
AARP Asset Tag number from the tag on the outside of the machine. You may
have done this already.
8. In the Security, Setup BIOS Administrator Password section, establish the BIOS
Administrator Password. Establish the value specified by your state Technology
Specialist. Be careful when doing this! Do not share this password with your
users.
To accomplish the above may require multiple steps. Initially, the Password
Policy requires that all BIOS passwords be at least 8 characters long. If the
value you want to establish is that long, you will be able to establish it directly.
Otherwise, you will need to first establish a temporary BIOS Administrator
Password that is at least 8 characters long. Then you will be able to change the
Password Policy to allow BIOS passwords, including the BIOS Administrator
Password, to be shorter. Having done that, you will then be able to change the
BIOS Administrator Password to the shorter value that you want to establish.
9. In the Security, Administrator Tools section,
a. Disable “Always prompt for HP Spare Key Enrollment.”
10. In the Security, User Tools section,
a. Do not establish DriveLock Passwords.
11. In File, Save Changes and Exit.
National Technology Committee
TaxAideTech@aarp.org
01/13/2009
Page 10 of 10