Desktop Management. HP Compaq dc5000S, Compaq dc5000 Small Form Factor PC, Compaq dc5000 Microtower PC

3

Desktop Management

HP Intelligent Manageability provides standards-based solutions for managing and controlling desktops, workstations, and notebook PCs in a networked environment.

The key capabilities and features of desktop management are:

■

■

■

■

■

■

Initial configuration and deployment

Remote system installation

Software updating and management

ROM flash

Asset tracking and security

Fault notification and recovery

✎

Support for specific features described in this guide may vary by model or software version.

3.1 Initial Configuration and Deployment

HP computers come with a preinstalled system software image. After a brief software

“unbundling” process, the computer is ready to be used.

A customized software image may be deployed by:

■

■

Installing additional software applications after unbundling the preinstalled software image.

Using software deployment tools, such as Altiris Deployment Solutions, to replace the preinstalled software with a customized software image.

■ Using a disk cloning process to copy the contents from one hard drive to another.

The best deployment method depends on your information technology environment and processes. The PC Deployment section of the Solutions and Services Web site

(http://h18000.www1.hp.com/solutions/pcsolutions) provides information to help you select the best deployment method.

The Restore Plus! CD, ROM-based setup, and ACPI hardware provide further assistance with recovery of system software, configuration management and troubleshooting, and power management.

3–1 Service Reference Guide, dc5000 360201-002

Desktop Management

3.2 Remote System Installation

■

■

■

Remote System Installation allows you to start and set up your system using the software and configuration information located on a network server by initiating the Preboot Execution

Environment (PXE). The Remote System Installation feature is usually used as a system setup and configuration tool, and can be used for the following tasks:

Formatting a hard drive.

Deploying a software image on one or more new PCs.

Remotely updating the system BIOS in flash ROM. See

Flash.”

Section 3.4.1, “Remote ROM

■ Configuring the system BIOS settings.

To initiate Remote System Installation, press F12 when the F12 = Network Service Boot message appears in the lower-right corner of the HP logo screen. Follow the instructions on the screen to continue the process. The default boot order is a BIOS configuration setting that can be changed to always attempt to PXE boot.

3.3 Software Updating and Management

HP provides several tools for managing and updating software on desktops and workstations—HP Client Manager Software, Altiris Client Management Solutions, System

Software Manager; Proactive Change Notification; and Subscriber's Choice.

3.3.1 HP Client Manager Software

■

■

HP Client Manager Software (HP CMS) assists HP customers in managing the hardware aspects of their client computers with features that include:

■

■

■

■

Detailed views of hardware inventory for asset management

PC health check monitoring and diagnostics

Proactive notification of changes in your hardware environment

Web-accessible reporting of business critical details such as machines with thermal warnings, memory alerts, and more

Remote updating of system software such as device drivers and ROM BIOS

Remote changing of boot order

For more information on the HP Client Manager, visit http://h18000.www1.hp.com/im/client_mgr.html

.

3.3.2 Altiris Client Management Solutions

HP and Altiris have partnered to provide comprehensive, tightly integrated systems management solutions to reduce the cost of owning HP client PCs. HP Client Manager Software is the foundation for additional Altiris Client Management Solutions that address:

■ Inventory and Asset Management

❏

❏

❏

SW license compliance

PC tracking and reporting

Lease contract, fixing asset tracking

3–2 360201-002 Service Reference Guide, dc5000


■ Deployment and Migration

❏

❏

❏

Windows 2000/XP migration

System deployment

Personality migrations

Help Desk and Problem Resolution ■

❏

❏

❏

❏

Managing help desk tickets

Remote troubleshooting

Remote problem resolution

Client disaster recovery

Software and Operations Management ■

❏

❏

❏

Ongoing desktop management

HP system SW deployment

Application self-healing

For more information and details on how to download a fully-functional 30-day evaluation version of the Altiris solutions, visit http://h18000.www1.hp.com/im/prodinfo.html#deploy .

On selected desktop and notebook models, an Altiris management agent is included as part of the factory loaded image. This agent enables communication with the Altiris Development Solution which can be used to complete new hardware deployment or personality migration to a new operating system using easy-to-follow wizards. Altiris solutions provide easy-to-use software distribution capabilities. When used in conjunction with System Software Manager, or HP Client

Manager Software, administrators can also update ROM BIOS and device driver software from a central console.

For more information, visit http://h18000.www1.hp.com/im/index.html

.

3.3.3 System Software Manager

System Software Manager (SSM) lets you update system-level software on multiple systems simultaneously. When executed on a PC client system, SSM detects both hardware and software versions, then updates the appropriate software from a central repository, also known as a file store. Driver versions that are supported by SSM are denoted with a special icon on the driver download Web site and on the Support Software CD. To download the utility or to obtain more information on SSM, visit http://h18000.www1.hp.com/im/ssmwp.html

.

3.3.4 Proactive Change Notification (PCN)

This feature is available on select models.

The HP Proactive Notification program uses the Subscriber's Choice Web site to proactively and automatically:

■ Send you Product Change Notification (PCN) emails informing you of hardware and software changes to most commercial computers and servers, up to 60 days in advance.

■ Send you email containing Customer Bulletins, Customer Advisories, Customer Notes,

Security Bulletins, and Driver alerts for most commercial computers and servers.

Service Reference Guide, dc5000 360201-002 3–3


You create your own profile to ensure that you only receive the information relevant to your IT environment. To learn more about HPPN and create your custom profile, visit http://www.hp.com/go/pcn.

3.3.5 Subscriber’s Choice

Subscriber’s Choice is a client-based service from HP.

Based on your profile, HP will supply you with personalized product tips, feature articles, and/or driver and support alerts/notifications.

Subscriber’s Choice Driver and Support Alerts/Notifications will deliver e-mails notifying you that the information you subscribed to in your profile is available for review and retrieval. To learn more about Subscriber’s Choice and create a custom profile, visit http://www.hp.com/go/pcn.

3.4 ROM Flash

■

■

The computer comes with a reprogrammable flash ROM (read only memory). By establishing a setup password in Computer Setup (F10) Utility, you can protect the ROM from being unintentionally updated or overwritten. This is important to ensure the operating integrity of the computer. Should you need or want to upgrade your ROM, you may:

Order an upgraded ROMPaq diskette from HP.

Download the latest ROMPaq images from http://www.hp.com/support .

Ä CAUTION: For maximum ROM protection, be sure to establish a setup password. The setup password prevents unauthorized ROM upgrades. System Software Manager allows the system administrator to set the setup password on one or more PCs simultaneously. For more information, visit http://www.hp.com/go/ssm .

3.4.1 Remote ROM Flash

Remote ROM Flash allows the system administrator to safely upgrade the ROM on remote HP computers directly from the centralized network management console. Enabling the system administrator to perform this task remotely, on multiple computers and personal computers, results in a consistent deployment of and greater control over HP PC ROM images over the network.

✎

The computer must be powered on, or turned on through Remote Wakeup, to take advantage of

Remote ROM Flash.

For more information on Remote ROM Flash, refer to the HP Client Manager Software or

System Software Manager at http://h18000.www1.hp.com/im/prodinfo.html

.

3.4.2 HPQ Flash

The HPQFlash utility is used to locally update or restore the system ROM on individual PCs through a Windows operating system.

For more information on HPQFlash, visit http://www.hp.com/support/files and enter the name of the computer when prompted.



3.4.3 FailSafe Boot Block ROM

■

■

The FailSafe Boot Block ROM allows for system recovery in the unlikely event of a ROM flash failure, for example, if a power failure were to occur during a ROM upgrade. The Boot Block is a flash-protected section of the ROM that checks for a valid system ROM flash when power to the system is turned on.

If the system ROM is valid, the system starts normally.

If the system ROM fails the validation check, the FailSafe Boot Block ROM provides enough support to start the system from a ROMPaq diskette, which will program the system

ROM with a valid image.

✎

Some models also support recovery from a ROMPaq CD. ISO ROMPaq images are included with selected models in the downloadable ROM softpaqs.

When the bootblock detects an invalid system ROM, the System Power LED blinks RED 8 times, one every second, followed by a 2-second pause. Also 8 simultaneous beeps will be heard.

A Boot Block recovery mode message is displayed on the screen (some models).

To recover the system after it enters Boot Block recovery mode, complete the following steps:

1. If there is a diskette in the diskette drive or a CD in the CD drive, remove the diskette and

CD and turn off the power.

2. Insert a ROMPaq diskette into the diskette drive or, if permitted on this computer, a

ROMPaq CD into the CD drive.

3. Turn on the computer.

If no ROMPaq diskette or ROMPaq CD is found, you will be prompted to insert one and restart the computer.

If a setup password has been established, the Caps Lock light will turn on and you will be prompted to enter the password.

4. Enter the setup password.

If the system successfully starts from the diskette and successfully reprograms the ROM, then the three keyboard lights will turn on. A rising tone series of beeps also signals successful completion.

5. Remove the diskette or CD and turn the power off.

6. Turn the power on again to restart the computer.

The following table lists the various keyboard light combinations used by the Boot Block ROM

(when a PS/2 keyboard is attached to the computer), and explains the meaning and action associated with each combination.



Keyboard Light Combinations Used by Boot Block ROM

Failsafe Boot

Block Mode

Num Lock

Caps Lock

Num, Caps,

Scroll Lock

Keyboard

LED Color

Green

Green

Green

Keyboard

LED Activity

On

On

Blink on in sequence, one-at-a-time—

N,C,SL

State/Message

ROMPaq diskette not present, is bad, or drive not ready.

Enter password.

Keyboard locked in network mode.

Num, Caps,

Scroll Lock

Green On

✎

Diagnostic lights do not flash on USB keyboards.

Boot Block ROM Flash successful. Turn power off, then on to reboot.

3.4.4 Replicating the Setup

This procedure gives an administrator the ability to quickly and easily copy one setup configuration to other computers of the same model. To replicate the setup:

1. Access the Computer Setup Utilities (F10) menu.

2. Click File > Save to Diskette. Follow the instructions on the screen.

✎

This requires a diskette drive or a supported USB flash media device, such as Drive Key.

3. To replicate the configuration, click File > Restore from Diskette, and follow the instructions on the screen.

System Software Manager (SSM) may also be used to distribute setup configurations to multiple computers. For more information, see http://www.hp.com/go/ssm .

3.4.5 Dual-State Power Button

With Advanced Configuration and Power Interface (ACPI) enabled for Windows 2000 and

Windows XP, the power button can function either as an on/off switch or as a suspend button.

The suspend feature does not completely turn off power, but instead causes the computer to enter a low-power standby. This allows you to quickly power down without closing applications and to quickly return to the same operational state without any data loss.

To change the power button’s configuration, complete the following steps:

1. In Windows 2000, left click on the Start Button, then select Settings > Control Panel >

Power Options.

In Windows XP, left click on the Start Button, then select Control Panel > Power

Options.

2. In the Power Options Properties, select the Advanced tab.

3. In the Power Button section, select the desired power button setting.



After configuring the power button to function as a suspend button, press the power button to put the system in a very low power state (suspend). Press the button again to quickly bring the system out of suspend to full power status. To completely turn off all power to the system, press and hold the power button for four seconds.

Ä CAUTION: Do not use the power button to turn off the computer unless the system is not responding; turning off the power without operating system interaction could cause damage to or loss of data on the hard drive.

3.4.6 Power Management

Power Management is a feature that saves energy by shutting down certain components of the computer when they are not in use, saving energy without having to shut down the computer.

With Advanced Configuration and Power Interface (ACPI) enabled for Windows 2000 and

Windows XP, timeouts (the period of inactivity allowed before shutting down these components) can be enabled, customized, or disabled using the operating system.

1. In Windows 2000, left click on the Start Button, then select Settings > Control Panel >

Power Options.

In Windows XP, left click on the Start Button, then select Control Panel > Power

Options.

2. In the Power Options Properties, select the Power Schemes tab.

3. Select the desired power scheme settings.

Use Display Properties to establish, modify, or disable Power Management settings for the monitor. To access Display Properties, right click on the Windows Desktop, then choose

Properties.

3.4.7 World Wide Web Site

When making the transition to new or revised operating systems, it is important to implement the support software designed for that operating system. If you plan to run a version of Microsoft

Windows that is different from the version included with your computer, you must install corresponding device drivers and utilities to ensure that all features are supported and functioning properly.

HP has made the task of locating, accessing, evaluating, and installing the latest support software easier. You can download the software from http://www.hp.com/support . The Web site contains the latest device drivers, utilities, and flashable ROM images needed to run the latest Microsoft

Windows operating system on your HP computer.

3.4.8 Building Blocks and Partners

HP management solutions integrate with other systems management applications, and are based on industry standards, such as:

■

■

■

■

■

Web-Based Enterprise Management (WBEM)

Windows Management Interface (WMI)

Wake on LAN Technology

ACPI

SMBIOS



■ Pre-boot Execution (PXE) support

3.5 Asset Tracking and Security

Asset tracking features incorporated into the computer provide key asset tracking data that can be managed using HP Insight Manager, HP Client Manager or other system management applications. Seamless, automatic integration between asset tracking features and these products enables you to choose the management tool that is best suited to your environment and to leverage your investment in existing tools.

HP also offers several solutions for controlling access to valuable components and information.

Security features available on select models help to prevent unauthorized access to the internal components of the personal computer. By disabling parallel, serial, or USB ports, or by disabling removable media boot capability, you can protect valuable data assets. Memory Change alerts can be automatically forwarded to system management applications to deliver proactive notification of tampering with a computer’s internal components.

✎

Protect Tools is available as an option on select systems.

Use the following utilities to manage security settings on your HP computer:

■ Locally, using the Computer Setup Utilities. See the Computer Setup (F10) Utility Guide included with the computer for additional information and instructions on using the

Computer Setup Utilities.

■ Remotely, using HP Client Manager or System Software Manager. This software enables the secure, consistent deployment and control of security settings from a simple command-line utility.

The following table and sections refer to managing security features of your computer locally through the Computer Setup Utilities (F10).

Security Features Overview

Feature

Removable Media Boot

Control

Purpose

Prevents booting from the removable media drives

(available on select drives).

Serial, Parallel, USB, or

Infrared Interface Control

Power-On Password

Prevents transfer of data through the integrated serial, parallel, USB (universal serial bus), or infrared interface.

Prevents use of the computer until the password is entered.

This can apply to both initial system startup and restarts.

How It Is Established

From the Computer Setup

Utilities (F10) menu.





Setup Password Prevents reconfiguration of the computer (use of the Computer

Setup Utilities) until the password is entered.



✎

For more information about Computer Setup, see the Computer Setup (F10) Utility Guide.

Support for security features may vary depending on your specific computer configuration.



Security Features Overview (Continued)

DriveLock

Feature

Embedded Security

Master Boot Record Security

Memory Change Alerts

Ownership Tag

Cable Lock Provision

Security Loop Provision

Purpose

Prevents unauthorized access to the data on specific hard drives. This feature is available on select models only.

Prevents unauthorized access to the data on specific hard drives. This feature is available on select models only.

May prevent unintentional or malicious changes to the

Master Boot Record of the current bootable disk, and provides a means of recovering the “last known good” MBR.

Detects when memory modules have been added, moved, or removed; notifies user and system administrator.

Displays ownership information, as defined by the system administrator, during system startup (protected by setup password).

Inhibits access to the interior of the computer to prevent unwanted configuration changes or component removal. Can also be used to secure the computer to a fixed object to prevent theft.

Inhibits access to the interior of the computer to prevent unwanted configuration changes or component removal.

How It Is Established







For information on enabling

Memory Change Alerts, refer to the online Intelligent

Manageability Guide.



Install a cable lock to secure the computer to a fixed object.

Install a lock in the security loop to prevent unwanted configuration changes or component removal.

✎

For more information about Computer Setup, see the Computer Setup (F10) Utility Guide.

Support for security features may vary depending on your specific computer configuration.



3.5.1 Password Security

The power-on password prevents unauthorized use of the computer by requiring entry of a password to access applications or data each time the computer is turned on or restarted. The setup password specifically prevents unauthorized access to Computer Setup, and can also be used as an override to the power-on password. That is, when prompted for the power-on password, entering the setup password instead will allow access to the computer.

A network-wide setup password can be established to enable the system administrator to log in to all network systems to perform maintenance without having to know the power-on password, even if one has been established.

3.5.2 Establishing a Setup Password Using Computer Setup

Establishing a setup password through Computer Setup prevents reconfiguration of the computer

(use of the Computer Setup (F10) utility) until the password is entered.

1. Turn on or restart the computer. If you are in Windows, click Start > Shut Down > Restart.

2. As soon as the computer is turned on, press and hold the F10 key until you enter Computer

Setup. Press Enter to bypass the title screen, if necessary.

✎

If you do not press the F10 key at the appropriate time, you must turn the computer off, then on again, and press the F10 key again to access the utility.

If you are using a PS/2 keyboard, you may see a Keyboard Error message—disregard it.

3. Select Security, then select Setup Password and follow the instructions on the screen.

4. Before exiting, click File > Save Changes and Exit.

3.5.3 Establishing a Power-On Password Using Computer Setup

Establishing a power-on password through Computer Setup prevents access to the computer when power is turned on, unless the password is entered. When a power-on password is set,

Computer Setup presents Password Options under the Security menu. Password options include

Password Prompt on Warm Boot. When Password Prompt on Warm Boot is enabled, the password must also be entered each time the computer is rebooted.




✎



3. Select Security, then Power-On Password and follow the instructions on the screen.




Entering a Power-On Password

To enter a power-on password, complete the following steps:


2. When the key icon appears on the monitor, type your current password, then press Enter.

✎

Type carefully; for security reasons, the characters you type do not appear on the screen.

If you enter the password incorrectly, a broken key icon appears. Try again. After three unsuccessful tries, you must turn off the computer, then turn it on again before you can continue.

Entering a Setup Password

If a setup password has been established on the computer, you will be prompted to enter it each time you run Computer Setup.




✎



3. When the key icon appears on the monitor, type the setup password, then press the Enter key.

✎


If you enter the password incorrectly, a broken key icon appears. Try again. After three unsuccessful tries, you must turn off the computer, then turn it on again before you can continue.

Changing a Power-On or Setup Password


To change the setup password, run Computer Setup.

2. To change the Power-On password, go to step 3.

To change the Setup password, as soon as the computer is turned on, press and hold the F10 key until you enter Computer Setup. Press Enter to bypass the title screen, if necessary.

✎





3. When the key icon appears, type your current password, a slash (/) or alternate delimiter character, your new password, another slash (/) or alternate delimiter character, and your new password again as shown: current password/new password/new password

✎


4. Press the Enter key.

The new password takes effect the next time you turn on the computer.

✎

Refer to the “National Keyboard Delimiter Characters” section in this chapter for information about the alternate delimiter characters. The power-on password and setup password may also be changed using the Security options in Computer Setup.

Deleting a Power-On or Setup Password


To delete the setup password, run Computer Setup.

2. To delete the Power-On password, go to step 3.

To delete the Setup password, as soon as the computer is turned on, press and hold the F10 key until you enter Computer Setup. Press Enter to bypass the title screen, if necessary.

✎



3. When the key icon appears, type your current password followed by a slash (/) or alternate delimiter character as shown: current password/

4. Press the Enter key.

✎

Refer to “National Keyboard Delimiter Characters” section in this chapter for information about the alternate delimiter characters. The power-on password and setup password may also be changed using the Security options in Computer Setup.



National Keyboard Delimiter Characters

Each keyboard is designed to meet country-specific requirements. The syntax and keys that you use for changing or deleting your password depend on the keyboard that came with your computer.

National Keyboard Delimiter Characters

Arabic

Belgian

BHCSY*

Brazilian

Chinese

Czech

Danish

French

-

-

-

/

=

/

/

!

Greek

Hebrew

Hungarian

Italian

Japanese

Korean

Latin American

Norwegian

-

-

-

-

-

.

/

/

Russian

Slovakian

Spanish

Swedish/Finnish

Swiss

Taiwanese

Thai

Turkish

French Canadian

German -

é Polish

Portuguese

-

-

U.K. English

U.S. English

* For Bosnia-Herzegovina, Croatia, Slovenia, and Yugoslavia

/

.

-

/

/

/

-

/

-

/

Clearing Passwords

To disable the power-on or setup password features, or to clear the power-on or setup passwords, complete the following steps:

1. Shut down the operating system properly, then turn off the computer and any external devices, and disconnect the power cord from the power outlet.

2. Disconnect the keyboard, monitor, and any other external devices connected to the computer.

Å WARNING: To reduce the risk of personal injury from electrical shock and/or hot surfaces, be sure to disconnect the power cord from the wall outlet, and allow the internal system components to cool before touching.

Ä CAUTION: When the computer is plugged in, the power supply always has voltage applied to the system board even when the unit is turned off. Failure to disconnect the power cord can result in damage to the system.

Ä CAUTION: Static electricity can damage the electronic components of the computer or optional equipment. Before beginning these procedures, ensure that you are discharged of static electricity by briefly touching a grounded metal object. See the Safety & Regulatory Information guide for more information.

3. Remove the computer cover or access panel.

4. Locate the header and jumper.



✎

The password jumper is green so that it can be easily identified. For assistance locating the password jumper and other system board components, see the Illustrated Parts Map (IPM) for that particular system.

5. Remove the jumper from pins 1 and 2. Place the jumper on either pin 1 or 2, but not both, so that it does not get lost.

6. Replace the computer cover or access panel.

7. Reconnect the external equipment.

8. Plug in the computer and turn on power. Allow the operating system to start. This clears the current passwords and disables the password features.

9. To establish new passwords, repeat steps 1 through 4, replace the password jumper on pins 1 and 2, then repeat steps 6 through 8. Establish the new passwords in Computer Setup. Refer to the Computer Setup (F10) Utility Guide on the Documentation CD for Computer Setup instructions.

3.5.4 DriveLock

DriveLock is an industry-standard security feature that prevents unauthorized access to the data on specific hard drives. DriveLock has been implemented as an extension to Computer Setup. It is only available on certain systems and only when DriveLock-capable hard drives are detected.

DriveLock is intended for HP customers for whom data security is the paramount concern. For such customers, the cost of the hard drive and the loss of the data stored on it is inconsequential when compared with the damage that could result from unauthorized access to its contents. In order to balance this level of security with the practical need to accommodate a forgotten password, the HP implementation of DriveLock employs a two-password security scheme. One password is intended to be set and used by a system administrator while the other is typically set and used by the end-user. There is no “back-door” that can be used to unlock the drive if both passwords are lost. Therefore, DriveLock is most safely used when the data contained on the hard drive is replicated on a corporate information system or is regularly backed up.

In the event that both DriveLock passwords are lost, the hard drive is rendered unusable. For users who do not fit the previously defined customer profile, this may be an unacceptable risk.

For users who do fit the customer profile, it may be a tolerable risk given the nature of the data stored on the hard drive.



Using DriveLock

The DriveLock option appears under the Security menu in Computer Setup. The user is presented with options to set the master password or to enable DriveLock. A user password must be provided in order to enable DriveLock. Since the initial configuration of DriveLock is typically performed by a system administrator, a master password should be set first. HP encourages system administrators to set a master password whether they plan to enable

DriveLock or keep it disabled. This will give the administrator the ability to modify DriveLock settings if the drive is locked in the future. Once the master password is set, the system administrator may enable DriveLock or choose to keep it disabled.

If a locked hard drive is present, POST will require a password to unlock the device. If a power-on password is set and it matches the device’s user password, POST will not prompt the user to re-enter the password. Otherwise, the user will be prompted to enter a DriveLock password. Either the master or the user password may be used. Users will have two attempts to enter a correct password. If neither attempt succeeds, POST will continue but the drive will remain inaccessible.

DriveLock Applications

HP recommends that the system administrator be responsible for configuring the hard drive which would involve, among other things, setting the DriveLock master password. In the event that the user forgets the user password or the equipment is passed on to another employee, the master password can always be used to reset the user password and regain access to the hard drive.

HP recommends that corporate system administrators who choose to enable DriveLock also establish a corporate policy for setting and maintaining master passwords. This should be done to prevent a situation where an employee intentionally or unintentionally sets both DriveLock passwords before leaving the company. In such a scenario, the hard drive would be rendered unusable and require replacement. Likewise, by not setting a master password, system administrators may find themselves locked out of a hard drive and unable to perform routine checks for unauthorized software, other asset control functions, and support.

For users with less stringent security requirements, HP does not recommend enabling

DriveLock. Users in this category include personal users or users who do not maintain sensitive data on their hard drives as a common practice. For these users, the potential loss of a hard drive resulting from forgetting both passwords is much greater than the value of the data DriveLock has been designed to protect. Access to Computer Setup and DriveLock can be restricted through the Setup password. By specifying a Setup password and not giving it to end users, system administrators are able to restrict users from enabling DriveLock.



3.5.5 Master Boot Record Security

The Master Boot Record (MBR) contains information needed to successfully boot from a disk and to access the data stored on the disk. Master Boot Record Security may prevent unintentional or malicious changes to the MBR, such as those caused by some computer viruses or by the incorrect use of certain disk utilities. It also allows you to recover the “last known good” MBR, should changes to the MBR be detected when the system is restarted.

To enable MBR Security, complete the following steps:




✎



3. Select Security > Master Boot Record Security > Enabled.

4. Select Security > Save Master Boot Record.


When MBR Security is enabled, the BIOS prevents any changes being made to the MBR of the current bootable disk while in MS-DOS or Windows Safe Mode.

✎

Most operating systems control access to the MBR of the current bootable disk; the BIOS cannot prevent changes that may occur while the operating system is running.

Each time the computer is turned on or restarted, the BIOS compares the MBR of the current bootable disk to the previously saved MBR. If changes are detected and if the current bootable disk is the same disk from which the MBR was previously saved, the following message is displayed:

1999—Master Boot Record has changed.

Press any key to enter Setup to configure MBR Security.

Upon entering Computer Setup, you must

■

■

■

Save the MBR of the current bootable disk;

Restore the previously saved MBR; or

Disable the MBR Security feature.

You must know the setup password, if one exists.

If changes are detected and if the current bootable disk is not the same disk from which the MBR was previously saved, the following message is displayed:

2000—Master Boot Record Hard Drive has changed.





■

■

Save the MBR of the current bootable disk; or



In the unlikely event that the previously saved MBR has been corrupted, the following message is displayed:

1998—Master Boot Record has been lost.



■

■

Save the MBR of the current bootable disk; or



3.5.6 Before You Partition or Format the Current Bootable Disk

Ensure that MBR Security is disabled before you change partitioning or formatting of the current bootable disk. Some disk utilities, such as FDISK and FORMAT, attempt to update the MBR. If

MBR Security is enabled when you change partitioning or formatting of the disk, you may receive error messages from the disk utility or a warning from MBR Security the next time the computer is turned on or restarted. To disable MBR Security, complete the following steps:




✎



3. Select Security > Master Boot Record Security > Disabled.


3.5.7 Cable Lock Provision

The rear panel of the computer accommodates a cable lock so that the computer can be physically secured to a work area.

For illustrated instructions, please see the Removal and Replacement Chapter for the specific chassis.



3.5.8 Fingerprint Identification Technology

Eliminating the need to enter user passwords, HP Fingerprint Identification Technology tightens network security, simplifies the login process, and reduces the costs associated with managing corporate networks. Affordably priced, it is not just for high-tech, high-security organizations anymore.

✎

Support for Fingerprint Identification Technology varies by model.

For more information, visit http://www.hp.com/security.

3.6 Fault Notification and Recovery

Fault Notification and Recovery features combine innovative hardware and software technology to prevent the loss of critical data and minimize unplanned downtime.

If the computer is connected to a network managed by HP Client Manager, the computer sends a fault notice to the network management application. With HP Client Manager Software, you can also remotely schedule diagnostics to automatically run on all managed PCs and create a summary report of failed tests.

3.6.1 Drive Protection System

The Drive Protection System (DPS) is a diagnostic tool built into the hard drives installed in select HP computers. DPS is designed to help diagnose problems that might result in unwarranted hard drive replacement.

When HP computers are built, each installed hard drive is tested using DPS, and a permanent record of key information is written onto the drive. Each time DPS is run, test results are written to the hard drive. Your service provider can use this information to help diagnose conditions that caused you to run the DPS software. Refer to the Troubleshooting Guide for instructions on using DPS.

3.6.2 Surge-Tolerant Power Supply

An integrated surge-tolerant power supply provides greater reliability when the computer is hit with an unpredictable power surge. This power supply is rated to withstand a power surge of up to 2000 volts without incurring any system downtime or data loss.

3.6.3 Thermal Sensor

The thermal sensor is a hardware and software feature that tracks the internal temperature of the computer. This feature displays a warning message when the normal range is exceeded, which gives you time to take action before internal components are damaged or data is lost.


Desktop Management. HP Compaq dc5000S, Compaq dc5000 Small Form Factor PC, Compaq dc5000 Microtower PC

Desktop Management

3.1 Initial Configuration and Deployment

3.2 Remote System Installation

3.3 Software Updating and Management

3.3.1 HP Client Manager Software

3.3.2 Altiris Client Management Solutions

3.3.3 System Software Manager

3.3.4 Proactive Change Notification (PCN)

3.3.5 Subscriber’s Choice

Based on your profile, HP will supply you with personalized product tips, feature articles, and/or driver and support alerts/notifications.

3.4 ROM Flash

3.4.1 Remote ROM Flash

3.4.2 HPQ Flash

3.4.3 FailSafe Boot Block ROM

3.4.4 Replicating the Setup

3.4.5 Dual-State Power Button

3.4.6 Power Management

3.4.7 World Wide Web Site

3.4.8 Building Blocks and Partners

3.5 Asset Tracking and Security

3.5.1 Password Security

3.5.2 Establishing a Setup Password Using Computer Setup

3.5.3 Establishing a Power-On Password Using Computer Setup

Entering a Power-On Password

Entering a Setup Password

Changing a Power-On or Setup Password

Deleting a Power-On or Setup Password

National Keyboard Delimiter Characters

Clearing Passwords

3.5.4 DriveLock

Using DriveLock

DriveLock Applications

3.5.5 Master Boot Record Security

3.5.6 Before You Partition or Format the Current Bootable Disk

3.5.7 Cable Lock Provision

3.5.8 Fingerprint Identification Technology

3.6 Fault Notification and Recovery

3.6.1 Drive Protection System

3.6.2 Surge-Tolerant Power Supply

3.6.3 Thermal Sensor

Related manuals

HP (Hewlett-Packard)

C6Z78UT#ABA

Compaq

Compaq Evo d500 SFF

Compaq

d538 - Convertible Minitower Desktop PC

HP

Compaq dx6100 Slim Tower PC

HP

Compaq dc7100 Convertible Minitower PC

Gateway

E-4400

HP

dx5150 Small Form Factor PC

HP (Hewlett-Packard)

QV985AV

Compaq

Compaq dx6120 Slim Tower Desktop PC

HP

Compaq dc7100 Convertible Minitower PC

HP

Compaq Pro 6305 Microtower PC

Table of contents