Table 6-3
Computer Setup—Security (continued)
●
Front USB Ports
●
Rear USB Ports
●
Internal USB Ports
Slot Security
Allows you to disable any PCI or PCI Express slot. Default is enabled.
Network Boot
Enables/disables the computer’s ability to boot from an operating system installed on a network server.
(Feature available on NIC models only; the network controller must be either a PCI expansion card or
embedded on the system board.) Default is enabled.
System IDs
Allows you to set:
●
Asset tag (18-byte identifier), a property identification number assigned by the company to the
computer.
●
Ownership tag (80-byte identifier) displayed during POST.
●
Universal Unique Identifier (UUID) number. The UUID can only be updated if the current chassis
serial number is invalid. (These ID numbers are normally set in the factory and are used to uniquely
identify the system.)
●
Keyboard locale setting for System ID entry.
System Security
(these
options are hardware
dependent)
NOTE:
Available options are displayed depending on system configuration.
Data Execution Prevention (enable/disable) - Helps prevent operating system security breaches. Default
is enabled.
Virtualization Technology (enable/disable) - Controls the virtualization features of the processor.
Changing this setting requires turning the computer off and then back on. Default is disabled.
OS management of Embedded Security Device (enable/disable) - This option allows the user to limit OS
control of the Embedded Security Device. Default is enabled. This option is automatically disabled if
Trusted Execution Technology is enabled.
●
Reset of Embedded Security Device through OS (enable/disable) - This option allows the user to
limit the operating system ability to request a Reset to Factory Settings of the Embedded Security
Device. Default is disabled.
NOTE:
To enable this option, a Setup password must be set.
●
No PPI provisioning (Windows 8 only) - This option lets you set Windows 8 to bypass the PPI
(Physical Presence Interface) requirement and directly enable and take ownership of the TPM on
first boot. You cannot change this setting after TPM is owned/initialized, unless the TPM is reset.
Default is disabled for non-Windows 8 systems, and enabled for Windows 8.
●
Allow PPI policy to be changed by OS. Enabling this option allows the operating system to execute
TPM operations without Physical Presence Interface. Default is disabled.
NOTE:
To enable this option, a Setup password must be set.
DriveLock Security
Allows you to assign or modify a master or user password for hard drives. When this feature is enabled,
the user is prompted to provide one of the DriveLock passwords during POST. If neither is successfully
entered, the hard drive will remain inaccessible until one of the passwords is successfully provided during
a subsequent cold-boot sequence.
NOTE:
This selection will only appear when at least one drive that supports the DriveLock feature is
attached to the system.
Secure Boot
Configuration
●
Legacy Support—Enable/Disable. Allows you to turn off all legacy support on the computer,
including booting to DOS, running legacy graphics cards, booting to legacy devices, and so on. If set
to disable, legacy boot options in
Storage > Boot Order
are not displayed. Default is enabled.
●
Secure Boot—Enable/Disable. Allows you to make sure an operating system is legitimate before
booting to it, making Windows resistant to malicious modification from preboot to full OS booting,
preventing firmware attacks. UEFI and Windows Secure Boot only allow code signed by pre-
Computer Setup (F10) Utilities
67