DriveLock applications
The most practical use of DriveLock is in a corporate environment. The system administrator would be
responsible for configuring the hard disk drive, which involves setting the DriveLock master password
and a temporary user password. If you forget the user password or if the equipment is passed on to
another employee, the master password can be used to reset the user password and regain access to
the hard disk drive.
HP recommends that corporate system administrators who enable DriveLock also establish a corporate
policy for setting and maintaining master passwords. This prevents situation in which an employee sets
both DriveLock passwords before leaving the company. This scenario leaves the hard disk drive
unusable and forces its replacement. Likewise, system administrators who do not set a master password
might find themselves locked out of a hard disk drive and unable to perform routine checks for
unauthorized software, other asset control functions, and support.
For users with less stringent security requirements, HP does not recommend enabling DriveLock. Users in
this category include personal users, or users who do not maintain sensitive data on their hard disk
drives as a common practice. For these users, the potential loss of a hard disk drive resulting from
forgetting both passwords is much greater than the value of the data DriveLock protects.
Create an administrator-only setup password to restrict access to Computer Setup (F10) and DriveLock.
This keeps users from enabling DriveLock.
Using DriveLock
When DriveLock detects hard disk drives that support the ATA security command, a DriveLock menu
item appears under the Security menu in the Computer Setup (F10) menu. This presents you with
options to set the master password and to enable DriveLock. You must provide a user password to
enable DriveLock. Because a system administrator typically performs the initial configuration of
DriveLock, set a master password first.
HP recommends that system administrators set a master password whether they plan to enable
DriveLock or not. This lets administrators modify DriveLock settings if the drive is locked in the future.
After the master password is set, the system administrator can enable DriveLock or leave it disabled.
If a locked hard disk drive is present, POST requires a password to unlock the device. If a power-on
password is set and it matches the device’s user password, POST does not prompt the user to re-enter
the password. Otherwise, the user is prompted to enter a DriveLock password.
For a cold start, use the master or user password. For a warm start, enter the same password used to
unlock the drive during the preceding cold start.
Users have two attempts to enter a correct password. During cold start, if neither attempt succeeds,
POST continues but the drive remains inaccessible. During a warm-start or restart from Windows, if
neither attempt succeeds, POST halts and the user is instructed to cycle power.
54
Chapter 4 System management
ENWW