Enww miscellaneous 91 – HP Compaq dc7900 Small Form Factor PC User Manual

Software Impacted—
Short description

Details

Solution

HP ProtectTools Security
Manager—Intermittently,
an error is returned when
closing the Security
Manager interface.

Intermittently (1 in 12 instances), an error
is created by using the close button in the
upper right of the screen to close
Security Manager before all plug-in
applications have finished loading.

This is related to a timing dependency on plug-in
services load time when closing and restarting Security
Manager. Since PTHOST.exe is the shell housing the
other applications (plug-ins), it depends on the ability of
the plug-in to complete its load time (services). Closing
the shell before the plug-in has had time to complete
loading is the root cause.

Allow Security Manager to complete the services
loading message (seen at top of Security Manager
window) and all plug-ins listed in left column. To avoid
failure, allow a reasonable time for these plug-ins to
load.

HP ProtectTools—
Unrestricted access or
uncontrolled administrator
privileges pose security
risk.

Numerous risks are possible with
unrestricted access to the client PC,
including the following:

●

Deletion of PSD

●

Malicious modification of user
settings

●

Disabling of security policies and
functions

Administrators are encouraged to follow “best
practices” in restricting end-user privileges and
restricting user access.

Unauthorized users should not be granted
administrative privileges.

The BIOS and OS
Embedded Security
passwords are out of
synch.

If a user does not validate a new
password as the BIOS Embedded
Security password, the BIOS Embedded
Security password reverts back to the
original embedded security password
through

F10

BIOS.

This is functioning as designed; these passwords can
be re-synchronized by changing the OS Basic User
password and authenticating it at the BIOS Embedded
Security password prompt.

Only one user can log on
to the system after TPM
preboot authentication is
enabled in BIOS.

The TPM BIOS PIN is associated with
the first user who initializes the user
setting. If a computer has multiple users,
the first user is, in essence, the
administrator. The first user will have to
give his TPM user PIN to other users to
use to log on.

This is functioning as designed; HP recommends that
the customer's IT department follow good security
policies for rolling out their security solution and
ensuring that the BIOS administrator password is
configured by IT administrators for system level
protection.

The user has to change
their PIN to make TPM
preboot work after a TPM
factory reset.

The user has to change their PIN or
create another user to initialize their user
setting to make TPM BIOS
authentication work after reset. There is
no option to make TPM BIOS
authentication work.

This is as designed; the factory reset clears the Basic
User Key. The user must change his user PIN or create
a new user to re-initialize the Basic User Key.

Power-on
authentication support
is not set to default using
Embedded Security
Reset to Factory
Settings

In Computer Setup, the Power-on
authentication support option is not
being reset to factory settings when
using the Embedded Security Device
option Reset to Factory Settings. By
default, Power-on authentication
support is set to Disable.

The Reset to Factory Settings option disables
Embedded Security Device, which hides the other
Embedded Security options (including Power-on
authentication support). However, after reenabling
Embedded Security Device, Power-on authentication
support remains enabled.

HP is working on a resolution, which will be provided in
future Web-based ROM SoftPaq offerings.

ENWW

Miscellaneous

91