Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


hisdad

3 posts

Wannabe Geek


#258618 13-Oct-2019 09:44
Send private message

In the good old days (last year?) HP business laptops had a security feature protecting the admin password of the bios.

 

It cannot be reset, other than getting a small file on a bootable USB drive.

 

This file is made by HP support against the Serial Number of the device.

 

 

 

You have to open a support ticket  to get it.

 

 

 

It seems that HP no longer consider this secure enough.

 

This service is no longer available. Now, the only way of recovering the admin password is to replace the main board.

 

 

 

Chargeable of course.

 

--Dad

 

 

 

 

 

 

 

 


View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2

gzt

gzt
11676 posts

Uber Geek

Lifetime subscriber

  #2336233 13-Oct-2019 12:39
Send private message

Does it display a checksum random looking number after incorrectly entering the password three times?

hisdad

3 posts

Wannabe Geek


  #2336278 13-Oct-2019 14:37
Send private message

Sadly, no.


 
 
 
 


Dynamic
2892 posts

Uber Geek

Trusted
Lifetime subscriber

  #2336342 13-Oct-2019 16:55
Send private message

Wow...  this is annoying

 

Is it any different to losing the account password for an Android or iOS device?  I've known a number of people to lose access to expensive devices through lack of care with account passwords, particularly where employees are given devices to use and they get linked to a personal Apple ID or Google Play account.





"4 wheels move the body.  2 wheels move the soul."

“Don't believe anything you read on the net. Except this. Well, including this, I suppose.” Douglas Adams

gzt

gzt
11676 posts

Uber Geek

Lifetime subscriber

  #2336344 13-Oct-2019 17:06
Send private message

This service is no longer available. Now, the only way of recovering the admin password is to replace the main board.

because the machine is secondhand or out of warranty?

boosacnoodle
237 posts

Master Geek


  #2336479 13-Oct-2019 22:54
Send private message

Dynamic:

 

Wow...  this is annoying

 

Is it any different to losing the account password for an Android or iOS device?  I've known a number of people to lose access to expensive devices through lack of care with account passwords, particularly where employees are given devices to use and they get linked to a personal Apple ID or Google Play account.

 

 

This is easily solved by providing proof of purchase.


freitasm
BDFL - Memuneh
68850 posts

Uber Geek

Administrator
Trusted
Geekzone
Lifetime subscriber

  #2336500 14-Oct-2019 07:59
Send private message

Initially I was "Whoa, this is really going next level gouging" but thinking of it... Not the case. 

 

In my view if you want security but have a backdoor then you don't have security. If there's an Administrator password care need to be taken to make sure you can recover it, from a secure location if needed to apply a BIOS update or change sensitive settings such as virtualisation support, reset biometrics storage, etc.

 

If this is about buying second-hand machines then any complaints should be taken back to the seller, surely?





 

 

These links are referral codes

 

Geekzone broadband switch | Eletcricity comparison and switch | Hatch investment (NZ$ 10 bonus if NZ$100 deposited within 30 days) | Sharesies | Mighty Ape | Backblaze | Coinbase | TheMarket | My technology disclosure


Oblivian
4314 posts

Uber Geek


  #2336555 14-Oct-2019 09:36
Send private message

Theres a couple of gotchas with HP and the BIOS security integration. Not so bad if you have a master BIOS PW, and know one of the local admin accounts.

 

IF you have the HP bloat security tools installed and don't remove them after initial setup. It will likely also add admin accounts in windows to the BIOS as valid accounts.

 

The catch here, is if you dump a corporate image or similar on it without first removing the BIOS security - you are pooched. The windows accounts will no longer be accessible, nor the BIOS PW stored along with it (had a few examples of this at work with departing staff members)

 

The TP chips got rather smart some years ago. And it's just something to be aware of. Like KNOX/FRP on samsungs and not removing google accounts from a device before factory resetting it - first thing it does is ask for the previous account that was stored on it on next setup.

 

 

 

 


 
 
 
 


Rickles
2255 posts

Uber Geek

Trusted

  #2337490 15-Oct-2019 15:56
Send private message

What about the old trick of removing the CMOS battery for 15 minutes?  Harder on a laptop, but still work?


Rickles
2255 posts

Uber Geek

Trusted

Oblivian
4314 posts

Uber Geek


  #2337493 15-Oct-2019 16:06
Send private message

Nope

 

TPMs are non-volatile storage. Security is burned into them, the only way to fix it is replace the board or TPM with some super fine soldering


richms
23681 posts

Uber Geek

Trusted
Subscriber

  #2337526 15-Oct-2019 17:08
Send private message

I actually think this is a good thing. If you lose the password then you have to pay to get the "lock" broken and get back into it.

 

Not HPs fault.





Richard rich.ms

gzt

gzt
11676 posts

Uber Geek

Lifetime subscriber

  #2337720 15-Oct-2019 21:05
Send private message

Oblivian:

Theres a couple of gotchas with HP and the BIOS security integration. Not so bad if you have a master BIOS PW, and know one of the local admin accounts.


IF you have the HP bloat security tools installed and don't remove them after initial setup. It will likely also add admin accounts in windows to the BIOS as valid accounts.


The catch here, is if you dump a corporate image or similar on it without first removing the BIOS security - you are pooched. The windows accounts will no longer be accessible, nor the BIOS PW stored along with it (had a few examples of this at work with departing staff members)


The TP chips got rather smart some years ago. And it's just something to be aware of. Like KNOX/FRP on samsungs and not removing google accounts from a device before factory resetting it - first thing it does is ask for the previous account that was stored on it on next setup.


 


 


Is this something to consider when buying new HP Business retail from a reseller or is this enabled by default only for specific large orders or on demand?

Oblivian
4314 posts

Uber Geek


  #2337766 15-Oct-2019 22:11
Send private message

gzt:
Is this something to consider when buying new HP Business retail from a reseller or is this enabled by default only for specific large orders or on demand?

 

Out of the box - IF you don't watch it and enable all the awesome-ness they push at you :)

 

HP ProtectTools. Fairly standard. Only becomes a real issue if you enable full TPM and user integration AND set a default admin BIOS pw and forget it. If you have one or the other it's not so bad. 

 

In my case, after I nuked the drive and tried to get to BIOS to make some adjustments I found the default access level had been downgraded, and the admin acct tied to a windows account that had gone poof. (if it still existed and had a 'tool' run chances are could get BIOS access back..)

 

https://support.hp.com/nz-en/document/c00719433 

 

Much like the link earlier, it's more for fixing the hidden bios admin acct if similar case.

 

https://support.hp.com/nz-en/document/c03593792


K8Toledo
294 posts

Ultimate Geek

Subscriber

  #2337813 15-Oct-2019 22:32
Send private message

hisdad:

 

In the good old days (last year?) HP business laptops had a security feature protecting the admin password of the bios.

 

It cannot be reset, other than getting a small file on a bootable USB drive.

 

This file is made by HP support against the Serial Number of the device.

 

 

 

You have to open a support ticket  to get it.

 

 

 

It seems that HP no longer consider this secure enough.

 

This service is no longer available. Now, the only way of recovering the admin password is to replace the main board.

 

 

 

Chargeable of course.

 

--Dad

 

 

BIOS passwords can be removed.

 

 

 

 

 

 

 

 


freitasm
BDFL - Memuneh
68850 posts

Uber Geek

Administrator
Trusted
Geekzone
Lifetime subscriber

  #2337814 15-Oct-2019 22:43
Send private message

@K8Toledo:

 

BIOS passwords can be removed.

 

 

Yes, but did you read the document? You need to know the old password - which is unknown in this case:

 

BIOSConfigUtility.exe /nspwdfile:"" /cspwdfile:"current password.bin"





 

 

These links are referral codes

 

Geekzone broadband switch | Eletcricity comparison and switch | Hatch investment (NZ$ 10 bonus if NZ$100 deposited within 30 days) | Sharesies | Mighty Ape | Backblaze | Coinbase | TheMarket | My technology disclosure


 1 | 2
View this topic in a long page with up to 500 replies per page Create new topic





News »

Nanoleaf enhances lighting line with launch of Triangles and Mini Triangles
Posted 17-Oct-2020 20:18


Synology unveils DS16211+
Posted 17-Oct-2020 20:12


Ingram Micro introduces FootfallCam to New Zealand channel
Posted 17-Oct-2020 20:06


Dropbox adopts Virtual First working policy
Posted 17-Oct-2020 19:47


OPPO announces Reno4 Series 5G line-up in NZ
Posted 16-Oct-2020 08:52


Microsoft Highway to a Hundred expands to Asia Pacific
Posted 14-Oct-2020 09:34


Spark turns on 5G in Auckland
Posted 14-Oct-2020 09:29


AMD Launches AMD Ryzen 5000 Series Desktop Processors
Posted 9-Oct-2020 10:13


Teletrac Navman launches integrated multi-camera solution for transport and logistics industry
Posted 8-Oct-2020 10:57


Farmside hits 10,000 RBI customers
Posted 7-Oct-2020 15:32


NordVPN starts deploying colocated servers
Posted 7-Oct-2020 09:00


Google introduces Nest Wifi routers in New Zealand
Posted 7-Oct-2020 05:00


Orcon to bundle Google Nest Wifi router with new accounts
Posted 7-Oct-2020 05:00


Epay and Centrapay partner to create digital gift cards
Posted 2-Oct-2020 17:34


Inseego launches 5G MiFi M2000 mobile hotspot
Posted 2-Oct-2020 14:53









Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.