Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




3 posts

Wannabe Geek


# 258618 13-Oct-2019 09:44
Send private message quote this post

In the good old days (last year?) HP business laptops had a security feature protecting the admin password of the bios.

 

It cannot be reset, other than getting a small file on a bootable USB drive.

 

This file is made by HP support against the Serial Number of the device.

 

 

 

You have to open a support ticket  to get it.

 

 

 

It seems that HP no longer consider this secure enough.

 

This service is no longer available. Now, the only way of recovering the admin password is to replace the main board.

 

 

 

Chargeable of course.

 

--Dad

 

 

 

 

 

 

 

 


View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2

gzt

10940 posts

Uber Geek


  # 2336233 13-Oct-2019 12:39
Send private message quote this post

Does it display a checksum random looking number after incorrectly entering the password three times?



3 posts

Wannabe Geek


  # 2336278 13-Oct-2019 14:37
Send private message quote this post

Sadly, no.


 
 
 
 


2655 posts

Uber Geek

Trusted
Lifetime subscriber

  # 2336342 13-Oct-2019 16:55
Send private message quote this post

Wow...  this is annoying

 

Is it any different to losing the account password for an Android or iOS device?  I've known a number of people to lose access to expensive devices through lack of care with account passwords, particularly where employees are given devices to use and they get linked to a personal Apple ID or Google Play account.





"4 wheels move the body.  2 wheels move the soul."

“Don't believe anything you read on the net. Except this. Well, including this, I suppose.” Douglas Adams

gzt

10940 posts

Uber Geek


  # 2336344 13-Oct-2019 17:06
Send private message quote this post

This service is no longer available. Now, the only way of recovering the admin password is to replace the main board.

because the machine is secondhand or out of warranty?

56 posts

Master Geek


  # 2336479 13-Oct-2019 22:54
Send private message quote this post

Dynamic:

 

Wow...  this is annoying

 

Is it any different to losing the account password for an Android or iOS device?  I've known a number of people to lose access to expensive devices through lack of care with account passwords, particularly where employees are given devices to use and they get linked to a personal Apple ID or Google Play account.

 

 

This is easily solved by providing proof of purchase.


BDFL - Memuneh
64780 posts

Uber Geek

Administrator
Trusted
Geekzone
Lifetime subscriber

  # 2336500 14-Oct-2019 07:59
4 people support this post
Send private message quote this post

Initially I was "Whoa, this is really going next level gouging" but thinking of it... Not the case. 

 

In my view if you want security but have a backdoor then you don't have security. If there's an Administrator password care need to be taken to make sure you can recover it, from a secure location if needed to apply a BIOS update or change sensitive settings such as virtualisation support, reset biometrics storage, etc.

 

If this is about buying second-hand machines then any complaints should be taken back to the seller, surely?





3398 posts

Uber Geek


  # 2336555 14-Oct-2019 09:36
One person supports this post
Send private message quote this post

Theres a couple of gotchas with HP and the BIOS security integration. Not so bad if you have a master BIOS PW, and know one of the local admin accounts.

 

IF you have the HP bloat security tools installed and don't remove them after initial setup. It will likely also add admin accounts in windows to the BIOS as valid accounts.

 

The catch here, is if you dump a corporate image or similar on it without first removing the BIOS security - you are pooched. The windows accounts will no longer be accessible, nor the BIOS PW stored along with it (had a few examples of this at work with departing staff members)

 

The TP chips got rather smart some years ago. And it's just something to be aware of. Like KNOX/FRP on samsungs and not removing google accounts from a device before factory resetting it - first thing it does is ask for the previous account that was stored on it on next setup.

 

 

 

 


 
 
 
 


2025 posts

Uber Geek

Trusted

  # 2337490 15-Oct-2019 15:56
Send private message quote this post

What about the old trick of removing the CMOS battery for 15 minutes?  Harder on a laptop, but still work?


2025 posts

Uber Geek

Trusted

3398 posts

Uber Geek


  # 2337493 15-Oct-2019 16:06
Send private message quote this post

Nope

 

TPMs are non-volatile storage. Security is burned into them, the only way to fix it is replace the board or TPM with some super fine soldering


22602 posts

Uber Geek

Trusted
Subscriber

  # 2337526 15-Oct-2019 17:08
Send private message quote this post

I actually think this is a good thing. If you lose the password then you have to pay to get the "lock" broken and get back into it.

 

Not HPs fault.





Richard rich.ms

gzt

10940 posts

Uber Geek


  # 2337720 15-Oct-2019 21:05
Send private message quote this post

Oblivian:

Theres a couple of gotchas with HP and the BIOS security integration. Not so bad if you have a master BIOS PW, and know one of the local admin accounts.


IF you have the HP bloat security tools installed and don't remove them after initial setup. It will likely also add admin accounts in windows to the BIOS as valid accounts.


The catch here, is if you dump a corporate image or similar on it without first removing the BIOS security - you are pooched. The windows accounts will no longer be accessible, nor the BIOS PW stored along with it (had a few examples of this at work with departing staff members)


The TP chips got rather smart some years ago. And it's just something to be aware of. Like KNOX/FRP on samsungs and not removing google accounts from a device before factory resetting it - first thing it does is ask for the previous account that was stored on it on next setup.


 


 


Is this something to consider when buying new HP Business retail from a reseller or is this enabled by default only for specific large orders or on demand?

3398 posts

Uber Geek


  # 2337766 15-Oct-2019 22:11
Send private message quote this post

gzt:
Is this something to consider when buying new HP Business retail from a reseller or is this enabled by default only for specific large orders or on demand?

 

Out of the box - IF you don't watch it and enable all the awesome-ness they push at you :)

 

HP ProtectTools. Fairly standard. Only becomes a real issue if you enable full TPM and user integration AND set a default admin BIOS pw and forget it. If you have one or the other it's not so bad. 

 

In my case, after I nuked the drive and tried to get to BIOS to make some adjustments I found the default access level had been downgraded, and the admin acct tied to a windows account that had gone poof. (if it still existed and had a 'tool' run chances are could get BIOS access back..)

 

https://support.hp.com/nz-en/document/c00719433 

 

Much like the link earlier, it's more for fixing the hidden bios admin acct if similar case.

 

https://support.hp.com/nz-en/document/c03593792


56 posts

Master Geek


  # 2337813 15-Oct-2019 22:32
Send private message quote this post

hisdad:

 

In the good old days (last year?) HP business laptops had a security feature protecting the admin password of the bios.

 

It cannot be reset, other than getting a small file on a bootable USB drive.

 

This file is made by HP support against the Serial Number of the device.

 

 

 

You have to open a support ticket  to get it.

 

 

 

It seems that HP no longer consider this secure enough.

 

This service is no longer available. Now, the only way of recovering the admin password is to replace the main board.

 

 

 

Chargeable of course.

 

--Dad

 

 

BIOS passwords can be removed.

 

 

 

 

 

 

 

 


BDFL - Memuneh
64780 posts

Uber Geek

Administrator
Trusted
Geekzone
Lifetime subscriber

  # 2337814 15-Oct-2019 22:43
Send private message quote this post

@K8Toledo:

 

BIOS passwords can be removed.

 

 

Yes, but did you read the document? You need to know the old password - which is unknown in this case:

 

BIOSConfigUtility.exe /nspwdfile:"" /cspwdfile:"current password.bin"





 1 | 2
View this topic in a long page with up to 500 replies per page Create new topic



Twitter and LinkedIn »



Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Microsoft launches first Experience Center worldwide for Asia Pacific in Singapore
Posted 13-Nov-2019 13:08


Disney+ comes to LG Smart TVs
Posted 13-Nov-2019 12:55


Spark launches new wireless broadband "Unplan Metro"
Posted 11-Nov-2019 08:19


Malwarebytes overhauls flagship product with new UI, faster engine and lighter footprint
Posted 6-Nov-2019 11:48


CarbonClick launches into Digital Marketplaces
Posted 6-Nov-2019 11:42


Kordia offers Microsoft Azure Peering Service
Posted 6-Nov-2019 11:41


Spark 5G live on Auckland Harbour for Emirates Team New Zealand
Posted 4-Nov-2019 17:30


BNZ and Vodafone partner to boost NZ Tech for SME
Posted 31-Oct-2019 17:14


Nokia 7.2 available in New Zealand
Posted 31-Oct-2019 16:24


2talk launches Microsoft Teams Direct Routing product
Posted 29-Oct-2019 10:35


New Breast Cancer Foundation app puts power in Kiwi women's hands
Posted 25-Oct-2019 16:13


OPPO Reno2 Series lands, alongside hybrid noise-cancelling Wireless Headphones
Posted 24-Oct-2019 15:32


Waikato Data Scientists awarded $13 million from the Government
Posted 24-Oct-2019 15:27


D-Link launches Wave 2 Unified Access Points
Posted 24-Oct-2019 15:07


LG Electronics begins distributing the G8X THINQ
Posted 24-Oct-2019 10:58



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.