Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




3 posts

Wannabe Geek


# 258618 13-Oct-2019 09:44
Send private message

In the good old days (last year?) HP business laptops had a security feature protecting the admin password of the bios.

 

It cannot be reset, other than getting a small file on a bootable USB drive.

 

This file is made by HP support against the Serial Number of the device.

 

 

 

You have to open a support ticket  to get it.

 

 

 

It seems that HP no longer consider this secure enough.

 

This service is no longer available. Now, the only way of recovering the admin password is to replace the main board.

 

 

 

Chargeable of course.

 

--Dad

 

 

 

 

 

 

 

 


View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2

gzt

11052 posts

Uber Geek


  # 2336233 13-Oct-2019 12:39
Send private message

Does it display a checksum random looking number after incorrectly entering the password three times?



3 posts

Wannabe Geek


  # 2336278 13-Oct-2019 14:37
Send private message

Sadly, no.


 
 
 
 


2691 posts

Uber Geek

Trusted
Lifetime subscriber

  # 2336342 13-Oct-2019 16:55
Send private message

Wow...  this is annoying

 

Is it any different to losing the account password for an Android or iOS device?  I've known a number of people to lose access to expensive devices through lack of care with account passwords, particularly where employees are given devices to use and they get linked to a personal Apple ID or Google Play account.





"4 wheels move the body.  2 wheels move the soul."

“Don't believe anything you read on the net. Except this. Well, including this, I suppose.” Douglas Adams

gzt

11052 posts

Uber Geek


  # 2336344 13-Oct-2019 17:06
Send private message

This service is no longer available. Now, the only way of recovering the admin password is to replace the main board.

because the machine is secondhand or out of warranty?

114 posts

Master Geek


  # 2336479 13-Oct-2019 22:54
Send private message

Dynamic:

 

Wow...  this is annoying

 

Is it any different to losing the account password for an Android or iOS device?  I've known a number of people to lose access to expensive devices through lack of care with account passwords, particularly where employees are given devices to use and they get linked to a personal Apple ID or Google Play account.

 

 

This is easily solved by providing proof of purchase.


BDFL - Memuneh
65382 posts

Uber Geek

Administrator
Trusted
Geekzone
Lifetime subscriber

  # 2336500 14-Oct-2019 07:59
4 people support this post
Send private message

Initially I was "Whoa, this is really going next level gouging" but thinking of it... Not the case. 

 

In my view if you want security but have a backdoor then you don't have security. If there's an Administrator password care need to be taken to make sure you can recover it, from a secure location if needed to apply a BIOS update or change sensitive settings such as virtualisation support, reset biometrics storage, etc.

 

If this is about buying second-hand machines then any complaints should be taken back to the seller, surely?





3525 posts

Uber Geek


  # 2336555 14-Oct-2019 09:36
One person supports this post
Send private message

Theres a couple of gotchas with HP and the BIOS security integration. Not so bad if you have a master BIOS PW, and know one of the local admin accounts.

 

IF you have the HP bloat security tools installed and don't remove them after initial setup. It will likely also add admin accounts in windows to the BIOS as valid accounts.

 

The catch here, is if you dump a corporate image or similar on it without first removing the BIOS security - you are pooched. The windows accounts will no longer be accessible, nor the BIOS PW stored along with it (had a few examples of this at work with departing staff members)

 

The TP chips got rather smart some years ago. And it's just something to be aware of. Like KNOX/FRP on samsungs and not removing google accounts from a device before factory resetting it - first thing it does is ask for the previous account that was stored on it on next setup.

 

 

 

 


 
 
 
 


2077 posts

Uber Geek

Trusted

  # 2337490 15-Oct-2019 15:56
Send private message

What about the old trick of removing the CMOS battery for 15 minutes?  Harder on a laptop, but still work?


2077 posts

Uber Geek

Trusted

3525 posts

Uber Geek


  # 2337493 15-Oct-2019 16:06
Send private message

Nope

 

TPMs are non-volatile storage. Security is burned into them, the only way to fix it is replace the board or TPM with some super fine soldering


22924 posts

Uber Geek

Trusted
Subscriber

  # 2337526 15-Oct-2019 17:08
Send private message

I actually think this is a good thing. If you lose the password then you have to pay to get the "lock" broken and get back into it.

 

Not HPs fault.





Richard rich.ms

gzt

11052 posts

Uber Geek


  # 2337720 15-Oct-2019 21:05
Send private message

Oblivian:

Theres a couple of gotchas with HP and the BIOS security integration. Not so bad if you have a master BIOS PW, and know one of the local admin accounts.


IF you have the HP bloat security tools installed and don't remove them after initial setup. It will likely also add admin accounts in windows to the BIOS as valid accounts.


The catch here, is if you dump a corporate image or similar on it without first removing the BIOS security - you are pooched. The windows accounts will no longer be accessible, nor the BIOS PW stored along with it (had a few examples of this at work with departing staff members)


The TP chips got rather smart some years ago. And it's just something to be aware of. Like KNOX/FRP on samsungs and not removing google accounts from a device before factory resetting it - first thing it does is ask for the previous account that was stored on it on next setup.


 


 


Is this something to consider when buying new HP Business retail from a reseller or is this enabled by default only for specific large orders or on demand?

3525 posts

Uber Geek


  # 2337766 15-Oct-2019 22:11
Send private message

gzt:
Is this something to consider when buying new HP Business retail from a reseller or is this enabled by default only for specific large orders or on demand?

 

Out of the box - IF you don't watch it and enable all the awesome-ness they push at you :)

 

HP ProtectTools. Fairly standard. Only becomes a real issue if you enable full TPM and user integration AND set a default admin BIOS pw and forget it. If you have one or the other it's not so bad. 

 

In my case, after I nuked the drive and tried to get to BIOS to make some adjustments I found the default access level had been downgraded, and the admin acct tied to a windows account that had gone poof. (if it still existed and had a 'tool' run chances are could get BIOS access back..)

 

https://support.hp.com/nz-en/document/c00719433 

 

Much like the link earlier, it's more for fixing the hidden bios admin acct if similar case.

 

https://support.hp.com/nz-en/document/c03593792


78 posts

Master Geek


  # 2337813 15-Oct-2019 22:32
Send private message

hisdad:

 

In the good old days (last year?) HP business laptops had a security feature protecting the admin password of the bios.

 

It cannot be reset, other than getting a small file on a bootable USB drive.

 

This file is made by HP support against the Serial Number of the device.

 

 

 

You have to open a support ticket  to get it.

 

 

 

It seems that HP no longer consider this secure enough.

 

This service is no longer available. Now, the only way of recovering the admin password is to replace the main board.

 

 

 

Chargeable of course.

 

--Dad

 

 

BIOS passwords can be removed.

 

 

 

 

 

 

 

 


BDFL - Memuneh
65382 posts

Uber Geek

Administrator
Trusted
Geekzone
Lifetime subscriber

  # 2337814 15-Oct-2019 22:43
Send private message

@K8Toledo:

 

BIOS passwords can be removed.

 

 

Yes, but did you read the document? You need to know the old password - which is unknown in this case:

 

BIOSConfigUtility.exe /nspwdfile:"" /cspwdfile:"current password.bin"





 1 | 2
View this topic in a long page with up to 500 replies per page Create new topic



Twitter and LinkedIn »



Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Vodafone New Zealand starts two year partnership with LetsPlay.Live
Posted 28-Jan-2020 11:24


Ring launches indoor-only security camera
Posted 23-Jan-2020 17:26


New report findings will help schools implement the digital technologies curriculum content
Posted 23-Jan-2020 17:25


N4L to upgrade & support wireless internet inside schools
Posted 23-Jan-2020 17:22


Netflix releases 21 Studio Ghibli works
Posted 22-Jan-2020 11:42


Vodafone integrates eSIM into device and wearable roadmap
Posted 17-Jan-2020 09:45


Do you need this camera app? Group investigates privacy implications
Posted 16-Jan-2020 03:30


JBL launches headphones range designed for gaming
Posted 13-Jan-2020 09:59


Withings introduces ScanWatch wearable combining ECG and sleep apnea detection
Posted 9-Jan-2020 18:34


NZ Police releases public app
Posted 8-Jan-2020 11:43


Suunto 7 combine sports and smart features on new smartwatch generation
Posted 7-Jan-2020 16:06


Intel brings innovation with technology spanning the cloud, network, edge and PC
Posted 7-Jan-2020 15:54


AMD announces high performance desktop and ultrathin laptop processors
Posted 7-Jan-2020 15:42


AMD unveils four new desktop and mobile GPUs including AMD Radeon RX 5600
Posted 7-Jan-2020 15:32


Consolidation in video streaming market with Spark selling Lightbox to Sky
Posted 19-Dec-2019 09:09



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.