Desktop Management Guide HP Business PCs
© Copyright 2009 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Microsoft, Windows, Windows Vista, and Windows 7 are either trademarks or registered trademarks of Microsoft Corporation in the United States and/or other countries. Intel and vPro are trademarks of Intel Corporation in the U.S. and other countries.
About This Book This guide provides definitions and instructions for using security and manageability features that are preinstalled on some models. WARNING! Text set off in this manner indicates that failure to follow directions could result in bodily harm or loss of life. CAUTION: Text set off in this manner indicates that failure to follow directions could result in damage to equipment or loss of information. NOTE: Text set off in this manner provides important supplemental information.
iv About This Book ENWW
Table of contents 1 Desktop Management Overview 2 Initial Configuration and Deployment HP Client Automation Agent ................................................................................................................. 2 HP Client Manager ............................................................................................................................... 3 3 Remote System Installation 4 Software Updating and Management HP Client Management Interface ......................................
Copying to Multiple Computers .......................................................................................................... 16 Creating a Bootable Device ................................................................................................................ 17 Supported USB Flash Media Device ................................................................................. 17 Unsupported USB Flash Media Device ............................................................................
1 Desktop Management Overview HP Client Management Solutions provides standards-based solutions for managing and controlling desktops, workstations, and notebook PCs in a networked environment. HP pioneered desktop manageability in 1995 with the introduction of the industry’s first fully manageable desktop personal computers. HP is a patent holder of manageability technology.
2 Initial Configuration and Deployment The computer comes with a preinstalled system software image. After a brief software “unbundling” process, the computer is ready to use. You may prefer to replace the preinstalled software image with a customized set of system and application software. There are several methods for deploying a customized software image. They include: ● Installing additional software applications after unbundling the preinstalled software image.
HP Client Manager HP Client Manager (HPCM) is a free solution developed by Symantec for all supported HP business desktop, notebook, workstation and HP Blade PCs. HPCM integrates HP specific tools such as System Software Manager, HP Instant Support Professional Edition, and HP Client Management Interface to enable a centralized model for the managing, tracking, and monitoring of all supported HP hardware. HP Client Manager 7.
3 Remote System Installation Remote System Installation allows you to start and set up the system using the software and configuration information located on a network server by initiating the Preboot Execution Environment (PXE).
4 Software Updating and Management HP provides several tools for managing and updating software on desktops, workstations, and notebooks: ● HP Client Management Interface ● HP SoftPaq Download Manager ● HP System Software Manager ● HP ProtectTools Security Manager ● HP Client Automation Starter, Standard, and Enterprise Editions ● HP Client Manager from Symantec ● Altiris Client Management Suite ● HP Client Catalog for Microsoft System Center & SMS Products ● Intel vPro-branded PCs with A
technology utilized in HP Client Management Solutions. With HP CMI, HP gives you flexibility in choosing how you manage your HP client computers. HP Client Management Interface used in conjunction with system management software can: ● Request in-depth client inventory information—Capture detailed information about the processors, hard drives, memory, BIOS, drivers, including sensor information (such as fan speed, voltage, and temperature).
HP ProtectTools Security Manager HP ProtectTools security software provides security features that help protect against unauthorized access to the computer, networks, and critical data. Enhanced security functionality is provided by the following software modules, and is accessible through HP ProtectTools Security Manager: HP ProtectTools Security Manager is the single console through which all other modules are accessed.
HP Client Automation Enterprise Edition HP Client Automation Enterprise Edition is a policy-based solution that enables administrators to inventory, deploy, patch, and continuously manage software and content across heterogeneous client platforms.
● Centrally schedule client backup and recovery ● Add on support for managing Intel AMT For more information on HP Client Manager from Symantec, visit http://www.hp.com/go/ clientmanager. Altiris Client Management Suite Altiris Client Management Suite is an easy-to-use solution for full life-cycle software management of desktops, notebooks, and workstations.
The three forms of remote manageability available on business desktops are Alert Standard Format (ASF), Intel Active Management Technology (AMT), and Desktop and mobile Architecture for Systems Hardware (DASH).
NOTE: If you do not press Ctrl+P at the appropriate time, you must restart the computer and again press Ctrl+P before the computer boots to the operating system to access the utility. This hot-key enters the Intel Management Engine BIOS Execution (MEBx) setup utility. This utility allows the user to configure various aspects of the management technology.
Check for the latest documentation on the http://www.hp.com site under Support & Troubleshooting, then select your specific model, then select Manuals, then White papers referring to DASH or the Broadcom NIC. Verdiem Surveyor Verdiem Surveyor is a software solution that helps manage PC energy costs. Surveyor measures and reports how much energy each PC consumes. It also provides control over PC power settings enabling administrators to easily implement energy saving strategies across their networks.
5 ROM Flash The computer's BIOS is stored in a programmable flash ROM (read only memory). By establishing a setup password in the Computer Setup (F10) Utility, you can protect the ROM from being unintentionally updated or overwritten. This is important to ensure the operating integrity of the computer. Should you need or want to upgrade the BIOS, you may download the latest BIOS images from the HP driver and support page, http://www.hp.com/support/files.
6 Boot Block Emergency Recovery Mode Boot Block Emergency Recovery Mode permits system recovery in the unlikely event of a ROM flash failure. For example, if a power failure were to occur during a BIOS upgrade, the ROM flash would be incomplete. This would render the system BIOS unusable. The Boot Block is a flash-protected section of the ROM that contains code that checks for a valid system BIOS image when the system is turned on. ● If the system BIOS image is valid, the system starts normally.
7 Replicating the Setup The following procedures give an administrator the ability to easily copy one setup configuration to other computers of the same model. This allows for faster, more consistent configuration of multiple computers. NOTE: Both procedures require a diskette drive or a supported USB flash drive. NOTE: System Software Manager (SSM) can be used to replicate computer setup information from within the Windows operating system. For more information see the SSM User’s Guide at http://www.hp.
10. Click File > Replicated Setup > Restore from Removable Media, and follow the instructions on the screen. 11. Restart the computer when the configuration is complete. Copying to Multiple Computers CAUTION: A setup configuration is model-specific. File system corruption may result if source and target computers are not the same model. For example, do not copy the setup configuration from a dc7xxx PC to a dx7xxx PC.
Creating a Bootable Device Supported USB Flash Media Device Supported devices have a preinstalled image to simplify the process of making them bootable. All HP or Compaq and most other USB flash media devices have this preinstalled image. If the USB flash media device being used does not have this image, use the procedure later in this section (see Unsupported USB Flash Media Device on page 18).
10. At the A:\ prompt, enter FORMAT /S X: where X represents the drive letter noted before. CAUTION: Be sure that you have entered the correct drive letter for the USB flash media device. FORMAT will display one or more messages and ask you each time whether you want to proceed. Enter Y each time. FORMAT will format the USB flash media device, add the system files, and ask for a Volume Label. 11. Press Enter for no label or enter one if desired. 12.
6. Go to Advanced > PCI Devices to disable both the PATA and SATA controllers. When disabling the SATA controller, note the IRQ to which the controller is assigned. You will need to reassign the IRQ later. Exit setup, confirming the changes. SATA IRQ: __________ 7. Insert a bootable DOS diskette with FDISK.COM and either SYS.COM or FORMAT.COM into a diskette drive and turn on the computer to boot to the DOS diskette. 8. Run FDISK and delete any existing partitions on the USB flash media device.
8 Dual-State Power Button With Advanced Configuration and Power Interface (ACPI) enabled, the power button can function either as an on/off switch or as a standby button. The standby feature does not completely turn off power, but instead causes the computer to enter a low-power standby state. This allows you to power down quickly without closing applications and to return quickly to the same operational state without any data loss.
9 HP Web Site Support HP engineers rigorously test and debug software developed by HP and third-party suppliers, and develop operating system specific support software, to ensure performance, compatibility, and reliability for HP computers. When making the transition to new or revised operating systems, it is important to implement the support software designed for that operating system.
10 Industry Standards HP management solutions integrate with other systems management applications, and are based on industry standards, such as: 22 ● Web-Based Enterprise Management (WBEM) ● Windows Management Interface (WMI) ● Wake on LAN Technology ● ACPI ● SMBIOS ● Pre-boot Execution (PXE) support Chapter 10 Industry Standards ENWW
11 Asset Tracking and Security Asset tracking features incorporated into the computer provide key asset tracking data that can be managed using HP Systems Insight Manager, HP Client Manager, HP Configuration Management Solution, HP Client Configuration Manager, or other system management applications.
Table 11-1 Security Features Overview (continued) Password Options Allows you to: (This selection appears only if a power-on password or setup password is set.
Table 11-1 Security Features Overview (continued) Network Service Boot Enables/disables the computer’s ability to boot from an operating system installed on a network server. (Feature available on NIC models only; the network controller must be either a PCI expansion card or embedded on the system board.) System IDs Allows you to set: DriveLock Security ● Asset tag (18-byte identifier), a property identification number assigned by the company to the computer.
Table 11-1 Security Features Overview (continued) NOTE: ● To configure the Embedded Security Device, a Setup password must be set. Reset to Factory Settings (some models) (Do not reset/Reset) - Resetting to factory defaults will erase all security keys. Changing this setting requires turning the computer off and then back on. CAUTION: The embedded security device is a critical component of many security schemes.
Establishing a Setup Password Using Computer Setup If the system is equipped with an embedded security device, refer to the HP ProtectTools Security Manager Guide at http://www.hp.com. Establishing a setup password through Computer Setup prevents reconfiguration of the computer (use of the Computer Setup (F10) utility) until the password is entered. 1. Turn on or restart the computer. If you are in Windows, click Start > Shut Down > Restart. 2.
If a setup password has been established on the computer, you will be prompted to enter it each time you run Computer Setup. 1. Turn on or restart the computer. If you are in Windows, click Start > Shut Down > Restart. 2. As soon as the computer is turned on, press F10 before the computer boots to the operating system to enter Computer Setup. Press Enter to bypass the title screen, if necessary.
Deleting a Power-On or Setup Password If the system is equipped with an embedded security device, refer to the HP ProtectTools Security Manager Guide at http://www.hp.com. 1. Turn on or restart the computer. If you are in Windows, click Start > Shut Down > Restart the Computer. 2. To delete the Power-On password, go to step 3. To delete the Setup password, as soon as the computer is turned on, press F10 before the computer boots to the operating system to enter Computer Setup.
If the system is equipped with an embedded security device, refer to the HP ProtectTools Security Manager Guide at http://www.hp.com. DriveLock DriveLock is an industry-standard security feature that prevents unauthorized access to the data on ATA hard. DriveLock has been implemented as an extension to Computer Setup. It is only available when hard drives that support the ATA Security command set are detected. DriveLock is intended for HP customers for whom data security is the paramount concern.
locked out of a hard drive and unable to perform routine checks for unauthorized software, other asset control functions, and support. For users with less stringent security requirements, HP does not recommend enabling DriveLock. Users in this category include personal users or users who do not maintain sensitive data on their hard drives as a common practice.
NOTE: The Smart Cover Lock is available as an option on some systems. Locking the Smart Cover Lock To activate and lock the Smart Cover Lock, complete the following steps: 1. Turn on or restart the computer. If you are in Windows, click Start > Shut Down > Restart. 2. As soon as the computer is turned on, press F10 before the computer boots to the operating system to enter Computer Setup. Press Enter to bypass the title screen, if necessary.
Cable Lock Provision The rear panel of the computer (some models) accommodates a cable lock so that the computer can be physically secured to a work area. For illustrated instructions, please see the Hardware Reference Guide. Fingerprint Identification Technology Eliminating the need to enter user passwords, HP Fingerprint Identification Technology tightens network security, simplifies the login process, and reduces the costs associated with managing corporate networks.
Index A access to computer, controlling 23 Altiris Client Management Suite asset tracking 23 DriveLock 30 dual-state power button 20 9 B BIOS Boot Block Emergency Recovery Mode 14 HPQFlash 13 Remote ROM Flash 13 Boot Block Emergency Recovery Mode 14 bootable device creating 17 USB flash media device 17 C cable lock provision 33 change notification 12 changing operating systems, support 21 changing password 28 clearing password 29 Client Management Interface 5 Client Manager from Symantec 8 cloning tools
Proactive Change Notification (PCN) 12 protecting hard drive 33 ProtectTools Security Manager 7 PXE (Preboot Execution Environment) 4 R Recovery Mode, Boot Block Emergency 14 recovery, software 2 Remote Management Technology 9 Remote ROM Flash 13 remote setup 4 Remote System Installation 4 retired solutions 12 ROM flash 13 S security cable lock 33 DriveLock 30 features, table 23 fingerprint identification technology 33 password 26 ProtectTools Security Manager 7 settings 23 Smart Cover Lock 31 Smart Cover S