Boot Passwords

Hi everyone,

I have a BIOS utility on my PC (accessible during start up by pressing "F1")
which allows me to set passwords, but for some reason the PC does not
require that a user enters any of these passwords every time the PC is
switched on, but rather only when a user enters the BIOS utility. My laptop
requres the BIOS password to be entered every time the computer starts up,
and I want my desktop PC to act in like manner. I have checked out the
product support helpline for my desktop PC and it seems (strangely) that the
BIOS passwords can not be set so that they are required on boot up.

Does anyone know of any programs that will impliment a power on/boot
password, or is there anything in Windows XP that will do the same?

-------
Regards,
CB.

Iuri
Wed Dec 21 07:13:18 CST 2005

> I have checked out the product support helpline for my desktop PC and it
> seems (strangely) that the BIOS passwords can not be set so that they are
> required on boot up.

AFAIK, this thing will not work until your password is blank. Try to enter
your new password in BIOS (something like "Set Supervisor Password") and
somewhere in BIOS the parameter "Security" must be set to "Computer"

Cerebral
Wed Dec 21 08:34:01 CST 2005

Jim,

Thanks for your reply. As far as I could see, the only options are Change,
Set or Disable. There isn't a BIOS or Machinr protection option there at
all, but thanks for the suggestion.

For what reason would I have to lock the case? What is the best way to
protect a desktop computer from unauthorised access in your opinion?

-------
Regards,
CB.

"Jim Watt" <jimwatt@aol.no_way> wrote in message
news:mskiq150hl8pkbkffc8tnngtsnfe5lr9rm@4ax.com...
> On Wed, 21 Dec 2005 12:35:54 GMT, "Cerebral Believer"
> <cerebral.believer@ntlworld.com> wrote:
>
>>
>>I have a BIOS utility on my PC (accessible during start up by pressing
>>"F1")
>>which allows me to set passwords, but for some reason the PC does not
>>require that a user enters any of these passwords every time the PC is
>>switched on, but rather only when a user enters the BIOS utility.
>
> many machines give you the option of protecting the machine -or-
> just the BIOS settings in CMOS. Look more carefully at the options
> connected with the password.
>
> Its a useful security feature, but not high security unless you
> lock the case.
> --
> Jim Watt
> http://www.gibnet.com

Cerebral
Wed Dec 21 08:40:59 CST 2005

Iuri,

Thanks for your suggestion. I should have stated more clearly that my BIOS
does not have a "Security" menu/perameter, even the at on the technical
support helpline seemed surprised about this. I also checked the
manuafactureres website (HP) to make sure that I had the latest version of
the BIOS software, and this is a new computer too. I have managed to set
"Supervisor" and "User" passwords, it is just that they only are required
when entering the BIOS utility, not simply when starting the machine, and
there is no option to apply them in such circumstances.

-------
Regards,
CB.

"Iuri Cuznetov" <iura@hotbox.ru> wrote in message
news:O1CDRBjBGHA.272@TK2MSFTNGP09.phx.gbl...
>> I have checked out the product support helpline for my desktop PC and it
>> seems (strangely) that the BIOS passwords can not be set so that they are
>> required on boot up.
>
> AFAIK, this thing will not work until your password is blank. Try to enter
> your new password in BIOS (something like "Set Supervisor Password") and
> somewhere in BIOS the parameter "Security" must be set to "Computer"
>

Mike
Wed Dec 21 09:24:48 CST 2005

Cerebral Believer wrote:
> For what reason would I have to lock the case?

So that nobody could get in and set the jumper inside to reset the cmos
and so reset your password to blank. BIOS passwords are pointless
without physical security.

> What is the best way to
> protect a desktop computer from unauthorised access in your opinion?

Lock it in a cupboard, don't connect it to the Internet or a network and
don't install any software. Proably best not to turn it on at all ;-)

BIOS passwords are pointless in terms of security.

Cerebral
Wed Dec 21 09:39:31 CST 2005

Mike,

I take your point on physical security. I thought that BIOS passwords, in
conjunction with other BIOS settings, were useful for ensuring that a user
could only boot from the hard drive of a PC, and not from a CD-ROM etc in
order to bypass the Windows Password?

I chose to get a PC that can work with removable drives, all my programs are
on the main C drive, and all my important files are stored on 160GB
removable drives which are locked up.

I also have a Cisco router and Norton Firewalls on each PC on my LAN, trying
to be safe but productive rather than just plain safe:-)

-------
Regards,
CB.

"Mike" <honey@michaelmoyse.co.uk> wrote in message
news:PZmdnZXNPLBc7jTeRVnyhQ@pipex.net...
> Cerebral Believer wrote:
> > For what reason would I have to lock the case?
>
> So that nobody could get in and set the jumper inside to reset the cmos
> and so reset your password to blank. BIOS passwords are pointless without
> physical security.
>
>> What is the best way to protect a desktop computer from unauthorised
>> access in your opinion?
>
> Lock it in a cupboard, don't connect it to the Internet or a network and
> don't install any software. Proably best not to turn it on at all ;-)
>
> BIOS passwords are pointless in terms of security.
>
>

robertharvey
Thu Dec 22 07:06:01 CST 2005

Cerebral Believer wrote:
> What is the best way to
> protect a desktop computer from unauthorised access in your opinion?

Put it in a senior manager's office and tell them they HAVE to use it
for work. As far as I can see from everywhere I worked it will never
be turned on again.

Iuri
Fri Dec 23 05:41:57 CST 2005

> Thanks for your suggestion. I should have stated more clearly that my
> BIOS does not have a "Security" menu/perameter, even the at on the
> technical support helpline seemed surprised about this. I also checked
> the manuafactureres website (HP) to make sure that I had the latest
> version of the BIOS software, and this is a new computer too.

Oops! Every "brand" manuafacturer such as HP or Dell has its own versions of
BIOS. The only way is to explain your situation to HP support.

> I have managed to set "Supervisor" and "User" passwords, it is just that
> they only are required when entering the BIOS utility, not simply when
> starting the machine, and there is no option to apply them in such
> circumstances.

Right now I can check only the Award BIOS. There is "Security Option" and it
can be set to "Setup" for password when you are entering in BIOS and
"System" for password when computer starts. So may be you could try to find
it somewhere in your BIOS.

Cerebral
Fri Dec 23 05:54:45 CST 2005

"Iuri Cuznetov" <iura@hotbox.ru> wrote in message
news:%23zV7qX7BGHA.2920@tk2msftngp13.phx.gbl...
>> Thanks for your suggestion. I should have stated more clearly that my
>> BIOS does not have a "Security" menu/perameter, even the at on the
>> technical support helpline seemed surprised about this. I also checked
>> the manuafactureres website (HP) to make sure that I had the latest
>> version of the BIOS software, and this is a new computer too.
>
> Oops! Every "brand" manuafacturer such as HP or Dell has its own versions
> of BIOS. The only way is to explain your situation to HP support.
>
>> I have managed to set "Supervisor" and "User" passwords, it is just that
>> they only are required when entering the BIOS utility, not simply when
>> starting the machine, and there is no option to apply them in such
>> circumstances.
>
> Right now I can check only the Award BIOS. There is "Security Option" and
> it can be set to "Setup" for password when you are entering in BIOS and
> "System" for password when computer starts. So may be you could try to
> find it somewhere in your BIOS.

Iuri,

I think you are using a later version of the BIOS than I have - I have
v3.35, and have been told by HP support that it is not recommended to
upgrade to V4 (which I think you are using).

Regards,
Anthony.

Kookwekker
Tue Dec 27 05:36:43 CST 2005

I'm not really sure what you are trying to protect, (1)The booting of
your system in general or (2)the data stored on your HD. If you want to
reach 2 by using 1 then i can tell you that security through obscurity
is often not a good idea.
Anyway some suggestions:
There are bootloaders that have password features, you have to enter a
password to load your OS. please note that you also have to make sure
your bootloader is on top of your bootchain (and not for example your
CD-ROM or LAN).
I also suggest to use for example PGP to encrypt "sensitive" data on
your HD.

I hope this might bypass your current problem.

Greetings
IR

Cerebral
Thu Dec 29 12:52:16 CST 2005

"Kookwekker" <i.r.t.ramaekers@gmail.com> wrote in message
news:1135683403.705343.39420@g49g2000cwa.googlegroups.com...
> I'm not really sure what you are trying to protect, (1)The booting of
> your system in general or (2)the data stored on your HD. If you want to
> reach 2 by using 1 then i can tell you that security through obscurity
> is often not a good idea.
> Anyway some suggestions:
> There are bootloaders that have password features, you have to enter a
> password to load your OS. please note that you also have to make sure
> your bootloader is on top of your bootchain (and not for example your
> CD-ROM or LAN).
> I also suggest to use for example PGP to encrypt "sensitive" data on
> your HD.
>
> I hope this might bypass your current problem.
>
> Greetings
> IR

I'm trying to impliment an overall security strategy, to stop unauthorised
access to the computers on my lan and protect sensitive data. Are there any
particular bootloaders or implimentations or brands of PGP I should look out
for, or is it just generic thing?

-------
Regards,
CB.

nemo_outis
Thu Dec 29 13:17:14 CST 2005

"Cerebral Believer" <cerebral.believer@ntlworld.com> wrote in
news:AfWsf.24764$b4.23391@newsfe1-win.ntli.net:

> "Kookwekker" <i.r.t.ramaekers@gmail.com> wrote in message
> news:1135683403.705343.39420@g49g2000cwa.googlegroups.com...
>> I'm not really sure what you are trying to protect, (1)The booting of
>> your system in general or (2)the data stored on your HD. If you want
>> to reach 2 by using 1 then i can tell you that security through
>> obscurity is often not a good idea.
>> Anyway some suggestions:
>> There are bootloaders that have password features, you have to enter
>> a password to load your OS. please note that you also have to make
>> sure your bootloader is on top of your bootchain (and not for example
>> your CD-ROM or LAN).
>> I also suggest to use for example PGP to encrypt "sensitive" data on
>> your HD.
>>
>> I hope this might bypass your current problem.
>>
>> Greetings
>> IR
>
> I'm trying to impliment an overall security strategy, to stop
> unauthorised access to the computers on my lan and protect sensitive
> data. Are there any particular bootloaders or implimentations or
> brands of PGP I should look out for, or is it just generic thing?
>
> -------
> Regards,
> CB.


If you wish to have an encrypted container-file or partition you cannot do
better than Truecrypt. If you wish to encrypt everything, including the
OS, then you have a number of choices, including PGP Wholedisk (I think
that's what it's called), Compusec, Drivecrypt++, Pointsec, Safeguard,
Winmagic, etc.

Regards,