Boot Passwords

Discussion in 'Computer Security' started by Cerebral Believer, Dec 21, 2005.

  1. Hi everyone,

    I have a BIOS utility on my PC (accessible during start up by pressing "F1")
    which allows me to set passwords, but for some reason the PC does not
    require that a user enters any of these passwords every time the PC is
    switched on, but rather only when a user enters the BIOS utility. My laptop
    requres the BIOS password to be entered every time the computer starts up,
    and I want my desktop PC to act in like manner. I have checked out the
    product support helpline for my desktop PC and it seems (strangely) that the
    BIOS passwords can not be set so that they are required on boot up.

    Does anyone know of any programs that will impliment a power on/boot
    password, or is there anything in Windows XP that will do the same?

    -------
    Regards,
    CB.
    Cerebral Believer, Dec 21, 2005
    #1
    1. Advertising

  2. Cerebral Believer

    Jim Watt Guest

    On Wed, 21 Dec 2005 12:35:54 GMT, "Cerebral Believer"
    <> wrote:

    >
    >I have a BIOS utility on my PC (accessible during start up by pressing "F1")
    >which allows me to set passwords, but for some reason the PC does not
    >require that a user enters any of these passwords every time the PC is
    >switched on, but rather only when a user enters the BIOS utility.


    many machines give you the option of protecting the machine -or-
    just the BIOS settings in CMOS. Look more carefully at the options
    connected with the password.

    Its a useful security feature, but not high security unless you
    lock the case.
    --
    Jim Watt
    http://www.gibnet.com
    Jim Watt, Dec 21, 2005
    #2
    1. Advertising

  3. > I have checked out the product support helpline for my desktop PC and it
    > seems (strangely) that the BIOS passwords can not be set so that they are
    > required on boot up.


    AFAIK, this thing will not work until your password is blank. Try to enter
    your new password in BIOS (something like "Set Supervisor Password") and
    somewhere in BIOS the parameter "Security" must be set to "Computer"
    Iuri Cuznetov, Dec 21, 2005
    #3
  4. Jim,

    Thanks for your reply. As far as I could see, the only options are Change,
    Set or Disable. There isn't a BIOS or Machinr protection option there at
    all, but thanks for the suggestion.

    For what reason would I have to lock the case? What is the best way to
    protect a desktop computer from unauthorised access in your opinion?

    -------
    Regards,
    CB.

    "Jim Watt" <_way> wrote in message
    news:...
    > On Wed, 21 Dec 2005 12:35:54 GMT, "Cerebral Believer"
    > <> wrote:
    >
    >>
    >>I have a BIOS utility on my PC (accessible during start up by pressing
    >>"F1")
    >>which allows me to set passwords, but for some reason the PC does not
    >>require that a user enters any of these passwords every time the PC is
    >>switched on, but rather only when a user enters the BIOS utility.

    >
    > many machines give you the option of protecting the machine -or-
    > just the BIOS settings in CMOS. Look more carefully at the options
    > connected with the password.
    >
    > Its a useful security feature, but not high security unless you
    > lock the case.
    > --
    > Jim Watt
    > http://www.gibnet.com
    Cerebral Believer, Dec 21, 2005
    #4
  5. Iuri,

    Thanks for your suggestion. I should have stated more clearly that my BIOS
    does not have a "Security" menu/perameter, even the at on the technical
    support helpline seemed surprised about this. I also checked the
    manuafactureres website (HP) to make sure that I had the latest version of
    the BIOS software, and this is a new computer too. I have managed to set
    "Supervisor" and "User" passwords, it is just that they only are required
    when entering the BIOS utility, not simply when starting the machine, and
    there is no option to apply them in such circumstances.

    -------
    Regards,
    CB.

    "Iuri Cuznetov" <> wrote in message
    news:...
    >> I have checked out the product support helpline for my desktop PC and it
    >> seems (strangely) that the BIOS passwords can not be set so that they are
    >> required on boot up.

    >
    > AFAIK, this thing will not work until your password is blank. Try to enter
    > your new password in BIOS (something like "Set Supervisor Password") and
    > somewhere in BIOS the parameter "Security" must be set to "Computer"
    >
    Cerebral Believer, Dec 21, 2005
    #5
  6. Cerebral Believer

    Mike Guest

    Cerebral Believer wrote:
    > For what reason would I have to lock the case?


    So that nobody could get in and set the jumper inside to reset the cmos
    and so reset your password to blank. BIOS passwords are pointless
    without physical security.

    > What is the best way to
    > protect a desktop computer from unauthorised access in your opinion?


    Lock it in a cupboard, don't connect it to the Internet or a network and
    don't install any software. Proably best not to turn it on at all ;-)

    BIOS passwords are pointless in terms of security.
    Mike, Dec 21, 2005
    #6
  7. Mike,

    I take your point on physical security. I thought that BIOS passwords, in
    conjunction with other BIOS settings, were useful for ensuring that a user
    could only boot from the hard drive of a PC, and not from a CD-ROM etc in
    order to bypass the Windows Password?

    I chose to get a PC that can work with removable drives, all my programs are
    on the main C drive, and all my important files are stored on 160GB
    removable drives which are locked up.

    I also have a Cisco router and Norton Firewalls on each PC on my LAN, trying
    to be safe but productive rather than just plain safe:)

    -------
    Regards,
    CB.

    "Mike" <> wrote in message
    news:p...
    > Cerebral Believer wrote:
    > > For what reason would I have to lock the case?

    >
    > So that nobody could get in and set the jumper inside to reset the cmos
    > and so reset your password to blank. BIOS passwords are pointless without
    > physical security.
    >
    >> What is the best way to protect a desktop computer from unauthorised
    >> access in your opinion?

    >
    > Lock it in a cupboard, don't connect it to the Internet or a network and
    > don't install any software. Proably best not to turn it on at all ;-)
    >
    > BIOS passwords are pointless in terms of security.
    >
    >
    Cerebral Believer, Dec 21, 2005
    #7
  8. Cerebral Believer

    Jim Watt Guest

    On Wed, 21 Dec 2005 15:24:48 +0000, Mike <>
    wrote:

    >BIOS passwords are pointless in terms of security.


    nonsense, they provide a very good method of securing
    machines in the average workplace.

    There is no absolute in security, its about building fences
    as high as they need be for a purpose.
    --
    Jim Watt
    http://www.gibnet.com
    Jim Watt, Dec 21, 2005
    #8
  9. Cerebral Believer

    Winged Guest

    Cerebral Believer wrote:
    > Hi everyone,
    >
    > I have a BIOS utility on my PC (accessible during start up by pressing "F1")
    > which allows me to set passwords, but for some reason the PC does not
    > require that a user enters any of these passwords every time the PC is
    > switched on, but rather only when a user enters the BIOS utility. My laptop
    > requres the BIOS password to be entered every time the computer starts up,
    > and I want my desktop PC to act in like manner. I have checked out the
    > product support helpline for my desktop PC and it seems (strangely) that the
    > BIOS passwords can not be set so that they are required on boot up.
    >
    > Does anyone know of any programs that will impliment a power on/boot
    > password, or is there anything in Windows XP that will do the same?
    >
    > -------
    > Regards,
    > CB.
    >
    >

    What BIOS make and version are you running. With the plethora of
    possibilities out there it is difficult to provide specific instructions.

    Most Bios today allow a supervisor password (sounds like one you set)
    and a boot password. This is reasonable security precaution against
    novice unauthorized access. It won't keep the computer savvy out of
    system unless the case is locked.

    Most modern Bios allow you to set a boot order of devices. Most modern
    bios allow you to set 4 or more devices in the boot order. To prevent
    booting from (for example a CD ROM) you simply remove it from the boot
    order.

    Without knowing the Bios manufacturer and the bios version or the mobo
    Make/model/serial number involved, providing directions on proper setup
    is like asking how to program a macro without a frame of reference. We
    can tell you generically how to do it, but can not provide the detail
    you are asking.

    Winged
    Winged, Dec 22, 2005
    #9
  10. "Winged" <> wrote in message
    news:6a23a$43a9fcac$45493f2f$...
    > Cerebral Believer wrote:
    >> Hi everyone,
    >>
    >> I have a BIOS utility on my PC (accessible during start up by pressing
    >> "F1") which allows me to set passwords, but for some reason the PC does
    >> not require that a user enters any of these passwords every time the PC
    >> is switched on, but rather only when a user enters the BIOS utility. My
    >> laptop requres the BIOS password to be entered every time the computer
    >> starts up, and I want my desktop PC to act in like manner. I have
    >> checked out the product support helpline for my desktop PC and it seems
    >> (strangely) that the BIOS passwords can not be set so that they are
    >> required on boot up.
    >>
    >> Does anyone know of any programs that will impliment a power on/boot
    >> password, or is there anything in Windows XP that will do the same?
    >>
    >> -------
    >> Regards,
    >> CB.

    > What BIOS make and version are you running. With the plethora of
    > possibilities out there it is difficult to provide specific instructions.
    >
    > Most Bios today allow a supervisor password (sounds like one you set) and
    > a boot password. This is reasonable security precaution against novice
    > unauthorized access. It won't keep the computer savvy out of system
    > unless the case is locked.
    >
    > Most modern Bios allow you to set a boot order of devices. Most modern
    > bios allow you to set 4 or more devices in the boot order. To prevent
    > booting from (for example a CD ROM) you simply remove it from the boot
    > order.
    >
    > Without knowing the Bios manufacturer and the bios version or the mobo
    > Make/model/serial number involved, providing directions on proper setup is
    > like asking how to program a macro without a frame of reference. We can
    > tell you generically how to do it, but can not provide the detail you are
    > asking.
    >
    > Winged
    >


    Hi Winged,

    Thanks for your response. I have a Phoenix Award BIOS CMOS Setup Utility,
    Core Version 6.0, BIOS Revision 3.35 (30/09/05).

    -------
    Regards,
    CB.
    Cerebral Believer, Dec 22, 2005
    #10
  11. Cerebral Believer

    Guest

    Cerebral Believer wrote:
    > What is the best way to
    > protect a desktop computer from unauthorised access in your opinion?


    Put it in a senior manager's office and tell them they HAVE to use it
    for work. As far as I can see from everywhere I worked it will never
    be turned on again.
    , Dec 22, 2005
    #11
  12. Cerebral Believer

    Winged Guest

    Cerebral Believer wrote:
    > "Winged" <> wrote in message
    > news:6a23a$43a9fcac$45493f2f$...
    >
    >>Cerebral Believer wrote:
    >>
    >>>Hi everyone,
    >>>
    >>>I have a BIOS utility on my PC (accessible during start up by pressing
    >>>"F1") which allows me to set passwords, but for some reason the PC does
    >>>not require that a user enters any of these passwords every time the PC
    >>>is switched on, but rather only when a user enters the BIOS utility. My
    >>>laptop requres the BIOS password to be entered every time the computer
    >>>starts up, and I want my desktop PC to act in like manner. I have
    >>>checked out the product support helpline for my desktop PC and it seems
    >>>(strangely) that the BIOS passwords can not be set so that they are
    >>>required on boot up.
    >>>
    >>>Does anyone know of any programs that will impliment a power on/boot
    >>>password, or is there anything in Windows XP that will do the same?
    >>>
    >>>-------
    >>>Regards,
    >>>CB.

    >>
    >>What BIOS make and version are you running. With the plethora of
    >>possibilities out there it is difficult to provide specific instructions.
    >>
    >>Most Bios today allow a supervisor password (sounds like one you set) and
    >>a boot password. This is reasonable security precaution against novice
    >>unauthorized access. It won't keep the computer savvy out of system
    >>unless the case is locked.
    >>
    >>Most modern Bios allow you to set a boot order of devices. Most modern
    >>bios allow you to set 4 or more devices in the boot order. To prevent
    >>booting from (for example a CD ROM) you simply remove it from the boot
    >>order.
    >>
    >>Without knowing the Bios manufacturer and the bios version or the mobo
    >>Make/model/serial number involved, providing directions on proper setup is
    >>like asking how to program a macro without a frame of reference. We can
    >>tell you generically how to do it, but can not provide the detail you are
    >>asking.
    >>
    >>Winged
    >>

    >
    >
    > Hi Winged,
    >
    > Thanks for your response. I have a Phoenix Award BIOS CMOS Setup Utility,
    > Core Version 6.0, BIOS Revision 3.35 (30/09/05).
    >
    > -------
    > Regards,
    > CB.
    >
    >


    This is a link to your BIOS setup utility user manual:

    http://www.phoenix.com/NR/rdonlyres/5AF5C50D-9E06-4298-9E58-E52BFFCC8D7D/0/userman.pdf

    Page 18 of the PDF

    Enable the password on boot option under the security menu.

    If the BIOS will not allow you to make this change then the BIOS then
    the BIOS thinks you are a user and not the supervisor. I have seen this
    happen on some BIOS when the supervisor and the user password are the
    same. You want to ensure they are different passwords and do not forget
    them or you may have a late night getting everything set appropriately
    when you reset to factory defaults...

    That appears to be a very flexible BIOS you have there...nice box.


    Winged
    Winged, Dec 23, 2005
    #12
  13. > Thanks for your suggestion. I should have stated more clearly that my
    > BIOS does not have a "Security" menu/perameter, even the at on the
    > technical support helpline seemed surprised about this. I also checked
    > the manuafactureres website (HP) to make sure that I had the latest
    > version of the BIOS software, and this is a new computer too.


    Oops! Every "brand" manuafacturer such as HP or Dell has its own versions of
    BIOS. The only way is to explain your situation to HP support.

    > I have managed to set "Supervisor" and "User" passwords, it is just that
    > they only are required when entering the BIOS utility, not simply when
    > starting the machine, and there is no option to apply them in such
    > circumstances.


    Right now I can check only the Award BIOS. There is "Security Option" and it
    can be set to "Setup" for password when you are entering in BIOS and
    "System" for password when computer starts. So may be you could try to find
    it somewhere in your BIOS.
    Iuri Cuznetov, Dec 23, 2005
    #13
  14. "Winged" <> wrote in message
    news:e8c72$43ab56b9$45493f2f$...
    > Cerebral Believer wrote:
    >> "Winged" <> wrote in message
    >> news:6a23a$43a9fcac$45493f2f$...
    >>
    >>>Cerebral Believer wrote:
    >>>
    >>>>Hi everyone,
    >>>>
    >>>>I have a BIOS utility on my PC (accessible during start up by pressing
    >>>>"F1") which allows me to set passwords, but for some reason the PC does
    >>>>not require that a user enters any of these passwords every time the PC
    >>>>is switched on, but rather only when a user enters the BIOS utility. My
    >>>>laptop requres the BIOS password to be entered every time the computer
    >>>>starts up, and I want my desktop PC to act in like manner. I have
    >>>>checked out the product support helpline for my desktop PC and it seems
    >>>>(strangely) that the BIOS passwords can not be set so that they are
    >>>>required on boot up.
    >>>>
    >>>>Does anyone know of any programs that will impliment a power on/boot
    >>>>password, or is there anything in Windows XP that will do the same?
    >>>>
    >>>>-------
    >>>>Regards,
    >>>>CB.
    >>>
    >>>What BIOS make and version are you running. With the plethora of
    >>>possibilities out there it is difficult to provide specific instructions.
    >>>
    >>>Most Bios today allow a supervisor password (sounds like one you set) and
    >>>a boot password. This is reasonable security precaution against novice
    >>>unauthorized access. It won't keep the computer savvy out of system
    >>>unless the case is locked.
    >>>
    >>>Most modern Bios allow you to set a boot order of devices. Most modern
    >>>bios allow you to set 4 or more devices in the boot order. To prevent
    >>>booting from (for example a CD ROM) you simply remove it from the boot
    >>>order.
    >>>
    >>>Without knowing the Bios manufacturer and the bios version or the mobo
    >>>Make/model/serial number involved, providing directions on proper setup
    >>>is like asking how to program a macro without a frame of reference. We
    >>>can tell you generically how to do it, but can not provide the detail you
    >>>are asking.
    >>>
    >>>Winged
    >>>

    >>
    >>
    >> Hi Winged,
    >>
    >> Thanks for your response. I have a Phoenix Award BIOS CMOS Setup
    >> Utility, Core Version 6.0, BIOS Revision 3.35 (30/09/05).
    >>
    >> -------
    >> Regards,
    >> CB.

    >
    > This is a link to your BIOS setup utility user manual:
    >
    > http://www.phoenix.com/NR/rdonlyres/5AF5C50D-9E06-4298-9E58-E52BFFCC8D7D/0/userman.pdf
    >
    > Page 18 of the PDF
    >
    > Enable the password on boot option under the security menu.
    >
    > If the BIOS will not allow you to make this change then the BIOS then the
    > BIOS thinks you are a user and not the supervisor. I have seen this
    > happen on some BIOS when the supervisor and the user password are the
    > same. You want to ensure they are different passwords and do not forget
    > them or you may have a late night getting everything set appropriately
    > when you reset to factory defaults...
    >
    > That appears to be a very flexible BIOS you have there...nice box.
    >
    >
    > Winged


    Thanks for that information, HP don't recommend upgrading to that version of
    the BIOS as the computers have only been tested with v3.35 which I have
    installed. HP recommended using a SysKey password, are these effective?

    Maybe I should go for biometric finger print recognition?

    -------
    Regards,
    CB.
    Cerebral Believer, Dec 23, 2005
    #14
  15. "Iuri Cuznetov" <> wrote in message
    news:%...
    >> Thanks for your suggestion. I should have stated more clearly that my
    >> BIOS does not have a "Security" menu/perameter, even the at on the
    >> technical support helpline seemed surprised about this. I also checked
    >> the manuafactureres website (HP) to make sure that I had the latest
    >> version of the BIOS software, and this is a new computer too.

    >
    > Oops! Every "brand" manuafacturer such as HP or Dell has its own versions
    > of BIOS. The only way is to explain your situation to HP support.
    >
    >> I have managed to set "Supervisor" and "User" passwords, it is just that
    >> they only are required when entering the BIOS utility, not simply when
    >> starting the machine, and there is no option to apply them in such
    >> circumstances.

    >
    > Right now I can check only the Award BIOS. There is "Security Option" and
    > it can be set to "Setup" for password when you are entering in BIOS and
    > "System" for password when computer starts. So may be you could try to
    > find it somewhere in your BIOS.


    Iuri,

    I think you are using a later version of the BIOS than I have - I have
    v3.35, and have been told by HP support that it is not recommended to
    upgrade to V4 (which I think you are using).

    Regards,
    Anthony.
    Cerebral Believer, Dec 23, 2005
    #15
  16. Cerebral Believer

    Kookwekker Guest

    I'm not really sure what you are trying to protect, (1)The booting of
    your system in general or (2)the data stored on your HD. If you want to
    reach 2 by using 1 then i can tell you that security through obscurity
    is often not a good idea.
    Anyway some suggestions:
    There are bootloaders that have password features, you have to enter a
    password to load your OS. please note that you also have to make sure
    your bootloader is on top of your bootchain (and not for example your
    CD-ROM or LAN).
    I also suggest to use for example PGP to encrypt "sensitive" data on
    your HD.

    I hope this might bypass your current problem.

    Greetings
    IR
    Kookwekker, Dec 27, 2005
    #16
  17. "Kookwekker" <> wrote in message
    news:...
    > I'm not really sure what you are trying to protect, (1)The booting of
    > your system in general or (2)the data stored on your HD. If you want to
    > reach 2 by using 1 then i can tell you that security through obscurity
    > is often not a good idea.
    > Anyway some suggestions:
    > There are bootloaders that have password features, you have to enter a
    > password to load your OS. please note that you also have to make sure
    > your bootloader is on top of your bootchain (and not for example your
    > CD-ROM or LAN).
    > I also suggest to use for example PGP to encrypt "sensitive" data on
    > your HD.
    >
    > I hope this might bypass your current problem.
    >
    > Greetings
    > IR


    I'm trying to impliment an overall security strategy, to stop unauthorised
    access to the computers on my lan and protect sensitive data. Are there any
    particular bootloaders or implimentations or brands of PGP I should look out
    for, or is it just generic thing?

    -------
    Regards,
    CB.
    Cerebral Believer, Dec 29, 2005
    #17
  18. Cerebral Believer

    nemo_outis Guest

    "Cerebral Believer" <> wrote in
    news:AfWsf.24764$:

    > "Kookwekker" <> wrote in message
    > news:...
    >> I'm not really sure what you are trying to protect, (1)The booting of
    >> your system in general or (2)the data stored on your HD. If you want
    >> to reach 2 by using 1 then i can tell you that security through
    >> obscurity is often not a good idea.
    >> Anyway some suggestions:
    >> There are bootloaders that have password features, you have to enter
    >> a password to load your OS. please note that you also have to make
    >> sure your bootloader is on top of your bootchain (and not for example
    >> your CD-ROM or LAN).
    >> I also suggest to use for example PGP to encrypt "sensitive" data on
    >> your HD.
    >>
    >> I hope this might bypass your current problem.
    >>
    >> Greetings
    >> IR

    >
    > I'm trying to impliment an overall security strategy, to stop
    > unauthorised access to the computers on my lan and protect sensitive
    > data. Are there any particular bootloaders or implimentations or
    > brands of PGP I should look out for, or is it just generic thing?
    >
    > -------
    > Regards,
    > CB.



    If you wish to have an encrypted container-file or partition you cannot do
    better than Truecrypt. If you wish to encrypt everything, including the
    OS, then you have a number of choices, including PGP Wholedisk (I think
    that's what it's called), Compusec, Drivecrypt++, Pointsec, Safeguard,
    Winmagic, etc.

    Regards,
    nemo_outis, Dec 29, 2005
    #18
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. AdminKen

    Wireless LAN with PEAP and Passwords Aironet 1200

    AdminKen, Mar 30, 2005, in forum: Wireless Networking
    Replies:
    3
    Views:
    7,631
    Jeffrey Chong
    Sep 4, 2006
  2. Michael King

    Change password with 802.1x WinXP and cached Passwords.

    Michael King, Apr 25, 2005, in forum: Wireless Networking
    Replies:
    0
    Views:
    945
    Michael King
    Apr 25, 2005
  3. =?Utf-8?B?bWlrZQ==?=

    passwords

    =?Utf-8?B?bWlrZQ==?=, Oct 10, 2005, in forum: Wireless Networking
    Replies:
    1
    Views:
    553
    Clark
    Oct 11, 2005
  4. William Pierce
    Replies:
    2
    Views:
    474
    Gloria Goitre
    Jan 24, 2005
  5. Replies:
    2
    Views:
    1,187
Loading...

Share This Page