System Security


System Security

Several security features are available to help you secure the server and the information that you store in it.
To control access to the server, you can implement the security features, such as adding passwords, and securing IDE devices and diskette drives.


Setting power-on password modes: The power-on password can deter unauthorized access to the system.
You do not need to set a power-on password, but doing so allows you to control who can use the server.
When a power-on password is set, you must type the password at a prompt that appears as the server starts.

When you set the power-on password, you can choose one of three password prompt modes.

On

In password prompt On mode, you are prompted for the power-on password when you power-on the server.
Until you enter the correct password, the operating system will not start, and the keyboard will remain locked.
If you have a mouse connected to the mouse port, the mouse also will remain locked until you enter the power-on password.
If you have a mouse connected to a serial port, it will be activated when the server is started, regardless of whether a password is set.

Note: If Remote Administration is enabled, you cannot select On. In this case, select Dual. If the power-on password mode is set to On when Remote Administration is enabled, it resets automatically to Dual.


Off

In password prompt Off mode (sometimes referred to as unattended start mode), you are not prompted to enter the power-on password when you power-on the server.
The server will start the operating system.

However, if you have a mouse connected to the mouse port, refer to the following text box.


  -Important Information for Mouse Users-
This information applies only to those who have a mouse connected to the mouse port, a serial mouse is not affected by the password prompt Off mode.

The password prompt Off mode prevents the server from detecting that a mouse is attached.
Because in this mode, the mouse device driver will not be loaded automatically through the CONFIG.SYS or AUTOEXEC.BAT files, an error message will appear to indicate that the mouse port is disabled, and the server will halt.
To enable the operating system to load without displaying the error message, follow the instructions that apply to the operating system.

If you are using OS/2, do one of the following before enabling password prompt Off mode:



If you are using Windows NT or Windows 95, do the following:


Once the operating system starts in password prompt Off mode, the keyboard will remain locked.
If you have a mouse connected to the mouse port, it also will remain locked.

Although you are not prompted to type a password in this mode, you can type either the power-on or administrator password anytime after POST has completed, even after the operating system has loaded.
If you type a password, the keyboard will unlock, but the mouse connected to the mouse port will remain disabled.

Password prompt Off mode is useful for network servers and other servers that operate unattended.
If a power failure occurs, the server will automatically restart and resume operating in this mode when power is restored, without operator intervention.

If you enter a password, the keyboard will unlock, but the mouse connected to the mouse port will remain disabled.

Password prompt Off mode is useful for network environments that cause the server to operate unattended.
If a power failure occurs, when power is restored, the server will automatically restart and resume operating in this mode, without operator intervention.

Dual

In the password prompt Dual mode, the startup behavior of the server depends on whether the server is started from the server power switch or by an unattended method, such as a modem or timer.

If you press the power switch to start the server, the server operates the same as it does in password prompt On mode.

If you start the server by an unattended method, such as remotely over a LAN, the server operates in password prompt Off mode.


If both a power-on and administrator password are set, you can type either password at the password prompt that appears as you start the server. However, if you want to change any settings in the Configuration/Setup Utility program, you must type the administrator password at the password prompt that appears when you try to access the Configuration/Setup Utility program .
If you type the power-on password at this prompt, you will be able to view limited information in the Configuration/Setup Utility program, but you will not be able to change any settings.

The password does not appear on the screen as you type it.
If you type the wrong password, you receive a screen message telling you so.
If you type the wrong password three times, you must power the server off and start again.
When you type the correct password, the keyboard and mouse will unlock, and the server will begin normal operation.


Setting and changing a power-on password: Use the Configuration/Setup Utility program to set or change a power-on password.

  -Attention- Keep a record of the power-on password in a secure place. When a power-on password has been set, you cannot activate the keyboard and mouse without first using the password. If you lose or forget the password, you cannot change or delete it without removing the server cover and moving a jumper on the system board. See Erasing lost or forgotten passwords for further information.


To set or change a power-on password:

  1.  From the Configuration/Setup Utility program menu, select System Security, then, press Enter.
  2.  The System Security menu appears.
  3.  Select Power-On Password, then, press Enter.
  4.  The Power-On Password menu appears.
  5.  To set a power-on password, enter the password in the appropriate data field and press the Down Arrow (  ) key.

     You can use any combination of up to seven characters (A-Z, a-z, and 0-9) for this password.
     Keep a record of the password in a safe place.

  6.  Enter the password again in the appropriate data field.
  7.  In the Password Prompt data field, select Off, On, or Dual. Press the Left Arrow (<) or Right Arrow (>)  key to toggle among selections.

    Note: If Remote Administration is enabled, you cannot select On. In this case, select Dual.  If the power-on password mode is set to On when Remote Administration is enabled, it resets automatically to Dual.

  8.  To change a power-on password, select Change Power-On Password from the Power-On Password menu,  and follow the instructions on the screen.


Notes:
  1.  If a power-on password is set and then forgotten, you must remove the server cover and move the  Clear CMOS Request jumper on the system board.
     (See Erasing lost or forgotten passwords for further information.)

  2.  If a power-on password is set and the password prompt is set to Off, the pointing device (mouse)  is disabled until you enter the power-on password.


To delete a power-on password:

  1.  From the Configuration/Setup Utility program menu, select System Security, then, press Enter.
  2.  The System Security menu appears.
  3.  Select Power-On Password, then, press Enter.
  4.  The Power-On Password menu appears.
  5.  Select Delete Power-On Password and follow the instructions on the screen.


Using the Administrator Password menu: The administrator password (sometimes called a supervisor-level password) controls access to some features of the server, including the Configuration/Setup Utility program.

To set or change an administrator password:

  1.  From the Configuration/Setup Utility program menu, select System Security, then, press Enter.
  2.  The System Security menu appears.
  3.  Select Administrator Password, then, press Enter.
  4.  The Administrator Password menu appears.
  5.  To set an administrator password, enter the password in the appropriate data field and press the Down Arrow (  ) key.

     You can use any combination of up to seven characters (A-Z, a-z, and 0-9) for this password.
     Keep a record of the password in a safe place.

  6.  Enter the password again in the appropriate data field.
  7.  Define the Power-On Password Changeable by User field.

     The choices are:

    Yes The power-on password can be changed without entering the administrator password,  if the administrator password is set.

    No The power-on password cannot be changed unless the administrator password is entered,  if the administrator password is set.

  8.  To change an administrator password, select Change Administrator Password from the Administrator  Password menu, and follow the instructions on the screen.


  -Attention Administrator Password Users-
If an administrator password is set and then forgotten, you must complete one of the following to regain access to the Configuration/Setup Utility program:


To delete an administrator password:

  1.  From the Configuration/Setup Utility program menu, select System Security, then, press Enter.
  2.  The System Security menu appears.
  3.  Select Administrator Password, then, press Enter.
  4.  The Administrator Password menu appears.
  5.  Select Administrator Password.
  6.  Select Delete Administrator Password and follow the instructions on the screen.


If both a power-on and administrator password are set, you can enter either password to complete the system startup.
However, the administrator password provides access to all menu choices, and provides the ability to change information.
If you enter the power-on password, you can view limited information in the Configuration/Setup Utility program, but you cannot change any settings.


Using the Enhanced Security features: With enhanced security, the administrator password and drive-startup sequence are stored in a highly protected, nonvolatile, security EEPROM module.
When the administrator password and drive-startup sequence are stored in the security EEPROM, they remain intact even if the battery expires or is removed.

  -Attention Administrator Password Users-
If enhanced security is enabled, and you forget or lose the administrator password, you must replace the system board in the server to regain access to the Configuration/Setup Utility program.

If enhanced security is enabled and you have set an administrator password, the server will operate as follows:


To enable or disable enhanced security:

Note: Enhanced security can be enabled or disabled only when you update the system programs in the server.

  1.  Insert the POST/BIOS update diskette in the server. System programs updates are available on the World  Wide Web.
     To obtain up-to-date information about the server model, access the home page for the server at the following address:

    http://www.ibm.com/netfinity/

  2.  Power-on the server. If it is already powered on, you must power it off and back on again.
  3.  The update begins, and the system prompts you for the administrator password, if you have set an administrator password.
  4.  When you enter the administrator password, the update CD will continue to run, and you are given the option of  enabling or disabling enhanced security.


To set, change, or delete an administrator password protected by enhanced security:

  1.  Power-off all attached devices and the server.
  2.  Disconnecting all cables, and removing the server cover.
  3.  Locate the switch marked as 7 on the rocker switches section of the system board.

     for Netfinity 1000 System Board
     for Netfinity 3000 System Board

     Move the switch to the ON position. (It might be helpful to use the end of a small screwdriver to set the switch.)

    Note: You must know the administrator password to change or delete it.

  4.  Set, change, or delete the password. Follow the instructions on the screen.
     See (above) 'Using the Administrator Password menu'.)
  5.  Move the switch back to the OFF position after you have set, changed, or deleted the password.
  6.  Replace the cover. Then, power-on the server.


Restricting access to IDE devices and diskette drives: The setting for the Secure IDE and Diskette Drives option controls who has access to the IDE devices and diskette drives (user and administrator, or administrator only).
The server comes with this feature set to Enable, so that both the user and administrator have access to the IDE devices and diskette drives.

To disable access to the IDE devices and diskette drives:

  1.  From the Configuration/Setup Utility program menu, select System Security, then, press Enter.
  2.  The System Security menu appears.
  3.  Select Secure IDE Devices and Diskette Drives, then, press Enter.
  4.  Select a device, then, press the Left Arrow (<) or Right Arrow (>) key to toggle the entry to Disable.


Note: The server supports IDE CD-ROM drives. IDE hard disk drives are not supported.


Remote administration: Using this option, the BIOS can be updated remotely from a network server.
If an administrator password is set, it does not have to be entered from the server to access this function. Consult the network administrator for information on setting up the network server to perform POST and BIOS updates.

To access the Remote Administration setting:

  1.  From the Configuration/Setup Utility program menu, select System Security, then, press Enter.
  2.  The System Security menu appears.
  3.  Select Remote Administration, then, press Enter.
  4.  To enable update POST/BIOS over the network, select Enabled (default setting).
     To disable, select Disabled.

     You might need to perform a POST/BIOS (flash) update under the following circumstances:



Before you can perform a POST/BIOS (flash) update, you must create a Flash Utility Diskette, as follows:
  1.  Insert a blank, 3.5-inch, formatted 2 MB diskette into diskette drive A.
  2.  Go to http://www.ibm.com/pc/support/ on the World Wide Web and
     download the appropriate flash update program. Review the applicable README files, and
     use this information to copy the Flash Utility program onto the diskette.
  3.  If applicable, follow any additional instructions on the screen.


Note: The server is shipped with the Remote Administration feature set to Enabled.
To ensure that the POST/BIOS update (flash) procedure works properly, do not change this default value.

To perform a POST/BIOS (flash) update, insert the Flash Utility Diskette into the primary diskette drive and run the Flash Utility program. Follow the instructions in the program.


Setting adapter ROM security:

Use this setting to lock the keyboard during adapter read-only memory (ROM) initialization, this feature can be used in conjunction with an administrator password to prevent the use of adapter ROM-based utility programs.


Back to  Jump to TOP-of-PAGE

Please see the LEGAL  -  Trademark notice.
Feel free - send a Email-NOTE  for any BUG on this page found - Thank you.