Dell Command | PowerShell Provider HDD Password feature

Dell Command | PowerShell Provider HDD Password feature


In addition to system and admin passwords, HDD password adds a security layer to the systems to prevent unauthorized access to the HDD(s). If HDD password is set, then system generates the HDD password prompt and verifies the HDD password during boot.

Important Points

  • If hard disk is disabled, then corresponding HDD password setting cannot be accessed using BIOS setup screen (F2).
  • At the time of HDD password prompt, if the system is kept idle for ten minutes, the system will shut down automatically.
  • If user enters wrong HDD password thrice at POST HDD password prompt, system starts treating like HDD is not available.
  • If user enters wrong HDD password for 5 times at Setup HDD password prompt, the HDD will no longer accept password unlock attempts. The drive will have to be power cycled in order to allow new password unlock attempts.
  • If user presses 'ESC' key at HDD password prompt, system starts treating like HDD is not available.
  • HDD password prompt will occur only from s4 (hibernate) / s5 (power off) state.
  • If system and HDD password both are same then after giving correct password during boot, the HDD password prompt gets bypassed automatically.

Secure Erase

UEFI BIOS supports Secure Erase feature in order to provide more security to the data stored in HDD. If this feature is enabled on your HDD, Secure Erase wipes all data from the hard disk when it is unlocked using the master password. While setting HDD password, system prompts to enable the support for a Secure Erase feature.


Figure 1: Internal HDD-1 Password

After clicking on 'yes', system again prompts for confirmation of enabling the support for a Secure Erase feature


Figure 2: Security Erase

Master HDD Password

Master HDD password is used to clear the HDD password in case HDD password is set but unknown. The master HDD password is very secure password generated by Dell using secure algorithms involving the HDD serial number. Master HDD password can be entered at the HDD password prompt using CTRL-Enter. Master HDD Passwords are only given on a needed basis to customers and others

Note - If secure erase is enabled for HDD, system will start to secure erase HDD after entering master HDD password.

Configuring HDD passwordYou can set, modify and clear HDD password using Dell Command | PowerShell Provider (DCPP). You can also verify whether the system has HDD password set, Secure Erase feature support, etc using HDDInfo. To know about installing and configuring Dell Command | PowerShell Provider module on your system, refer Download and Installation section in user guide. To download the user guide, click here.

Note:
  • Dell Command | PowerShell Provider configures the same password for all hard disks present in the machine. Use BIOS setup screen (F2) to configure different passwords for different hard disks.
  • HDD password configuration operation requires system restart to apply the changes.
  • HDDInfo

    • HDDInfo provides the information about hard disks present in the machine. It displays the following information:
    • HDD Name — The name of the HDD.
    • Present — Whether the HDD is physically present.
    • PwdProtected — Whether a password exists for the HDD.
    • PendingRestart — Whether a reboot is pending to set the password.
    • AdminOnlyChange — Whether the changes to the password can be made only by an administrator.
    • SecureEraseSupported — Whether HDD Secure Erase is supported.
    • SecureEraseEnabled — Whether HDD Secure Erase is enabled.Hard Disk Name

    To get this information using Dell Command | PowerShell provider, run the following command:

    Get-Item -Path DellSmbios:\Security\HDDInfo | Select -ExpandProperty CurrentValue

    Note - The image displays the behavior of Dell Command | PowerShell Provider when using above command on system having two hard disks.


    Figure 3: ExpandProperty CurrentValue

    In the image above, no password is set for both hard disks and other fields are also showing "no".

    Setting HDD Password

    HDD password contains minimum 1 and maximum 32 characters. To set the password, use the following command:

    Set-Item -Path DellSmbios:\Security\HDDPassword "$HDDPwd"


    Figure 4: SecureErase Supported

    As we can see from image above, pending restart for both the hard disks is showing "Yes". Restart the system to apply the changes. After restart system prompts during boot as shown below.


    Figure 5: Dell Security Manager

    To apply the change or to configure the HDD password, click Modify. Click Ignore to cancel the changes. The system prompts for each hard disk separately. If you click Modify, HDDInfo displays the information as shown in the image below.


    Figure 6: SecureEraseEnabled

    Note - If you have Admin/System password set on your machine, then provide Admin/System password while configuring HDD password using the following commands:

    If admin password is set,

    Set-Item -Path DellSmbios:\Security\HDDPassword "$HDDPwd" -Password "$AdminPwd"

    If system password is set,

    Set-Item -Path DellSmbios:\Security\HDDPassword "$HDDPwd" -Password "$SystemPwd"

    Modifying/Clearing HDD Password

    To modify HDD password, run the following command:

    Set-Item -Path DellSmbios:\Security\HDDPassword "$NewHDDPwd" -Password "$OldHDDPwd"

    To clear HDD password, run the following command:

    Set-Item -Path DellSmbios:\Security\HDDPassword "" -Password "$OldHDDPwd"

    Note - Restart the system to apply the changes.

    Additional Parameters of HDD password

    Dell Command | PowerShell Provider supports two additional parameters to configure HDD password.

    • AdminPassword -

    Provide Admin password by using "AdminPassword" parameter if administrator has restricted the changes to HDD password.
    To provide this parameter, run the following command:

    Set-Item -Path DellSmbios:\Security\HDDPassword "$HDDPwd" -AdminPassword "$AdminPwd"

    • ATAMaximumSecurityMode -

    Provide value to this parameter either as '0' or '1'. To configure HHD password in a in a maximum security mode (Secure Erase), provide value as '1' to this parameter.
    To provide this parameter, run the following command.

    Set-Item -Path DellSmbios:\Security\HDDPassword "$HDDPwd" -ATAMaximumSecurityMode "1"


    Figure 7: Path Dellsmbios




    Article ID: SLN312179

    Last Date Modified: 08/17/2018 10:16 AM


    Rate this article

    Accurate
    Useful
    Easy to understand
    Was this article helpful?
    Yes No
    Send us feedback
    Comments cannot contain these special characters: <>()\
    Sorry, our feedback system is currently down. Please try again later.

    Thank you for your feedback.