cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
chris_uk_82
Paper Tape
Posts: 2
Registered: ‎04-01-2019
Location: GB
Views: 308
Message 1 of 3

Security hardening against physical theft

Hi All,

 

After we were recently burgled I want to ensure our new laptop is made as useless as possible to any potential thief, I have:

 

1) Upgraded to Windows 10 Pro and enabled Bitlocker

2) Set a strong Administrator Password in BIOS and stored in keysafe - our old laptop had Bitlocker but I never thought to lock the BIOS

3) Upgraded to latest BIOS version

4) Removed all devices apart from the internal hard drive from the boot device list, meaning you need to go into the BIOS (with supervisor password) in order to boot from another source

 

Is there anything else I can do? If the thief removes the SSD from the machine and re-installs windows on another device is the BIOS smart enough to detect the UEFI files have changed and require Supervisor password again? Would swapping the drive be considered a boot device change and also require Supervisor password? I understand with bitlocker enabled the TPM monitors the boot files for tampering?

 

Thanks!

 

Chris.

Sr Support Specialist
Posts: 9,313
Registered: ‎11-30-2015
Location: PH
Views: 279
Message 2 of 3

Re: Security hardening against physical theft

Hi chris_uk_82,

 

Welcome to the Community Forums.

 

Other softwares are also available for added security but with the Supervisor BIOS password, the hardware security should be enough.

 

If they would not be able to provide it then other ways on unlocking is to replace the motherboard itself since it is embeded on a chip soldered onboard.

 

Even if the harddrive is  replaced, system would not allow it to proceed further. They cannot even install Windows in the machine. Bitlocker can secure the contents of your harddrive but can be erased or reformatted on a different machine. 

 

So if you forgot your BIOS password, most likely no one in Lenovo or any support department can unlock it and you may have to replace the entire motherboard itself.

 

I hope this helps answer your query.

 

Regards



Did someone help you today? Press the star on the left to thank them with a Kudo!
If you find a post helpful and it answers your question, please mark it as an "Accepted Solution"! This will help the rest of the Community with similar issues identify the verified solution and benefit from it.

chris_uk_82
Paper Tape
Posts: 2
Registered: ‎04-01-2019
Location: GB
Views: 256
Message 3 of 3

Re: Security hardening against physical theft

Thanks spidey101

Having to replace the motherboard if the BIOS password is forgotten is a risk I am prepared to take, because this would mean the thief would have to get a new motherboard and install it, or as you say go through a whole load of inconvenience to move the hard drive to another machine in order to reinstall the OS. I was wondering if there was a way of rendering the machine unbootable if the OS bootloader was changed due to a drive swap or an OS reinstall on another machine, which would effectively render the machine totally useless apart from as a spare parts donor machine.

Check out current deals!


Shop current deals