cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
Highlighted
tomsalmon
Blue Screen Again
Posts: 4
Registered: ‎10-01-2010
Location: Australia
Views: 2,333
Message 1 of 5

Help! T540p warranty but no SVP & BIOS setup not locked. Safe to install new HDD + Win 8.1?

I am a home user seeking advice.

 

I bought a Thinkpad T540p from a retailer in the UK a week ago (refurbished). Nice machine (awful trackpad !!!) (><)
I have discovered it still has a Supervisor password (SVP) on it and also Hardware Password Management active in BIOS. !!! m(><)m

I contacted the sellers and they do not have the original purchase receipt and cannot offer me any solution for that..
They are willing to take back the computer because of this which is gracious of them. Or offer a partial discount. Well the computer works..for now..I quite like it too..

 

I tried to access the BIOS - the computer has no Power On Password (PoP) set & no HDD passwords set. Just SVP in security settings (see bIOS readout below)


It boots and has Windows etc... but the Windows seems to be KMS_Client Volume..tied to a company I guess.
I hooked up to Lenovo online for system check and updated the BIOS version. And contacted support for recover media.

 

If I try to keep this machine I think I will need to re-install Windows with my own copy of 8.1.

It was setup originally by Lenovo with Win 7 Pro and still has OEM sticker under the battery.


I spoke to Lenovo tech support to try to understand if I should use the recovery media now on this machine in this case, I don't know how to proceed.


I have the recovery media link from them as the computer is under warranty. I don't know if I should use the recovery media - in case it asks me for SVP at some point?

The BIOS is not totally locked down and the things that are locked down are already set in 'the right' ways for me so that the fact that I do not know the SVP  should not (I hope) create future problems for me as a user

 

.. maybe if it is not broken don't try to fix it?

 

Eg. Legacy BOOT is ok
-UEFI BOOT Secure Boot is not enabled
-UEFI BIOS Settings not locked
-Boot Order is not locked
-Boot Device List F12 Option is enabled
-Flash BIOS Updating by End-Users is enabled
-All settings for setting for the I/O port access is enabled.

 

Only things that I anticipate might become a problem in the future:

- Password at unattended boot
- The setting for the Virtualization is not enabled (annoying)
- Lenovo sends some BIOS update which makes the computer demand SVP

 

My question for the experienced users in this forum is about what I should do now:

1. Do you think it is possible for me to just ignore the fact that it has a SVP set, would this cause any issues if I change hardware (eg. swap out the original HDD) and re-install Windows on a new HDD / SDD as boot drive?
2. Would I need the SVP for anything else?
3. Should I use the recovery media at all (to set up blank SSD and create a recovery partition on it) before doing an install or upgrade to Windows 8.1?

4. It was a good deal but should I just demand my money back and buy a different machine ?

 

Seems like to me the easiest thing is to put in a blank SDD and do fresh re-install of Windows 8.1 directly onto it..and forget using the recovery media.

 

I realise it is a business class machine and unfortunately security is more stringent than consumer models - there are no 'backdoor' passwords


But many of these business models get refurbished and are sold on in this way to home users which benefits Lenovo and their users. It also benefits companies who need to buy new hardware.

 

I am a home user and have been a Thinkpad (X61) fan for many years - till my old Lenovo machine blew up last week. Hence buying this one..

 

Apparently if only a supervisor password is set, a password prompt is displayed when you try to start the ThinkPad Setup program. So no go there either.. Unauthorized users cannot access the ThinkPad Setup program without the password. This is not installed on the machine as far as I can see anyway.

 

A supervisor password is otherwise only required for:

– Changing or deleting the power-on password
– Changing or deleting the supervisor password
– Changing date and time
– Specifying the minimum length for power-on password and hard disk password
– Changing the setting for the security chip
– Changing the setting for the Virtualization
– Changing the setting for the I/O port access
– Changing the setting for the Anti-Theft
– Changing the setting for the Secure Boot
– Erasing the fngerprint data
– Enabling or disabling the following features:
– Lock UEFI BIOS Settings
– Password at unattended boot
– Boot Device List F12 Option
- Boot Order Lock
– Flash BIOS Updating by End-Users
– Secure RollBack Prevention
– Execution Prevention
– Security mode
– Fingerprint reader priority

 

Please do take a look at the BIOS readout below if you think you could offer any advice. Is this an expensive paperweight or not in your opinion?

 

As far as I can see this computer 'should' be ok as long as I do not do anything stupid (like take out the CMOS battery to reset the system clock, leave it without power for months)


It 'should' play nice with me changing small bits of hardware ( I hope), and swapping out the HDD (I hope...)

But I would definitely have to sell it on in a year or two..not worth the risk if there is a major hardware disaster..I will need the SVP I assume to do any repairs...

 

NOTE - BIOS entries with an asterisk * are greyed out and I cannot change them!

 

ThinkPad Setup
Main Config Date/Time Security Startup Restart


UEFI BIOS Version GMET77UU (2.25 )
UEFI BIOS Date (Year-Month-Day) 2016-11-23
Embedded Controller Uers ion GMHT29UU (1.14 )
ME Firmware Uersion 9.0.30.1482
Machine Type Model 20BES02600


Asset Tag No Asset Information
CPU Type Intel(R) Core(TM) i7-4600M CPU
CPU Speed 2.90GHz
Installed memory 8192MB

MAC Address (Internal LAN) 54 EE 75 15 A5 DC
UEFI Secure Boot Off


•*´¨`*•.¸¸.•*´¨`*•.¸¸.•*´¨`*•.¸¸.•*´¨`*•.¸¸.•

Memory Protection
Execution Prevention [Enabled]*

•*´¨`*•.¸¸.•*´¨`*•.¸¸.•*´¨`*•.¸¸.•*´¨`*•.¸¸.•

UEFI BIOS Update Option

Flash BIOS Updating by End Users [Enabled]*
Secure Rollback Prevention [Disabled]*

•*´¨`*•.¸¸.•*´¨`*•.¸¸.•*´¨`*•.¸¸.•*´¨`*•.¸¸.•
Security
Password

Supervisor Password [Enterl*
- Password Status Enabled*

Lock UEFI BIOS Settings [Disabled]*

Password at unattended boot [Enabled]*
Password at restart [Disabled]*
Set Minimum Length [Disabled]*
Power-On Password [Enter]*
- Password Status [Disabled]*
Hard Disk1 Password [Enter]
- Password Status Disabled
Hard Disk3 Password [Enter]
- Password Status Disabled

Security

I/O Port Access


Internet LAN [Enabled]
Wireless LAN [Enabled]
Wireless WAN [Enabled]
Bluetooth [Enabled]
Display Port [Enabled]
Ultrabay HDD/Optical) [Enabled]
Memory Card Slot [Enabled]
Integrated Camera [Enabled]
Microphone [Enabled]
Fingerprint Reader [Enabled]
ExressCard Slot [Enabled]


•*´¨`*•.¸¸.•*´¨`*•.¸¸.•*´¨`*•.¸¸.•*´¨`*•.¸¸.•

Virtualization

Intel (R) Virtualization Technology [Disabled]*
Intel (R) VT-d Feature [Disabled]*


•*´¨`*•.¸¸.•*´¨`*•.¸¸.•*´¨`*•.¸¸.•*´¨`*•.¸¸.•

Internal Device Access
Bottom Cover Tamper Detection [Disabled]*

•*´¨`*•.¸¸.•*´¨`*•.¸¸.•*´¨`*•.¸¸.•*´¨`*•.¸¸.•
Boot

Network Boot [PCI LAN: IBA GE 1]*

UEFI/Legacy Boot [Both]*
UEFI/Legacy Boot Prtm [Legacy First]*
- CSM Support [Yes]*

Boot Mode [Quick]
Option key Display [Enabled]*
Boot deuice List Fl2: Option [Enabled]*
Boot Order Lock [Disabled]*

•*´¨`*•.¸¸.•*´¨`*•.¸¸.•*´¨`*•.¸¸.•*´¨`*•.¸¸.•
Secure Boot

Secure Boot [Disabled]*

Platform Mode User Mode
Secure Boot Mode Standard Mode

Reset to Setup Mode [Enter]*
Restore Factory Keys [Enter]*

•*´¨`*•.¸¸.•*´¨`*•.¸¸.•*´¨`*•.¸¸.•*´¨`*•.¸¸.•
Anti-Theft

Intel (R) AT Module Activation
- Current SEtting [Enabled]*
- Current State Not Activated*

Computrace

•*´¨`*•.¸¸.•*´¨`*•.¸¸.•*´¨`*•.¸¸.•*´¨`*•.¸¸.•

 

Thanks for any advice!

Community SeniorMod
Community SeniorMod
Posts: 10,261
Registered: ‎01-01-2010
Location: US
Views: 2,303
Message 2 of 5

Re: Help! T540p warranty but no SVP & BIOS setup not locked. Safe to install new HDD + Win 8.1?

I would return it.  If you need to do a BIOS update and reload setup defaults, you're in big trouble


Rich


I do not respond to requests for private, one-on-one help. Your questions should be posted in the appropriate forum where they may help others as well.

If a response answers your question, please mark it as the accepted solution.

I am not an employee or agent of Lenovo.
tomsalmon
Blue Screen Again
Posts: 4
Registered: ‎10-01-2010
Location: Australia
Views: 2,249
Message 3 of 5

Re: Help! T540p warranty but no SVP & BIOS setup not locked. Safe to install new HDD + Win 8.1?

Hi

 

Thanks for your help. I wonder if this will be useful for other users. So here's the 'slightly' deceptive thing.

 

I logged onto Lenovo Bridge and 'thought'  I had done an update properly by starting up the manufacturers Live Update utility (including of the BIOS). It seemed like it was flashing the BIOS at the time. Here is the readout of the update (last week):

 

|(there were a few things before this..but to make it shorter ...)
Package:Intel Collaborative Processor Performance Control (CPPC) Driver - 8.1/8 [64]; Result:INSTALL_SUCCESSFUL; Date:3/11/2017 9:34:54 AM
Package:Intel PRO/1000 LAN Adapter Software - 7/8.1 [64]; Result:INSTALL_SUCCESSFUL; Date:3/11/2017 9:35:10 AM
Package:Intel Chipset Driver - 8.1 [64]; Result:INSTALL_SUCCESSFUL; Date:3/11/2017 9:35:22 AM
Package:Intel Rapid Storage AHCI Driver - 8.1 [64]; Result:INSTALL_SUCCESSFUL; Date:3/11/2017 9:35:38 AM
Package:ThinkPad BIOS Update US [32,64]; Result:INSTALLing

 

Now that is where the update ends and it is not clear if the BIOS was updated...

 

But seems it wasn't.. as you can see from by BIOS readout:

BIOS Version/Date LENOVO GMET77WW (2.25 ), 11/23/2016

 

But then I check the BIOS and it has Flash BIOS Updating by End Users [Enabled]*

it looked like the BIOS update was going through (me at the time blissfully unaware of course) 

 

But just because it is [Enabled] it doesn't mean you can do it or that it will do it..maybe because the SVP would have been required it just turned itself around and didn't install...

Now from what I am beginning to understand living with the illusion of safety in this way .. is not a good idea..

 

If you are just a home user like me who bought one of the many more cheaply priced high spec refurbished machines available online and are in the same situation - think again..

 

The machines are typically purchased from large companies at huge buyout prices when they update all their machines. The resellers don't really have to care much about some machines being returned due to issues because they're making massive markups by selling just 1 computer.

 

But this might cost you big time - and you might be fooled as demonstrated by the above BIOS incident into thinkinking you are able to get the BIOS updated by Lenovo.

 

You BIOS probably wasn't updated and if you have any other kind of accident..or you alter the hardware config (I do not know to what extent this is true eg. swapping the HDD could trigger this)...you might be the proud owner of a very expensive paperweight.

 

You can rid yourself of the SVP - but only by asking Lenovo to do it for you by swapping out the motherboard. I will update this thread with the details of what that would cost me as I have asked Lenovo if they can do this.

 

But agreed! Don't be fooled - seems it is probably best to send it back to the retailer fast while you still can!

 

 

 

tomsalmon
Blue Screen Again
Posts: 4
Registered: ‎10-01-2010
Location: Australia
Views: 2,218
Message 4 of 5

Re: Help! T540p warranty but no SVP & BIOS setup not locked. Safe to install new HDD + Win 8.1?

Ok just a follow up,

 

So I checked with Lenovo here in the UK what it would cost to replace the motherboard to resolve this. This is just in case anyone else is stuck in this situation or thinks they might be. This part is still managed by IBM.

 

Once they receive the machine IBM insist to carry out a ' problem determination'  inspection and the Depot Operations team will contact the user with a full itemized quote (parts prices etc) in Microsoft excel format.
 
Current available charges to be accepted before the work is carried out according to tech support in UK:
88 GBP +VAT (Problem Determination)*,  220 GBP labour +Parts +VAT
 
The parts cost currently are: FRU 00UP920 =  GBP 182.19 + 10 + %20 VAT = GBP 230
TOTAL: 550
 
The motherboard in fact is also no longer stocked in the UK for this model apparently so it has to be shipped from the Netherlands.
 
In total this is only GBP40 pounds below the price of a newly refurbished model with Win 10 & Office on Ebay so not worth it.
 
What is more:
- According to tech support IBM will not accept that the problem has been identified before it is sent. So the user has to pay postage + the 88 GBP +VAT (Problem Determination)* whether or not they go ahead with the work and choose to install the motherboard (despite the fact that the laptop has been sent to them solely for that purpose).
 
- Tech support in the UK also told me that ' in their opinion' it should be possible to switch out the HDD and it would be 'ok' and you would 'get rid of the admin password' and that I should just try re-installing Windows. !!! m(><)m
 
I politely explained to them that I am pretty sure that is not the case in fact and asked them to check this with a 'lead engineer'. The tech support person then went off and did that and then said that swapping the HDD was all she could suggest and / or changing the motherboard as per the manual. 
 
At which point I agreed that switching the motherboard is probably the only / best option but tech support then did not want to tell me how much it would cost to do this! Not until I got quite upset with them. I finally got them to explain the  costs and discovered the 88 GBP arbitrary charge and then they eventually went and gave me a quote for labour. I had to find out the cost of the part by contacting the sales department myself. 
 
So go figure - as a user not only do I find that I am likely to be exploited by second-hand retailers of these products, but Lenovo seems completely uninterested in protecting or even informing its own customers in the event of them being caught out and locked into this situation. 
--
I should point out two more things here:
 
1. This was my 3rd follow up with Lenovo tech support in 10 days - before contacting tech support solely about this SVP issue in order to get a clear answer I had contacted tech support with an email about all the issues prior and mentioned it clearly. I wanted to ask about re-installing windows, the mSATA cache and installing a webcam. But I had included this SVP issue in the support request very clearly in the email. Tech support's reponse to my initial request was a very direct 2 line response:
 

Please find below the answers to your questions:

- the SSD 16GB cache driver is used to speed up Windows process and cannot be used to store personal data;

- you cannot install a webcam on a machine that was purchased without one.

 
There was no mention in this response to my question about the SVP on the laptop or about re-installing Windows and the Lenovo Technical Support person who replied via email to both service requests in the end was the same person.
 
So this is a second trap here that might cost you big time - it appears that you will not find that Lenovo tech support are going to flag the SVP issue for you even if you mention it clearly in a tech support request until it is too late. And if you ask them what it will cost to replace the motherboard, they may not be ready to inform you. And when they do inform you it is highly likely that the motherboard may no longer be in stock and that the whole operation will cost you more than the machine is worth anyway...
 
- In my case I was not caught out luckily - I did a lot of research after buying the machine and was able to figure these things out for myself. I made sure to take time off to do this before the 14 day no quibble return on this product expired with the retailer. I was then able to purchase the same machine for a little bit more  afterwards and checked verbally that there was not SVP or password on the machine.
 
Please do not get caught out - you need to check before buying. I can only hope this information will save unwitting users or buyers and thank this forum and also the tech support channels on the web (Eg. Lenovo tech support on Reddit) which responded promptly to assist with clearer advice - and so if you are buying one of these refurbished computers - make sure first you check there is not SVP / POP or HDD password on the machine. If there is - send it back straight away.
 
Thanks 
tomsalmon
Blue Screen Again
Posts: 4
Registered: ‎10-01-2010
Location: Australia
Views: 2,157
Message 5 of 5

Re: Help! T540p warranty but no SVP & BIOS setup not locked. Safe to install new HDD + Win 8.1?

Believe it or not I bought a second T540p on Ebay in the UK and exactly the same thing. 

 

I actually had asked the seller to check the SVP beforehand and got written confirmation from him that there was none.

As soon as the laptop arrive I opened up the BIOS and - SVP was enabled! Of course I asked to return it again.

 

What is going on here is nothing to do with Lenovo but has more to do with how I am choosing to buy the laptops. I know that, but I also cannot find another way to buy this model very easily any other way. Official non-Ebay resellers are not providing many options that I can see to be honest, mostly marketing the newer models that I do not want.

 

So here is some advice for buyers who are thinking of doing this via Ebay: http://www.ebay.co.uk/gds/DONT-GET-SCAMMED-BUYING-A-LAPTOP-ON-EBAY-/10000000004260377/g.html

 

However, I would add that I have found that asking sellers to give you the MTM and serial before purchase and checking out the original spec as purchased form Lenovo support and warranty info is very helpful. 

 

A lot of the advertised laptops are poorly described or the sellers are unlikely to have checked them out / have not booted them up in my opinion. Either that or they are not competent sellers or are attempting to oversell used laptops without doing due dilligence..

 

And many of the sellers I have dealt with who are re-selling off-lease machines have been a bit hostile about this, from their perspective they want to sell it on with the least fuss and if there is any problem they will direct you towards Lenovo to go and sort it out. Particularly as the warranty travels with the machine. Don't let them.

 

There is little Lenovo can do, even if it is under warranty so get the sellers to do their job and check their wares before they sell them instead of copying a description of a similar unit (with a picture) from elesewhere on the web. 

 

Also I suggest you level with a seller before you buy - if it is not as described then they shouldn't be surprised if it comes back to them. Make sure you get protected by the Ebay Moneyback guarantee with Paypal.

 

Finally if unsure about the hardware (non-competent seller) ask your seller to check things like GPU by downloading and running this Hardware checker in summary mode

Get them to send you a picture of the output on Ebay: https://www.hwinfo.com/

 

Remind them tactfully as the re-seller of a re-furbished machine the expectation from your side would be that it has been booted up to check it is as described by a technician, it has been run through some basic diagnostic.

Just to check if it was not missing any parts and has the right battery etc..Otherwise 'refurbished' has little meaning.

 

And of course remind them to check beforehand if it is properly off-lease within the BIOS in terms of the SVP and Power-on passwords and from the previous owner / company leaseholder. etc..

 

Also if there are complaints about the screen for that model on the user forums then you can check which screen is has in fact by getting the seller to run software to identify the make. The orginal monitor make can also be identified on the Lenovo website using the serial number and by going into device manager too on the laptop, and Googling the hardware ID.

 

(in Device Manager, where you go to Monitors, select the 'Generic PnP Monitor', right click and select properties > details > hardware ids, and it will usually show the manufacturer and model number or a Hardware ID.)

 

So if really in doubt you can ask them to run monitor asset manager or something just check the make of the screen.
http://www.entechtaiwan.com/util/moninfo.shtm

 

You don't need to be too heavy handed but just make sure that sellers are not being too flippant either. Remind them that you are protected by Ebay should the item not turn out as described. You may find that the information about the machine they provide either gets a lot better and accurate, or if they are scamming you they will pull out of the transaction or try to push you away ('we are not cowboys' ) with intimidating language or telling you to contact Lenovo if you have a problem. 

Dont' bother -( tell them to get stuffed. Plenty of sellers are trying to sell the same machines again and again - they have absolutely no problem if the items are returned. The items remain on Ebay for re-sale despite being problematic.

 

Ebay needs to fix that so sellers cannot easily just re-sell something that has been returned for a serious problem like the SVP. But for now it seems that they are still doing it. 

 

Hope that is some help to the enthusiasts of older machines and also those trying to use Ebay for the first time.

 

Best wishes, 

 

 

Check out current deals!


Shop current deals

Top Kudoed Authors