03-18-2017 08:05 PM
I am a home user seeking advice.
I bought a Thinkpad T540p from a retailer in the UK a week ago (refurbished). Nice machine (awful trackpad !!!) (><)
I have discovered it still has a Supervisor password (SVP) on it and also Hardware Password Management active in BIOS. !!! m(><)m
I contacted the sellers and they do not have the original purchase receipt and cannot offer me any solution for that..
They are willing to take back the computer because of this which is gracious of them. Or offer a partial discount. Well the computer works..for now..I quite like it too..
I tried to access the BIOS - the computer has no Power On Password (PoP) set & no HDD passwords set. Just SVP in security settings (see bIOS readout below)
It boots and has Windows etc... but the Windows seems to be KMS_Client Volume..tied to a company I guess.
I hooked up to Lenovo online for system check and updated the BIOS version. And contacted support for recover media.
If I try to keep this machine I think I will need to re-install Windows with my own copy of 8.1.
It was setup originally by Lenovo with Win 7 Pro and still has OEM sticker under the battery.
I spoke to Lenovo tech support to try to understand if I should use the recovery media now on this machine in this case, I don't know how to proceed.
I have the recovery media link from them as the computer is under warranty. I don't know if I should use the recovery media - in case it asks me for SVP at some point?
The BIOS is not totally locked down and the things that are locked down are already set in 'the right' ways for me so that the fact that I do not know the SVP should not (I hope) create future problems for me as a user
.. maybe if it is not broken don't try to fix it?
Eg. Legacy BOOT is ok
-UEFI BOOT Secure Boot is not enabled
-UEFI BIOS Settings not locked
-Boot Order is not locked
-Boot Device List F12 Option is enabled
-Flash BIOS Updating by End-Users is enabled
-All settings for setting for the I/O port access is enabled.
Only things that I anticipate might become a problem in the future:
- Password at unattended boot
- The setting for the Virtualization is not enabled (annoying)
- Lenovo sends some BIOS update which makes the computer demand SVP
My question for the experienced users in this forum is about what I should do now:
1. Do you think it is possible for me to just ignore the fact that it has a SVP set, would this cause any issues if I change hardware (eg. swap out the original HDD) and re-install Windows on a new HDD / SDD as boot drive?
2. Would I need the SVP for anything else?
3. Should I use the recovery media at all (to set up blank SSD and create a recovery partition on it) before doing an install or upgrade to Windows 8.1?
4. It was a good deal but should I just demand my money back and buy a different machine ?
Seems like to me the easiest thing is to put in a blank SDD and do fresh re-install of Windows 8.1 directly onto it..and forget using the recovery media.
I realise it is a business class machine and unfortunately security is more stringent than consumer models - there are no 'backdoor' passwords
But many of these business models get refurbished and are sold on in this way to home users which benefits Lenovo and their users. It also benefits companies who need to buy new hardware.
I am a home user and have been a Thinkpad (X61) fan for many years - till my old Lenovo machine blew up last week. Hence buying this one..
Apparently if only a supervisor password is set, a password prompt is displayed when you try to start the ThinkPad Setup program. So no go there either.. Unauthorized users cannot access the ThinkPad Setup program without the password. This is not installed on the machine as far as I can see anyway.
A supervisor password is otherwise only required for:
– Changing or deleting the power-on password
– Changing or deleting the supervisor password
– Changing date and time
– Specifying the minimum length for power-on password and hard disk password
– Changing the setting for the security chip
– Changing the setting for the Virtualization
– Changing the setting for the I/O port access
– Changing the setting for the Anti-Theft
– Changing the setting for the Secure Boot
– Erasing the fngerprint data
– Enabling or disabling the following features:
– Lock UEFI BIOS Settings
– Password at unattended boot
– Boot Device List F12 Option
- Boot Order Lock
– Flash BIOS Updating by End-Users
– Secure RollBack Prevention
– Execution Prevention
– Security mode
– Fingerprint reader priority
Please do take a look at the BIOS readout below if you think you could offer any advice. Is this an expensive paperweight or not in your opinion?
As far as I can see this computer 'should' be ok as long as I do not do anything stupid (like take out the CMOS battery to reset the system clock, leave it without power for months)
It 'should' play nice with me changing small bits of hardware ( I hope), and swapping out the HDD (I hope...)
But I would definitely have to sell it on in a year or two..not worth the risk if there is a major hardware disaster..I will need the SVP I assume to do any repairs...
NOTE - BIOS entries with an asterisk * are greyed out and I cannot change them!
Main Config Date/Time Security Startup Restart
UEFI BIOS Version GMET77UU (2.25 )
UEFI BIOS Date (Year-Month-Day) 2016-11-23
Embedded Controller Uers ion GMHT29UU (1.14 )
ME Firmware Uersion 220.127.116.112
Machine Type Model 20BES02600
Asset Tag No Asset Information
CPU Type Intel(R) Core(TM) i7-4600M CPU
CPU Speed 2.90GHz
Installed memory 8192MB
MAC Address (Internal LAN) 54 EE 75 15 A5 DC
UEFI Secure Boot Off
Execution Prevention [Enabled]*
UEFI BIOS Update Option
Flash BIOS Updating by End Users [Enabled]*
Secure Rollback Prevention [Disabled]*
Supervisor Password [Enterl*
- Password Status Enabled*
Lock UEFI BIOS Settings [Disabled]*
Password at unattended boot [Enabled]*
Password at restart [Disabled]*
Set Minimum Length [Disabled]*
Power-On Password [Enter]*
- Password Status [Disabled]*
Hard Disk1 Password [Enter]
- Password Status Disabled
Hard Disk3 Password [Enter]
- Password Status Disabled
I/O Port Access
Internet LAN [Enabled]
Wireless LAN [Enabled]
Wireless WAN [Enabled]
Display Port [Enabled]
Ultrabay HDD/Optical) [Enabled]
Memory Card Slot [Enabled]
Integrated Camera [Enabled]
Fingerprint Reader [Enabled]
ExressCard Slot [Enabled]
Intel (R) Virtualization Technology [Disabled]*
Intel (R) VT-d Feature [Disabled]*
Internal Device Access
Bottom Cover Tamper Detection [Disabled]*
Network Boot [PCI LAN: IBA GE 1]*
UEFI/Legacy Boot [Both]*
UEFI/Legacy Boot Prtm [Legacy First]*
- CSM Support [Yes]*
Boot Mode [Quick]
Option key Display [Enabled]*
Boot deuice List Fl2: Option [Enabled]*
Boot Order Lock [Disabled]*
Secure Boot [Disabled]*
Platform Mode User Mode
Secure Boot Mode Standard Mode
Reset to Setup Mode [Enter]*
Restore Factory Keys [Enter]*
Intel (R) AT Module Activation
- Current SEtting [Enabled]*
- Current State Not Activated*
Thanks for any advice!
Solved! Go to Solution.
03-18-2017 08:35 PM
I would return it. If you need to do a BIOS update and reload setup defaults, you're in big trouble
03-19-2017 06:59 AM
Thanks for your help. I wonder if this will be useful for other users. So here's the 'slightly' deceptive thing.
I logged onto Lenovo Bridge and 'thought' I had done an update properly by starting up the manufacturers Live Update utility (including of the BIOS). It seemed like it was flashing the BIOS at the time. Here is the readout of the update (last week):
|(there were a few things before this..but to make it shorter ...)
Package:Intel Collaborative Processor Performance Control (CPPC) Driver - 8.1/8 ; Result:INSTALL_SUCCESSFUL; Date:3/11/2017 9:34:54 AM
Package:Intel PRO/1000 LAN Adapter Software - 7/8.1 ; Result:INSTALL_SUCCESSFUL; Date:3/11/2017 9:35:10 AM
Package:Intel Chipset Driver - 8.1 ; Result:INSTALL_SUCCESSFUL; Date:3/11/2017 9:35:22 AM
Package:Intel Rapid Storage AHCI Driver - 8.1 ; Result:INSTALL_SUCCESSFUL; Date:3/11/2017 9:35:38 AM
Package:ThinkPad BIOS Update US [32,64]; Result:INSTALLing
Now that is where the update ends and it is not clear if the BIOS was updated...
But seems it wasn't.. as you can see from by BIOS readout:
BIOS Version/Date LENOVO GMET77WW (2.25 ), 11/23/2016
But then I check the BIOS and it has Flash BIOS Updating by End Users [Enabled]*
it looked like the BIOS update was going through (me at the time blissfully unaware of course)
But just because it is [Enabled] it doesn't mean you can do it or that it will do it..maybe because the SVP would have been required it just turned itself around and didn't install...
Now from what I am beginning to understand living with the illusion of safety in this way .. is not a good idea..
If you are just a home user like me who bought one of the many more cheaply priced high spec refurbished machines available online and are in the same situation - think again..
The machines are typically purchased from large companies at huge buyout prices when they update all their machines. The resellers don't really have to care much about some machines being returned due to issues because they're making massive markups by selling just 1 computer.
But this might cost you big time - and you might be fooled as demonstrated by the above BIOS incident into thinkinking you are able to get the BIOS updated by Lenovo.
You BIOS probably wasn't updated and if you have any other kind of accident..or you alter the hardware config (I do not know to what extent this is true eg. swapping the HDD could trigger this)...you might be the proud owner of a very expensive paperweight.
You can rid yourself of the SVP - but only by asking Lenovo to do it for you by swapping out the motherboard. I will update this thread with the details of what that would cost me as I have asked Lenovo if they can do this.
But agreed! Don't be fooled - seems it is probably best to send it back to the retailer fast while you still can!
03-20-2017 11:20 AM
Ok just a follow up,
So I checked with Lenovo here in the UK what it would cost to replace the motherboard to resolve this. This is just in case anyone else is stuck in this situation or thinks they might be. This part is still managed by IBM.
Please find below the answers to your questions:
- the SSD 16GB cache driver is used to speed up Windows process and cannot be used to store personal data;
- you cannot install a webcam on a machine that was purchased without one.
03-31-2017 09:20 AM
Believe it or not I bought a second T540p on Ebay in the UK and exactly the same thing.
I actually had asked the seller to check the SVP beforehand and got written confirmation from him that there was none.
As soon as the laptop arrive I opened up the BIOS and - SVP was enabled! Of course I asked to return it again.
What is going on here is nothing to do with Lenovo but has more to do with how I am choosing to buy the laptops. I know that, but I also cannot find another way to buy this model very easily any other way. Official non-Ebay resellers are not providing many options that I can see to be honest, mostly marketing the newer models that I do not want.
So here is some advice for buyers who are thinking of doing this via Ebay: http://www.ebay.co.uk/gds/DONT-GET-SCAMMED-BUYING-A-LAPTOP-ON-EBAY-/10000000004260377/g.html
However, I would add that I have found that asking sellers to give you the MTM and serial before purchase and checking out the original spec as purchased form Lenovo support and warranty info is very helpful.
A lot of the advertised laptops are poorly described or the sellers are unlikely to have checked them out / have not booted them up in my opinion. Either that or they are not competent sellers or are attempting to oversell used laptops without doing due dilligence..
And many of the sellers I have dealt with who are re-selling off-lease machines have been a bit hostile about this, from their perspective they want to sell it on with the least fuss and if there is any problem they will direct you towards Lenovo to go and sort it out. Particularly as the warranty travels with the machine. Don't let them.
There is little Lenovo can do, even if it is under warranty so get the sellers to do their job and check their wares before they sell them instead of copying a description of a similar unit (with a picture) from elesewhere on the web.
Also I suggest you level with a seller before you buy - if it is not as described then they shouldn't be surprised if it comes back to them. Make sure you get protected by the Ebay Moneyback guarantee with Paypal.
Finally if unsure about the hardware (non-competent seller) ask your seller to check things like GPU by downloading and running this Hardware checker in summary mode
Get them to send you a picture of the output on Ebay: https://www.hwinfo.com/
Remind them tactfully as the re-seller of a re-furbished machine the expectation from your side would be that it has been booted up to check it is as described by a technician, it has been run through some basic diagnostic.
Just to check if it was not missing any parts and has the right battery etc..Otherwise 'refurbished' has little meaning.
And of course remind them to check beforehand if it is properly off-lease within the BIOS in terms of the SVP and Power-on passwords and from the previous owner / company leaseholder. etc..
Also if there are complaints about the screen for that model on the user forums then you can check which screen is has in fact by getting the seller to run software to identify the make. The orginal monitor make can also be identified on the Lenovo website using the serial number and by going into device manager too on the laptop, and Googling the hardware ID.
(in Device Manager, where you go to Monitors, select the 'Generic PnP Monitor', right click and select properties > details > hardware ids, and it will usually show the manufacturer and model number or a Hardware ID.)
So if really in doubt you can ask them to run monitor asset manager or something just check the make of the screen.
You don't need to be too heavy handed but just make sure that sellers are not being too flippant either. Remind them that you are protected by Ebay should the item not turn out as described. You may find that the information about the machine they provide either gets a lot better and accurate, or if they are scamming you they will pull out of the transaction or try to push you away ('we are not cowboys' ) with intimidating language or telling you to contact Lenovo if you have a problem.
Dont' bother -( tell them to get stuffed. Plenty of sellers are trying to sell the same machines again and again - they have absolutely no problem if the items are returned. The items remain on Ebay for re-sale despite being problematic.
Ebay needs to fix that so sellers cannot easily just re-sell something that has been returned for a serious problem like the SVP. But for now it seems that they are still doing it.
Hope that is some help to the enthusiasts of older machines and also those trying to use Ebay for the first time.