09-26-2018 08:55 PM
I have a T480, running 1.16 BIOS and an FDE enabled drive.
If I set user+master password for FDE, then assuming I'm in BIOS setup, I can use master password to specify a new user password. That's great.
However, I still need to the user FDE password to get into to BIOS setup in the first place. Even with a supervisor password set on the BIOS, the entry process is F1 > user FDE pass > supervisor pass.
This seems to completely negate the benefit of having a master FDE password. Imagine user forgets their FDE password, or is hit by a bus, etc. Administrator should, in posession of master FDE password and supervisor password, be able to access BIOS and change user password.
I have observed threads such as:
and another thread (cannot find it now) that advises pulling the drive in order to only need the supervisor password to access setup.
I don't quite understand this interaction. From my perspective, something broken about the password management.
Has anybody encountered any solutions for the above scenario?
10-03-2018 08:25 PM