03-18-2017 08:05 PM
I am a home user seeking advice.
I bought a Thinkpad T540p from a retailer in the UK a week ago (refurbished). Nice machine (awful trackpad !!!) (><)
I have discovered it still has a Supervisor password (SVP) on it and also Hardware Password Management active in BIOS. !!! m(><)m
I contacted the sellers and they do not have the original purchase receipt and cannot offer me any solution for that..
They are willing to take back the computer because of this which is gracious of them. Or offer a partial discount. Well the computer works..for now..I quite like it too..
I tried to access the BIOS - the computer has no Power On Password (PoP) set & no HDD passwords set. Just SVP in security settings (see bIOS readout below)
It boots and has Windows etc... but the Windows seems to be KMS_Client Volume..tied to a company I guess.
I hooked up to Lenovo online for system check and updated the BIOS version. And contacted support for recover media.
If I try to keep this machine I think I will need to re-install Windows with my own copy of 8.1.
It was setup originally by Lenovo with Win 7 Pro and still has OEM sticker under the battery.
I spoke to Lenovo tech support to try to understand if I should use the recovery media now on this machine in this case, I don't know how to proceed.
I have the recovery media link from them as the computer is under warranty. I don't know if I should use the recovery media - in case it asks me for SVP at some point?
The BIOS is not totally locked down and the things that are locked down are already set in 'the right' ways for me so that the fact that I do not know the SVP should not (I hope) create future problems for me as a user
.. maybe if it is not broken don't try to fix it?
Eg. Legacy BOOT is ok
-UEFI BOOT Secure Boot is not enabled
-UEFI BIOS Settings not locked
-Boot Order is not locked
-Boot Device List F12 Option is enabled
-Flash BIOS Updating by End-Users is enabled
-All settings for setting for the I/O port access is enabled.
Only things that I anticipate might become a problem in the future:
- Password at unattended boot
- The setting for the Virtualization is not enabled (annoying)
- Lenovo sends some BIOS update which makes the computer demand SVP
My question for the experienced users in this forum is about what I should do now:
1. Do you think it is possible for me to just ignore the fact that it has a SVP set, would this cause any issues if I change hardware (eg. swap out the original HDD) and re-install Windows on a new HDD / SDD as boot drive?
2. Would I need the SVP for anything else?
3. Should I use the recovery media at all (to set up blank SSD and create a recovery partition on it) before doing an install or upgrade to Windows 8.1?
4. It was a good deal but should I just demand my money back and buy a different machine ?
Seems like to me the easiest thing is to put in a blank SDD and do fresh re-install of Windows 8.1 directly onto it..and forget using the recovery media.
I realise it is a business class machine and unfortunately security is more stringent than consumer models - there are no 'backdoor' passwords
But many of these business models get refurbished and are sold on in this way to home users which benefits Lenovo and their users. It also benefits companies who need to buy new hardware.
I am a home user and have been a Thinkpad (X61) fan for many years - till my old Lenovo machine blew up last week. Hence buying this one..
Apparently if only a supervisor password is set, a password prompt is displayed when you try to start the ThinkPad Setup program. So no go there either.. Unauthorized users cannot access the ThinkPad Setup program without the password. This is not installed on the machine as far as I can see anyway.
A supervisor password is otherwise only required for:
– Changing or deleting the power-on password
– Changing or deleting the supervisor password
– Changing date and time
– Specifying the minimum length for power-on password and hard disk password
– Changing the setting for the security chip
– Changing the setting for the Virtualization
– Changing the setting for the I/O port access
– Changing the setting for the Anti-Theft
– Changing the setting for the Secure Boot
– Erasing the fngerprint data
– Enabling or disabling the following features:
– Lock UEFI BIOS Settings
– Password at unattended boot
– Boot Device List F12 Option
- Boot Order Lock
– Flash BIOS Updating by End-Users
– Secure RollBack Prevention
– Execution Prevention
– Security mode
– Fingerprint reader priority
Please do take a look at the BIOS readout below if you think you could offer any advice. Is this an expensive paperweight or not in your opinion?
As far as I can see this computer 'should' be ok as long as I do not do anything stupid (like take out the CMOS battery to reset the system clock, leave it without power for months)
It 'should' play nice with me changing small bits of hardware ( I hope), and swapping out the HDD (I hope...)
But I would definitely have to sell it on in a year or two..not worth the risk if there is a major hardware disaster..I will need the SVP I assume to do any repairs...
NOTE - BIOS entries with an asterisk * are greyed out and I cannot change them!
Main Config Date/Time Security Startup Restart
UEFI BIOS Version GMET77UU (2.25 )
UEFI BIOS Date (Year-Month-Day) 2016-11-23
Embedded Controller Uers ion GMHT29UU (1.14 )
ME Firmware Uersion 18.104.22.1682
Machine Type Model 20BES02600
Asset Tag No Asset Information
CPU Type Intel(R) Core(TM) i7-4600M CPU
CPU Speed 2.90GHz
Installed memory 8192MB
MAC Address (Internal LAN) 54 EE 75 15 A5 DC
UEFI Secure Boot Off
Execution Prevention [Enabled]*
UEFI BIOS Update Option
Flash BIOS Updating by End Users [Enabled]*
Secure Rollback Prevention [Disabled]*
Supervisor Password [Enterl*
- Password Status Enabled*
Lock UEFI BIOS Settings [Disabled]*
Password at unattended boot [Enabled]*
Password at restart [Disabled]*
Set Minimum Length [Disabled]*
Power-On Password [Enter]*
- Password Status [Disabled]*
Hard Disk1 Password [Enter]
- Password Status Disabled
Hard Disk3 Password [Enter]
- Password Status Disabled
I/O Port Access
Internet LAN [Enabled]
Wireless LAN [Enabled]
Wireless WAN [Enabled]
Display Port [Enabled]
Ultrabay HDD/Optical) [Enabled]
Memory Card Slot [Enabled]
Integrated Camera [Enabled]
Fingerprint Reader [Enabled]
ExressCard Slot [Enabled]
Intel (R) Virtualization Technology [Disabled]*
Intel (R) VT-d Feature [Disabled]*
Internal Device Access
Bottom Cover Tamper Detection [Disabled]*
Network Boot [PCI LAN: IBA GE 1]*
UEFI/Legacy Boot [Both]*
UEFI/Legacy Boot Prtm [Legacy First]*
- CSM Support [Yes]*
Boot Mode [Quick]
Option key Display [Enabled]*
Boot deuice List Fl2: Option [Enabled]*
Boot Order Lock [Disabled]*
Secure Boot [Disabled]*
Platform Mode User Mode
Secure Boot Mode Standard Mode
Reset to Setup Mode [Enter]*
Restore Factory Keys [Enter]*
Intel (R) AT Module Activation
- Current SEtting [Enabled]*
- Current State Not Activated*
Thanks for any advice!
Solved! Go to Solution.