Browse Prior Art Database

MECHANISM TO ALLOW SYSTEM ADMINISTRATORS ABILITY TO ENTER PRIVILEGE ACCESS PASSWORDS REMOTELY

IP.com Disclosure Number: IPCOM000014434D
Original Publication Date: 2002-May-11
Included in the Prior Art Database: 2003-Jun-19
Document File: 2 page(s) / 39K

Publishing Venue

IBM

Abstract

Personal computers typically provide two forms of local access security: Power on Passwords (POP) Local access security Stored in CMOS/battery backed Required to gain access to system/normal use Known by local user

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 52% of the total text.

Page 1 of 2

  MECHANISM TO ALLOW SYSTEM ADMINISTRATORS ABILITY TO ENTER PRIVILEGE ACCESS PASSWORDS REMOTELY

Personal computers typically provide two forms of local access security:

Power on Passwords (POP)

Local access security

Stored in CMOS/battery backed Required to gain access to system/normal use Known by local user

Privilege Access passwords (PAP)

Restricted Access security

Stored in EEPROM Required to gain access to system settings in computer/exception use Known by super user or system administrator

A system administrator to enforce policy across the install base of systems uses the PAP. Local users are unable to modify settings, since the PAP is required to gain access to BIOS/setup. This gives the system administrator greater control over the systems. The PAP is also required to correct system failures.

The disadvantage of a PAP, is that it requires the system administrator to visit the machine to correct even a minor problem. When an event occurs (removal of cover, keyboard error, or memory module failure), the PAP must be entered before the system will boot an OS or enter Setup.

Obviously this is complicated by the use of network systems, which are typically located at remote locations on a campus or at remote locations. Given the remote nature of the systems, the system administrator needs to enforce policy, however, this creates a problem with maintenance.

New CDT systems include a system management chip that monitors for events on the client and reports them to a remote system management console. This invention extends the capabilities...