Dell Command | PowerShell Provider 1.0 HDD Password

HDD password is the one more layer of security to the system (apart from system and admin passwords) which prevents user from accessing the HDD(s).

If HDD password is set, then system will ask for HDD password during boot.

Important points

1. If Hard disk is disabled then corresponding HDD password setting in BIOS menu (F2) also cannot be accessed.
2. If user keeps system idle about 10 minutes at the time of HDD password prompt, system will shut down automatically.
3. If user enters wrong HDD password 3 times, system starts treating like HDD is not available.
4. HDD password prompt will occur only from s4/s5 state.

Secure Erase    

UEFI BIOS supports secure erase feature which is used for providing more security to user’s data in case somebody tries to unlock the hard disk using Master password. If secure erase is enabled on system, secure erase wipes all data from hard disk when it is unlocked using master password.

When setting HDD password, system prompts for enabling support for secure erase and confirmation for enablement.

Configuring HDD password using Dell Command | PowerShell Provider (DCPP)

Dell Command | PowerShell Provider can be used to configure HDD password. DCPP has the capability to set, modify and clear HDD password. DCPP also has the capability to verify whether system has HDD password, secure erase support, etc. To know about installing and configuring Dell Command | PowerShell Provider module on your system, refer Download and Installation section in user guide. To download the user guide, click http://www.dell.com/support/home/us/en/19/product-support/product/dell-command-powershell-provider-v1.0/manuals. 

Note -

• To configure password, system must have Service Tag.
• DCPP configures the same password for all Hard disks present in the machine. If user wants to configure different passwords for different hard disks then he/she can use BIOS setup menu (F2).
• HDD password configuration operation requires system restart to apply the changes.

1. HDDInfo

HDDInfo provides the information about hard disks present in the machine. It provides following information

• Hard Disk Name
• HDD is present or not
• HDD is password protected or not
• Restart is pending for previous configured HDD password or not
• HDD password changes can be done only by Admin or not
• Secure Erase is supported or not
• Secure Erase is enabled or not

To get this information using DCPP, use the following command 

Get-Item -Path DellSmbios:\Security\HDDInfo | Select -ExpandProperty CurrentValue

Note - I have used system which have two hard disks to show the use of DCPP.

As we can see from image above, no password is set for both hard disks. Other fields are also showing "no". 

2. Setting HDD Password

HDD password requires minimum 1 and maximum 32 characters.To set the password, use the following command.

Set-Item -Path DellSmbios:\Security\HDDPassword "$HDDPwd"

As we can see from image above, pending restart for both the hard disks is showing "Yes". System need to be restart for applying the changes.

After restart system will prompt during boot as shown below.

To apply the change or configure the HDD password, user needs to click on modify. If there are two hard disks it will prompt two times. To ignore the changes user needs to click on ignore.

If user has clicked on modify, HDDInfo will provide information as shown below.

Note - If system has Admin/system password already set on machine then user needs to give admin/system password when configuring HDD password using the following command 

if admin password is set on system

Set-Item -Path DellSmbios:\Security\HDDPassword "$HDDPwd" -Password "$AdminPwd"  

if system password is set on system

Set-Item -Path DellSmbios:\Security\HDDPassword "$HDDPwd" -Password "$SystemPwd"  

2. Modifying/Clearing HDD Password

To modify use the following command.

Set-Item -Path DellSmbios:\Security\HDDPassword "$NewHDDPwd" -Password "$OldHDDPwd"

To clear use the following command 

Set-Item -Path DellSmbios:\Security\HDDPassword "" -Password "$OldHDDPwd"

Note - System requires restart to apply the changes.

3. Additional Parameters to HDD password

DCPP has two additional parameters which user can provide when configuring HDD password. These are

• AdminPassword -

  User has to provide Admin password by using "AdminPassword" parameter if administrator has restricted the changes to HDD password. To provide this parameter, use the following command

  Set-Item -Path DellSmbios:\Security\HDDPassword "$HDDPwd" -AdminPassword "$AdminPwd"

   

• ATAMaximumSecurityMode

  User has to provide value to this parameter either as '0' or '1'. If user wants HDD password to be configured in maximum security mode (Secure Erase ) than user needs to provide value as '1' to this parameter. To provide this parameter, use the following command.

  Set-Item -Path DellSmbios:\Security\HDDPassword "$HDDPwd" -ATAMaximumSecurityMode "1"