Přeskočit na hlavní obsah
Odhlásit

Vítejte ve společnosti Dell.

Můj účet
  • Vkládejte objednávky snadno a rychle
  • Zobrazit objednávky a sledovat stav expedice
  • Vytvořte a přistupujte k seznamu svých produktů
  • Spravujte své profily, produkty a kontakty na úrovni produktů na stránkách Dell EMC pomocí správy společnosti.
Přihlásit se Vytvořte si účet Přihlášení na stránky Premier Přihlášení do partnerského programu
Spojte se s námi

Dell Command | PowerShell Provider Version 2.4 Reference Guide

PDF

Security

Table 1. SecuritySecurity
Attribute Name Description
Absolute Sets the value to the Absolute interface, and control the Absolute service. The following are the possible values:
  • Enabled—The Absolute service is activated or deactivated.
  • Disabled—If disabled, then the Absolute service does not run.
  • PermanentlyDisabled—If the Absolute interface is permanently disabled, then the Absolute feature can be enabled by using the factory reset feature.
AdminPassword Sets, changes, or clears the administrator (admin) password (also called the setup password). If you delete the admin password, the system password, if set, is also deleted. The following are the possible values: String containing minimum 4 and maximum 32 characters including whitespace.
AdminSetupLockout Enables or disables admin setup lockout. The following are the possible values:
  • Enabled
  • Disabled
AmdTSME Possible values:
  • Enabled—AMD Transparent Secure Memory Encryption (TSME) allows encryption of contents on the memory DIMMS.
    NOTE: For best results while diagnosing potential memory DIMM issues, turn off this feature prior to running diagnostic functions or tools.
  • Disabled—AMD Transparent Secure Memory Encryption (TSME) does not allow encryption on the memory DIMMS.
CapsuleFirmwareUpdate Enables or disables BIOS updates via UEFI capsule update packages. The following are the possible values:
  • Enabled
  • Disabled
ChasIntrusion The chassis intrusion switch is a physical switch which triggers an event when the chassis is opened. The following are the possible values:
  • Enabled—The system detects and reports chassis intrusion events to the system display on boot-up.
  • Disabled—The system does not detect and report the Chassis Intrusion events to the system display on boot-up.
  • SilentEnable—The system detects, but does not report the Chassis Intrusion events to the system display on boot-up.
ChassisIntrusionStatus Displays the status of chassis intrusion.
NOTE: Except TripReset, all values are read-only.
The following are the possible values:
  • DoorOpen—Indicates that chassis door is open.
  • Tripped—Indicates that the chassis door was opened since the last time the sensor-detection logic was reset.
  • DoorClosed—Indicates that chassis door is closed.
  • TripReset—Resets the sensor-detection logic to detect the next closed-to-open transition on the chassis door.
Computrace This feature allows the users to enable or disable Absolute Software's Computrace security software BIOS ROM. After this token is written, the state is permanently maintained (this is a write-once field). This token is for Factory use only. Application and management software must ignore this token. Write-once permanent is different from write-once. Write-once is reset on a power cycle and/or chipset reset. Write-once permanent cannot be reset or change once it is set. The following are the possible values:
  • Disable
  • Activate
NOTE: You cannot enable or disable this feature using Dell Command | Configure.
CpuXdSupport Enables or disables the run disable mode of the processor. The operating system can use this feature to hinder software that exploits buffer overflows. The following are the possible values:
  • Enabled
  • Disabled
DisPwdJumper DisPwdJumper controls the physical password clear jumper on the motherboard. The following are the possible values: Enabled—When this option is not selected, the password jumper on the motherboard is activated to clear the BIOS admin and the user passwords. Disabled—When this option is selected, the password jumper is disabled, and the BIOS passwords are not cleared.
GeneralPurposeEncryption Enables or disables general-purpose encryption. The following are the possible values:
  • Enabled
  • Disabled
HDDInfo Displays the details of each HDD. The following information is displayed:
  • HDDName—The name of the HDD.
  • Present—Whether the HDD is physically present.
  • PwdProtected—Whether a password exists for the HDD.
  • PendingRestart—Whether a reboot is pending to set the password.
  • AdminOnlyChange—Whether the changes to the password can be made only by an administrator.
  • SecureEraseSupported—Whether HDD Secure Erase is supported.
  • SecureEraseEnabled—Whether HDD Secure Erase is enabled.
The following are the possible values: Read-only.
HDDPassword Sets, changes, or clears the HDD password. Enter the HDD password, if set, when the system is powered on.
NOTE: After setting the HDD password, restart the system.
Possible values: String containing minimum 1 and maximum 32 characters including whitespace.
HddProtection Lets the user choose loading of HDD Protection OPROM.
IntlPlatformTrust Enables or disables IntlPlatformTrust feature. The following are the possible values:
  • Enabled—Displays the Intel Platform Trust Technology (PTT) device from the operating system on the next boot.
  • Disabled—Hides the Intel Platform Trust Technology (PTT) device from the operating system on the next boot.
NOTE: When disabled, the PTT device is not displayed to the operating system, and no changes can be made to the PTT device or its content.
IntelTME Controls the total memory encryption (TME) feature. The following are the possible values:
  • Enabled
  • Disabled
IsAdminPasswordSet Specifies if an admin password has been set. Possible values: True, false (Read-only)
IsSystemPasswordSet Specifies if a system password has been set. Possible values: True, false (Read-only)
MasterPasswordLockout Enables or disables master password settings.
CAUTION: Using the Dell Command | PowerShell Provider, you cannot disable this feature.
The following are the possible values:
  • Enabled—The master password cannot be used to:
    • clear other passwords
    • unlock and access Hard Disk Drive
    • erase data from Hard Disk Drive.
  • Disabled—The master password can be used to:
    • clear other passwords
    • unlock and access Hard Disk Drive
    • erase data from Hard Disk Drive.
NOTE: One of the methods of configuring this feature is from the BIOS setup screen.
NOTE: You cannot enable MasterPasswordLockout while setting up with Hdd or Owner's password.
NonAdminPsidRevert The following are the possible values:
  • Enabled—When enabled, the PSID revert is allowed to proceed without providing the BIOS admin password.
  • Disabled—When disabled, and if the BIOS admin password is set, PSID revert is protected and the BIOS admin password can be entered before performing the revert.
NVMePwdFeature This feature enables or disables the NVMe password. The following are the possible values:
  • Enabled
  • Disabled
OromKeyboardAccess Determines whether users are able to enter Option ROM Configuration screens using hotkeys during boot. The following are the possible values:
  • Enabled—Users are able to enter OROM configuration screens using hotkeys during boot.
  • OneTimeEnable—Users will be able to enter OROM configuration screens using hotkeys during next boot only. After next boot, the settings will revert to disabled.
  • Disabled—Users are able to enter OROM configuration screens using hotkeys during boot.
PasswordBypass Allows users to skip the entry of the system password, HDD password, fingerprint scan, or smartcard on either/both reboot (warm boot) or S3 resume (resume from standby). The following are the possible values:
  • Disabled
  • RebootBypass
  • ResumeBypass
  • RebootAndResumeBypass
PasswordLock Determines whether the changes to the system and HDD passwords are permitted or restricted if an admin password is set. The following are the possible values:
  • Disabled—If disabled, then the system and HDD passwords are locked by admin password and cannot be set, modified, or deleted unless admin password is provided.
  • Enabled—If enabled, then the system and the HDD passwords can be set, modified, or deleted.
Ppibypassforblocksid When there is no drive ownership and the ppibypassforblocksid is enabled, the BIOS requires user input while sending the Block SID authentication command to SED drives. When disabled, BIOS does not require user input while sending the Block SID command. The following are the possible values:
  • Enabled
  • Disabled
SafeShutter The device camera shutter opens automatically when you grant permission to the application and closes when permission is terminated. Disable dynamic behavior by pressing F9. The following are the possible values:
  • Dynamic Shutter
  • Manual Shutter Control
SedBlockSidAuthentication When there is no drive ownership and the SedBlockSidAuthentication is enabled, BIOS sends the Block SID authentication command to SED drives. When disabled, BIOS does not send the Block SID command. The following are the possible values:
  • Enabled
  • Disabled
NOTE: You can disable SedBlockSidAuthentication in manufacturing mode or while setting up the BIOS Setup Administrator password.
NOTE: The read-only mechanism can be changed when the system is in manufacturing mode, while the SedBlockSidAuthentication is disabled.
Smmsecuritymitigation Enables or disables the additional UEFI SMM Security Mitigation protections. The operating system uses this feature to protect the secure environment created by virtualization-based security. Enabling this feature provides the additional UEFI SMM Security Mitigation protections support. However, this feature may cause compatibility or functionality issues with some legacy tools and applications. The following are the possible values:
  • Enabled
  • Disabled
NOTE: You can disable Smmsecuritymitigation in manufacturing mode.
NOTE: The read-only mechanism can be changed when the system is in manufacturing mode, while the Smmsecuritymitigation is disabled.
StrongPassword Enables or disables the enforced use of a strong password. If enabled, the admin and system passwords must contain at least one upper case character, at least one lowercase character, and minimum eight characters. The following are the possible values:
  • Enabled
  • Disabled
SystemPassword Sets, changes, or clears the system password (also known as the user password). Enter the system password, if set, when the system is powered on. Possible values: String containing minimum 4 and maximum 32 characters including whitespace.
WirelessSwitchChanges Determines if changes to the wireless switch setting are permitted or restricted when an administrator password is set. The following are the possible values:
  • Enabled—Permits the changes to the wireless switch setting when an administrator password is set.
  • Disabled—Restricts the changes to the wireless switch setting when an administrator password is set.
NOTE: Provide the administrator password to be able to change the wireless switch setting. If the Administrator password is not set, this setting has no effect.

Hodnoťte tento obsah

Přesné
Užitečné
Snadno srozumitelné
Byl tento článek užitečný?
0/3000 characters
  Zadejte hodnocení (1 až 5 hvězdiček).
  Zadejte hodnocení (1 až 5 hvězdiček).
  Zadejte hodnocení (1 až 5 hvězdiček).
  Vyberte, zda vám článek pomohl či nikoli.
  Komentáře nesmí obsahovat tyto speciální znaky: <>() \