Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!wuarchive!sdd.hp.com!caen!spool.mu.edu!agate!riacs!pioneer.arc.nasa.gov!endter
From: endter@pioneer.arc.nasa.gov (Bill Endter RCU/DEC)
Newsgroups: comp.sys.ibm.pc.hardware
Subject: Re: Everex BIOS Password
Message-ID: <1991Jun13.173921.10687@riacs.edu>
Date: 13 Jun 91 17:39:21 GMT
References: <91163.205448TEMNGT23@ysub.ysu.edu> <1991Jun13.105945@neiman.east.sun.COM>
Sender: news@riacs.edu
Reply-To: endter@pioneer.arc.nasa.gov (Bill Endter RCU/DEC)
Organization: RIACS, NASA Ames Research Center
Lines: 27

In article <1991Jun13.105945@neiman.east.sun.COM>, evan@neiman.east.sun.COM (Evan Marcus (Sun NJ Sys Cons)) writes:
|> In article <91163.205448TEMNGT23@ysub.ysu.edu>, TEMNGT23@ysub.ysu.edu (Lou Anschuetz) writes:
|> |> Our university has been buying exclusively Everex PCs for about the
|> |> last three years.  Our lastest shipment for student PC labs came with
|> |> quite a surprise.  The new Setup routine lets you set a password on
|> |> the hardware.  The only way to remove this password is to take the
|> |> battery out of the machine and wait until the setup information is
|> |> lost.  As you can imagine, putting these machines in an unsupervised
|> |> student lab will soon lead to each and every one having a password
|> |> on it.  Argh!
|> 
|> Seems to me, all you have to do is put your own password in first.
|> 
|> Am I missing something?
|> -- 
|> WHO: Evan L. Marcus			"It works!!" 
|> WHAT: Sun Microsystems			 -- a friend of mine, after telling
|> WHERE: Paramus, New Jersey, USA		 me his wife was pregnant with their
|> HOW: marcus@neiman.East.Sun.COM	   	 first child.

   I think the problem is that if the instructor sets the password first, the
student (or instructor) will have to type the password in to access the machine. Once the student has access to the machine, they can change the password to anything they want.  Then only the student can log in.  The solution would be to disable passwords all together, or require that the old
password be typed in order to set a new password.  If the latter was the case, then an instructor would be required to type the initial password to allow the student access to the machine.  This could be undesirable.
   Actually I would be a little surprised if the password can be changed without requiring the old password.  This would be a lot fun for co-workers who found an unattended logged in PC.


	Bill