Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!zaphod.mps.ohio-state.edu!pacific.mps.ohio-state.edu!linac!mp.cs.niu.edu!ux1.cso.uiuc.edu!phil From: phil@ux1.cso.uiuc.edu (Phil Howard KA9WGN) Newsgroups: comp.sys.ibm.pc.hardware Subject: Re: Everex BIOS Password Message-ID: <1991Jun14.125403.9529@ux1.cso.uiuc.edu> Date: 14 Jun 91 12:54:03 GMT References: <91163.205448TEMNGT23@ysub.ysu.edu> <1991Jun13.105945@neiman.east.sun.COM> <91164.131028TEMNGT23@ysub.ysu.edu> Organization: University of Illinois at Urbana Lines: 63 TEMNGT23@ysub.ysu.edu (Lou Anschuetz) writes: >>|> Our university has been buying exclusively Everex PCs for about the >>|> last three years. Our lastest shipment for student PC labs came with >>|> quite a surprise. The new Setup routine lets you set a password on >>|> the hardware. The only way to remove this password is to take the >>|> battery out of the machine and wait until the setup information is >>|> lost. As you can imagine, putting these machines in an unsupervised >>|> student lab will soon lead to each and every one having a password >>|> on it. Argh! >> >>Seems to me, all you have to do is put your own password in first. >> >>Am I missing something? > >Indeed. I put my password in first, then of course must give it to >the student. One of the student's options is to CHANGE the password >since he knows the original one. I'm right back to the beginning. >The salesman tried to play this fast one on me... :-( Clearly the problem is the same kind of problem you have with letting multiple people use one single userid on a multiuser system. Many of the problems, such as file sharing, have been worked out for PC lab situations. But certainly anyone who knows the password can change the password. It seems to me that Everex did a very poor job of planning out this feature change. You could certainly take this to mean that they have written off the educational lab market. You should talk DIRECTLY TO THE VP OF MARKETING at Everex and see if he understands what his company has done. Be sure to tell him that what they SHOULD have done was to contact a wide diversity of their customers in order to design this feature correctly. I shall describe a better way that might even work in the labs: The password control system would have at least two categories of access to the machine. Category A allows access to the setup data for changes. Category B allows access to boot the machine and use the keyboard and mouse. The password, or lack thereof, should be settable separately for these categories. You can set a password for category A and keep that to yourself, or only tell the lab support staff. For category B you can either set a DIFFERENT password, or set none at all. Students will be able to access the machine via the category B password or lack of one, but will not have access to the setup data. This will solve one problem you actually had before, that of students running setup and screwing the machine (rare, but some do). Tell the Everex VP OF MARKETING that this way of doing the password is much better suited to the educational lab environment, as well as having added functionality for business and industrial customers. Tell him you expect a new set of ROMS within 2 weeks. If you are unable to reach the VP of MARKETING, then write Everex off. -- /***************************************************************************\ / Phil Howard -- KA9WGN -- phil@ux1.cso.uiuc.edu | Guns don't aim guns at \ \ Lietuva laisva -- Brivu Latviju -- Eesti vabaks | people; CRIMINALS do!! / \***************************************************************************/