Lenovo Shows Tool to Manage Encrypted Drives

PC maker Lenovo hopes to give IT managers a helping hand with encrypted hard drive systems after announcing a new password management tool.

Called Hardware Password Manager, the tool is designed to allow system administrators to manage and reset staff passwords with all brands of hard drives, including those that have full disk encryption. A demonstration of the product can be seen here on YouTube.

Encrypting hard drives is often used as a way to protect confidential data, but when a password is lost (if the employee is made redundant for example) or is forgotten, administrators are often unable to decrypt the data and have to "burn the hardware".

Lenovo cited a Gartner study that found that helpdesk related calls, including password resets, can cost companies up to $18 (12.35) per call, which can add up quickly across a large organisation. It also found that 30 percent of the total call load for multipurpose help desk calls are password related and that password management can help reduce that volume by 70 percent.

The Lenovo tool has remote management capabilities built in, so even if the machine is outside the corporate VPN, IT administrators can easily deploy, remotely manage and reset the hard drive passwords of any staff member.

Essentially, the tool allows the IT department to create an administrative user ID and hardware password within a "vault" in the PC's BIOS. The IT personnel can then deploy the PC or remotely send the installation package to a staff member's PC when he is out in the field.

When the staff member turns his PC on, he will choose a unique user ID and password to access the PC's hard drive. Similarly, when the employee enters his user ID and password, it will also unlock the fully encrypted hard drive. This ID and password could be the employee's Windows Domain user ID and password.

But if the staff member forgets or loses their password, there are a number of recovery methods. He can either log onto the company's intranet through a wired connection, and using his intranet credentials, re-enroll a new password. He can also be given access by the IT administrator to an emergency account already created in the BIOS vault in the PC (just for this purpose).

Finally, he can also bypass the prompt for the Hardware Password Manager and enter the real hardware passwords (provided by the IT dept). Then the helpdesk can simply deregister the old "vault" remotely to allow the user to re-enroll a new ID and password.

Lenovo says that the Hardware Password Manager also allows for the central management of the BIOS Supervisor password, which allows the IT department to control the configuration of the BIOS settings of all its PC assets.

"Encrypting drives offer state of the art protection for PC data, but companies everywhere previously had difficulty managing them," said Peter Schrady, vice president and general manager, Enterprise, Software and Peripherals, Lenovo, in a statement.

"Lenovo's new Hardware Password Manager product provides an easy tool to reset passwords by remote control, including full-encryption drives," he said. "This is the world's only solution to centrally manage all available brands of fully encrypting drives. The fact that it can also utilise our fingerprint reader to access encrypted drives makes it even better."

The tool is expected to be available in early May and there is no word on pricing yet. Lenovo says it will work on "many Lenovo Think-branded laptops and desktops." Specifically, it says that Lenovo's ThinkPad X301, X200, X200s, X200 Tablet, T500, T400, R500, R400, W700, W700ds and ThinkCentre M58/M58p desktop will support the technology.

Subscribe to the Security Watch Newsletter

Comments