Dell EMC OpenManage Server Administrator

System Security

Use this window to control the security features of the system.

NOTE: This help page may include information about features and values not supported by your system. Server Administrator only displays the features and values that are supported on your system.

User Privileges

Table 1. User Privileges
Selection View Manage
System Security Administrator, Elevated Administrator (Linux only) Administrator, Elevated Administrator (Linux only)
NOTE: For more details on user privilege levels, see Privilege Levels In The Server Administrator GUI.
NOTE: Based on available hardware, dependencies may exist between the various attributes for settings. For example, setting a attribute value may change the state of the dependent attributes to non-editable or editable, as the case may be. For example, changing the Password Status setting to Locked does not allow you to configure the System Password.
NOTE: Based on the system's processor type, the TPM and TCM options are available.

System Password

Allows the system password to be set or modified. The password can be up to 32 characters long and contain most of non-shifted letters, numbers, and punctuation. Lowercase letters are valid. Only the following special characters are allowed: +, ", ,, -, ., /, ;, [, \, ], `. To enable system password modification you have to install J_EN_PASSWD jumper and set Password Status to Unlocked.

NOTE: Upper case letters are valid on the 13th generation PowerEdge servers and later.

Intel(R) AES-NI

Displays the current status of Intel(R) Processor AES-NI feature.

Setup Password

Allows the password to be set or modified. The password can be up to 32 characters long and contain most of non-shifted letters, numbers, and punctuation. Lowercase letters are valid. Only the following special characters are allowed: +, ", ,, -, ., /, ;, [, \, ], `. To enable system password modification, you have to install J_EN_PASSWD jumper and set Password Status to Unlocked.

NOTE: Upper case letters are valid on the 13th generation PowerEdge servers and later.

Password Status

Locks the system password. To prevent the system password from being modified, set this option to locked and enable setup password. This field also prevents the system password from being disabled by the user while the system boots.

TPM Security

Controls the reporting of the Trusted Platform Module (TPM) in the system.

Off (default) Presence of the TPM is not reported to the operating system.
On with Pre-boot Measurements BIOS stores TCG compliant measurements to the TPM during POST.
On without Pre-boot Measurements BIOS bypasses pre-boot measurements.
NOTE: A System/setup password is recommended with this TPM Security setting.

TPM Information

Displays the TPM's type and TPM's firmware version.

TPM Activation

Allows the user to change the operational state of the Trusted Platform Module (TPM). This field is Read-Only when TPM Security is set to Off.

Activate The TPM is enabled and activated.
Deactivate The TPM is disabled and deactivated.
No Change The operational state of the TPM remains unaltered.
NOTE: This feature is not available for 13G Platforms or later.

TPM Status

Displays the current status of the TPM.

TPM Clear

CAUTION: Clearing the TPM will cause loss of all keys in the TPM. This could affect booting of the operating system.

When set to Yes, all the contents of the TPM will be cleared. This field is Read-Only when TPM Security is set to Off.

NOTE: This feature is not available for 13G Platforms or later.

TCM Security

Controls the reporting of the Trusted Cryptography Module (TCM) in the system.

Off (default) Presence of the TCM is not reported to the operating system.
On Presence of the TCM is reported to the operating system.
NOTE: This feature is not available for 13G Platforms or later.

TCM Activation

Allows the user to change the operational state of the Trusted Cryptography Module (TCM). This field is Read-Only when TCM Security is set to Off.

Activate The TCM is enabled and activated.
Deactivate The TCM is disabled and deactivated.
No Change The operational state of the TCM remains unaltered.
NOTE: This feature is not available for 13G Platforms or later.

TCM Clear

CAUTION: Clearing the TCM will cause loss of all keys in the TCM. This could affect booting of the operating system.

When set to Yes, all the contents of the TCM will be cleared. This field is Read-Only when TCM Security is set to Off.

NOTE: This feature is not available for 13G Platforms or later.

TPM Command

Allows the user to control the Trusted Platform Module (TPM). This field is Read-Only when TPM Security is set to Off. The action requires an additional reboot before it can take effect.

Activate The TPM will be enabled and activated.
Deactivate The TPM will be disabled and deactivated.
None No command is sent to the TPM when set to none.
Clear All the contents of the TPM will be cleared when set to clear.
CAUTION: Clearing the TPM will cause loss of all keys in the TPM. This could affect booting to OS.
NOTE: This feature is not available for 13th Generation Platforms or later.

Intel(R) TXT

Enables or disables Trusted Execution Technology. To enable Intel(R) TXT, VT must be enabled, and the TPM must be enabled with pre-boot measurements and activated.

BIOS Update Control

Allows or prevents the BIOS update using DOS or UEFI shell based flash utilities. For environments not requiring local BIOS updates, it is recommended to set this field to Disabled.

NOTE: The BIOS updates via Update Package is not affected by this setup option.
Unlocked Allows all BIOS update.
Limited Prevents local BIOS updates from DOS or UEFFI shell based flash utilities, or from Lifecycle Controller User Interface.
NOTE: Limited is recommended for environments that do not require local BIOS updates. These environments include Remote Enablement Update or executing Update Package from operating system.

AC Power Recovery

Specifies how the system will react after AC power has been restored to the system. It is especially useful for people who turn their systems off with a power strip.

Last The system turns on if the system was on when AC was lost. The system remains off if the system was off when AC was lost.
On The system turns on after AC is restored.
Off The system stays off after AC is restored.

AC Power Recovery Delay

Specifies how the system will support the staggering of power-up after AC power has been restored to the system.

Immediate There is no delay for power-up.
Random The system creates a random delay (30 seconds to 240 seconds) for power-up.
User Defined The system delays power-up by that amount. The system supported user defined power-up delay range is from 30s to 240s.

User Defined Delay (60s to 240s)

Controls the user defined AC Recovery Delay. Enter a delay in the range of 60 seconds to 240 seconds.

UEFI Variable Access

UEFI variable access provides the degrees of various secure UEFI variables.

Standard (default) The UEFI variables are accessible in the operating system as per the UEFI specification.
Controlled The UEFI variables are protected in the operating system environment and new UEFI boot entries are forced to be at the end of the current boot order.

Secure Boot

When secure boot is enabled, the BIOS authenticates each pre-boot image using the certificates in the Secure Boot Policy. When secure boot is disabled, the BIOS does not authenticate images. Secure boot is disabled by default.

NOTE: You cannot disable the Secure boot option from the Server Administrator GUI or CLI mode once Secure boot option is enabled. If you want to disable this option, use POST BIOS screen.

Secure Boot Policy

When secure boot is Standard, the BIOS uses the systems manufacture keys and certificates to authenticate pre-boot images. When secure boot policy is Custom, the BIOS uses user-defined keys and certificates. Secure Boot Policy is Standard by default.

For an explanation of other buttons present on Server Administrator Action pages, see Server Administrator Window Buttons.