,
Feature | Function | Default setting, | Reboot | |
|
|
| if applicable | required |
|
|
|
|
|
| Accessory USB Ports |
|
| Yes |
|
|
|
|
|
| – USB Port 1 | Sets USB port status | Enabled | Yes |
|
|
|
|
|
| – USB Port 2 | Sets USB port status | Enabled | Yes |
|
|
|
|
|
| – USB Port 3 | Sets USB port status | Enabled | Yes |
|
|
|
|
|
| – USB Port 4 | Sets USB port status | Enabled | Yes |
|
|
|
|
|
| – USB Port 5 | Sets USB port status | Enabled | Yes |
|
|
|
|
|
| – USB3 Port 1 | Sets USB port status | Enabled | Yes |
|
|
|
| |
Slot Security | Note: Information displayed may vary with form factor |
| Yes | |
|
|
|
|
|
| PCI Express x16 Slot 1 | Sets PCI Express x16 slot availability | Enabled | Yes |
|
|
|
|
|
| PCI Express x4 Slot 1 | Sets PCI Express x4 slot availability | Enabled | Yes |
|
|
|
|
|
| PCI Express x1 Slot 1 | Sets PCI Express x1 slot availability | Enabled | Yes |
|
|
|
|
|
| PCI Express x1 Slot 2 | Sets PCI Express x1 slot availability | Enabled | Yes |
|
|
|
|
|
| PCI Express x1 Slot 3 | Sets PCI Express x1 slot availability | Enabled | Yes |
|
|
|
| |
Network Boot | Sets network boot status | Enabled | Yes | |
|
|
|
| |
System IDs | Sets Asset Tag, Ownership Tag, Keyboard Layout, and UUID |
| No | |
|
|
|
| |
Master Boot Record Security | Protects MBR from corruption | Disabled | Yes | |
|
|
|
| |
System Security |
|
| Yes | |
|
|
|
|
|
| Data Execution Prevention | Enables DEP to protect against certain OS security breaches on Intel- | Enabled | Yes |
|
| based systems |
| |
|
|
|
| |
|
|
|
|
|
| Virtualization Technology (VTx) | Enables VT on | Disabled | Yes |
|
|
|
|
|
| Virtualization Technology | Grants virtual machines direct access to peripheral devices on select | Disabled | Yes |
| Directed I/O (VTd) |
|
| |
|
|
|
|
|
| Trusted Execution Technology | Enables Trusted Execution Technology on select | Disabled | Yes |
|
| Note: Enabling this feature disables OS management of Embedded |
|
|
|
| Security Device, prevents a reset of the Embedded Security Device, and |
|
|
|
| prevents the configuration of VTx, VTd, and Embedded Security Device. |
|
|
Embedded Security Device
–Reset to Factory Settings
Measure boot variables/devices to PCR1
OS Management of Embedded Security Device
–Reset of Embedded Security Device through OS
–No PPI Provisioning
–Allow PPI policy to be changed by OS
Button Retask Password Protection
Enables Trusted Platform Module (TPM) | Enabled | Yes |
Note: Configuring the Embedded Security Device requires a setup |
|
|
password. |
|
|
|
|
|
Disables TPM and resets credentials | Do not reset | Yes |
|
|
|
Prevents changes in boot device configuration (e.g. adding to or | Disabled | Yes |
changing boot order) from causing Bitlocker recovery mode |
|
|
|
|
|
Allows OS to manage TPM | Enabled | Yes |
|
|
|
Allows reset of TPM to be initiated from the OS | Disabled | Yes |
|
|
|
Allows the OS to take immediate control of the Embedded Security | Disabled | Yes |
Device without requiring user interaction. |
|
|
|
|
|
Allows the OS to change how the user is prompted for changes to the | Disabled | Yes |
Embedded Security Device |
| |
|
| |
|
|
|
Prevents | Disabled | Yes |
administrator privileges |
|
|
|
|
|
15