04-25-2016 03:23 AM
Hello. We are going to be purchasing a lot of HP Z240 Tower Workstations from our supplier in the future and I have been given one to QA in our environment.
We currently use HP BCU to make available and enable the TPM on our current HP systems. We are using version 126.96.36.199 of HPBCU. Today I have downloaded version 188.8.131.52 of the HPBCU to begin creating a configuration file for the new Z240 workstations.
The problem I have is that the TPM PPI (physical presence) settings are nowhere to be found in the UEFI/BIOS firmware user interface. What we want to do is suppress the prompt that would allow users to deny modifications. This is/was possible in previous incarnations of HPBCU on different models of workstation in the form of the following setting.
Embedded Security Activation Policy
F1 to Boot
Allow user to reject
Unfortunately this is not in the file created using 184.108.40.206 on the Z240 and as I said nothing appears in the user interface. I have checked under Security > TPM Embedded Security but the only options I see there are TPM Device and TPM State.
Is it possible to configure the physical presence settings on this model of workstation using HPBCU? If not then I will need to reccommend an appropriate alternative make/model where it is possible.
We deploy scripts that run HPBCU through configmgr(SCCM) and can't have this prompt annoying our users and potentially allowing them to deny the change.
We also can't have technicians visit every Z240 to configure this manually. Our I.T. estate is fairly large at 5000 computers so automatic management is crucial to us.
Any help would be massively appreciated.
Solved! Go to Solution.
04-28-2016 08:45 AM
I see that you have already marked this as resolved though I wanted to ask a few questions.
When you tried to make the changes in the Bios via the BCU were you setting an administrator password before trying to make the change?
Also, when looking at the BIOS directly on that model did it show the option to hide or make available the embedded security chip?