TEMNGT23@ysub.ysu.edu (Lou Anschuetz) (06/13/91)
Our university has been buying exclusively Everex PCs for about the last three years. Our lastest shipment for student PC labs came with quite a surprise. The new Setup routine lets you set a password on the hardware. The only way to remove this password is to take the battery out of the machine and wait until the setup information is lost. As you can imagine, putting these machines in an unsupervised student lab will soon lead to each and every one having a password on it. Argh! I immediately contacted a sales rep at Everex (a Mr. Joe Herndon (sp?)) who reported that their industrial customers demanded this feature and that they weren't about to change it for their educational customers. Well, as a first response we have cancelled all future orders for Everex machines until/unless the problem is fixed. The State of Ohio will also be removing them from our state pricing contract unless the problem is fixed (this will likely happen on June 19, 1991). In the interim, I and our purchasing department felt that other folks may wish to be made aware of Everex' new BIOS routine and the complication it may cause others where more than one person needs to have access to the machine. While I am sure this may even be a desireable feature in some industrial settings, it is certainly problematic in other settings. As the situation changes we will post additional information. You may contact via email for further info, or is there is sufficient interest, I will post more extensive information here. Lou Anschuetz Associate Director for Academic Consulting (soon to be an expert at battery pulling :-) temngt23@ysu.edu
evan@neiman.east.sun.COM (Evan Marcus (Sun NJ Sys Cons)) (06/13/91)
In article <91163.205448TEMNGT23@ysub.ysu.edu>, TEMNGT23@ysub.ysu.edu (Lou Anschuetz) writes: |> Our university has been buying exclusively Everex PCs for about the |> last three years. Our lastest shipment for student PC labs came with |> quite a surprise. The new Setup routine lets you set a password on |> the hardware. The only way to remove this password is to take the |> battery out of the machine and wait until the setup information is |> lost. As you can imagine, putting these machines in an unsupervised |> student lab will soon lead to each and every one having a password |> on it. Argh! Seems to me, all you have to do is put your own password in first. Am I missing something? -- WHO: Evan L. Marcus "It works!!" WHAT: Sun Microsystems -- a friend of mine, after telling WHERE: Paramus, New Jersey, USA me his wife was pregnant with their HOW: marcus@neiman.East.Sun.COM first child.
TEMNGT23@ysub.ysu.edu (Lou Anschuetz) (06/14/91)
In article <1991Jun13.105945@neiman.east.sun.COM>, evan@neiman.east.sun.COM (Evan Marcus (Sun NJ Sys Cons)) says: > >In article <91163.205448TEMNGT23@ysub.ysu.edu>, TEMNGT23@ysub.ysu.edu (Lou >Anschuetz) writes: >|> Our university has been buying exclusively Everex PCs for about the >|> last three years. Our lastest shipment for student PC labs came with >|> quite a surprise. The new Setup routine lets you set a password on >|> the hardware. The only way to remove this password is to take the >|> battery out of the machine and wait until the setup information is >|> lost. As you can imagine, putting these machines in an unsupervised >|> student lab will soon lead to each and every one having a password >|> on it. Argh! > >Seems to me, all you have to do is put your own password in first. > >Am I missing something? Indeed. I put my password in first, then of course must give it to the student. One of the student's options is to CHANGE the password since he knows the original one. I'm right back to the beginning. The salesman tried to play this fast one on me... :-(
endter@pioneer.arc.nasa.gov (Bill Endter RCU/DEC) (06/14/91)
In article <1991Jun13.105945@neiman.east.sun.COM>, evan@neiman.east.sun.COM (Evan Marcus (Sun NJ Sys Cons)) writes: |> In article <91163.205448TEMNGT23@ysub.ysu.edu>, TEMNGT23@ysub.ysu.edu (Lou Anschuetz) writes: |> |> Our university has been buying exclusively Everex PCs for about the |> |> last three years. Our lastest shipment for student PC labs came with |> |> quite a surprise. The new Setup routine lets you set a password on |> |> the hardware. The only way to remove this password is to take the |> |> battery out of the machine and wait until the setup information is |> |> lost. As you can imagine, putting these machines in an unsupervised |> |> student lab will soon lead to each and every one having a password |> |> on it. Argh! |> |> Seems to me, all you have to do is put your own password in first. |> |> Am I missing something? |> -- |> WHO: Evan L. Marcus "It works!!" |> WHAT: Sun Microsystems -- a friend of mine, after telling |> WHERE: Paramus, New Jersey, USA me his wife was pregnant with their |> HOW: marcus@neiman.East.Sun.COM first child. I think the problem is that if the instructor sets the password first, the student (or instructor) will have to type the password in to access the machine. Once the student has access to the machine, they can change the password to anything they want. Then only the student can log in. The solution would be to disable passwords all together, or require that the old password be typed in order to set a new password. If the latter was the case, then an instructor would be required to type the initial password to allow the student access to the machine. This could be undesirable. Actually I would be a little surprised if the password can be changed without requiring the old password. This would be a lot fun for co-workers who found an unattended logged in PC. Bill
pjh@mccc.edu (Pete Holsberg) (06/14/91)
In article <91163.205448TEMNGT23@ysub.ysu.edu> TEMNGT23@ysub.ysu.edu (Lou Anschuetz) writes:
=Our university has been buying exclusively Everex PCs for about the
=last three years. Our lastest shipment for student PC labs came with
=quite a surprise. The new Setup routine lets you set a password on
=the hardware. The only way to remove this password is to take the
=battery out of the machine and wait until the setup information is
=lost. As you can imagine, putting these machines in an unsupervised
=student lab will soon lead to each and every one having a password
=on it. Argh!
Zenith does a similar thing. However, they were able to identify to us
the chip that the password is stored in and we had our tech simply
remove that chip from each Zenith. Perhaps Everex has a similar scheme
that someone more technical than your contact knows about.
--
Prof. Peter J. Holsberg Mercer County Community College
Voice: 609-586-4800 Engineering Technology, Computers and Math
FAX: 609-586-6944 1200 Old Trenton Road, Trenton, NJ 08690
Internet: pjh@mccc.edu TCF 92 - April ??-??, 1992
hovanes@b17d.b17d.ingr.com (Ken Hovanes) (06/14/91)
In article <1991Jun13.105945@neiman.east.sun.COM>, evan@neiman.east.sun.COM (Evan Marcus (Sun NJ Sys Cons)) writes: > In article <91163.205448TEMNGT23@ysub.ysu.edu>, TEMNGT23@ysub.ysu.edu (Lou Anschuetz) writes: > |> student lab will soon lead to each and every one having a password > |> on it. Argh! > > Seems to me, all you have to do is put your own password in first. That's what I thought. I just thought I misunderstood the article. Of course, you know students. They'll take the pc apart and take out the jumper for the bios battery, damn them. > > Am I missing something? Am I missing something as well? > -- > WHO: Evan L. Marcus "It works!!" Ken Hovanes Intergraph Corp. Huntspatch, AL "Home of the..., well nothing. But it's ok."
TEMNGT23@ysub.ysu.edu (Lou Anschuetz) (06/14/91)
In article <1991Jun13.184802.14562@b17d.b17d.ingr.com>, hovanes@b17d.b17d.ingr.com (Ken Hovanes) says: > >In article <1991Jun13.105945@neiman.east.sun.COM>, evan@neiman.east.sun.COM >(Evan Marcus (Sun NJ Sys Cons)) writes: >> In article <91163.205448TEMNGT23@ysub.ysu.edu>, TEMNGT23@ysub.ysu.edu (Lou >Anschuetz) writes: >> |> student lab will soon lead to each and every one having a password >> |> on it. Argh! >> >> Seems to me, all you have to do is put your own password in first. > >That's what I thought. I just thought I misunderstood the article. Of >course, you know students. They'll take the pc apart and take out the >jumper for the bios battery, damn them. >> >> Am I missing something? > >Am I missing something as well? > To use the machine, according to the sales people, students have to enter this hardware password. This means I have to give them the password. Once you have the password you can change it to anything you want. So, now I've given them a password and made it clear that they can change it to something else. If I don't set it at all at least only the ones who discover it will set passwords. Also, I have to merely notify 15,000 students each and every quarter as to what the password is. Plus, I now have to fix the ones with the changed passwords just like not having one initially installed. I think this is a severe problem at a very minimum. As it is now I have to run setup on about 50% of our machines each and every day since students change it. To remove the password means having the machine battery out for 2 hours! With 63 of these machines already on campus in labs it could take 40-50 hours per day just to remove password. Hmm, seems like a problem here.... :-) Lou Anschuetz temngt23@ysu.edu
asylvain@felix.UUCP (Alvin "the Chipmunk" Sylvain) (06/14/91)
Written in article <91163.205448TEMNGT23@ysub.ysu.edu> by TEMNGT23@ysub.ysu.edu (Lou Anschuetz): > Our university has been buying exclusively Everex PCs for about the > last three years. Our lastest shipment for student PC labs came with > quite a surprise. The new Setup routine lets you set a password on > the hardware. The only way to remove this password is to take the > battery out of the machine and wait until the setup information is > lost. As you can imagine, putting these machines in an unsupervised > student lab will soon lead to each and every one having a password > on it. Argh! I'd say at first glance, that unless you have some compelling reason to stick with Everex (other than "we always have") that you go ahead and shop around for a different company. I'm assuming this is an IBM clone, yes? I'd daresay you'll find that Everex has quite a bit of competition out there. Dell has a good reputation, as does AST. I have no idea what their policy is re. sales to educational institutions, however. You might want to post and ask for opinions on what machine to buy _instead_ of the Everex. Be warned, tho, your mailbox may overflow! -- Alvin ===== asylvain@felix.UUCP ===== hplabs!felix!asylvain ===== "hplabs!felix!asylvain"@uunet.uu.net (I always try to respond to mail, if possible. If you don't hear back from me, try changing "hplabs" to "ccicpg," "spsd," or "lawnet.") DISCLAIMER: It's all in fun, folks, no flames intended. Any similarity between my opinion and that of my employer is purely coincidental and sufficient reason to change my opinion, although I'll still be right.
koerber.sin@sni.de (Mathias Koerber) (06/14/91)
In article <1991Jun13.105945@neiman.east.sun.COM> marcus@neiman.east.Sun.COM writes: |In article <91163.205448TEMNGT23@ysub.ysu.edu>, TEMNGT23@ysub.ysu.edu (Lou Anschuetz) writes: ||> Our university has been buying exclusively Everex PCs for about the ||> last three years. Our lastest shipment for student PC labs came with ||> quite a surprise. The new Setup routine lets you set a password on ||> the hardware. The only way to remove this password is to take the ||> battery out of the machine and wait until the setup information is ||> lost. As you can imagine, putting these machines in an unsupervised ^^^^^^^^^^^^ ||> student lab will soon lead to each and every one having a password ||> on it. Argh! | |Seems to me, all you have to do is put your own password in first. | |Am I missing something? Yes, the word *unsupervised* in the original post. What stops students from pulling the batteries and putting their own password...
phil@ux1.cso.uiuc.edu (Phil Howard KA9WGN) (06/14/91)
TEMNGT23@ysub.ysu.edu (Lou Anschuetz) writes: >>|> Our university has been buying exclusively Everex PCs for about the >>|> last three years. Our lastest shipment for student PC labs came with >>|> quite a surprise. The new Setup routine lets you set a password on >>|> the hardware. The only way to remove this password is to take the >>|> battery out of the machine and wait until the setup information is >>|> lost. As you can imagine, putting these machines in an unsupervised >>|> student lab will soon lead to each and every one having a password >>|> on it. Argh! >> >>Seems to me, all you have to do is put your own password in first. >> >>Am I missing something? > >Indeed. I put my password in first, then of course must give it to >the student. One of the student's options is to CHANGE the password >since he knows the original one. I'm right back to the beginning. >The salesman tried to play this fast one on me... :-( Clearly the problem is the same kind of problem you have with letting multiple people use one single userid on a multiuser system. Many of the problems, such as file sharing, have been worked out for PC lab situations. But certainly anyone who knows the password can change the password. It seems to me that Everex did a very poor job of planning out this feature change. You could certainly take this to mean that they have written off the educational lab market. You should talk DIRECTLY TO THE VP OF MARKETING at Everex and see if he understands what his company has done. Be sure to tell him that what they SHOULD have done was to contact a wide diversity of their customers in order to design this feature correctly. I shall describe a better way that might even work in the labs: The password control system would have at least two categories of access to the machine. Category A allows access to the setup data for changes. Category B allows access to boot the machine and use the keyboard and mouse. The password, or lack thereof, should be settable separately for these categories. You can set a password for category A and keep that to yourself, or only tell the lab support staff. For category B you can either set a DIFFERENT password, or set none at all. Students will be able to access the machine via the category B password or lack of one, but will not have access to the setup data. This will solve one problem you actually had before, that of students running setup and screwing the machine (rare, but some do). Tell the Everex VP OF MARKETING that this way of doing the password is much better suited to the educational lab environment, as well as having added functionality for business and industrial customers. Tell him you expect a new set of ROMS within 2 weeks. If you are unable to reach the VP of MARKETING, then write Everex off. -- /***************************************************************************\ / Phil Howard -- KA9WGN -- phil@ux1.cso.uiuc.edu | Guns don't aim guns at \ \ Lietuva laisva -- Brivu Latviju -- Eesti vabaks | people; CRIMINALS do!! / \***************************************************************************/
pal@brahms.amd.com (WHO?) (06/15/91)
In article <1991Jun13.174004.17784@mccc.edu> pjh@mccc.edu (Pete Holsberg) writes: >In article <91163.205448TEMNGT23@ysub.ysu.edu> TEMNGT23@ysub.ysu.edu (Lou Anschuetz) writes: >Our university has been buying exclusively Everex PCs for about the >last three years. Our lastest shipment for student PC labs came with >quite a surprise. The new Setup routine lets you set a password on >the hardware. The only way to remove this password is to take the >battery out of the machine and wait until the setup information is >lost. As you can imagine, putting these machines in an unsupervised >student lab will soon lead to each and every one having a password >on it. Argh! > The password is stored in the EEPROM so is some of the configurations. even if the batery is removed the password and these conf. will not be erased or reset.
rdippold@cancun.qualcomm.com (Ron Dippold) (06/15/91)
In article <1991Jun13.105945@neiman.east.sun.COM> marcus@neiman.east.Sun.COM writes: >In article <91163.205448TEMNGT23@ysub.ysu.edu>, TEMNGT23@ysub.ysu.edu (Lou Anschuetz) writes: >|> Our university has been buying exclusively Everex PCs for about the >|> last three years. Our lastest shipment for student PC labs came with >|> quite a surprise. The new Setup routine lets you set a password on >|> the hardware. The only way to remove this password is to take the >|> battery out of the machine and wait until the setup information is >|> lost. As you can imagine, putting these machines in an unsupervised >|> student lab will soon lead to each and every one having a password >|> on it. Argh! > >Seems to me, all you have to do is put your own password in first. > >Am I missing something? Well, then you need to give the students the password so they can use the computers. And once you have the password, you can also change the password! -- Standard disclaimer applies, you legalistic hacks. | Ron Dippold
kize@cup.portal.com (Brian L Kaisner) (06/15/91)
Recent Dell systems also have a password feature that is enabled via the built-in Setup program. HOWEVER, the password can be permanently disabled by removing a jumper on the motherboard. If you keep the case locked, there is no chance a student can enable a password. If the system is later moved to a location where a password is desired, just re-install the jumper. Dell's prices are competitive with Everex's. Dell can be reached at (800) 426-5150. As an employee, I will also state that Dell will try quite hard to tailor a product to your needs. It isn't a fluke that Dell is #1 in customer satisfaction (recent J.D. Powers survey). - Brian
quimby@madoka.its.rpi.edu (Quimby Pipple) (06/15/91)
Well, I finally made it work work, we faxed some stuff to Everex, and now we have some more information. I'll just do this in question and answer format. phil@ux1.cso.uiuc.edu (Phil Howard KA9WGN) writes: >It seems to me that Everex did a very poor job of planning out this >feature change. You could certainly take this to mean that they have >written off the educational lab market. Everex introduced a new model motherboard with some new features, one of which is password protection. The initial response to passwords was entirely positive -- users were able to protect their machines from other workers if they wished, and shared machines with 'keyed alike' passwords worked to keep the non-office people. The blind spot was an installation with shared machines and *hostile* users that all have to be able to use the machines. This kind of thing doesn't happen too much in a normal environment, fortunately, or mouse ports would have weld tabs. Anyway, Everex is aware of and working on the problem. They haven't forgotten the educational market, they merely underestimated the destructive tendencies of the average 20 year old. If anyone has questions about the fix, or the status of the fix please send a message to Tom Duchesneau, at duchesneau@mts.rpi.edu. (I'm letting my employer handle this one.) Please limit this to exclude random curiousity. I'll post any information of major importance here, but if you're having a problem, email is fine. Note that this is not the address of Everex, Inc. I probably shouldn't speculate here, but it seems to me that since this is a new board, the simple fix of using an old version BIOS won't work. I would also guess that in the near future the machines will be available in either a passworded or non-passworded version. Again, this is just my daydreaming. > You should talk DIRECTLY TO >THE VP OF MARKETING at Everex and see if he understands what his >company has done. I suppose this kind of thing works fine in a K-mart, or a McDonald's, or something, but it really doesn't apply here. Besides, they're really a nice bunch of people over there. Quimby -- quimby@mts.rpi.edu, quimby@rpitsmts.bitnet
jnemeth@cue.bc.ca (John Nemeth) (06/18/91)
In article <1991Jun14.201315.15848@amd.com> pal@brahms.amd.com (WHO?) writes: >The password is stored in the EEPROM so is some of the configurations. >even if the batery is removed the password and these conf. will not be >erased or reset. IBM PC's and clones do NOT use EEPROM's. They use battery backed up CMOS RAM (which is often buried in one of the ASIC's). Removing the battery will cause the password (and all the setup information) to be lost. It usually takes anywhere from a couple of hours to a day for the the information to be lost. Most machines have a jumper or a switch you can use to zap the CMOS RAM. Most machines I've seen that have password protection have the option of just protecting the system setup, or protecting system setup and booting. -- John Nemeth jnemeth@cue.bc.ca System Administrator {uw-beaver,ubc-cs,ssc-vax}! Computer Using Educators of B.C. uvicctr!cue!jnemeth