Reference Guide

ManualsBrandsDell ManualsConverged InfrastructureData Guardian

191

192

193

194

195

196

197

198

199

200

Security Management Server v10.2.7 AdminHelp

181

Dell strongly recommends not listing applications or installers that write

system-critical files. Doing so could result in encryption of important

system files, which could make a Windows computer unbootable.

Common process names:

outlook.exe

winword.exe

powerpnt.exe

msaccess.exe

wordpad.exe

mspaint.exe

excel.exe

The following hard-coded system and installer process names are ignored

if specified in this policy (you can also add to this list in the registry value

HKLM\SOFTWARE\Credant\CMGShield\EUWPrivilegedList):

hotfix.exe, a Windows update process

update.exe, a Windows update process

setup.exe, a third-party installer process

msiexec.exe, a third-party installer process

wuauclt.exe, a Windows update process

wmiprvse.exe, a Windows system process

migrate.exe, a Windows update process

unregmp2.exe, a Windows update process

ikernel.exe, a third-party installer process

wssetup.exe, the Windows Encryption client installer

svchost.exe, a Windows system process

Encrypt Temporary

Files

Not Selected

When this policy is selected, the paths listed in the environment variables

TEMP and TMP are encrypted. TEMP and TMP for the operating system are

encrypted with the Common encryption key.

To reduce encryption sweep time, the contents of the TEMP and TMP

folders are cleared for initial encryption, as well as updates to this policy.

However, if your organization uses a third-party application that requires

the file structure within the \temp directory to be preserved, you should

prevent this deletion.

To disable temporary file deletion, create DeleteTempFiles (REG_DWORD)

and set its value to 0 in the registry at

HKLM\SOFTWARE\Credant\CMGShield.

Encrypt User Profile

Documents

Not Selected

When this policy is selected, the following are encrypted:

• The users profile (C:\Users\jsmith) with the User data encryption key

• \Users\Public with the Common encryption key

Encrypt Windows

Paging File

Selected

When this policy is selected, the Windows paging file is encrypted. A

change to this policy requires a reboot.

Managed Services null

String - maximum of 100 entries of 500 characters each (up to a maximum

of 2048 characters)

When a service is managed by this policy, the service is started only after

the user is logged in and the Encryption client is unlocked. This policy also

ensures that the Service managed by this policy is stopped before the

Encryption client is locked during logoff. This policy can also prevent a user

logoff if a service is unresponsive.

More...

Syntax is one service name per line. Spaces in the Service name are

supported. Wildcards are not supported. Entries are not case-

sensitive. For

example, GoogleDesktop Manager is the same as googledesktopmanager.

The service "log on as" setting has no bearing on whether or not the

Encryption client can control it. It does not matter if a user logs on with

user credentials verses the local system.

The startup type (Automatic or Manual) does not affect the ability of the

Encryption client to control it. Automatic or Manual startup is acceptable.

Managed services are not started if an unmanaged user logs on.

Secure Post-

Encryption Cleanup

Single Pass Overwrite

No Overwrite, Single-pass Overwrite, Three-pass Overwrite, Seven-pass

Overwrite