Manualshelf

Administrator Guide

ManualsBrandsDell ManualsConverged InfrastructureEncryption
21222324252627282930
If this value is changed after files on external media are encrypted, the files are re-encrypted based on the updated registry
key value when the media is connected to the computer on which the registry setting was updated.
To enable silent automatic reactivation in the rare case that a user becomes deactivated, the registry value must be set on
the client computer.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CMGShield]
"AutoReactivation"=DWORD:00000001
0=Disabled (default)
1=Enabled
System Data Encryption (SDE) is enforced based on the policy value for SDE Encryption Rules. Additional directories are
protected by default when the SDE Encryption Enabled policy is Selected. For more information, search "SDE Encryption
Rules" in AdminHelp. When Encryption is processing a policy update that includes an active SDE policy, the current user
profile directory is encrypted by default with the SDUser key (a User key) rather than the SDE key (a Device key). The
SDUser key is also used to encrypt files or folders that are copied (not moved) into a user directory that is not a encrypted
with SDE.
To disable the SDUser key and use the SDE key to encrypt these user directories, create the registry on the computer:
[HKEY_LOCAL_MACHINE\SOFTWARE\Credant\CMGShield]
"EnableSDUserKeyUsage"=DWORD:00000000
If this registry key is not present or is set to anything other than 0, the SDUser key will be used to encrypt these user
directories.
For more information about SDUser, see KB article SLN304916
Setting the registry entry, EnableNGMetadata, if issues occur related with Microsoft updates on computers with Common
key-encrypted data or with encrypting, decrypting, or unzipping large numbers of files within a folder.
Set the EnableNGMetadata registry entry in the following location:
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\CmgShieldFFE]
"EnableNGMetadata" = DWORD:1
0=Disabled (default)
1=Enabled
The non-domain activation feature can be enabled by contacting Dell ProSupport and requesting instructions.
The Encryption Management Agent no longer outputs policies by default. To output future consumed policies, create the
following registry key:
HKLM\Software\Dell\Dell Data Protection\
" DumpPolicies" = DWORD
Value=1
Note: Logs are written to C:\ProgramData\Dell\Dell Data Protection\Policy .
To disable or enable the Encrypt for Sharing option in the right-click menu use the following registry key.
HKEY_LOCAL_MACHINE\SOFTWARE\Dell\Dell Data Protection\Encryption
"DisplaySharing"=DWORD
0 = disable the Encrypt for Sharing option in the right-click context menu
1 = enable the Encrypt for Sharing option in the right-click context menu
SED Manager
To set the retry interval when the Dell Server is unavailable to communicate with SED Manager, add the following registry
value.
[HKLM\System\CurrentControlSet\Services\DellMgmtAgent\Parameters]
"CommErrorSleepSecs"=DWORD:300
Registry Settings
23