Manualshelf

Administrator Guide

ManualsBrandsDell ManualsConverged InfrastructureEncryption
21222324252627282930
This value is the number of seconds SED Manager waits to attempt to contact the Dell Server if it is unavailable to
communicate. The default is 300 seconds (5 minutes).
If a self-signed certificate is used on the Dell Server for SED Manager, SSL/TLS trust validation must remain disabled on the
client computer (SSL/TLS trust validation is disabled by default with SED Manager). Before enabling SSL/TLS trust
validation on the client computer, the following requirements must be met.
A certificate signed by a root authority, such as EnTrust or Verisign, must be imported into Dell Server.
The full chain of trust of the certificate must be stored in the Microsoft keystore on the client computer.
To enable SSL/TLS trust validation for SED Manager, change the value of the following registry entry to 0 on the client
computer.
[HKLM\System\CurrentControlSet\Services\DellMgmtAgent\Parameters]
"DisableSSLCertTrust"=DWORD:0
0 = Enabled
1 = Disabled
To determine if the PBA is activated, ensure that the following value is set:
[HKLM\SYSTEM\CurrentControlSet\services\DellMgmtAgent\Parameters]
"PBAIsActivated"=DWORD (32-bit):1
A value of 1 means that the PBA is activated. A value of 0 means the PBA is not activated.
To determine if a smart card is present and active, ensure the following value is set:
HKLM\SOFTWARE\Dell\Dell Data Protection\
"SmartcardEnabled"=DWORD:1
If SmartcardEnabled is missing or has a value of zero, the Credential Provider will display only Password for authentication.
If SmartcardEnabled has a non-zero value, the Credential Provider will display options for Password and smart card
authentication.
The following registry value indicates whether Winlogon should generate a notification for logon events from smart cards.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
"SmartCardLogonNotify"=DWORD:1
0 = Disabled
1 = Enabled
To prevent SED Manager from disabling third-party credential providers, create the following registry key:
HKLM\SOFTWARE\Dell\Dell Data Protection\
"AllowOtherCredProviders" = DWORD:1
0=Disabled (default)
1=Enabled
NOTE: This value may prevent the Dell credential provider from properly syncing credentials initially due to third-party
credential providers being disabled. Ensure the devices using this registry key can properly communicate with the Dell
Server.
To set the interval that SED Manager attempts to contact the Dell Server when it is unavailable to communicate, set the
following value on the target computer:
[HKLM\System\CurrentControlSet\Services\DellMgmtAgent\Parameters]
"CommErrorSleepSecs"=DWORD Value:300
This value is the number of seconds SED Manager waits to attempt to contact the Dell Server if it is unavailable to
communicate. The default is 300 seconds (5 minutes).
The Security Server host may be changed from the original installation location if needed. The host information is read every
time a policy poll occurs. Change the following registry value on the client computer:
[HKLM\SYSTEM\CurrentControlSet\services\DellMgmtAgent]
"ServerHost"=REG_SZ:<newname>.<organization>.com
24
Registry Settings