Manualshelf

Administrator Guide

ManualsBrandsDell ManualsConverged InfrastructureEncryption
21222324252627282930
The Security Server port may be changed from the original installation location if needed. This value is read every time a
policy poll occurs. Change the following registry value on the client computer:
[HKLM\SYSTEM\CurrentControlSet\services\DellMgmtAgent]
ServerPort=REG_SZ:8888
The Security Server URL may be changed from the original install location if needed. This value is read by the client
computer every time a policy poll occurs. Change the following registry value on the client computer:
[HKLM\SYSTEM\CurrentControlSet\services\DellMgmtAgent]
"ServerUrl"=REG_SZ:https://<newname>.<organization>.com:8888/agent
(With pre-boot authentication only) If you do not want PBA advanced authentication to change the services associated with
smart cards and biometric devices to a startup type of "automatic", disable the service startup feature. Disabling this feature
also suppresses warnings associated with the required services not running.
When disabled, PBA advanced authentication does not attempt to start these services:
SCardSvr - Manages access to smart cards read by the computer. If this service is stopped, this computer is unable to
read smart cards. If this service is disabled, any services that explicitly depend on it fail to start.
SCPolicySvc - Allows the system to be configured to lock the user desktop upon smart card removal.
WbioSrvc - The Windows biometric service gives client applications the ability to capture, compare, manipulate, and store
biometric data without gaining direct access to any biometric hardware or samples. The service is hosted in a privileged
SVCHOST process.
By default, if the registry key does not exist or the value is set to 0, this feature is enabled.
[HKLM\SOFTWARE\DELL\Dell Data Protection]
SmartCardServiceCheck=REG_DWORD:0
0 = Enabled
1 = Disabled
To use smart cards with SED PBA Authentication, the following registry value must be set on the client computer that is
equipped with an SED.
[HKLM\SOFTWARE\DigitalPersona\Policies\Default\SmartCards]
"MSSmartcardSupport"=DWORD:1
Set the Authentication Method policy to Smart Card in the Management Console, and commit the change.
To suppress all Toaster notifications from the Encryption Management Agent, the following registry value must be set on the
client computer.
[HKEY_LOCAL_MACHINE\SOFTWARE\Dell\Dell Data Protection]
"PbaToastersAllowClose" =DWORD:1
0=Enabled (default)
1=Disabled
Full Disk Encryption
This section details all Dell ProSupport approved registry settings for local computers, regardless of the reason for the
registry setting. If a registry setting overlaps two products, it is listed in each category.
These registry changes should be done by administrators only and may not be appropriate or function in all scenarios.
To set the retry interval when the Dell Server is unavailable to communicate with Full Disk Encryption, add the following
registry value.
[HKLM\System\CurrentControlSet\Services\DellMgmtAgent\Parameters]
"CommErrorSleepSecs"=DWORD:300
This value is the number of seconds Full Disk Encryption waits to attempt to contact the Dell Server if it is unavailable to
communicate with Full Disk Encryption. The default is 300 seconds (5 minutes).
Registry Settings
25