Manualshelf

Reference Guide

ManualsBrandsDell ManualsConverged InfrastructureEncryption
121122123124125126127128129130
Navigate the Dell Server
Encryption External Media Recovery for User "Removed" from Database
If a user is removed from Active Directory (such as an employee termination), when the Security
Management Server gets the update from AD, the user is marked as “removed” in the database, so that
they do not continue to get policy updates and endpoint access. However, if an Administrator needs to
recover access to data on removable storage that was encrypted by the removed user, the
Administrator does not know the user's password, and therefore cannot access the external media.
Note that the Administrator will need to repeat the following process for each piece of removable
storage encrypted by the removed user, since the recovery code is per endpoint and does not apply to
every piece of media owned by that user.
The following are SQL queries to accomplish "unmarking" the removed flag for the user in the database.
1. Follow the steps below. The user in this example is "games".
The next triage resets the "removed" flag.
2. Perform a recovery through Security Management Server (meaning, lock yourself out of the
removable storage by entering an incorrect password until the recovery screen displays).
Generate an Access Code through the Security Management Server.
3. Reset the Encryption External Media password.
4. IMPORTANT - Reverse the process from step 1 to re-mark the flag as "removed" in the
database.
Enable Federated Key Recovery
If more than one Dell Server is part of a federation, to perform Encryption External Media Recovery
across Dell Servers in the federation, enable federated key recovery:
1. Navigate to <Security Server install dir>\conf\ and open the federatedservers.properties file.
2. Update the server.code property with a new a code, password or passphrase to be shared
across Dell Servers in the federation. Enclose the code, password, or passphrase within a new
CLR() tag, to replace the ENC() tag.
Example: server.code=CLR(mypassword)
3. List all Dell Servers to be federated in the server uris property, delimited by a comma.
Example:
server.uris=https://server1.company.com:8443,https://server2.company.com:8443
4. Save and copy the federatedservers.properties file to all Dell Servers that are part of the
federation.
110