Deployment Guide
Table Of Contents
- Dell Encryption Personal Installation Guide v11.1
- Contents
- Overview
- Requirements
- Download the Software
- Installation
- Advanced Authentication and Encryption Personal Setup Wizards
- Configure Console Settings
- Uninstall the Master Installer
- Uninstall Using the Child Installers
- Data Security Uninstaller
- Policies and Template Descriptions
- Policies
- Template Descriptions
- Aggressive Protection for All Fixed Drives and External Drives
- PCI Regulation Targeted
- Data Breach Regulation Targeted
- HIPAA Regulation Targeted
- Basic Protection for All Fixed Drives and External Drives (Default)
- Basic Protection for All Fixed Drives
- Basic Protection for System Drive Only
- Basic Protection for External Drives
- Encryption Disabled
- Extract Child Installers
- Troubleshooting
- Glossary
Registry Settings
This section details all Dell ProSupport approved registry settings for local client computers.
Encryption
(Optional) Create an Encryption Removal Agent Log File
● Before beginning the uninstall process, you can optionally create an Encryption Removal Agent log file. This log file is useful
for troubleshooting an uninstall/decryption operation. If you do not intend to decrypt files during the uninstall process, you
do not need to create this log file.
● The Encryption Removal Agent log file is not created until after the Encryption Removal Agent service runs, which does not
happen until the computer is restarted. Once the client is successfully uninstalled and the computer is fully decrypted, the
log file is permanently deleted.
● The log file path is C:\ProgramData\Dell\Dell Data Protection\Encryption.
● Create the following registry entry on the computer targeted for decryption.
[HKLM\Software\Credant\DecryptionAgent]
"LogVerbosity"=DWORD:2
0: no logging
1: logs errors that prevent the service from running
2: logs errors that prevent complete data decryption (recommended level)
3: logs information about all decrypting volumes and files
5: logs debugging information
Use Smart Cards with Windows Log On
● To determine if a smart card is present and active, ensure the following value is set:
HKLM\SOFTWARE\Dell\Dell Data Protection\
"SmartcardEnabled"=DWORD:1
If SmartcardEnabled is missing or has a value of zero, the Credential Provider will display only Password for authentication.
If SmartcardEnabled has a non-zero value, the Credential Provider will display options for Password and smart card
authentication.
● The following registry value indicates whether Winlogon should generate a notification for logon events from smart cards.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
"SmartCardLogonNotify"=DWORD:1
0 = Disabled
1 = Enabled
Preserve Temp Files During Installation
● By default, all temporary files in the c:\windows\temp directory are automatically deleted during installation. Deletion of
temporary files speeds initial encryption and occurs before the initial encryption sweep.
However, if your organization uses a third-party application that requires the file structure within the \temp directory to be
preserved, you should prevent this deletion.
To disable temporary file deletion, create or modify the registry setting as follows:
[HKLM\SOFTWARE\CREDANT\CMGShield]
"DeleteTempFiles"=REG_DWORD:0
Not deleting temporary files increases initial encryption time.
Change the Default Behavior of the User Prompt to Begin or Delay Encryption
84
Troubleshooting