Deployment Guide
Table Of Contents
- Dell Encryption Personal Installation Guide v11.1
- Contents
- Overview
- Requirements
- Download the Software
- Installation
- Advanced Authentication and Encryption Personal Setup Wizards
- Configure Console Settings
- Uninstall the Master Installer
- Uninstall Using the Child Installers
- Data Security Uninstaller
- Policies and Template Descriptions
- Policies
- Template Descriptions
- Aggressive Protection for All Fixed Drives and External Drives
- PCI Regulation Targeted
- Data Breach Regulation Targeted
- HIPAA Regulation Targeted
- Basic Protection for All Fixed Drives and External Drives (Default)
- Basic Protection for All Fixed Drives
- Basic Protection for System Drive Only
- Basic Protection for External Drives
- Encryption Disabled
- Extract Child Installers
- Troubleshooting
- Glossary
Advanced Authentication
Disable Smart Card and Biometric Services (Optional)
If you do not want Advanced Authentication to change the services associated with smart cards and biometric devices to a
startup type of "automatic", you can disable the service startup feature.
When disabled, Authentication does not attempt to start these three services:
● SCardSvr - Manages access to smart cards read by the computer. If this service is stopped, this computer is unable to read
smart cards. If this service is disabled, any services that explicitly depend on it fail to start.
● SCPolicySvc - Allows the system to be configured to lock the user desktop upon smart card removal.
●
WbioSrvc - The Windows biometric service gives client applications the ability to capture, compare, manipulate, and store
biometric data without gaining direct access to any biometric hardware or samples. The service is hosted in a privileged
SVCHOST process.
Disabling this feature also suppresses warnings associated with the required services not running.
● By default, if the registry key does not exist or the value is set to 0, this feature is enabled.
[HKEY_LOCAL_MACHINE\SOFTWARE\DELL\Dell Data Protection]
SmartCardServiceCheck=REG_DWORD:0
Set to 0 to Enable.
Set to 1 to Disable
Use Smart Cards with Windows Log On
● To determine if the PBA is activated, ensure that the following value is set:
[HKLM\SYSTEM\CurrentControlSet\services\DellMgmtAgent\Parameters]
"PBAIsActivated"=DWORD (32-bit):1
A value of 1 means that the PBA is activated. A value of 0 means the PBA is not activated.
NOTE:
Manually deleting this key can create unintended results for users syncing with the PBA resulting in the need for
manual recovery.
● To determine if a smart card is present and active, ensure the following value is set:
HKLM\SOFTWARE\Dell\Dell Data Protection\
"SmartcardEnabled"=DWORD:1
If SmartcardEnabled is missing or has a value of zero, the Credential Provider will display only Password for authentication.
If SmartcardEnabled has a non-zero value, the Credential Provider will display options for Password and smart card
authentication.
● The following registry value indicates whether Winlogon should generate a notification for logon events from smart cards.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
"SmartCardLogonNotify"=DWORD:1
0 = Disabled
1 = Enabled
Proceed to Glossary.
● To prevent SED management from disabling third-party credential providers, create the following registry key:
HKLM\SOFTWARE\Dell\Dell Data Protection\
"AllowOtherCredProviders" = DWORD:1
0=Disabled (default)
1=Enabled
● The Encryption Management Agent no longer outputs policies by default. To output future consumed policies, create the
following registry key:
HKLM\Software\Dell\Dell Data Protection\
86
Troubleshooting