Manualshelf

Reference Guide

ManualsBrandsDell ManualsConverged InfrastructureEncryption
121122123124125126127128129130
Security Management Server v10.2.10 AdminHelp
109
removable media .
unencrypted data on this
media, but no access to
encrypted data.
access to unencrypted
data on this media. They
cannot access encrypted
data.
Occasionally, based on policies set, encryption keys cannot be reinitialized on the computer that the
removable media is inserted in. If policy permits, the user can insert the media into any Dell-encrypted
computer where the original user is logged in, to reinitialize the encryption keys. If policy does not permit
this, it must be inserted into the originally encrypting computer, with the originally specified user name.
On rare occasions, when encryption key material is lost, the Encryption client cannot automatically
locate the necessary information. Use the following process to recover encrypted data.
1. Attach the device to a Windows computer that is not running the Encryption client.
2. Copy all folders from the device onto the Windows computer.
3. Use WSScan to determine the DCID of the encrypted data.
4. Follow the process for recovering access to encrypted data on Windows computers. Use the
DCID obtained from WSScan for the RecoveryID.
Encryption External Media Recovery for User "Removed" from Database
If a user is removed from Active Directory (such as an employee termination), when the Security
Management Server gets the update from AD, the user is marked as “removed” in the database, so that
they do not continue to get policy updates and endpoint access. However, if an Administrator needs to
recover access to data on removable storage that was encrypted by the removed user, the
Administrator does not know the user's password, and therefore cannot access the external media.
Note that the Administrator will need to repeat the following process for each piece of removable
storage encrypted by the removed user, since the recovery code is per endpoint and does not apply to
every piece of media owned by that user.
The following are SQL queries to accomplish "unmarking" the removed flag for the user in the database.
1. Follow the steps below. The user in this example is "games".
The next triage resets the "removed" flag.
2. Perform a recovery through Security Management Server (meaning, lock yourself out of the
removable storage by entering an incorrect password until the recovery screen displays).
Generate an Access Code through the Security Management Server.
3. Reset the Encryption External Media password.