Users Guide
Resolved Technical Advisories v8.1
● The certificate that is created or imported into the Server installer is now used for all components, not just the Dell Security
Server.
Technical Advisories v8.1
● Adding enterprise managed smart cards in v8.1 requires the use of Certificate Revocation List (CRL) in AD. The Enterprise
Server does not support binding to global catalogs (does not support binding to port 3268 for smart card authentication) for
CRL distribution point resolution. The CRL distribution is not a global catalog replicated resource and the Enterprise Server
cannot use the global catalog for CRL distribution point resolution. Configuration of individual domains in the Remote
Management Console (in Domains > Add Domains) are required if enterprise managed smart cards will be used.
If you intend to migrate your Enterprise Server or if you are already are using the global catalog as a mount point and want to
use smart cards for PBA Authentication, contact Dell ProSupport for guidance.
● A Microsoft issue has caused Certificate Authorities installed on Windows Server 2012 that issue any of the certificates in a
chain of trust used for smart card authentication to provide an invalid LDAP URL to the certificate's revocation list.
Specifically, "A CA does not replace space characters in URL paths for CRL distribution points and authority information
access extensions on a computer that is running Windows Server 2012".
Microsoft has released a hotfix to correct this issue, which is available at http://support.microsoft.com/kb/2827759. Users
will be required to enter an email address to which a link will be sent where the actual download will occur.
This patch needs to be installed on any Windows Server 2012 CA that issues a certificate contained in the smart card's chain
of trust. Once the hotfix is in place, the certificate service will need to be restarted and the affected certificates will need to
be renewed or recreated in order to pick up the corrected LDAP URL.
New Features and Functionality v8.0
● Microsoft SQL Server 2012 Standard Edition / Business Intelligence / Enterprise Edition is now supported for the Enterprise
Server database.
● The Policy Categories in the Remote Management Console have been renamed, as follows:
○ Shield for Windows has been renamed to Windows Encryption
○ Manager for SED has been renamed to Self-Encrypting Drives
○ Manager for BitLocker has been renamed to BitLocker
○ Shield for Mac has been renamed to Mac Encryption
○ Exchange Active Sync has been renamed to Mobile - EAS
○ iOS has been renamed to Mobile - iOS
Resolved Technical Advisories v8.0
● Forensic Mode is now automatically set by default in both the Security Server and Device Server. Forensic Mode is enabled
on back-end servers and disabled on front-end servers. These settings are placed appropriately upon installation.
● Templates can now be applied only at the Enterprise level.
● Group priority settings in the Remote Management Console to control policy arbitration now work as expected.
Resolved Technical Advisories v7.7.2
● The issue of device policy revisions not being properly updated has been resolved. The Enterprise Server is now correctly
sending the policy with the correct revision number to the encryption client.
● Occasional activation failures related to Document Store integration have been resolved.
40
Dell Security Management Server Technical Advisories