Deployment Guide
Table Of Contents
- Dell Encryption Personal Installation Guide v11.0
- Contents
- Overview
- Requirements
- Download the Software
- Installation
- Advanced Authentication and Encryption Personal Setup Wizards
- Configure Console Settings
- Uninstall the Master Installer
- Uninstall Using the Child Installers
- Data Security Uninstaller
- Policies and Template Descriptions
- Policies
- Template Descriptions
- Aggressive Protection for All Fixed Drives and External Drives
- PCI Regulation Targeted
- Data Breach Regulation Targeted
- HIPAA Regulation Targeted
- Basic Protection for All Fixed Drives and External Drives (Default)
- Basic Protection for All Fixed Drives
- Basic Protection for System Drive Only
- Basic Protection for External Drives
- Encryption Disabled
- Extract Child Installers
- Troubleshooting
- Glossary
Troubleshooting
Upgrading to the Windows 10 October 2018 Update
Computers running Encryption must use a specially configured Windows 10 Upgrade package to upgrade to the Windows 10
October 2018 Update. The configured version of the upgrade package ensures that Encryption can manage access to your
encrypted files to protect them from harm during the upgrade process.
To upgrade to the Windows 10 October 2018 Update, follow the instructions in KB article 125419.
Dell Encryption Troubleshooting
(Optional) Create an Encryption Removal Agent Log File
● Before beginning the uninstall process, you can optionally create an Encryption Removal Agent log file. This log file is useful
for troubleshooting an uninstall/decryption operation. If you do not intend to decrypt files during the uninstall process, you
do not need to create this log file.
● The Encryption Removal Agent log file is not created until after the Encryption Removal Agent service runs, which does not
happen until the computer is restarted. Once the client is successfully uninstalled and the computer is fully decrypted, the
log file is permanently deleted.
● The log file path is C:\ProgramData\Dell\Dell Data Protection\Encryption.
● Create the following registry entry on the computer targeted for decryption.
[HKLM\Software\Credant\DecryptionAgent]
"LogVerbosity"=DWORD:2
0: no logging
1: logs errors that prevent the service from running
2: logs errors that prevent complete data decryption (recommended level)
3: logs information about all decrypting volumes and files
5: logs debugging information
Find TSS Version
● TSS is a component that interfaces with the TPM. To find the TSS version, go to (default location) C:\Program
Files\Dell\Dell Data Protection\Drivers\TSS\bin > tcsd_win32.exe. Right-click the file and select
Properties. Verify the file version on the Details tab.
Encryption External Media and PCS Interactions
To Ensure Media is Not Read-Only and the Port is Not Blocked
The EMS Access to unShielded Media policy interacts with the Port Control System - Class: Storage > Subclass Storage:
External Drive Control policy. If you intend to set the EMS Access to unShielded Media policy to Full Access, ensure that the
Subclass Storage: External Drive Control policy is also set to Full Access to ensure that the media is not set to read-only and the
port is not blocked.
To Encrypt Data Written to CD/DVD
● Set Windows Media Encryption = On.
12
66 Troubleshooting