Deployment Guide

Language Support

○ EN - English ○ JA - Japanese

○ ES - Spanish ○ KO - Korean

○ FR - French ○ PT-BR - Portuguese, Brazilian

○ IT - Italian ○ PT-PT - Portuguese, Portugal (Iberian)

○ DE - German

SED Management

● IPv6 is not supported.

● Be prepared to shut down and restart the computer after you apply policies and are ready to begin enforcing them.

● Computers equipped with self-encrypting drives cannot be used with HCA cards. Incompatibilities exist that prevent the

provisioning of the HCA. Dell does not sell computers with self-encrypting drives that support the HCA module. This

unsupported configuration would be an after-market configuration.

● If the computer targeted for encryption is equipped with a self-encrypting drive, ensure that the Active Directory option,

User Must Change Password at Next Logon, is disabled. Preboot Authentication does not support this Active Directory

option.

● SED Manager is not supported with multi-drive configurations.

● Dell Encryption uses Intel's encryption instruction sets, Integrated Performance Primitives (IPP). For more information, see

KB article SLN301500.

●

NOTE:

Due to the nature of RAID and SEDs, SED Management does not support RAID. The issue with RAID=On with SEDs is

that RAID requires access to the disk to read and write RAID-related data at a high sector not available on a locked SED

from start and cannot wait to read this data until after the user is logged on. Change the SATA operation in the BIOS

from RAID=On to AHCI to resolve the issue. If the operating system does not have the AHCI controller drivers pre-

installed, the operating system will crash when switched from RAID=On to AHCI.

● The master installer installs the following prerequisites if not already installed on the computer. When using the child

installer, you must install this component before installing SED Management.

Prerequisite

○ Visual C++ 2017 Update 3 or later Redistributable Package (x86 or x64)

Visual C++ 2017 requires Windows Update KB2999226 if installed on Windows 7.

○ In January 2020, SHA1 signing certificates are no longer valid and cannot be renewed. Devices running Windows 7 or

Windows Server 2008 R2 must install Microsoft KBs https://support.microsoft.com/help/4474419 and https://

support.microsoft.com/help/4490628 to validate SHA256 signing certificates on applications and installation

packages.

Applications and installation packages signed with SHA1 certificates will function but an error will display on the

endpoint during installation or execution of the application without these updates installed

● Configuration of self-encrypting drives for SED Management differ between NVMe and non-NVMe (SATA) drives, as

follows.

○ Any NVMe drive that is being leveraged for SED:

￭ The BIOS’ SATA operation must be set to RAID ON, as SED Management does not support AHCI on NVMe drives.

￭ The BIOS's boot mode must be UEFI and Legacy option ROMs must be disabled.

○ Any non-NVMe drive that is being leveraged for SED:

￭ The BIOS’ SATA operation must be set to AHCI, as SED Management does not support RAID with non-NVMe drives.

￭ RAID ON is not supported because access to read and write RAID-related data (at a sector that is not available on a

locked non-NVMe drive) is not accessible at start-up, and cannot wait to read this data until after the user is logged

on.

Requirements