Manualshelf

Administrator Guide

ManualsBrandsDell ManualsConverged InfrastructureEndpoint Security Suite Enterprise
21222324252627282930
Assume Management of an Existing FileVault-Encrypted Volume
If the computer already has a FileVault-encrypted volume and FileVault encryption is enabled in the Management Console, Dell
Encryption can assume management of the volume.
If Dell Encryption detects that the boot volume is already encrypted, the Dell Encryption Enterprise dialog displays. To allow Dell
Encryption to assume management of the volume, follow these steps.
1. Select either Personal Recovery Key
or
Bootable Account Credentials.
NOTE:
For macOS High Sierra and Apple File System (APFS), you must select Bootable Account Credentials.
Personal Recovery Key - if you have the personal recovery key you received when the drive was FileVault-
encrypted.
a. Enter the key.
If a user does not have the existing key, they can request it from the administrator.
b. Click OK.
NOTE:
After the assumption process is complete, a new personal recovery key is generated and escrowed. The previous
recovery key is invalidated and removed.
Bootable Account Credentials - if you have the username and password of an account that is currently
authorized to boot from the volume.
a. Enter the user name and password.
b. Click OK.
2. When a dialog displays indicating that Dell now manages encryption of the volume, click OK.
If Dell Encryption detects that a non-boot volume is already encrypted, a passphrase prompt displays.
3. (FileVault-encrypted non-boot volumes only) To allow Dell Encryption to assume management of the volume, enter the
passphrase to access the volume. This is the password that was assigned to the volume when it was originally FileVault-
encrypted.
Once Dell manages the volume's encryption, the old password is no longer valid. Your Dell administrator can retrieve a
recovery key for your volume in the event that you should need recovery assistance.
If you choose not to enter the password, the volume's contents are accessible and are encrypted with FileVault but the
encryption is not managed by Dell.
NOTE:
In the Management Console, the administrator can see that the Dell Server now manages the endpoint.
Recycling FileVault Recovery Keys
If you have security issues with a recovery bundle or if a volume or keys are compromised, you can recycle the key material for
that volume.
You can recycle keys for boot and non-boot drives on Mac OS X.
To recycle the key material:
1. Download a recovery bundle from the Management Console and copy it to the computer's desktop.
2. Launch System Preferences and click Dell Encryption Enterprise.
3. Click the System Volumes tab.
4. Drag the recovery bundle from step 1 to the appropriate partition.
A dialog prompts you to cycle the FileVault keys.
5. Click OK.
A dialog confirms success for cycling keys.
Tasks for the Encryption Client
23