Install Guide
Table Of Contents
- Dell Endpoint Security Suite Enterprise Advanced Installation Guide v3.0
- Contents
- Introduction
- Requirements
- Registry Settings
- Install Using the Master Installer
- Uninstall the Master Installer
- Install Using the Child Installers
- Uninstall Using the Child Installers
- Data Security Uninstaller
- Commonly Used Scenarios
- Provision a Tenant
- Configure Advanced Threat Prevention Agent Auto Update
- Pre-Installation Configuration for SED UEFI, and BitLocker Manager
- Designate the Dell Server through Registry
- Extract Child Installers
- Configure Key Server
- Use the Administrative Download Utility (CMGAd)
- Configure Encryption on a Server Operating System
- Configure Deferred Activation
- Troubleshooting
- Glossary
NOTE:
The requirement for domain administrator credentials is a safety measure that prevents Encryption of server operating
systems from being rolled out to unsupported server environments. To disable the requirement for domain administrator
credentials, see Before You Begin.
6. Dell Server checks for the credentials in the enterprise vault (Active Directory or equivalent) to verify that the credentials
are domain administrator credentials.
7. A UPN is constructed using the credentials.
8. With the UPN, the Dell Server creates a new user account for the virtual server user, and stores the credentials in the Dell
Server's vault.
The virtual server user account is for the exclusive use of the Encryption client. It is used to authenticate with the server,
to handle Common encryption keys, and to receive policy updates.
NOTE:
Password and DPAPI authentication are disabled for this account so that only the virtual server user can access
encryption keys on the computer. This account does not correspond to any other user account on the computer or on
the domain.
9. When activation is successful, the user restarts the computer, which kicks off the second phase, authentication and device
activation.
Troubleshooting Authentication and Device Activation
Device activation fails when:
● The initial activation failed.
● The connection to the server could not be established.
● The trust certificate could not be validated.
After activation, when the computer is restarted, Encryption for server operating systems automatically logs in as the virtual
server user, requesting the Machine key from the Dell Server. This takes place even before any user can log in.
● Open the About dialog to confirm that Encryption for server operating systems is authenticated and in Server mode.
●
If the Encryption client ID is red, encryption has not yet been activated.
● In the Management Console, the version of a server with Server Encryption installed is listed as Shield for Server.
● If the Machine key retrieval fails due to a network failure, Server Encryption registers for network notifications with the
operating system.
● If the Machine key retrieval fails:
○ The virtual server user logon is still successful.
○ Set up the Retry Interval Upon network Failure policy to make key retrieval attempts on a timed interval.
For details on the Retry Interval Upon network Failure policy, refer to AdminHelp, available in the Management Console.
Authentication and Device Activation
The following diagram illustrates successful authentication and device activation.
Troubleshooting
105