Install Guide

ManualsBrandsDell ManualsConverged InfrastructureEndpoint Security Suite Enterprise

Table Of Contents

Dell Endpoint Security Suite Enterprise Advanced Installation Guide v3.0
Contents
Introduction
- Before You Begin
- Using This Guide
- Contact Dell ProSupport
Requirements
- All Clients
- Encryption
- Full Disk Encryption
- Encryption on Server Operating Systems
- Advanced Threat Prevention
  - Compatibility
- Client Firewall and Web Protection
- SED Manager
- BitLocker Manager
Registry Settings
- Encryption
- Full Disk Encryption
- Advanced Threat Prevention
- SED Manager
- BitLocker Manager
Install Using the Master Installer
- Install Interactively Using the Master Installer
- Install by Command Line Using the Master Installer
Uninstall the Master Installer
- Uninstall the Endpoint Security Suite Enterprise Master Installer
Install Using the Child Installers
- Install Drivers
- Install Encryption
- Install Full Disk Encryption
- Install Encryption on Server Operating System
- Install Advanced Threat Prevention Client
- Install Client Firewall and Web Protection
- Install SED Manager and PBA Advanced Authentication
- Install BitLocker Manager
Uninstall Using the Child Installers
- Uninstall Web Protection and Firewall
- Uninstall Advanced Threat Prevention
- Uninstall Full Disk Encryption
- Uninstall SED Manager
- Uninstall Encryption and Encryption on Server Operating System
- Uninstall BitLocker Manager
Data Security Uninstaller
Commonly Used Scenarios
- Encryption Client and Advanced Threat Prevention
- SED Manager and Encryption External Media
- BitLocker Manager and Encryption External Media
- BitLocker Manager and Advanced Threat Prevention
Provision a Tenant
- Provision a Tenant
Configure Advanced Threat Prevention Agent Auto Update
Pre-Installation Configuration for SED UEFI, and BitLocker Manager
- Initialize the TPM
- Pre-Installation Configuration for UEFI Computers
- Pre-Installation Configuration to Set Up a BitLocker PBA Partition
Designate the Dell Server through Registry
Extract Child Installers
Configure Key Server
- Services Panel - Add Domain Account User
- Key Server Config File - Add User for Security Management Server Communication
- Services Panel - Restart Key Server Service
- Management Console - Add Forensic Administrator
Use the Administrative Download Utility (CMGAd)
- Use Forensic Mode
- Use Admin Mode
Configure Encryption on a Server Operating System
Configure Deferred Activation
- Deferred Activation Customization
- Prepare the Computer for Installation
- Install Encryption with Deferred Activation
- Activate Encryption with Deferred Activation
- Troubleshoot Deferred Activation
Troubleshooting
- All Clients - Troubleshooting
- All Clients - Protection Status
- Dell Encryption Troubleshooting (client and server)
- Advanced Threat Prevention Troubleshooting
- SED Troubleshooting
- Dell ControlVault Drivers
  - Update Dell ControlVault Drivers and Firmware
- UEFI Computers
- TPM and BitLocker
Glossary

[HKLM\SOFTWARE\DigitalPersona\Policies\Default\SmartCards]

"MSSmartcardSupport"=DWORD:1

Set the Authentication Method policy to Smart Card in the Management Console, and commit the change.

● To suppress all Toaster notifications from the Encryption Management Agent, the following registry value must be set on the

client computer.

[HKEY_LOCAL_MACHINE\SOFTWARE\Dell\Dell Data Protection]

"PbaToastersAllowClose" =DWORD:1

0=Enabled (default)

1=Disabled

BitLocker Manager

● If a self-signed certificate is used on the Dell Server for BitLocker Manager, SSL/TLS trust validation must remain disabled

on the client computer (SSL/TLS trust validation is disabled by default with BitLocker Manager). Before enabling SSL/TLS

trust validation on the client computer, the following requirements must be met.

○ A certificate signed by a root authority, such as EnTrust or Verisign, must be imported into Dell Server.

○ The full chain of trust of the certificate must be stored in the Microsoft keystore on the client computer.

○ To enable SSL/TLS trust validation for BitLocker Manager, change the value of the following registry entry to 0 on the

client computer.

[HKLM\System\CurrentControlSet\Services\DellMgmtAgent\Parameters]

"DisableSSLCertTrust"=DWORD:0

0 = Enabled

1 = Disabled

○ To prevent Bitlocker Manager from detecting removable disks as fixed disks, add the following registry key:

HKLM\Software\Dell\Dell Data Protection\

"UseEncryptableVolumeType" = DWORD:1

0=Disabled (default)

1=Enabled

Registry Settings