Manualshelf

Install Guide

ManualsBrandsDell ManualsConverged InfrastructureEndpoint Security Suite Enterprise
41424344454647484950
Table Of Contents
Encryption
The following example installs Encryption External Media with Silent installation, no progress bar, automatic restart, installed
in the default location of C:\Program Files\Dell\Dell Data Protection\Encryption.
DDPE_XXbit_setup.exe /s /v"SERVERHOSTNAME=server.organization.com
POLICYPROXYHOSTNAME=rgk.organization.com MANAGEDDOMAIN=ORGANIZATION
DEVICESERVERURL=https://server.organization.com:8443/xapi/ EME=1 /qn"
Then:
Encryption Management Agent
The following example installs remotely managed Full Disk Encryption and allows installation on a Dell Encryption protected
computer (silent installation, no reboot, no entry in the Control Panel Programs list, installed in the default location of
C:\Program Files\Dell\Dell Data Protection\Encryption).
EMAgent_64bit_setup.exe /s /v"CM_EDITION=1 ENABLE_FDE_LM=1
FEATURE=FDE SERVERHOST=server.organization.com SERVERPORT=8888
SECURITYSERVERHOST=server.organization.com SECURITYSERVERPORT=8443 /norestart /qn"
Install Encryption on Server Operating System
There are two methods available to install Encryption on server operating system. Choose one of the following methods:
Install Encryption on server operating system Interactively
Encryption on server operating system can be installed interactively only on computers running server operating
systems. Installation on computers running non-server operating systems must be performed by command line, with the
SERVERMODE=1 parameter specified.
Install Encryption on server operating system Using the Command Line
Virtual User Account
As part of the installation, a virtual server user account is created for the exclusive use of Encryption on server operating
system. Password and DPAPI authentication are disabled so that only the virtual server user can access encryption keys.
Before You Begin
The user account performing the installation must be a domain user with administrator-level permissions.
To override this requirement, or to run Encryption on server operating system on non-domain or multi-domain servers, set
the ssos.domainadmin.verify property to false in the application.properties file. The file is stored in the following file paths,
based on the Dell Server you are using:
Security Management Server - <installation dir>/Security Server/conf/application.properties
Security Management Server Virtual - /opt/dell/server/security-server/conf/application.properties
The server must support port controls.
Port Control System policies affect removable media on protected servers, for example, by controlling access and usage of
the server's USB ports by USB devices. USB port policy applies to external USB ports. Internal USB port functionality is not
affected by USB port policy. If USB port policy is disabled, a USB keyboard and mouse do not function and the user cannot
use the computer unless a Remote Desktop Connection is set up before the policy is applied.
To successfully activate, the computer must have network connectivity.
When the Trusted Platform Module (TPM) is available, it is used for sealing the General Purpose Key on Dell hardware. If a
TPM is not available, Microsoft's Data Protection API (DPAPI) is used to protect the General Purpose Key.
When installing a new operating system on a Dell computer with TPM that is running Server Encryption, clear the TPM in the
BIOS. See this article for instructions.
The installation log file is located in the user's %temp% directory, located at C:\Users\<user
name>\AppData\Local\Temp. To locate the correct log file, find the file name that begins with MSI and ends with
a .log extension. The file includes a date/time stamp matching the time when the installer was run.
Encryption is not supported on servers that are part of distributed file systems (DFS).
Extract the Child Installer
48
Install Using the Child Installers