Install Guide

ManualsBrandsDell ManualsConverged InfrastructureEndpoint Security Suite Enterprise

Table Of Contents

Dell Endpoint Security Suite Enterprise Advanced Installation Guide v3.0
Contents
Introduction
- Before You Begin
- Using This Guide
- Contact Dell ProSupport
Requirements
- All Clients
- Encryption
- Full Disk Encryption
- Encryption on Server Operating Systems
- Advanced Threat Prevention
  - Compatibility
- Client Firewall and Web Protection
- SED Manager
- BitLocker Manager
Registry Settings
- Encryption
- Full Disk Encryption
- Advanced Threat Prevention
- SED Manager
- BitLocker Manager
Install Using the Master Installer
- Install Interactively Using the Master Installer
- Install by Command Line Using the Master Installer
Uninstall the Master Installer
- Uninstall the Endpoint Security Suite Enterprise Master Installer
Install Using the Child Installers
- Install Drivers
- Install Encryption
- Install Full Disk Encryption
- Install Encryption on Server Operating System
- Install Advanced Threat Prevention Client
- Install Client Firewall and Web Protection
- Install SED Manager and PBA Advanced Authentication
- Install BitLocker Manager
Uninstall Using the Child Installers
- Uninstall Web Protection and Firewall
- Uninstall Advanced Threat Prevention
- Uninstall Full Disk Encryption
- Uninstall SED Manager
- Uninstall Encryption and Encryption on Server Operating System
- Uninstall BitLocker Manager
Data Security Uninstaller
Commonly Used Scenarios
- Encryption Client and Advanced Threat Prevention
- SED Manager and Encryption External Media
- BitLocker Manager and Encryption External Media
- BitLocker Manager and Advanced Threat Prevention
Provision a Tenant
- Provision a Tenant
Configure Advanced Threat Prevention Agent Auto Update
Pre-Installation Configuration for SED UEFI, and BitLocker Manager
- Initialize the TPM
- Pre-Installation Configuration for UEFI Computers
- Pre-Installation Configuration to Set Up a BitLocker PBA Partition
Designate the Dell Server through Registry
Extract Child Installers
Configure Key Server
- Services Panel - Add Domain Account User
- Key Server Config File - Add User for Security Management Server Communication
- Services Panel - Restart Key Server Service
- Management Console - Add Forensic Administrator
Use the Administrative Download Utility (CMGAd)
- Use Forensic Mode
- Use Admin Mode
Configure Encryption on a Server Operating System
Configure Deferred Activation
- Deferred Activation Customization
- Prepare the Computer for Installation
- Install Encryption with Deferred Activation
- Activate Encryption with Deferred Activation
- Troubleshoot Deferred Activation
Troubleshooting
- All Clients - Troubleshooting
- All Clients - Protection Status
- Dell Encryption Troubleshooting (client and server)
- Advanced Threat Prevention Troubleshooting
- SED Troubleshooting
- Dell ControlVault Drivers
  - Update Dell ControlVault Drivers and Firmware
- UEFI Computers
- TPM and BitLocker
Glossary

Parameter Selection

CMG_DECRYPT Property for selecting the type of Encryption Removal

Agent installation:

3 - Use LSARecovery bundle

2 - Use previously downloaded forensics key material

1 - Download keys from the Dell Server

0 - Do not install Encryption Removal Agent

CMGSILENTMODE Property for silent uninstallation:

1 - Silent - required when running with msiexec variables

containing /q or /qn

0 - Not Silent - only possible when msiexec variables

containing /q are not present in the command line syntax

Required Properties

DA_SERVER FQHN for the Security Management Server hosting the

negotiate session.

DA_PORT Port on the Security Management Server for request

(default is 8050).

SVCPN User name in UPN format that the Key Server service is

logged on as on the Security Management Server.

DA_RUNAS User name in SAM compatible format under whose context

the key fetch request is made. This user must be in the Key

Server list in the Security Management Server.

DA_RUNASPWD Password for the runas user.

FORENSIC_ADMIN The forensic administrator account on the Dell Server,

which can be used for forensic requests for uninstalls or

keys.

FORENSIC_ADMIN_PWD The password for the forensic administrator account.

Optional Properties

SVCLOGONUN User name in UPN format for Encryption Removal Agent

service log on as parameter.

SVCLOGONPWD Password for log on as user.

● The following example silently uninstalls Encryption and downloads the encryption keys from the Security Management

Server.

DDPE_XXbit_setup.exe /s /x /v"CMG_DECRYPT=1 CMGSILENTMODE=1

DA_SERVER=server.organization.com DA_PORT=8050 SVCPN=administrator@organization.com

DA_RUNAS=domain\username DA_RUNASPWD=password /qn"

MSI Command:

msiexec.exe /s /x "Dell Data Protection Encryption.msi" /qn REBOOT="ReallySuppress"

CMG_DECRYPT="1" CMGSILENTMODE="1" DA_SERVER="server.organization.com" DA_PORT="8050"

SVCPN="administrator@domain.com" DA_RUNAS="domain\username" DA_RUNASPWD="password" /qn

Reboot the computer when finished.

● The following example silently uninstalls Encryption and downloads the encryptions keys using a forensic administrator

account.

Uninstall Using the Child Installers