Install Guide

ManualsBrandsDell ManualsConverged InfrastructureEndpoint Security Suite Enterprise

Table Of Contents

Dell Endpoint Security Suite Enterprise Advanced Installation Guide v3.0
Contents
Introduction
- Before You Begin
- Using This Guide
- Contact Dell ProSupport
Requirements
- All Clients
- Encryption
- Full Disk Encryption
- Encryption on Server Operating Systems
- Advanced Threat Prevention
  - Compatibility
- Client Firewall and Web Protection
- SED Manager
- BitLocker Manager
Registry Settings
- Encryption
- Full Disk Encryption
- Advanced Threat Prevention
- SED Manager
- BitLocker Manager
Install Using the Master Installer
- Install Interactively Using the Master Installer
- Install by Command Line Using the Master Installer
Uninstall the Master Installer
- Uninstall the Endpoint Security Suite Enterprise Master Installer
Install Using the Child Installers
- Install Drivers
- Install Encryption
- Install Full Disk Encryption
- Install Encryption on Server Operating System
- Install Advanced Threat Prevention Client
- Install Client Firewall and Web Protection
- Install SED Manager and PBA Advanced Authentication
- Install BitLocker Manager
Uninstall Using the Child Installers
- Uninstall Web Protection and Firewall
- Uninstall Advanced Threat Prevention
- Uninstall Full Disk Encryption
- Uninstall SED Manager
- Uninstall Encryption and Encryption on Server Operating System
- Uninstall BitLocker Manager
Data Security Uninstaller
Commonly Used Scenarios
- Encryption Client and Advanced Threat Prevention
- SED Manager and Encryption External Media
- BitLocker Manager and Encryption External Media
- BitLocker Manager and Advanced Threat Prevention
Provision a Tenant
- Provision a Tenant
Configure Advanced Threat Prevention Agent Auto Update
Pre-Installation Configuration for SED UEFI, and BitLocker Manager
- Initialize the TPM
- Pre-Installation Configuration for UEFI Computers
- Pre-Installation Configuration to Set Up a BitLocker PBA Partition
Designate the Dell Server through Registry
Extract Child Installers
Configure Key Server
- Services Panel - Add Domain Account User
- Key Server Config File - Add User for Security Management Server Communication
- Services Panel - Restart Key Server Service
- Management Console - Add Forensic Administrator
Use the Administrative Download Utility (CMGAd)
- Use Forensic Mode
- Use Admin Mode
Configure Encryption on a Server Operating System
Configure Deferred Activation
- Deferred Activation Customization
- Prepare the Computer for Installation
- Install Encryption with Deferred Activation
- Activate Encryption with Deferred Activation
- Troubleshoot Deferred Activation
Troubleshooting
- All Clients - Troubleshooting
- All Clients - Protection Status
- Dell Encryption Troubleshooting (client and server)
- Advanced Threat Prevention Troubleshooting
- SED Troubleshooting
- Dell ControlVault Drivers
  - Update Dell ControlVault Drivers and Firmware
- UEFI Computers
- TPM and BitLocker
Glossary

Sample Configuration File

<?xml version="1.0" encoding="utf-8" ?>

<add key="port" value="8050" /> [TCP port the Key Server will listen to. Default is 8050.]

<add key="maxConnections" value="2000" /> [number of active socket connections the Key Server will allow]

<add key="url" value="https://keyserver.domain.com:8443/xapi/" /> [Security Server (formerly Device Server) URL (the

format is 8081/xapi for a pre-v7.7 Security Management Server)]

<add key="verifyCertificate" value="false" /> [true verifies certs/set to false to not verify or if using self-signed certs]

<add key="user" value="superadmin" /> [User name used to communicate with the Security Server. This user must have the

administrator role selected in the Management Console. The "superadmin" format can be any method that can authenticate

to the Security Management Server. The SAM account name, UPN, or DOMAIN\Username is acceptable. Any method that

can authenticate to the Security Management Server is acceptable because validation is required for that user account for

authorization against Active Directory. For example, in a multi-domain environment, only entering a SAM account name such

as "jdoe" will likely fail because the Security Management Server cannot authenticate "jdoe" because it cannot find "jdoe". In a

multi-domain environment, the UPN is recommended, although the DOMAIN\Username format is acceptable. In a single domain

environment, the SAM account name is acceptable.]

<add key="cacheExpiration" value="30" /> [How often (in seconds) the Service should check to see who is allowed to

ask for keys. The Service keeps a cache and keeps track of how old it is. Once the cache is older than the value, it gets a new

list. When a user connects, the Key Server needs to download authorized users from the Security Server. If there is no cache

of these users, or the list has not been downloaded in the last "x" seconds, it is downloaded again. There is no polling, but this

value configures how stale the list can become before it is refreshed when it is needed.]

<add key="epw" value="encrypted value of the password" /> [Password used to communicate with the Security

Management Server. If the superadmin password has been changed, it must be changed here.]

</appSettings>

</configuration>

Services Panel - Restart Key Server Service

1. Go back to the services panel (Start > Run > services.msc > OK).

2. Restart the Key Server service.

3. Navigate to <Key Server install dir> log.txt to verify that the service started properly.

4. Close the services panel.

Management Console - Add Forensic Administrator

1. As a Dell administrator, log in to the Management Console.

2. Click Populations > Domains.

3. Select the appropriate Domain.

4. Click the Key Server tab.

5. In Account, add the user to perform the administrator activities. The format is DOMAIN\Username. Click Add Account.

Configure Key Server