Install Guide

ManualsBrandsDell ManualsConverged InfrastructureEndpoint Security Suite Enterprise

100

Table Of Contents

Dell Endpoint Security Suite Enterprise Advanced Installation Guide v3.1
Contents
Introduction
- Before You Begin
- Using This Guide
- Contact Dell ProSupport
Requirements
- All Clients
- Encryption
- Full Disk Encryption
- Encryption on Server Operating Systems
- Advanced Threat Prevention
  - Compatibility
- Client Firewall and Web Protection
- SED Manager
- BitLocker Manager
Registry Settings
- Encryption
- Full Disk Encryption
- Advanced Threat Prevention
- SED Manager
- BitLocker Manager
Install Using the Master Installer
- Install Interactively Using the Master Installer
- Install by Command Line Using the Master Installer
Uninstall the Master Installer
- Uninstall the Endpoint Security Suite Enterprise Master Installer
Install Using the Child Installers
- Install Drivers
- Install Encryption
- Install Full Disk Encryption
- Install Encryption on Server Operating System
- Install Advanced Threat Prevention Client
- Install Client Firewall and Web Protection
- Install SED Manager and PBA Advanced Authentication
- Install BitLocker Manager
Uninstall Using the Child Installers
- Uninstall Web Protection and Firewall
- Uninstall Advanced Threat Prevention
- Uninstall Full Disk Encryption
- Uninstall SED Manager
- Uninstall Encryption and Encryption on Server Operating System
- Uninstall BitLocker Manager
Data Security Uninstaller
Commonly Used Scenarios
- Encryption Client and Advanced Threat Prevention
- SED Manager and Encryption External Media
- BitLocker Manager and Encryption External Media
- BitLocker Manager and Advanced Threat Prevention
Provision a Tenant
- Provision a Tenant
Configure Advanced Threat Prevention Agent Auto Update
Pre-Installation Configuration for SED UEFI, and BitLocker Manager
- Initialize the TPM
- Pre-Installation Configuration for UEFI Computers
- Pre-Installation Configuration to Set Up a BitLocker PBA Partition
Designate the Dell Server through Registry
Extract Child Installers
Configure Key Server
- Services Panel - Add Domain Account User
- Key Server Config File - Add User for Security Management Server Communication
- Services Panel - Restart Key Server Service
- Management Console - Add Forensic Administrator
Use the Administrative Download Utility (CMGAd)
- Use Forensic Mode
- Use Admin Mode
Configure Encryption on a Server Operating System
Configure Deferred Activation
- Deferred Activation Customization
- Prepare the Computer for Installation
- Install Encryption with Deferred Activation
- Activate Encryption with Deferred Activation
- Troubleshoot Deferred Activation
Troubleshooting
- All Clients - Troubleshooting
- All Clients - Protection Status
- Dell Encryption Troubleshooting (client and server)
- Advanced Threat Prevention Troubleshooting
- SED Troubleshooting
- Dell ControlVault Drivers
  - Update Dell ControlVault Drivers and Firmware
- UEFI Computers
- TPM and BitLocker
Glossary

Dell highly recommends that a Windows password be created (if one does not already exist) to protect access to the encrypted

data. Creating a password for the computer prevents others from logging on to your user account without your password.

Uninstall Previous Versions of the Encryption Client

Before uninstalling a previous version of the Encryption client, stop or pause an encryption sweep, if necessary.

If the computer is running a version of Dell Encryption earlier than v8.6, uninstall the Encryption client from the command line.

For instructions, see Uninstall Encryption and Server Encryption Client.

NOTE:

If you plan to install the latest version of the Encryption client immediately after uninstallation, it is not necessary to run the

Encryption Removal Agent to decrypt the files.

To upgrade a previous version of the Encryption client installed with Deferred Activation, uninstall with the Data Security

Uninstaller or the Child Installers. These uninstallation methods are possible even if OPTIN is disabled.

NOTE:

If no users were previously activated, the Encryption client clears the OPTIN setting from the SDE vault since the setting is

left-over from a previous installation. The Encryption client blocks Deferred Activations if users previously activated but the

OPTIN flag is not set in the SDE vault.

Install Encryption with Deferred Activation

To install the Encryption client with Deferred Activation, install the Encryption client with the OPTIN=1 parameter. For more

information about client installation with the OPTIN=1 parameter, see Install Encryption.

Activate Encryption with Deferred Activation

● Activation associates a domain user with a local user account and a specific computer.

● Multiple users can activate on the same computer, provided they use unique local accounts and have unique domain email

addresses.

● A user can activate the Encryption client only once per domain account.

Before you activate the Encryption client:

● Log in to the local account that you use the most often. The data associated with this account is the data to encrypt.

● Connect to your organization's network.

1. Log on to the workstation or server.

2. Enter the domain email address and password and click Activate.

NOTE:

Non-domain or personal email addresses cannot be used for activation.

3. Click Close.

100

Configure Deferred Activation