Install Guide

ManualsBrandsDell ManualsConverged InfrastructureEndpoint Security Suite Enterprise

Table Of Contents

Dell Endpoint Security Suite Enterprise Advanced Installation Guide v3.1
Contents
Introduction
- Before You Begin
- Using This Guide
- Contact Dell ProSupport
Requirements
- All Clients
- Encryption
- Full Disk Encryption
- Encryption on Server Operating Systems
- Advanced Threat Prevention
  - Compatibility
- Client Firewall and Web Protection
- SED Manager
- BitLocker Manager
Registry Settings
- Encryption
- Full Disk Encryption
- Advanced Threat Prevention
- SED Manager
- BitLocker Manager
Install Using the Master Installer
- Install Interactively Using the Master Installer
- Install by Command Line Using the Master Installer
Uninstall the Master Installer
- Uninstall the Endpoint Security Suite Enterprise Master Installer
Install Using the Child Installers
- Install Drivers
- Install Encryption
- Install Full Disk Encryption
- Install Encryption on Server Operating System
- Install Advanced Threat Prevention Client
- Install Client Firewall and Web Protection
- Install SED Manager and PBA Advanced Authentication
- Install BitLocker Manager
Uninstall Using the Child Installers
- Uninstall Web Protection and Firewall
- Uninstall Advanced Threat Prevention
- Uninstall Full Disk Encryption
- Uninstall SED Manager
- Uninstall Encryption and Encryption on Server Operating System
- Uninstall BitLocker Manager
Data Security Uninstaller
Commonly Used Scenarios
- Encryption Client and Advanced Threat Prevention
- SED Manager and Encryption External Media
- BitLocker Manager and Encryption External Media
- BitLocker Manager and Advanced Threat Prevention
Provision a Tenant
- Provision a Tenant
Configure Advanced Threat Prevention Agent Auto Update
Pre-Installation Configuration for SED UEFI, and BitLocker Manager
- Initialize the TPM
- Pre-Installation Configuration for UEFI Computers
- Pre-Installation Configuration to Set Up a BitLocker PBA Partition
Designate the Dell Server through Registry
Extract Child Installers
Configure Key Server
- Services Panel - Add Domain Account User
- Key Server Config File - Add User for Security Management Server Communication
- Services Panel - Restart Key Server Service
- Management Console - Add Forensic Administrator
Use the Administrative Download Utility (CMGAd)
- Use Forensic Mode
- Use Admin Mode
Configure Encryption on a Server Operating System
Configure Deferred Activation
- Deferred Activation Customization
- Prepare the Computer for Installation
- Install Encryption with Deferred Activation
- Activate Encryption with Deferred Activation
- Troubleshoot Deferred Activation
Troubleshooting
- All Clients - Troubleshooting
- All Clients - Protection Status
- Dell Encryption Troubleshooting (client and server)
- Advanced Threat Prevention Troubleshooting
- SED Troubleshooting
- Dell ControlVault Drivers
  - Update Dell ControlVault Drivers and Firmware
- UEFI Computers
- TPM and BitLocker
Glossary

msiexec.exe /i "Dell Data Protection Encryption.msi" /qn

REBOOT="ReallySuppress" SERVERMODE="1" SERVERHOSTNAME="server.organization.com"

POLICYPROXYHOSTNAME="rgk.organization.com" MANAGEDDOMAIN="ORGANIZATION"

DEVICESERVERURL="https://server.organization.com:8443/xapi/"

● The following example installs Encryption in server operating system mode with a log file and default parameters (Encryption,

silent installation, Encrypt for Sharing, no dialogue, no progress bar, no restart, installed in the default location of C:

\Program Files\Dell\Dell Data Protection\Encryption) and specifies a custom log file name ending with a

number (DDP_ssos-090.log) that is incremented if the command line is run more than once on the same server. To specify a

log location other than the default location where the executable is located, provide the complete path in the command. For

example, /l*v C:\Logs\DDP_ssos-090.log creates install logs in C:\Logs.

DDPE_XXbit_setup.exe /s /v"SERVERMODE=1 SERVERHOSTNAME=server.organization.com

POLICYPROXYHOSTNAME=rgk.organization.com MANAGEDDOMAIN=ORGANIZATION

DEVICESERVERURL=https://server.organization.com:8443/xapi/ /l*v DDP_ssos-090.log /

norestart/qn"

MSI Command:

msiexec.exe /i "Dell Data Protection Encryption.msi" /qn SERVERMODE="1"

SERVERHOSTNAME="server.organization.com" POLICYPROXYHOSTNAME="rgk.organization.com"

MANAGEDDOMAIN="ORGANIZATION" DEVICESERVERURL="https://server.organization.com:8443/

xapi/" /l*v DDP_ssos-090.log /norestart/qn"

Restart the computer after installation. Dell recommends snoozing the reboot only if time is needed to save your work and close

applications. Encryption cannot begin until the computer has rebooted.

Activate

● Ensure that the computer name of the server is the endpoint name to display in the Management Console.

● An interactive user with domain administrator credentials must log on to the server at least once for the purpose of the initial

activation. The logged on user can be of any type - domain or non-domain, remote desktop-connected or interactive user at

the server, but activation requires domain administrator credentials.

● Following the restart after installation, the Activation dialog displays. The administrator must enter domain administrator

credentials with a user name in User Principal Name (UPN) format. Encryption of server operating systems does not activate

automatically.

● During initial activation, a virtual server user account is created. After initial activation, the computer is restarted so that

device activation can begin.

● During the authentication and device activation phase, the computer is assigned a unique Machine ID, encryption keys

are created and bundled, and a relationship is established between the encryption key bundle and the virtual server user.

The encryption key bundle associates the encryption keys and policies with the new virtual server user to create an

unbreakable relationship between the encrypted data, the specific computer, and the virtual server user. After device

activation, the virtual server user displays in the Management Console as SERVER-USER@<fully qualified server name>. For

more information about activation, see Activation on a Server Operating System.

NOTE:

If you rename the server after activation, its display name does not change in the Management Console. However, if

Encryption of server operating systems activates again after the server name is changed, the new server name will then

display in the Management Console.

An Activation dialog displays once after each restart to prompt the user to activate Encryption on a server operating system. To

complete activation, follow these steps:

1. Log on to the server either at the server or through Remote Desktop Connection.

2. Enter the user name of a domain administrator in UPN format and password and click Activate. This is the same Activation

dialog that displays each time an unactivated system is restarted.

Install Using the Child Installers