Install Guide

ManualsBrandsDell ManualsConverged InfrastructureEndpoint Security Suite Enterprise

Table Of Contents

Dell Endpoint Security Suite Enterprise Advanced Installation Guide v3.1
Contents
Introduction
- Before You Begin
- Using This Guide
- Contact Dell ProSupport
Requirements
- All Clients
- Encryption
- Full Disk Encryption
- Encryption on Server Operating Systems
- Advanced Threat Prevention
  - Compatibility
- Client Firewall and Web Protection
- SED Manager
- BitLocker Manager
Registry Settings
- Encryption
- Full Disk Encryption
- Advanced Threat Prevention
- SED Manager
- BitLocker Manager
Install Using the Master Installer
- Install Interactively Using the Master Installer
- Install by Command Line Using the Master Installer
Uninstall the Master Installer
- Uninstall the Endpoint Security Suite Enterprise Master Installer
Install Using the Child Installers
- Install Drivers
- Install Encryption
- Install Full Disk Encryption
- Install Encryption on Server Operating System
- Install Advanced Threat Prevention Client
- Install Client Firewall and Web Protection
- Install SED Manager and PBA Advanced Authentication
- Install BitLocker Manager
Uninstall Using the Child Installers
- Uninstall Web Protection and Firewall
- Uninstall Advanced Threat Prevention
- Uninstall Full Disk Encryption
- Uninstall SED Manager
- Uninstall Encryption and Encryption on Server Operating System
- Uninstall BitLocker Manager
Data Security Uninstaller
Commonly Used Scenarios
- Encryption Client and Advanced Threat Prevention
- SED Manager and Encryption External Media
- BitLocker Manager and Encryption External Media
- BitLocker Manager and Advanced Threat Prevention
Provision a Tenant
- Provision a Tenant
Configure Advanced Threat Prevention Agent Auto Update
Pre-Installation Configuration for SED UEFI, and BitLocker Manager
- Initialize the TPM
- Pre-Installation Configuration for UEFI Computers
- Pre-Installation Configuration to Set Up a BitLocker PBA Partition
Designate the Dell Server through Registry
Extract Child Installers
Configure Key Server
- Services Panel - Add Domain Account User
- Key Server Config File - Add User for Security Management Server Communication
- Services Panel - Restart Key Server Service
- Management Console - Add Forensic Administrator
Use the Administrative Download Utility (CMGAd)
- Use Forensic Mode
- Use Admin Mode
Configure Encryption on a Server Operating System
Configure Deferred Activation
- Deferred Activation Customization
- Prepare the Computer for Installation
- Install Encryption with Deferred Activation
- Activate Encryption with Deferred Activation
- Troubleshoot Deferred Activation
Troubleshooting
- All Clients - Troubleshooting
- All Clients - Protection Status
- Dell Encryption Troubleshooting (client and server)
- Advanced Threat Prevention Troubleshooting
- SED Troubleshooting
- Dell ControlVault Drivers
  - Update Dell ControlVault Drivers and Firmware
- UEFI Computers
- TPM and BitLocker
Glossary

Configure Key Server

● This section explains how to configure components for use with Kerberos Authentication/Authorization when using an

Security Management Server. The Security Management Server Virtual does not use the Key Server.

The Key Server is a service that listens for clients to connect on a socket. Once a client connects, a secure connection is

negotiated, authenticated, and encrypted using Kerberos APIs (if a secure connection cannot be negotiated, the client is

disconnected).

The Key Server then checks with the Security Server (formerly the Device Server) to see if the user running the client is

allowed to access keys. This access is granted via individual domains in the Management Console.

● If Kerberos Authentication/Authorization is to be used, then the server that contains the Key Server component needs to be

part of the affected domain.

● Because the Security Management Server Virtual does not use the Key Server, typical uninstallation is affected. When

an Encryption client that is activated against a Security Management Server Virtual is uninstalled, standard forensic

key retrieval through the Security Server is used, instead of the Key Server's Kerberos method. See Command Line

Uninstallation for more information.

Services Panel - Add Domain Account User

1. On the Security Management Server, navigate to the services panel (Start > Run > services.msc > OK).

2. Right-click Key Server and select Properties.

3. Select the Log On tab and select the This account: option.

In This account:, add the domain account user. This domain user must have at least local administrator rights to the Key

Server folder (must be able to write to the Key Server config file, as well as the ability to write to the log.txt file).

Enter and confirm the password for the domain user.

Click OK.

88 Configure Key Server