Reference Guide
Security Management Server Virtual v10.2.11 AdminHelp
meet the criteria set by
policy, a dialog displays,
outlining the password
criteria.
password.
If a password does not
meet the criteria set by
policy, a dialog displays,
outlining the password
criteria.
password.
If a password does not
meet the criteria set by
policy, a dialog displays,
outlining the password
criteria.
The user may now use the removable media as usual.
If manual authentication is not successful, the device is disabled according to policy, as follows:
• The policy could be set to wait (cooldown) between unsuccessful manual authentication attempts.
or
• The policy may be set to delete the encryption key material and prevent any access to encrypted files
on this removable media . In this case, the user need to contact an administrator again for instructions
to re-enable access.
Restore Lost Encryption Key Material
If encryption keys have been deleted on the removable media (because of failed manual authentication,
accidentally deleting a necessary file, a change in policy), the encrypted data is inaccessible until an
authorized user reinitializes the encryption key material.
A dialog displays, notifying the user that key material is missing. Click Yes to use the self-healing
feature of Encryption External Media or click No.
If the policy blocks all
access to removable
media until encrypted
and the user clicks No,
they cannot access this
removable media .
If the policy gives read-
access to removable
media until encrypted
and the user clicks No,
they have read-access to
unencrypted data on this
media, but no access to
encrypted data.
If the policy gives full
access to removable
media , whether or not
encrypted and the user
clicks No, they have full
access to unencrypted
data on this media. They
cannot access encrypted
data.
Occasionally, based on policies set, encryption keys cannot be reinitialized on the computer that the
removable media is inserted in. If policy permits, the user can insert the media into any Dell-encrypted
computer where the original user is logged in, to reinitialize the encryption keys. If policy does not permit
this, it must be inserted into the originally encrypting computer, with the originally specified user name.
On rare occasions, when encryption key material is lost, the Encryption client cannot automatically
locate the necessary information. Use the following process to recover encrypted data.
1. Attach the device to a Windows computer that is not running the Encryption client.
2. Copy all folders from the device onto the Windows computer.
3. Use WSScan to determine the DCID of the encrypted data.
4. Follow the process for recovering access to encrypted data on Windows computers. Use the
DCID obtained from WSScan for the RecoveryID.
Enable Federated Key Recovery
107