Administrator Guide

Contactless Cards
Contactless Cards using Contactless Card Readers built-in to specied Dell laptops
Smart Cards
PKCS #11 Smart Cards using the ActivIdentity client
NOTE:
The ActivIdentity client is not pre-loaded and must be installed separately.
CSP Cards
Common Access Cards (CACs)
Class B/SIPR Net Cards
The following table details Dell computer models supported with SIPR Net cards.
Dell Computer Models - Class B/SIPR Net Card Support
Latitude E6440
Latitude E6540
Precision M2800
Precision M4800
Precision M6800
Latitude 14 Rugged Extreme
Latitude 12 Rugged Extreme
Latitude 14 Rugged
Advanced Authentication Client Operating Systems
Windows Operating Systems
The following table details supported operating systems.
Windows Operating Systems (32- and 64-bit)
Windows 7 SP0-SP1: Enterprise, Professional, Ultimate
Windows 8: Enterprise, Pro
Windows 8.1 Update 0-1: Enterprise Edition, Pro Edition
Windows 10: Education, Enterprise, Pro through Creators Update (Redstone 2)
NOTE: UEFI mode is not supported on Windows 7.
BitLocker Manager Client
Consider reviewing Microsoft BitLocker requirements if BitLocker is not yet deployed in your environment,
Ensure that the PBA partition is already set up. If BitLocker Manager is installed before the PBA partition is set up, BitLocker cannot be
enabled and BitLocker Manager will not be operational. See Pre-Installation Conguration to Set Up a BitLocker PBA Partition.
The keyboard, mouse, and video components must be directly connected to the computer. Do not use a KVM switch to manage
peripherals as the KVM switch can interfere with the computer's ability to properly identify hardware.
Turn on and enable the TPM. BitLocker Manager will take ownership of the TPM and will not require a reboot. However, if a TPM
ownership already exists, BitLocker Manager will begin the encryption setup process (no restart is required). The point is that the TPM
must be "owned" and enabled.
The BitLocker Manager client will use the approved AES FIPS validated algorithms if FIPS mode is enabled for the GPO security setting
"System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing" on the device and you manage that device
via our product. We do not force this mode as default for BitLocker-encrypted clients because Microsoft now suggests customers not
use their FIPS validated encryption due to numerous issues with application compatibility, recovery, and media encryption: http://
blogs.technet.com.
18
Dell Data Security Endpoint Security Suite Pro
Requirements