Administrator Guide
Registry Settings
• This section details all Dell ProSupport approved registry settings for local client computers, regardless of the reason for the registry
setting. If a registry setting overlaps two products, it will be listed in each category.
• These registry changes should be done by Administrators only and may not be appropriate or work in all scenarios.
Encryption Client Registry Settings
• If a self-signed certicate is used on the Dell Security Management Server for Windows, certicate trust validation must remain
disabled on the client computer (trust validation is disabled by default with Security Management Server for Windows). Before enabling
trust validation on the client computer, the following requirements must be met.
• A certicate signed by a root authority, such as EnTrust or Verisign, must be imported into Security Management Server/Security
Management Server Virtual.
• The full chain of trust of the certicate must be stored in the Microsoft keystore on the client computer.
• To enable trust validation for the Encryption client, change the value of the following registry entry to 0 on the client computer.
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\CMGShield]
"IgnoreCertErrors"=DWORD:00000000
0 = Fail if a certicate error is encountered
1= Ignores errors
• To use smart cards with Windows Authentication, the following registry value must be set on the client computer.
[HKLM\SOFTWARE\DigitalPersona\Policies\Default\SmartCards]
"MSSmartcardSupport"=DWORD:1
• To create an Encryption Removal Agent log le, create the following registry entry on the computer targeted for decryption. See
(Optional) Create an Encryption Removal Agent Log File.
[HKLM\Software\Credant\DecryptionAgent]
"LogVerbosity"=DWORD:2
0: no logging
1: logs errors that prevent the Service from running
2: logs errors that prevent complete data decryption (recommended level)
3: logs information about all decrypting volumes and les
5: logs debugging information
• By default, during installation, the system tray icon is displayed. Use the following registry setting to hide the system tray icon for all
managed users on a computer after the original installation. Create or modify the registry setting as follows:
[HKLM\Software\CREDANT\CMGShield]
"HIDESYSTRAYICON"=DWORD:1
3
20 Dell Data Security Endpoint Security Suite Pro
Registry Settings