Administrator Guide
• By default, all temporary les in the c:\windows\temp directory are automatically deleted during installation. Deletion of temporary les
speeds initial encryption and occurs before the initial encryption sweep.
However, if your organization uses a third-party application that requires the le structure within the \temp directory to be preserved,
you should prevent this deletion.
To disable temporary le deletion, create or modify the registry setting as follows:
[HKLM\SOFTWARE\CREDANT\CMGShield]
"DeleteTempFiles"=REG_DWORD:0
Not deleting temporary les increases initial encryption time.
• The Encryption client displays the length of each policy update delay prompt for ve minutes each time. If the user does not respond to
the prompt, the next delay begins. The nal delay prompt includes a countdown and progress bar, and it displays until the user
responds, or the nal delay expires and the required logo/reboot occurs.
You can change the behavior of the user prompt to begin or delay encryption, to prevent encryption processing following no user
response to the prompt. To do this, set the registry the following registry value:
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\CMGShield]
"SnoozeBeforeSweep"=DWORD:1
Any non-zero value will change the default behavior to snooze. With no user interaction, encryption processing will be delayed up to the
number of congurable allowed delays. Encryption processing begins when the nal delay expires.
Calculate the maximum possible delay as follows (a maximum delay would involve the user never responding to a delay prompt, each of
which displays for 5 minutes):
(NUMBER OF POLICY UPDATE DELAYS ALLOWED × LENGTH OF EACH POLICY UPDATE DELAY) + (5 MINUTES × [NUMBER OF
POLICY UPDATE DELAYS ALLOWED - 1])
• Use the following registry setting to have the Encryption client poll the Security Management Server/Security Management Server
Virtual for a forced policy update. Create or modify the registry setting as follows:
[HKLM\SOFTWARE\Credant\CMGShield\Notify]
"PingProxy"=DWORD value:1
The registry setting will automatically disappear when done.
• Use the following registry settings to either allow the Encryption client to send an optimized inventory to the Security Management
Server/Security Management Server Virtual, send a full inventory to the Security Management Server/Security Management Server
Virtual, or to send a full inventory for all activated users to the Security Management Server/Security Management Server Virtual.
• Send Optimized Inventory to Security Management Server/Security Management Server Virtual:
Create or modify the registry setting as follows:
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\CMGShield]
"OnlySendInvChanges"=REG_DWORD:1
If no entry is present, optimized inventory is sent to the Security Management Server/Security Management Server Virtual.
• Send Full Inventory to Security Management Server/Security Management Server Virtual:
Create or modify the registry setting as follows:
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\CMGShield]
Dell Data Security Endpoint Security Suite Pro
Registry Settings
21