Administrator Guide
• The Security Server URL may be changed from the original install location if needed. This value is read by the client computer every
time a policy poll occurs. Change the following registry value on the client computer:
[HKLM\SYSTEM\CurrentControlSet\services\DellMgmtAgent]
"ServerUrl"=REG_SZ:https://<newname>.<organization>.com:8888/agent
Advanced Authentication Client Registry Settings
• If you do not want the Advanced Authentication client to change the services associated with smart cards and biometric devices to a
startup type of "automatic", disable the service startup feature. Disabling this feature also suppresses warnings associated with the
required services not running.
When disabled, Advanced Authentication will not attempt to start these services:
• SCardSvr - Manages access to smart cards read by the computer. If this service is stopped, this computer will be unable to read
smart cards. If this service is disabled, any services that explicitly depend on it will fail to start.
• SCPolicySvc - Allows the system to be congured to lock the user desktop upon smart card removal.
• WbioSrvc - The Windows biometric service gives client applications the ability to capture, compare, manipulate, and store biometric
data without gaining direct access to any biometric hardware or samples. The service is hosted in a privileged SVCHOST process.
By default, if the registry key does not exist or the value is set to 0, this feature is enabled.
[HKLM\SOFTWARE\DELL\Dell Data Protection]
SmartCardServiceCheck=REG_DWORD:0
0 = Enabled
1 = Disabled
• To use smart cards with Windows Authentication, the following registry value must be set on the client computer.
[HKLM\SOFTWARE\DigitalPersona\Policies\Default\SmartCards]
"MSSmartcardSupport"=DWORD:1
• To use smart cards with SED Preboot Authentication, the following registry value must be set on the client computer that is equipped
with an SED.
[HKLM\SOFTWARE\DigitalPersona\Policies\Default\SmartCards]
"MSSmartcardSupport"=DWORD:1
Set the Authentication Method policy to Smart Card in the Remote Management Console, and commit the change.
BitLocker Manager Client Registry Settings
• If a self-signed certicate is used on the Security Management Server/Security Management Server Virtual for BitLocker Manager,
SSL/TLS trust validation must remain disabled on the client computer (SSL/TLS trust validation is disabled by default with BitLocker
Manager). Before enabling SSL/TLS trust validation on the client computer, the following requirements must be met.
• A certicate signed by a root authority, such as EnTrust or Verisign, must be imported into Security Management Server/Security
Management Server Virtual .
• The full chain of trust of the certicate must be stored in the Microsoft keystore on the client computer.
• To enable SSL/TLS trust validation for BitLocker Manager, change the value of the following registry entry to 0 on the client
computer.
[HKLM\System\CurrentControlSet\Services\DellMgmtAgent\Parameters]
26
Dell Data Security Endpoint Security Suite Pro
Registry Settings