Article Number: 000131035
Not Applicable
SDUser
is a key type that employees Dell Encryption to protect documents a step further than our System Data Encryption key. When the policy of Encrypt User Profile Documents is enabled, yet Common and User Key encryption is not enabled for the user then SDUser
is applied to any data within the %USERPROFILE%
environment variable. The SDUser
key is unlocked only when an authenticated (activated) user logs in to the device, being SDUser
a special SDE key.
WSScan
can be leveraged to determine if SDUser
is enabled on a device.
WSScan
outputs a log line similar to this for an SDUser
encrypted file:
User.suvg8u7p._SDUser_: "C:\Users\Public\Documents\desktop.ini"
is still AES256 encrypted.
To disable the usage and unlock requirements of SDUser
on the device, add this registry key:
[HKEY_LOCAL_MACHINE\SOFTWARE\Credant\CMGShield] "EnableSDUserKeyUsage"=dword:00000000
Dell Technologies recommends disabling this functionality only in specific situations such as an unattended installation where SDUser
encrypted files under the user profile must be accessible to the installer even if no user is logged on the machine.
To contact support, reference Dell Data Security International Support Phone Numbers.
Go to TechDirect to generate a technical support request online.
For additional insights and resources, join the Dell Security Community Forum.
Dell Encryption
04 Jan 2024
9
Solution