Dell Endpoint Security Suite Enterprise Advanced Installation Guide v3.8

1. Navigate to <Key Server install dir>.
2. Open Credant.KeyServer.exe.config with a text editor.

3. Go to <add key="user" value="superadmin" /> and change the "superadmin" value to the name of the appropriate user (you may also leave as "superadmin").

   The "superadmin" format can be any method that can authenticate to the Security Management Server. The SAM account name, UPN, or DOMAIN\Username is acceptable. Any method that can authenticate to the Security Management Server is acceptable because validation is required for that user account for authorization against Active Directory.

   For example, in a multi-domain environment, only entering a SAM account name such as "jdoe" will likely fail because the Security Management Server cannot authenticate "jdoe" because it cannot find "jdoe". In a multi-domain environment, the UPN is recommended, although the DOMAIN\Username format is acceptable. In a single domain environment, the SAM account name is acceptable.

4. Go to <add key="epw" value="<encrypted value of the password>" /> and change "epw" to "password". Then change "<encrypted value of the password>" to the password of the user from Step 3. This password is re-encrypted when the Security Management Server restarts.

   If using "superadmin" in Step 3, and the superadmin password is not "changeit", it must be changed here. Save and close the file.

Sample Configuration File

<?xml version="1.0" encoding="utf-8" ?>

   <configuration>

     <appSettings>

        <add key="port" value="8050" /> [TCP port the Key Server will listen to. Default is 8050.]

        <add key="maxConnections" value="2000" /> [number of active socket connections the Key Server will allow]

        <add key="url" value="https://keyserver.domain.com:8443/xapi/" /> [Security Server (formerly Device Server) URL (the format is 8081/xapi for a pre-v7.7 Security Management Server)]

        <add key="verifyCertificate" value="false" /> [true verifies certs/set to false to not verify or if using self-signed certs]

<add key="user" value="superadmin" /> [User name used to communicate with the Security Server. This user must have the administrator role selected in the Management Console. The "superadmin" format can be any method that can authenticate to the Security Management Server. The SAM account name, UPN, or DOMAIN\Username is acceptable. Any method that can authenticate to the Security Management Server is acceptable because validation is required for that user account for authorization against Active Directory. For example, in a multi-domain environment, only entering a SAM account name such as "jdoe" will likely fail because the Security Management Server cannot authenticate "jdoe" because it cannot find "jdoe". In a multi-domain environment, the UPN is recommended, although the DOMAIN\Username format is acceptable. In a single domain environment, the SAM account name is acceptable.]

        <add key="cacheExpiration" value="30" /> [How often (in seconds) the Service should check to see who is allowed to ask for keys. The Service keeps a cache and keeps track of how old it is. Once the cache is older than the value, it gets a new list. When a user connects, the Key Server needs to download authorized users from the Security Server. If there is no cache of these users, or the list has not been downloaded in the last "x" seconds, it is downloaded again. There is no polling, but this value configures how stale the list can become before it is refreshed when it is needed.]

        <add key="epw" value="encrypted value of the password" /> [Password used to communicate with the Security Management Server. If the superadmin password has been changed, it must be changed here.]

     </appSettings>

   </configuration>