Skip to main content
Sign Out

Welcome to Dell

My Account
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Enjoy members-only rewards and discounts
  • Create and access a list of your products
  • Manage your Dell EMC sites, products, and product-level contacts using Company Administration.
Sign In Create an Account Dell Financial Services Premier Sign In Partner Program Sign In
Contact Us

Your Dell.com Carts

Some article numbers may have changed. If this isn't what you're looking for, try searching all articles. Search articles

Article Number: 000124736

Dell Encryption Enterprise / Dell Data Protection Enterprise Edition Authentication Options

Summary: There are several supported activation workflows to authenticate Dell Encryption Enterprise with the Dell Data Security server.

This article may have been automatically translated. If you have any feedback regarding its quality, please let us know using the form at the bottom of this page.

Article Content

Symptoms

This article defines the supported activation workflows for Dell Encryption Enterprise (formerly Dell Data Protection | Enterprise Edition) and Dell Encryption External Media (formerly Dell Data Protection | External Media Edition).

Affected Products:

Dell Encryption Enterprise
Dell Data Protection | Enterprise Edition
Dell Encryption External Media
Dell Data Protection | External Media Edition

Affected Operating Systems:

Windows

Cause

Not applicable.

Resolution

Dell Encryption Enterprise can authenticate with a Dell Data Security server by one of several authentication workflows. For more information, select the appropriate workflow.

Active Directory-based activation is Dell Encryption Enterprise’s default method of validating user accounts for policy-based encryption. The Dell Encryption network provider filter captures authentication information during login. This is securely sent to the Dell Data Security (formerly Dell Data Protection) server. The server validates the credentials against the configured Active Directory domains.

Note: In environments using a remote LDAP service (Azure Active Directory, Okta, Duo), the Dell Data Security server requires a local domain controller for proper authentication to Active Directory. The local domain controller must be specified within the Domain settings for that environment in the Dell Data Security server. For more information, reference the Domain Access section for your server version in How to Configure the Dell Data Security / Dell Data Protection Server Administration Console.

Opt-in (deferred) activation allows the Active Directory user account that is used during activation to be independent of the account that is used to log in to the endpoint. Instead of the network provider capturing the authentication information, the user instead manually specifies the Active Directory-based account when prompted. Once the credentials are entered, the authentication information is securely sent to the Dell Security Management server. The server then validates it against the configured Active Directory domains.

Opt-in deferred activation

This workflow can be enabled either During Installation or Post-Install, including after the device has been activated for a new user. For more information, select the appropriate method.

To enable opt-in activation:

The child installer may be run with the OPTIN=1 parameter to enable opt-in activation.

Note: Dell Encryption Enterprise must be downloaded and extracted from the Master Installer.

To enable opt-in activation:

  1. Right-click the Windows start menu and then click Run.

Run

  1. In the Run UI, type regedit and then press OK. This opens the Registry Editor.

Run UI

  1. In the Registry Editor, go to HKEY_LOCAL_MACHINE\Software\Dell\Dell Data Protection\Encryption.

Encryption key

  1. Right-click the Encryption folder, select New, and then click DWORD (32-bit) Value.

DWORD (32-bit) Value

  1. Name the DWORD value OPTIN.

OPTIN

  1. Double-click OPTIN.

Double-clicking OPTIN

  1. In Value data, delete the 0, populate the field with 1, and then click OK.

Value Data

  1. Reboot the device. The opt-in prompt appears on reboot.

Opt-in deferred activation prompt

Server encryption activation allows a single Active Directory user account to be defined for the endpoint, comparable to the opt-in activation workflow. Once the user is defined with certificate-based activation, Dell Encryption generates a synthetic user account. The synthetic account is bound to the provided username and password to validate with Active Directory. This synthetic account is used for all key unlocks. The key unlocks are then performed by a certificate validation to the back-end server using TLS with mutual authentication.

This workflow can be enabled either During Installation or Post-Install before the device has been activated. For more information, select the appropriate method.

Warning: This mode can either be enabled during the installation of the application, or after installation but before activation.
 
Note:
  • Server encryption activation requires communication directly to the back-end server to validate the certificate that is assigned to the synthetic user. These certificate validation processes cannot be proxied through a front-end server.
  • By default, the single Active Directory user must also be a domain administrator. This can be modified with configuration.

To enable server encryption mode activation:

The child installer may be run with the SERVERMODE=1 parameter to enable server encryption mode activation.

Note: Dell Encryption Enterprise must be downloaded and extracted from the Master Installer.

To enable server encryption mode activation:

  1. Right-click the Windows start menu and then click Run.

Run

  1. In the Run UI, type regedit and then press OK. This opens the Registry Editor.

Run UI

  1. In the Registry Editor, go to HKEY_LOCAL_MACHINE\Software\Credant\CMGShield.

CMGShield key

  1. Right-click the Encryption folder, select New, and then click DWORD (32-bit) Value.

DWORD (32-bit) Value

  1. Name the DWORD value SM.

SM

  1. Double-click SM.

Double-clicking SM

  1. In Value data, delete the 0, populate the field with 1, and then click OK.

Value data

  1. Reboot the device.

To contact support, reference Dell Data Security International Support Phone Numbers.
Go to TechDirect to generate a technical support request online.
For additional insights and resources, join the Dell Security Community Forum.

Additional Information

 

Videos

 

Article Properties

Affected Product

Dell Encryption

Last Published Date

20 Dec 2022

Version

12

Article Type

Solution

Back to Top