What is SDUser in Dell Encryption
Summary: This article describes what the SDUser is in Dell Encryption (formerly Dell Data Protection | Encryption).
Instructions
Affected Products:
- Dell Encryption
- Dell Data Protection | Encryption
Affected Versions:
- v7.3 and Later
SDUser is a key type that employees Dell Encryption to protect documents a step further than our System Data Encryption key. When the policy of Encrypt User Profile Documents is enabled, yet Common and User Key encryption is not enabled for the user then SDUser is applied to any data within the %USERPROFILE% environment variable. The SDUser key is unlocked only when an authenticated (activated) user logs in to the device, being SDUser a special SDE key.
WSScan can be leveraged to determine if SDUser is enabled on a device.
WSScan outputs a log line similar to this for an SDUser encrypted file:
User.suvg8u7p._SDUser_: "C:\Users\Public\Documents\desktop.ini" is still AES256 encrypted.
To disable the usage and unlock requirements of SDUser on the device, add this registry key:
- Back up the Registry before proceeding, reference How to Back Up and Restore the Registry in Windows
.
- Editing the Registry can cause the computer to become unresponsive on the next reboot.
- Contact Dell Data Security International Support Phone Numbers for assistance if you have concerns about performing this step.
[HKEY_LOCAL_MACHINE\SOFTWARE\Credant\CMGShield] "EnableSDUserKeyUsage"=dword:00000000
Dell Technologies recommends disabling this functionality only in specific situations such as an unattended installation where SDUser encrypted files under the user profile must be accessible to the installer even if no user is logged on the machine.
To contact support, reference Dell Data Security International Support Phone Numbers.
Go to TechDirect to generate a technical support request online.
For additional insights and resources, join the Dell Security Community Forum.