Functions of Dell Data Security Administrative Utilities

Affected Products:

• Dell Encryption
• Dell Data Protection | Encryption

The Dell Encryption Admin Utilities documentation may be accessed from the Dell Data Security support website, and from the Dell Encryption install media. The documentation also comes in multiple languages and offers example command-line switches and usage recommendations.

Dell Encryption software Administrative Tools:

Offline Admin Tools

Location: Version\Clients\DDPE\Utilities 32 or 64 bit\Dell-Offline-Admin

Administrative Download Utility

Utility File:

cmgad.exe

Location:

\DDP-Enterprise-Edition-XX.XX.XX\Clients\DDPE\32bit Utilities or 64bit Utilities \Dell-Offline-Admin-32bit or 64bit-XX.XX.XX.zip\Dell-Offline-Admin-32bit or 64bit-XX.XX.XX

Function:

This utility allows the download of a key material bundle for use on a computer that is not connected to an Enterprise Server. The Admin utilities can then use these offline bundles.
A useful tool to troubleshoot computers that cannot or should not access the network because of a virus or network access issues.
The CMG AD key bundle uses passphrase protection and the Dell Encryption Forensic Administrator account role. Also there are two ways to run the utility; interactive or command-line mode.

• Command-line mode: Requires a username and password of the user the Key Server is running as.

For best results, use the Key Server account for the Forensic admin, as the tool pulls Active Directory Windows Kerberos Authentication.
The key is downloaded and stored in the Dell-Offline-Admin folder.

• The utilities for Dell Data Protection | Encryption version 7.x should be pulled from version 7.x install media. Using the specific version according to each product that is 7.1 -> 7.1; 7.3 -> 7.3
• The utilities for Dell Data Protection | Encryption version 8.x and above should be pulled from version 8.x install media. The version 8.x utilities can be used throughout the version 8.x products. Select to utility that is right for your 32-bit or 64-bit operating system.

This utility uses one of the following methods to download a key material bundle, depending on the command-line parameter passed to the application:

• Admin Mode - Used if -a is passed on the command line or if no command-line parameter is used.
• Forensic Mode - Used if it -f is passed on the command line.

Apply to Version:

Enterprise Edition
Client - DDPE folder - utilities for 32 and 64 bit

Command-line:

• Administrative Download Utility in Admin Mode
  • At the command prompt, type cmgad.exe
• Administrative Download Utility in Forensic Mode
  • Command prompt and type cmgad.exe -f

Administrative Launch Utility

Utility File:

cmgAlu.exe

Location:

\DDP-Enterprise-Edition-XX.XX.XX\Clients\DDPE\32bit Utilities or 64bit Utilities \Dell-Offline-Admin-32bit or 64bit-XX.XX.XX.zip\Dell-Offline-Admin-32bit or 64bit-XX.XX.XX

Function:

This command-line utility enables Administrators to unlock User or Common encrypted files on a computer while a process is running. This utility is used to launch jobs from a management console. The utility must be copied to the client computer and any job that requires access to User or Common encrypted files is changed to run this utility, by passing the command line for the management job, to the utility. Once the process exits, the utility terminates.
This utility uses the following methods:

• Admin Mode - No switch required
• Forensic Mode - Used if it -f is passed on the command line.
• Backup File Mode - Used if it -b is passed on the command line.

Apply to Version:

Enterprise Edition

CmgCryptoLib.dll

Location:

\DDP-Enterprise-Edition-XX.XX.XX\Clients\DDPE\32bit Utilities or 64bit Utilities \Dell-Offline-Admin-32bit or 64bit-XX.XX.XX.zip\Dell-Offline-Admin-32bit or 64bit-XX.XX.XX

Function:

Used to unlock files and supporting files

CmgCryptoLib.mac

Location:

\DDP-Enterprise-Edition-XX.XX.XX\Clients\DDPE\32bit Utilities or 64bit Utilities \Dell-Offline-Admin-32bit or 64bit-XX.XX.XX.zip\Dell-Offline-Admin-32bit or 64bit-XX.XX.XX

Function:

Used to unlock files and supporting files

Administrator Utilities

WSProbe

Utility File:

WSProbe.exe

Location:

\DDP-Enterprise-Edition-XX.XX.XX\Clients\DDPE\32bit Utilities or 64bit Utilities

Function:

The Windows Shield Probing Utility can be used with all versions of the Shield, except for EMS policies.

Use the Windows Shield Probing Utility to:

• Scan or schedule scanning of a Shielded computer. The Windows Shield Probing Utility observes your Workstation Scan Priority policy.
• Temporarily disable or reenable the current user Application Data Encryption List.
• Add or remove process names on the privileged list.
• Troubleshoot as instructed by Customer Support.
• Prepare Dell Encryption for certain Windows 10 upgrade scenarios.

Apply To Version:

Enterprise Edition and Personal Edition

WSDeactivate

Utility File:

WSDeactivate.exe

Location:

\DDP-Enterprise-Edition-XX.XX.XX\Clients\DDPE\32bit Utilities or 64-bit Utilities

Function:

WSDeactivate can be used to troubleshoot an encrypted computer. The utility renames the metadata vault file (credsys.vlt) and adds a date and timestamp to the end of its filename after a prompt to reboot. Existing local key, credential, and policy material is no longer accessible to the client, and all managed users are forced to reactivate upon their next login.

Apply To Version:

Enterprise Edition and Personal Edition

WSScan

Utility File:

WSScan.exe

Location:

\DDP-Enterprise-Edition-XX.XX.XX\Clients\DDPE\32bit Utilities or 64-bit Utilities

Function:

You can use the Windows Shield Scanning Utility (WSScan) to scan any Windows device, whether encrypted or unencrypted, for Shield-encrypted or unencrypted files, to get the information you need in order to access encrypted files and verify that files are being encrypted as you intended. The utility can be found in the Windows folder of the installation media.

Once you access it by either double-clicking the icon or using command-line switches, you get a user interface (UI) screen. Here there are three options:

1. Clear
   • Clears the results of the previous scan
2. Search
   • This feature does a scan against all fixed disks.
3. Advanced
   Open a separate window with:
   1. Search Path:
      Allows you to specify the location that the scan searches
   2. Path:
      Allows you to specify the output location of the wsscan.log

Apply To Version:

Enterprise Edition and Personal Edition

CREDActivate

Location:

CREDActivate is packaged in the installation media as a .zip file and contains all the files necessary to launch the application. CREDActivate can be run with the default parameters (by double-clicking CREDActivate.exe) or with custom parameters.

\Clients\DDPE\CREDActive

The following four files must be placed on the computer, anywhere in the file system, for it CREDActivate to run:

• CREDActivate.exe

• CCK.dll

• CCK.mac

• options.xml

Function:

CREDActivate is an alternative to the integrated activation method. This application provides a mechanism to allow remote, occasionally connected users to activate the client on a computer after the initial login. This application can be used as part of a larger installation package to automate user activations.

Apply To Version:

Enterprise Edition and Personal Edition

To contact support, reference Dell Data Security International Support Phone Numbers.
Go to TechDirect to generate a technical support request online.
For additional insights and resources, join the Dell Security Community Forum.

• Download the latest Dell Data Protection | Encryption documentation from the Dell Data Protection | Encryption support site.