How to Prevent External access for Dell Data Protection External Media Edition
Summary: When using external media outside the company infrastructure, you can prevent access to encrypted data using Dell Encryption External Media (formerly Dell Data Protection | External Media Edition). ...
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Instructions
Affected Products:
- Dell Encryption External Media
- Dell Encryption Enterprise Shield
- Dell Data Protection | External Media Edition
- Dell Data Protection | Enterprise Edition Shield
Affected Versions:
- v8.5 and Later
Affected Operating Systems:
- Windows
By default, Dell Encryption and Dell Encryption External Media allows any user with the password to access protected media. Before you create the media, environments may prevent external access by modifying the registry on an internal endpoint with Dell Encryption External Media Edition.
Warning: The next step is a Windows Registry edit:
- Back up the Registry before proceeding, reference How to Back Up and Restore the Registry in Windows
.
- Editing the Registry can cause the computer to become unresponsive on the next reboot.
- Contact Dell Data Security International Support Phone Numbers for assistance if you have concerns about performing this step.
To Prevent External Access:
- In the registry, go to:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\CmgShield - Create a
dwordkey called EnterpriseUsage. - Set the value of EnterpriseUsage to 1.
- Reboot the machine.
- On reboot, insert the wanted media to enable this functionality.
External User Experience:
- Protected media that are restricted through this method on a machine without Dell Encryption External Media cannot unlock data that is attempted to be accessed through either EMS Explorer, or if the EMS Service is installed. Selecting either option results in an error that the encrypted data cannot be accessed on this machine.
- Protected media that are restricted through this method on a machine with Dell Encryption External Media does not prompt external users for a password, and prevents access to any data.
To Re-Enable External Access:
- In the registry, go to:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\CmgShield - Set the value of EnterpriseUsage to 0 or remove this registry entry.
- Reboot the machine.
- On reboot, insert the wanted media to disable this functionality.
To Prevent usage of EMS Explorer or the Dell EMS Service on devices without Dell Encryption installed.
- In the managing Dell Security Management Server, modify the policy of EMS Access Encrypted Data on un-Shielded Device.
- This can be found by clicking Populations > Enterprise (or User Group, or User) > Removable Media Encryption > Windows Media Encryption > Show Advanced Settings > set the policy EMS Access Encrypted Data on un-Shielded Device to Block.
- Save this policy change, and then commit. For more information about committing policy changes, reference:
How to Commit Policies for Dell Data Security \ Dell Data Protection Servers
This policy only prevents devices that do not have Dell Encryption or Dell Encryption External Media installed. It does not prevent access to devices that have these products that are installed, but are connected to a different Dell Encryption environment.
To contact support, reference Dell Data Security International Support Phone Numbers.
Go to TechDirect to generate a technical support request online.
For additional insights and resources, join the Dell Security Community Forum.
Affected Products
Dell EncryptionArticle Properties
Article Number: 000124862
Article Type: How To
Last Modified: 03 Jun 2024
Version: 13
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.