Article Number: 000131588
Dell Encryption 外部介质对话框自定义
Summary: 本文介绍如何使用 XML 文件自定义 Dell Encryption External Media(以前称为 Dell Data Protection | External Media Edition)。
Article Content
Symptoms
受影响的产品:
- Dell Data Protection | External Media Edition
- Dell Encryption External Media
Cause
不适用
Resolution
自定义 EMS 对话框
工作原理
名为 EMSStrings.xml 的 XML 文件用于自定义 EMS 对话框。文件必须放置在 C:\Windows\System32 中,才能应用自定义。从具有自定义对话框的计算机调配的任何设备都已将 EMSStrings.xml 文件添加到 _Encryption_Data_Do_Not_Delete_ 文件,因此自定义操作通过设备进行。
自定义按以下顺序应用:
- 如果受保护设备具有 EMSStrings.xml 文件,则使用该文件。
- 如果没有,则将文件置于 C:\Windows\System32 中(如果存在)。
- 对于 v8.18 及更高版本,将文件置于 C:\Program Files\Dell\Dell Data Protection\Encryption 中。
XML 文件何时在设备上更新?
每当设备经过身份验证并且所有者登录时,XML 文件将使用 C:\Windows\System32 中的文件进行更新。
如果 XML 文件已更新,何时应用更改?
编辑 C:\Windows\System32 中的文件后,新文本将在下次插入设备时应用。请记住,如果加密设备仍具有较旧的 XML 文件,我们会使用该文件,但最终会更新设备中的 XML 文件。
是否涉及 EE 服务器或 VE 服务器?
否,EE 服务器或 VE 服务器不提供 XML 文件。XML 文件可以使用组织可用的任何推送技术推送到客户端计算机。
XML 文件的格式是什么?
版本元素
版本元素定义客户端版本。版本元素仅用于日志记录。
8.x.x 1.0
语言集
语言集是针对特定语言的对话框自定义。
languageId 定义由 Windows 定义的目标主要语言。在这种情况下,0x00 定义默认语言集。如果找到用户当前的 MUI 语言,我们使用该语言。如果没有,我们使用默认语言 (0x00)。
以下语言 ID 可用:
| LANG_NEUTRAL 0x00 LANG_ARMENIAN 0x2b LANG_BELARUSIAN 0x23 LANG_CHINESE 0x04 LANG_DIVEHI 0x65 LANG_FAEROESE 0x38 LANG_GALICIAN 0x56 LANG_GUJARATI 0x47 LANG_ICELANDIC 0x0f LANG_KANNADA 0x4b LANG_KOREAN 0x12 LANG_MACEDONIAN 0x2f LANG_MARATHI 0x4e LANG_ORIYA 0x48 LANG_ROMANIAN 0x18 LANG_SINDHI 0x59 LANG_SWAHILI 0x41 LANG_TATAR 0x44 LANG_UKRAINIAN 0x22 |
LANG_AFRIKAANS 0x36 LANG_ASSAMESE 0x4d LANG_BENGALI 0x45 LANG_CROATIAN 0x1a LANG_DUTCH 0x13 LANG_FARSI 0x29 LANG_GEORGIAN 0x37 LANG_HEBREW 0x0d LANG_INDONESIAN 0x21 LANG_KASHMIRI 0x60 LANG_KYRGYZ 0x40 LANG_MALAY 0x3e LANG_MONGOLIAN 0x50 LANG_POLISH 0x15 LANG_RUSSIAN 0x19 LANG_SLOVAK 0x1b LANG_SWEDISH 0x1d LANG_TELUGU 0x4a LANG_URDU 0x20 |
LANG_ALBANIAN 0x1c LANG_AZERI 0x2c LANG_BULGARIAN 0x02 LANG_CZECH 0x05 LANG_ENGLISH 0x09 LANG_FINNISH 0x0b LANG_GERMAN 0x07 LANG_HINDI 0x39 LANG_ITALIAN 0x10 LANG_KAZAK 0x3f LANG_LATVIAN 0x26 LANG_MALAYALAM 0x4c LANG_NEPALI 0x61 LANG_PORTUGUESE 0x16 LANG_SANSKRIT 0x4f LANG_SLOVENIAN 0x24 LANG_SYRIAC 0x5a LANG_THAI 0x1e LANG_UZBEK 0x43 |
LANG_ARABIC 0x01 LANG_BASQUE 0x2d LANG_CATALAN 0x03 LANG_DANISH 0x06 LANG_ESTONIAN 0x25 LANG_FRENCH 0x0c LANG_GREEK 0x08 LANG_HUNGARIAN 0x0e LANG_JAPANESE 0x11 LANG_KONKANI 0x57 LANG_LITHUANIAN 0x27 LANG_MANIPURI 0x58 LANG_NORWEGIAN 0x14 LANG_PUNJABI 0x46 LANG_SERBIAN 0x1a LANG_SPANISH 0x0a LANG_TAMIL 0x49 LANG_TURKISH 0x1f LANG_VIETNAMESE 0x2a |
对话框自定义 XML 元素
对话框 XML 元素用于自定义对话框。以下是基本对话框自定义条目的示例:
Ask to Shield unprotected media.[EndState: ALL]
id 属性
每个对话框自定义元素都需要一个 id 属性,用于定义要自定义的对话框。下面的屏幕截图表定义了对话框 ID。
endState 属性
某些对话框支持 endState 属性。此属性可用于为特定对话框提供不同的自定义,如果用户不继续此过程,该属性可能会因设备的最终状态而异。例如,A-1 对话框可以有三个不同的条目,每个最终状态各一个:
blocked"> Ask to Shield unprotected media.[EndState: BLOCKED] Link to more info about encryption or being blocked... readonly"> Ask to Shield unprotected media.[EndState: READ-ONLY] fullaccess"> Ask to Shield unprotected media.[EndState: FULL ACCESS]
提醒:
- 是 XML 编码的回车。
- 如果未指定 endState 属性,则该条目将用于所有可能的最终状态。
message 子元素
Message 元素用于自定义对话框的主要消息。
link 子元素
link 元素仅受 A-? 对话框支持。允许在对话框中添加 URL 链接。它采用以下格式:
Link to more info about encryption or the end state...
其中 url 属性指定链接,内部文本指定要显示的可单击消息。
iForgot 子元素
iForgot 元素仅受 C-1 和 C-2 对话框支持。它指定用户按 I Forgot 按钮时显示的消息。
fusWarningChild 元素
fusWarning 元素仅受 C-1 和 C-2 对话框支持。如果用户在多个用户登录到工作站时尝试对设备进行身份验证,它会显示。此元素明确指出存在安全风险。
cancelWarning 子元素
cancelWarning 元素仅受 F-1 对话框支持。它指定用户取消手动身份验证时显示的消息。
| 对话框 ID | 屏幕截图 | 描述 | 支持的自定义 | ||
|---|---|---|---|---|---|
| Blocked | 只读访问 | 完全访问 | |||
| A-1 |  图 1:(仅限英文)已找到未受保护的介质 |
 图 2:(仅限英文)已找到未受保护的介质 |
 图 3:(仅限英文)已找到未受保护的介质 |
要求保护未受保护的介质。如果用户单击 No,设备将处于未保护状态,并且访问权限取决于 Access To un-Shielded Media 策略。 | endState 消息 |
| A-2 |  图 4:(仅限英文)升级外部介质设备保护 |
 图 5:(仅限英文)升级外部介质设备保护 |
 图 6:(仅限英文)升级外部介质设备保护 |
如果设备受 5.3 之前版本的 EMS 保护,则会显示此对话框以询问用户是否要升级到 EMS。仅当可以根据新的漫游规则使用当前用户/计算机组合升级设备时,才会显示此消息。 | endState 消息 |
| A-3 |  图 7:(仅限英文)External Media Shield 恢复 |
 图 8:(仅限英文)External Media Shield 恢复 |
 图 9:(仅限英文)External Media Shield 恢复 |
当必须还原计算机中的关键材料时,将显示此对话框。由于手动身份验证失败、用户篡改或设备损坏,它可能已被删除。需要重置关键材料的策略更改也会触发此机制。 | endState 消息链接 |
| B-1 |  图 10:(仅限英文)输入新密码 |
 图 11:(仅限英文)输入新密码 |
 图 12:(仅限英文)输入新密码 |
当设备被保护或恢复时,将显示此对话框。 | endState 消息 |
| B-2 |  图 13:(仅限英文)输入新密码 |
 图 14:(仅限英文)输入新密码 |
 图 15:(仅限英文)输入新密码 |
在用户输入不符合管理员设置的限制的密码后显示。 | endState 消息 |
| B-3 |  图 16:(仅限英文)密码重置 |
 图 17:(仅限英文)密码重置 |
 图 18:(仅限英文)密码重置 |
必须再次设置设备密码(通常是手动身份验证的结果)时显示对话框。在这种情况下,取消会使设备处于策略驱动状态。 | endState 消息 |
| B-4 |  图 19:(仅限英文)密码重置 |
当提供的密码不符合密码限制时,重新显示密码重置对话框。 | endState 消息 | ||
| B-5 |  图 20:(仅限英文)密码重置 |
将新密码设置为与以前的密码相同后,重新显示密码重置对话框。 | 消息 | ||
| C-1 |  图 21:(仅限英文)输入外部介质密码 |
 图 22:(仅限英文)输入外部介质密码 |
 图 23:(仅限英文)输入外部介质密码 |
当无法进行自动身份验证时,向用户请求设备密码进行密码身份验证。 | endState 消息 iForgot fusWarning |
| C-2 |  图 24:(仅限英文)输入外部介质密码 |
 图 25:(仅限英文)输入外部介质密码 |
 图 26:(仅限英文)输入外部介质密码 |
如果为身份验证提供的密码不正确,我们要求用户重试输入密码。 | endState 消息 iForgot fusWarning |
| D-1 |  图 27:(仅限英文)受保护的外部介质设备 |
在进行清除时显示的 media Shielded 对话框,并且托盘图标将显示。 | 是 | ||
| D-2 |  图 28:(仅限英文)受保护的外部介质设备 |
关闭清除时显示的 media Shielded 对话框。 | 是 | ||
| E-1 |  图 29:(仅限英文)请求的密码更改  图 30:(仅限英文)请求的密码更改 |
当用户要求在设备经过身份验证后更改现有设备密码时显示。 | 是 | ||
| E2 |  图 31:(仅限英文)密码更改错误  图 32:(仅限英文)密码更改错误 |
更改密码失败时(可能由于当前密码不正确),重新显示密码更改对话框。 | 是 | ||
| E-3 |  图 33:(仅限英文)密码更改错误  图 34:(仅限英文)密码更改错误 |
当新密码不符合管理密码限制时,重新显示密码更改对话框。 | 是 | ||
| E-4 |  图 35:(仅限英文)需要密码更改  图 36:(仅限英文)需要更改密码 |
当前密码不再满足新策略要求时,显示密码更改对话框。 | 是 | ||
| F-1 |  图 37:(仅限英文)外部介质设备手动身份验证  图 38:(仅限英文)确认取消手动身份验证 |
当用户无法输入密码的次数达到策略定义的次数时显示。 | 是 | ||
| F-2 |  图 39:(仅限英文)外部介质设备手动身份验证  图 40:(仅限英文)确认取消手动身份验证 |
当用户无法输入密码的次数达到策略定义的次数时显示。在这种情况下,VolumeInfo.xml 文件丢失或损坏。 | 在自定义方面,这与 F-1 相同。 | ||
| G-1 |  图 41:(仅限英文)External Media Shield |
当密钥材料丢失,但机器/用户组合不允许我们恢复设备时显示。告知用户在原始用户(如果漫游)登录以恢复密钥材料的受保护计算机中插入设备。如果不漫游,则需要完整的计算机/用户匹配才能恢复! | 是 | ||
| G-2 |  图 42:(仅限英文)External Media Shield |
当设备受 CMG 5.3 之前版本的保护并且无法升级时显示,因为它不在原始用户下的原始计算机中。 | 是 | ||
| G-3 |  图 43:(仅限英文)External Media Shield |
 图 44:(仅限英文)External Media Shield |
 图 45:(仅限英文)External Media Shield |
当介质(软盘)太小而不允许 EMS 保护时显示。 | 是 |
| G-4 |  图 46:(仅限英文)External Media Shield |
 图 47:(仅限英文)External Media Shield |
 图 48:(仅限英文)External Media Shield |
当设备没有足够的可用空间来 EMS 保护设备时显示。 | 是 |
| G-5 |  图 49:(仅限英文)External Media Shield |
当设备的关键材料丢失并且由于无法检索 Shield ID 而无法从中恢复时显示。 | 是 | ||
| G-6 |  图 50:(仅限英文)External Media Shield |
当策略不允许在没有安装 Shield 的情况下访问加密介质时显示。 | 是 | ||
| G-7 |  图 51:(仅限英文)External Media Shield |
如果用户将手持 EMS 设备插入 Windows EMS 保护的计算机,则显示。 | 是 | ||
| G-8 |  图 52:(仅限英文)External Media Shield |
由于手动身份验证失败而删除关键材料时显示。这由策略控制。 | 是 | ||
| G-9 |  图 53:(仅限英文)External Media Shield |
当设备因手动身份验证失败而进入冷却期时显示。这由策略控制。 | 是 | ||
| G-10 |  图 54:(仅限英文)External Media Shield |
警告用户,当策略需要时,只读设备无法被保护。 | 是 | ||
| G-11 |  图 55:(仅限英文)External Media Shield |
警告用户设备正在其他计算机中进行升级清除 | 是 | ||
| G-12 |  图 56:(仅限英文)External Media Shield |
无法修复比安装的 EMS 更新的设备。 | 是 | ||
| G-13 |  图 57:(仅限英文)External Media Shield |
卷使用更新、不受支持的 IFF 格式进行加密。介质被阻止。 | 是 | ||
| H-1 |  图 58:(仅限英文)已接受您的 EMS 密码 |
显示气泡或对话框,指示已接受设备密码。 | 是 | ||
| H-2 |  图 59:(仅限英文)驱动器 f:\ 已自动经过身份验证 |
显示气泡,指示设备已在原始保护计算机中自动经过身份验证 | 是 | ||
| I-1 |  图 60:(仅限英文)卷清除正在进行中 |
在清除过程中显示一个动画对话框。EMS 必须显示这一点,因为在完成此步骤之前删除设备会在设备中保留未加密的数据。 | 是 | ||
| I-2 |  图 61:(仅限英文)卷清除正在进行中 |
解密清除期间显示的动画对话框。EMS 必须显示这一点,因为在完成此步骤之前删除设备会在设备中保留未加密的数据。 | 是 | ||
| J-1 |  图 62:(仅限英文)保护外部设备 |
在将 EMS 文件安装到新的受保护设备的过程中使用的进度对话框。不应弹出介质。 | 是 | ||
| J-2 |  图 63:(仅限英文)升级保护外部设备 |
在保护设备中升级 EMS 文件的过程中使用的进度对话框。不应弹出介质。 | 是 | ||
| K-1 |  图 64:(仅限英文)多个用户警告 |
自动验证设备时,用于快速用户切换相关警告的 Yes/No 对话框。 | 是 | ||
XML 示例
8.x.x 1.0 Ask to Shield unprotected media.[EndState: ALL] url="https: www.dell.com">Link to more info about encryption or the end state... Ask to upgrade pre-EMS device (CMG Shielded) to EMS Shielding.[EndState: BLOCKED] url="https: www.dell.com">Link to more info about preEMS devices or being blocked... Ask to upgrade pre-EMS device (CMG Shielded) to EMS Shielding.[EndState: READ-ONLY] Ask to upgrade pre-EMS device (CMG Shielded) to EMS Shielding.[EndState: FULL ACCESS] Ask to restore key material.[EndState: BLOCKED] url="https: www.dell.com">Link to more info about recovery or being blocked... Ask to restore key material.[EndState: READ-ONLY] Ask to restore key material.[EndState: FULL ACCESS] This dialog is shown when a device is Shielded or recovered.[EndState: BLOCKED] This dialog is shown when a device is Shielded or recovered.[EndState: READ-ONLY] This dialog is shown when a device is Shielded or recovered.[EndState: FULL ACCESS] Shown after the user enters a password which does not meet the restrictions placed by the Administrator.[EndState: BLOCKED] Shown after the user enters a password which does not meet the restrictions placed by the Administrator.[EndState: READ-ONLY] Shown after the user enters a password which does not meet the restrictions placed by the Administrator.[EndState: FULL ACCESS] Dialog displayed when the device's password needs to be set again, usually as a result of a manual authentication. In this case a 'Cancel' will leave the device in a policy driven state..[EndState: BLOCKED] Dialog displayed when the device's password needs to be set again, usually as a result of a manual authentication. In this case a 'Cancel' will leave the device in a policy driven state..[EndState: READ-ONLY] Dialog displayed when the device's password needs to be set again, usually as a result of a manual authentication. In this case a 'Cancel' will leave the device in a policy driven state..[EndState: FULL ACCESS] Redisplay the password reset dialog when the password provided did not meet the password restrictions. Redisplay the password reset dialog after setting the new password to be the same as the previous password. Request the device password from user for password authentication when auto authentication is not possible.[EndState: BLOCKED] This is the confirmation that you really want to say 'I Forgot'. If you do you, will need to manually authenticate by contacting an administrator or logging in the owning user. This is the warning about multiple users being logged in which will result in all users having access to the device if it is authenticated! Request the device password from user for password authentication when auto authentication is not possible.[EndState: READ-ONLY] This is the confirmation that you really want to say 'I Forgot'. If you do you, will need to manually authenticate by contacting an administrator or logging in the owning user. This is the warning about multiple users being logged in which will result in all users having access to the device if it is authenticated! Request the device password from user for password authentication when auto authentication is not possible.[EndState: FULL ACCESS] This is the confirmation that you really want to say 'I Forgot'. If you do you, will need to manually authenticate by contacting an administrator or logging in the owning user. This is the warning about multiple users being logged in which will result in all users having access to the device if it is authenticated! If the password provided for authentication was incorrect, we ask the user to retry entering the password.[EndState: BLOCKED] This is the confirmation that you really want to say 'I Forgot'. If you do you, will need to manually authenticate by contacting an administrator or logging in the owning user. This is the warning about multiple users being logged in which will result in all users having access to the device if it is authenticated! If the password provided for authentication was incorrect, we ask the user to retry entering the password.[EndState: READ-ONLY] This is the confirmation that you really want to say 'I Forgot'. If you do you, will need to manually authenticate by contacting an administrator or logging in the owning user. This is the warning about multiple users being logged in which will result in all users having access to the device if it is authenticated! If the password provided for authentication was incorrect, we ask the user to retry entering the password.[EndState: FULL ACCESS] This is the confirmation that you really want to say 'I Forgot'. If you do you, will need to manually authenticate by contacting an administrator or logging in the owning user. This is the warning about multiple users being logged in which will result in all users having access to the device if it is authenticated! The 'media Shielded' dialog displayed after provisioning of a device when sweeping will occur. The 'media Shielded' dialog displayed after provisioning of a device, but *no* sweep will occur. Displayed when the user asks to change the existing device password after a device has been authenticated. Redisplay password change dialog when the change of password fails, probably due to an incorrect current password. Redisplay password change dialog when the new password does not meet administrative password restrictions. Display password change dialog when the current password no longer meets new policy requirements. Shown when the user has failed to enter the password the number of times defined by policy. This text should express the repercusions of cancelling manual authentication! Shown when the key material is lost but the machine/user combination does not allow us to recover the device. Should tell the user to insert the device in a CMG Shielded machine where the original user is logged in (if Roaming) to restore the key material. If not Roaming, we need a full machine/user match to recover. Displayed when an external device was Shielded by CMG (pre-5.3) and cannot be upgraded because its not in the original machine under the original user. Displayed when the media (floppies) is too small to allow EMS Shielding. Displayed when the external device does not have enough free space to EMS Shield the device.[EndState: BLOCKED] Displayed when the external device does not have enough free space to EMS Shield the device.[EndState: READ-ONLY] Displayed when the external device does not have enough free space to EMS Shield the device.[EndState: FULL ACCESS] Shown when a device's key material has been lost and there is no way to recover from it because there is no way to retrieve the Shield ID. Displayed when policy does not allow access of encrypted media w/o the CMG Shield installed. Displayed if the user happens to insert a Handheld EMS device into an Windows EMS Shielded machine. Displayed when the key material is deleted due to a manual authorization failure. This is controlled by policy. Displayed when device has entered a cooldown period due to a manual authorization failure. This is controlled by policy. Warns the user that a read-only device cannot be Shielded when policy requires it. Warns the user that the device was undergoing an upgrade sweep in a different machine. Cannot repair a device newer than the EMS currently installed. Volume is encrypted with an newer, unsupported IFF format. Media is blocked. Shown when a user double-clicks a file in EMSExplorer. It tells them that this feature has been disabled. If during a sweep we fail to encrypt a file due to lack of free space on the device, this dialog is shown. Progress dialog used during the process of installing EMS files into a newly Shielded device. Media *should not* be ejected at this point. Progress dialog used during the process of upgrading EMS files in a shielded device. Media *should not* be ejected at this point. The Yes/No Dialog being used for the Fast User Switching related warning when a device is being autoauthenticated...
要联系支持部门,请参阅 Dell Data Security 国际支持电话号码。
转至 TechDirect,在线生成技术支持请求。
要获得更多见解和资源,请加入戴尔安全社区论坛。
Article Properties
Affected Product
Dell Encryption
Last Published Date
03 Aug 2023
Version
7
Article Type
Solution