What is SDUser in Dell Encryption

Affected Products:

• Dell Encryption
• Dell Data Protection | Encryption

Affected Versions:

• v7.3 and Later

SDUser is a key type that employees Dell Encryption to protect documents a step further than our System Data Encryption key. When the policy of Encrypt User Profile Documents is enabled, yet Common and User Key encryption is not enabled for the user then SDUser is applied to any data within the %USERPROFILE% environment variable. The SDUser key is unlocked only when an authenticated (activated) user logs in to the device, being SDUser a special SDE key.

WSScan can be leveraged to determine if SDUser is enabled on a device.

WSScan outputs a log line similar to this for an SDUser encrypted file:

User.suvg8u7p._SDUser_: "C:\Users\Public\Documents\desktop.ini" is still AES256 encrypted.

To disable the usage and unlock requirements of SDUser on the device, add this registry key:

[HKEY_LOCAL_MACHINE\SOFTWARE\Credant\CMGShield]
"EnableSDUserKeyUsage"=dword:00000000

Dell Technologies recommends disabling this functionality only in specific situations such as an unattended installation where SDUser encrypted files under the user profile must be accessible to the installer even if no user is logged on the machine.

To contact support, reference Dell Data Security International Support Phone Numbers.
Go to TechDirect to generate a technical support request online.
For additional insights and resources, join the Dell Security Community Forum.