- Notes, cautions, and warnings
- Introduction
- Requirements
- Registry Settings
- Install Using the Master Installer
- Uninstall the Master Installer
- Install Using the Child Installers
- Uninstall Using the Child Installers
- Data Security Uninstaller
- Commonly Used Scenarios
- Provision a Tenant
- Configure Advanced Threat Prevention Agent Auto Update
- Pre-Installation Configuration for SED UEFI, and BitLocker Manager
- Designate the Dell Server through Registry
- Extract Child Installers
- Configure Key Server
- Use the Administrative Download Utility (CMGAd)
- Configure Encryption on a Server Operating System
- Configure Deferred Activation
- Troubleshooting
- Glossary
Dell Endpoint Security Suite Enterprise Advanced Installation Guide v3.8
Activate
- Ensure that the computer name of the server is the endpoint name to display in the Management Console.
- An interactive user with domain administrator credentials must log on to the server at least once for the purpose of the initial activation. The logged on user can be of any type - domain or non-domain, remote desktop-connected or interactive user at the server, but activation requires domain administrator credentials.
- Following the restart after installation, the Activation dialog displays. The administrator must enter domain administrator credentials with a user name in User Principal Name (UPN) format. Encryption of server operating systems does not activate automatically.
- During initial activation, a virtual server user account is created. After initial activation, the computer is restarted so that device activation can begin.
During the authentication and device activation phase, the computer is assigned a unique Machine ID, encryption keys are created and bundled, and a relationship is established between the encryption key bundle and the virtual server user. The encryption key bundle associates the encryption keys and policies with the new virtual server user to create an unbreakable relationship between the encrypted data, the specific computer, and the virtual server user. After device activation, the virtual server user displays in the Management Console as SERVER-USER@<fully qualified server name>. For more information about activation, see Activation on a Server Operating System.
NOTE:
If you rename the server after activation, its display name does not change in the Management Console. However, if Encryption of server operating systems activates again after the server name is changed, the new server name will then display in the Management Console.
An Activation dialog displays once after each restart to prompt the user to activate Encryption on a server operating system. To complete activation, follow these steps:
- Log on to the server either at the server or through Remote Desktop Connection.
Enter the user name of a domain administrator in UPN format and password and click Activate. This is the same Activation dialog that displays each time an unactivated system is restarted.
The Dell Server issues an encryption key for the Machine ID, creates the virtual server user account, creates an encryption key for the user account, bundles the encryption keys, and creates the relationship between the encryption bundle and the virtual server user account.
Click Close.
After activation, encryption begins.
After the encryption sweep has finished, restart the computer to process any files that were previously in use. This is an important step for security purposes.
NOTE:If the Secure Windows Credentials policy is enabled, Encryption of server operating systems encrypts the \Windows\system32\config files, which includes Windows credentials. The files in \Windows\system32\config are encrypted even if the SDE Encryption Enabled policy is disabled. By default, the Secure Windows Credentials policy is selected.
NOTE:After restarting the computer, authentication to the Common encryption key always requires the protected server's Machine key. The Dell Server returns an unlock key to access the encryption keys and policies in the vault (The keys and policies are for the server, not for the user). Without the server's Machine key, the Common encryption key cannot be unlocked, and the computer cannot receive policy updates.
Confirm Activation
From the local console, open the About dialog to confirm that Encryption of server operating systems is installed, authenticated, and in Server mode. If the Encryption Client ID is red, encryption has not yet been activated.
Virtual Server User
- In the Management Console, a protected server can be found under its machine name. In addition, each protected server has its own virtual server user account. Each account has a unique static user name and unique machine name.
- The virtual server user account is only used by Encryption on server operating systems and is otherwise transparent to the operation of the protected server. The virtual server user is associated with the encryption key bundle and the Policy Proxy.
- After activation, the virtual server user account is the user account that is activated and associated with the server.
- After the virtual server user account is activated, all server logon/logoff notifications are ignored. Instead, during startup, the computer automatically authenticates with the virtual server user, and then downloads the Machine key from the Dell Server.
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please select whether the article was helpful or not.
Comments cannot contain these special characters: <>()\