- Notes, cautions, and warnings
- Introduction
- Requirements
- Registry Settings
- Install Using the Master Installer
- Uninstall the Master Installer
- Install Using the Child Installers
- Uninstall Using the Child Installers
- Data Security Uninstaller
- Commonly Used Scenarios
- Provision a Tenant
- Configure Advanced Threat Prevention Agent Auto Update
- Pre-Installation Configuration for SED UEFI, and BitLocker Manager
- Designate the Dell Server through Registry
- Extract Child Installers
- Configure Key Server
- Use the Administrative Download Utility (CMGAd)
- Configure Encryption on a Server Operating System
- Configure Deferred Activation
- Troubleshooting
- Glossary
Dell Endpoint Security Suite Enterprise Advanced Installation Guide v3.8
BitLocker Manager
- Consider reviewing Microsoft BitLocker requirements if BitLocker is not yet deployed in your environment,
- Ensure that the PBA partition is already set up. If BitLocker Manager is installed before the PBA partition is set up, BitLocker cannot be enabled and BitLocker Manager will not be operational. See Pre-Installation Configuration to Set Up a BitLocker PBA Partition.
- A Dell Server is required to use BitLocker Manager.
- Ensure a signing certificate is available within the database. For more information, see KB article 124931.
- The keyboard, mouse, and video components must be directly connected to the computer. Do not use a KVM switch to manage peripherals as the KVM switch can interfere with the computer's ability to properly identify hardware.
- Turn on and enable the TPM. BitLocker Manager takes ownership of the TPM and does not require a reboot. However, if a TPM ownership already exists, BitLocker Manager begins the encryption setup process (no restart is required). The point is that the TPM must be owned and enabled.
- The BitLocker Manager uses the approved AES FIPS validated algorithms if FIPS mode is enabled for the GPO security setting "System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing" on the device and you manage that device via our product. BitLocker Manager does not force this mode as default for BitLocker-encrypted clients because Microsoft now suggests customers not use their FIPS validated encryption due to numerous issues with application compatibility, recovery, and media encryption: http://blogs.technet.com.
- BitLocker Manager is not supported with Encryption of server operating systems or Advanced Threat Prevention on a server operating system.
-
When using a Remote Desktop connection with an endpoint leveraging BitLocker Manager, Dell recommends running any Remote Desktop sessions in console mode to avoid any UI interaction issues with the existing user session via the following command:
mstsc /admin /v:<target_ip_address>
-
The master installer installs these components if not already installed on the target computer. When using the child installer, you must install these components before installing the clients.
Prerequisite
-
Visual C++ 2017 or later Redistributable Package (x86 or x64)
-
As of January 2020, SHA1 signing certificates are no longer valid and cannot be renewed. Devices running Windows Server 2008 R2 must install Microsoft KBs https://support.microsoft.com/help/4474419 and https://support.microsoft.com/help/4490628 to validate SHA256 signing certificates on applications and installation packages.
Applications and installation packages signed with SHA1 certificates will function but an error will display on the endpoint during installation or execution of the application without these updates installed
-
-
NOTE:Computers protected by Bitlocker Manager must be updated to Windows 10 v1703 (Creators Update/Redstone 2) or later before updating to Windows 10 v1903 (May 2019 Update/19H1) or later. If this upgrade path is attempted, an error message displays.
-
NOTE:In-place operating system upgrades to a newer version - such as Windows 10 - to Windows 11 is not supported.
Hardware
-
The following table details supported hardware.
Optional Embedded Hardware
- TPM 1.2 or 2.0
Operating Systems
-
The following tables detail supported operating systems.
Windows Operating Systems
- Windows 10: Education, Enterprise, Pro v1909-v22H2 (November 2019 Update/19H2 - November 2022 Update/22H2)
Note: OEMs and ODMs do not ship Windows 10 v2004 (May 2020 Update/20H1 and later) with 32-bit architecture. For more information, see https://docs.microsoft.com/windows-hardware/design/minimum/minimum-hardware-requirements-overview.
- Windows 10 2019 LTSC
- Windows 10 2021 LTSC
- Windows 11: Enterprise, Pro v21H2 - 22H2
Windows Server Operating Systems
- Windows Server 2008 R2: Standard Edition, Enterprise Edition (64-bit)
- Windows Server 2012 R2: Standard Edition, Enterprise Edition (64-bit)
- Windows Server 2016: Standard Edition, Datacenter Edition (64-bit)
- Windows Server 2019: Standard Edition, Datacenter Edition (64-bit)
- Windows Server 2022: Standard Edition, Datacenter Edition
- Windows 10: Education, Enterprise, Pro v1909-v22H2 (November 2019 Update/19H2 - November 2022 Update/22H2)
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please select whether the article was helpful or not.
Comments cannot contain these special characters: <>()\