Endpoint Security Suite Pro Advanced Installation Guide v1.8

To set the retry interval when the Security Management Server/ Security Management Server Virtual is unavailable to communicate with the SED client, add the following registry value.

[HKLM\System\CurrentControlSet\Services\DellMgmtAgent\Parameters]

"CommErrorSleepSecs"=DWORD:300

This value is the number of seconds the SED client waits to attempt to contact the Security Management Server/ Security Management Server Virtual if it is unavailable to communicate with the SED client. The default is 300 seconds (5 minutes).

If a self-signed certificate is used on the Security Management Server/ Security Management Server Virtual for SED management, SSL/TLS trust validation must remain disabled on the client computer (SSL/TLS trust validation is disabled by default with SED management). Before enabling SSL/TLS trust validation on the client computer, the following requirements must be met.

• A certificate signed by a root authority, such as EnTrust or Verisign, must be imported into Security Management Server/ Security Management Server Virtual.
• The full chain of trust of the certificate must be stored in the Microsoft keystore on the client computer.

• To enable SSL/TLS trust validation for SED management, change the value of the following registry entry to 0 on the client computer.

  [HKLM\System\CurrentControlSet\Services\DellMgmtAgent\Parameters]

  "DisableSSLCertTrust"=DWORD:0

  0 = Enabled

  1 = Disabled

To use smart cards with Windows Authentication, the following registry value must be set on the client computer.

[HKLM\SOFTWARE\DigitalPersona\Policies\Default\SmartCards]

"MSSmartcardSupport"=DWORD:1

To use smart cards with Preboot Authentication, the following registry value must be set on the client computer. Also set the Authentication Method policy to Smart Card in the Remote Management Console, and commit the change.

[HKLM\SOFTWARE\DigitalPersona\Policies\Default\SmartCards]

"MSSmartcardSupport"=DWORD:1

To determine if the PBA is activated, ensure that the following value is set:

[HKLM\SYSTEM\CurrentControlSet\services\DellMgmtAgent\Parameters]

"PBAIsActivated"=DWORD (32-bit):1

A value of 1 means that the PBA is activated. A value of 0 means the PBA is not activated.

To set the interval at which the SED client will attempt to contact the Security Management Server/ Security Management Server Virtual when it is unavailable to communicate with the SED client, set the following value on the client computer:

[HKLM\System\CurrentControlSet\Services\DellMgmtAgent\Parameters]

"CommErrorSleepSecs"=DWORD Value:300

This value is the number of seconds the SED client waits to attempt to contact the Security Management Server/ Security Management Server Virtual if it is unavailable to communicate with the SED client. The default is 300 seconds (5 minutes).

The Security Server host may be changed from the original installation location if needed. The host information is read by the client computer every time a policy poll occurs. Change the following registry value on the client computer:

[HKLM\SYSTEM\CurrentControlSet\services\DellMgmtAgent]

"ServerHost"=REG_SZ:<newname>.<organization>.com

The Security Server port may be changed from the original installation location if needed. This value is read by the client computer every time a policy poll occurs. Change the following registry value on the client computer:

[HKLM\SYSTEM\CurrentControlSet\services\DellMgmtAgent]

ServerPort=REG_SZ:8888

The Security Server URL may be changed from the original install location if needed. This value is read by the client computer every time a policy poll occurs. Change the following registry value on the client computer:

[HKLM\SYSTEM\CurrentControlSet\services\DellMgmtAgent]

"ServerUrl"=REG_SZ:https://<newname>.<organization>.com:8888/agent