Dell Data Protection | Endpoint Security Suite Enterprise

Dell Data Protection | Endpoint Security Suite Enterprise

Advanced Installation Guide v1.4

Notes, cautions, and warnings

NOTE: A NOTE indicates important information that helps you make better use of your product.

CAUTION: A CAUTION indicates either potential damage to hardware or loss of data and tells you how to avoid the problem.

WARNING: A WARNING indicates a potential for property damage, personal injury, or death.

? 2017 Dell Inc. All rights reserved.Dell, EMC, and other trademarks are trademarks of Dell Inc. or its subsidiaries. Other trademarks may be trademarks of their respective owners. Registered trademarks and trademarks used in the Dell Data Protection Encryption, Endpoint Security Suite, Endpoint Security Suite Enterprise, and Dell Data Guardian suite of documents: DellTM and the Dell logo, Dell PrecisionTM, OptiPlexTM, ControlVaultTM, LatitudeTM, XPS?, and KACETM are trademarks of Dell Inc. Cylance?, CylancePROTECT, and the Cylance logo are registered trademarks of Cylance, Inc. in the U.S. and other countries. McAfee? and the McAfee logo are trademarks or registered trademarks of McAfee, Inc. in the US and other countries. Intel?, Pentium?, Intel Core Inside Duo?, Itanium?, and Xeon? are registered trademarks of Intel Corporation in the U.S. and other countries. Adobe?, Acrobat?, and Flash? are registered trademarks of Adobe Systems Incorporated. Authen Tec? and Eikon? are registered trademarks of Authen Tec. AMD? is a registered trademark of Advanced Micro Devices, Inc. Microsoft?, Windows?, and Windows Server?, Internet Explorer?, MS-DOS?, Windows Vista?, MSN?, ActiveX?, Active Directory?, Access?, ActiveSync?, BitLocker?, BitLocker To Go?, Excel?, Hyper-V?, Silverlight?, Outlook?, PowerPoint?, OneDrive?, SQL Server?, and Visual C++? are either trademarks or registered trademarks of Microsoft Corporation in the United States and/or other countries. VMware? is a registered trademark or trademark of VMware, Inc. in the United States or other countries. Box? is a registered trademark of Box. DropboxSM is a service mark of Dropbox, Inc. GoogleTM, AndroidTM, GoogleTM ChromeTM, GmailTM, YouTube?, and GoogleTM Play are either trademarks or registered trademarks of Google Inc. in the United States and other countries. Apple?, Aperture?, App StoreSM, Apple Remote DesktopTM, Apple TV?, Boot CampTM, FileVaultTM, iCloud?SM, iPad?, iPhone?, iPhoto?, iTunes Music Store?, Macintosh?, Safari?, and Siri? are either servicemarks, trademarks, or registered trademarks of Apple, Inc. in the United States and/or other countries. GO ID?, RSA?, and SecurID? are registered trademarks of Dell EMC. EnCaseTM and Guidance Software? are either trademarks or registered trademarks of Guidance Software. Entrust? is a registered trademark of Entrust?, Inc. in the United States and other countries. InstallShield? is a registered trademark of Flexera Software in the United States, China, European Community, Hong Kong, Japan, Taiwan, and United Kingdom. Micron? and RealSSD? are registered trademarks of Micron Technology, Inc. in the United States and other countries. Mozilla? Firefox? is a registered trademark of Mozilla Foundation in the United States and/or other countries. iOS? is a trademark or registered trademark of Cisco Systems, Inc. in the United States and certain other countries and is used under license. Oracle? and Java? are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of their respective owners. SAMSUNGTM is a trademark of SAMSUNG in the United States or other countries. Seagate? is a registered trademark of Seagate Technology LLC in the United States and/or other countries. Travelstar? is a registered trademark of HGST, Inc. in the United States and other countries. UNIX? is a registered trademark of The Open Group. VALIDITYTM is a trademark of Validity Sensors, Inc. in the United States and other countries. VeriSign? and other related marks are the trademarks or registered trademarks of VeriSign, Inc. or its affiliates or subsidiaries in the U.S. and other countries and licensed to Symantec Corporation. KVM on IP? is a registered trademark of Video Products. Yahoo!? is a registered trademark of Yahoo! Inc. This product uses parts of the 7-Zip program. The source code can be found at 7-. Licensing is under the GNU LGPL license + unRAR restrictions (license.txt).

Endpoint Security Suite Enterprise Advanced Installation Guide 2017 - 05

Rev. A02

Contents

1 Introduction....................................................................................................................................................7 Before You Begin................................................................................................................................................................ 7 Using This Guide................................................................................................................................................................ 8 Contact Dell ProSupport................................................................................................................................................... 8

2 Requirements............................................................................................................................................... 10 All Clients........................................................................................................................................................................... 10 All Clients - Prerequisites........................................................................................................................................... 10 All Clients - Hardware.................................................................................................................................................10 All Clients - Language Support.................................................................................................................................. 11 Encryption Client............................................................................................................................................................... 11 Encryption Client Prerequisites................................................................................................................................. 12 Encryption Client Hardware.......................................................................................................................................12 Encryption Client Operating Systems...................................................................................................................... 12 External Media Shield (EMS) Operating Systems..................................................................................................12 Server Encryption Client..................................................................................................................................................13 Server Encryption Client Prerequisites.................................................................................................................... 14 Server Encryption Client Hardware..........................................................................................................................14 Server Encryption Client Operating Systems..........................................................................................................14 External Media Shield (EMS) Operating Systems..................................................................................................15 Advanced Threat Prevention Client............................................................................................................................... 16 Advanced Threat Prevention Operating Systems.................................................................................................. 16 Advanced Threat Prevention Ports.......................................................................................................................... 16 BIOS Image Integrity Verification..............................................................................................................................16 SED Client..........................................................................................................................................................................17 OPAL Drivers............................................................................................................................................................... 17 SED Client Prerequisites............................................................................................................................................ 18 SED Client Hardware..................................................................................................................................................18 SED Client Operating Systems................................................................................................................................. 19 Advanced Authentication Client..................................................................................................................................... 19 Advanced Authentication Client Hardware.............................................................................................................20 Advanced Authentication Client Operating Systems............................................................................................ 20 BitLocker Manager Client................................................................................................................................................ 21 BitLocker Manager Client Prerequisites...................................................................................................................21 BitLocker Manager Client Operating Systems........................................................................................................21 Authentication Options................................................................................................................................................... 22 Encryption Client........................................................................................................................................................22 SED Client................................................................................................................................................................... 23 BitLocker Manager.....................................................................................................................................................24

3 Registry Settings......................................................................................................................................... 25 Encryption Client Registry Settings...............................................................................................................................25 Advanced Threat Prevention Client Registry Settings................................................................................................28

Dell Data Protection | Endpoint Security Suite Enterprise

3

Contents

SED Client Registry Settings..........................................................................................................................................29 Advanced Authentication Client Registry Settings...................................................................................................... 31 BitLocker Manager Client Registry Settings................................................................................................................. 31

4 Install Using the ESSE Master Installer........................................................................................................ 33 Install Interactively Using the ESSE Master Installer................................................................................................... 33 Install by Command Line Using the ESSE Master Installer.........................................................................................36

5 Uninstall Using the ESSE Master Installer....................................................................................................39 Uninstall the ESSE Master Installer............................................................................................................................... 39 Command Line Uninstallation................................................................................................................................... 39

6 Install Using the Child Installers................................................................................................................... 40 Install Drivers..................................................................................................................................................................... 41 Install Encryption Client................................................................................................................................................... 41 Command Line Installation.........................................................................................................................................41 Install Server Encryption Client...................................................................................................................................... 43 Install Server Encryption Interactively..................................................................................................................... 44 Install Server Encryption Using the Command Line.............................................................................................. 47 Activate Server Encryption.......................................................................................................................................49 Install Advanced Threat Prevention Client.....................................................................................................................51 Command Line Installation........................................................................................................................................52 Install Web Protection and Firewall................................................................................................................................53 Command Line Installation........................................................................................................................................53 Install SED Management and Advanced Authentication Clients............................................................................... 54 Command Line Installation........................................................................................................................................55 Install BitLocker Manager Client.................................................................................................................................... 55 Command Line Installation........................................................................................................................................55

7 Uninstall Using the Child Installers............................................................................................................... 57 Uninstall Web Protection and Firewall........................................................................................................................... 58 Command Line Uninstallation................................................................................................................................... 58 Uninstall Encryption and Server Encryption Client......................................................................................................58 Process........................................................................................................................................................................58 Command Line Uninstallation................................................................................................................................... 59 Uninstall Advanced Threat Prevention..........................................................................................................................60 Command Line Uninstallation...................................................................................................................................60 Uninstall SED and Advanced Authentication Clients...................................................................................................60 Process........................................................................................................................................................................ 61 Deactivate the PBA.................................................................................................................................................... 61 Uninstall SED Client and Advanced Authentication Clients...................................................................................61 Uninstall BitLocker Manager Client............................................................................................................................... 62 Command Line Uninstallation................................................................................................................................... 62

8 Commonly Used Scenarios.......................................................................................................................... 63 Encryption Client, Advanced Threat Prevention, and Advanced Authentication.................................................... 64 SED Client (including Advanced Authentication) and External Media Shield.......................................................... 65

4

Dell Data Protection | Endpoint Security Suite Enterprise

Contents

BitLocker Manager and External Media Shield............................................................................................................ 65 BitLocker Manager and Advanced Threat Prevention................................................................................................ 66

9 Provision a Tenant for Advanced Threat Prevention..................................................................................... 67 Provision a Tenant............................................................................................................................................................ 67

10 Configure Advanced Threat Prevention Agent Auto Update........................................................................ 71

11 Pre-Installation Configuration for One-time Password, SED UEFI, and BitLocker........................................72 Initialize the TPM..............................................................................................................................................................72 Pre-Installation Configuration for UEFI Computers..................................................................................................... 72 Enable Network Connectivity During UEFI Preboot Authentication................................................................... 72 Disable Legacy Option ROMs................................................................................................................................... 73 Pre-Installation Configuration to Set Up a BitLocker PBA Partition.......................................................................... 73

12 Set GPO on Domain Controller to Enable Entitlements............................................................................... 74

13 Extract the Child Installers from the ESSE Master Installer........................................................................ 77

14 Configure Key Server for Uninstallation of Encryption Client Activated Against EE Server.........................78 Services Panel - Add Domain Account User.................................................................................................................78 Key Server Config File - Add User for EE Server Communication............................................................................ 79 Sample Configuration File......................................................................................................................................... 80 Services Panel - Restart Key Server Service............................................................................................................... 80 Remote Management Console - Add Forensic Administrator....................................................................................80

15 Use the Administrative Download Utility (CMGAd).................................................................................... 82 Use the Administrative Download Utility in Forensic Mode........................................................................................82 Use the Administrative Download Utility in Admin Mode........................................................................................... 84

16 Configure Server Encryption...................................................................................................................... 86 Enable Server Encryption............................................................................................................................................... 86 Customize Activation Logon Dialog............................................................................................................................... 86 Set Server Encryption EMS Policies..............................................................................................................................87 Suspend an Encrypted Server Instance........................................................................................................................ 87

17 Troubleshooting.......................................................................................................................................... 89 All Clients - Troubleshooting........................................................................................................................................... 89 Encryption and Server Encryption Client Troubleshooting......................................................................................... 89 Upgrade to the Windows 10 Anniversary Update..................................................................................................89 Activation on a Server Operating System...............................................................................................................89 (Optional) Create an Encryption Removal Agent Log File.................................................................................... 92 Find TSS Version........................................................................................................................................................93 EMS and PCS Interactions....................................................................................................................................... 93 Use WSScan...............................................................................................................................................................93 Use WSProbe............................................................................................................................................................. 97 Check Encryption Removal Agent Status...............................................................................................................98 Advanced Threat Prevention Client Troubleshooting..................................................................................................99

Dell Data Protection | Endpoint Security Suite Enterprise

5

Contents

 ................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download