How it Works
Dell
Loading...
Data Protection
User Manual
25 pgs378.23 Kb0
Owner's Manual
8 pgs755.38 Kb0
User Manual [ru]
29 pgs264.45 Kb0

Dell Data Protection User Manual

Dell Data Protection | Access Home
The Dell Data Protection | Access home page is the starting point for accessing the features of this application. From this window, you can access the following:
Set up secure Access options Customize Access Options Self-Encrypting Drive Advanced
change password for pre-Windows login) will be displayed on the home page. The available options are shortcuts which, when clicked, take you to the appropriate window for performing a specific task (e.g., changing your pre-Windows password or enrolling another fingerprint).
Set up Secure Access Options
The Set up secure Access options wizard launches automatically the first time the Dell Data Protection | Access application is launched. This wizard will walk you through setting up all
aspects of the security on your system, including how (e.g., password only or fingerprint and password) and when (at Windows, pre-Windows or both) you want to login to the system. In addition, if your system has a self-encrypting drive you can configure it through this wizard.
The Set up secure Access options wizard can also be accessed by clicking the link at the top right of the Access or the Self-Encrypting Drive tab.
Administrator Functions
Users who have been set up with Windows administrator privileges on the system have the rights to perform the following functions in Dell Data Access | Protection, which standard users cannot:
Set / change System (Pre-Windows) password  Set / change Hard Drive password  Set / change Administrator Password  Set / change TPM Owner password  Set / change ControlVault Administrator password  Reset system  Archive and restore credentials  Enable / disable Dell Secure Login to Windows  Set Windows login policy  Manage self-encrypting drives, including:
o Enable / disable self-encrypting drive locking o Enable / disable Windows Password Synchronization (WPS) o Enable / disable Single Sign On (SSO) o Perform a cryptographic erase
Remote Management
Your organization can set up an environment in which the security functions of the Dell Data Protection | Access application on multiple platforms are centrally managed (i.e. remote
management) by Wave Systems' EMBASSY® Remote Administration Server (ERAS). In this case, the Windows security infrastructure, such as Active Directory, can be used to
securely manage specific features of Dell Data Protection | Access. When a computer is remotely managed (e.g. "owned" by the remote administrator), local
administration of the Dell Data Protection | Access functionality will be disabled; the management windows of the application will not be accessible locally. Management of the following functions can be done remotely:
Trusted Platform Module (TPM)  ControlVault  Pre-Windows login  Reset System  BIOS Passwords  Windows Login policy  Self-Encrypting Drives  Fingerprint and Smartcard enrollment
To request more information on using Wave Systems' EMBASSY® Remote Administration Server (ERAS) for remote management, please contact your Dell salesperson or go to dell.com.
Access Options
From the Access Options window, you can set up how you gain access to your system. General
First, you can specify when to log in (Windows, pre-Windows or both) and how (e.g. fingerprint and password) to log in. You can choose one or two options for how to login; these include combinations of fingerprint, smartcard, and password. The listed options are based on the login policies applied in your environment and what is supported with thesecurity devices installed on your system.
Fingerprint If your system contains a fingerprint reader, you can enroll or delete fingerprints for use in logging in to your system. Once you have enrolled fingerprints, you can swipe the enrolled finger(s) on your system's fingerprint reader to access your system at Windows, pre-Windows or both (depending on what you have specified in the General Access Options). Refer to Managing User
Fingerprints for more information.
Pre-Windows Login If you have specified that users must log in pre-Windows, you must set up a System Password (sometimes called the pre-Windows password) for pre-Windows access. Once this is set up, the administrator can change the password at any time.
You can also disable pre-Windows login from this screen; to do this you will need to enter your current System Password, verify that the password is correct, then click the Disable button.
Smartcard If you have specified that users must use a smartcard to log in, you must enroll one or more traditional (contacted) or contactless smartcard(s).Click the Enroll a smartcard or contactless smartcard to use for login link to launch the smartcard enrollment wizard. Enrolling means setting up your smartcard for use in logging in.
Once you have enrolled a smartcard, you can enroll another card using the Enroll another
smartcard or contactless smartcard to use for login link.
Pre-Windows Login
When pre-Windows login is enabled, you must provide authentication (password, fingerprint or smartcard) when the system is powered on, before Windows is loaded. The pre-Windows login functionality provides additional security to the system, keeping unauthorized users from compromising Windows and accessing the computer (e.g., when it has been stolen).
From the Pre-Windows Login window, administrators can enable, change (if it has been previously enabled) or disable pre-Windows (system) login.
Enable Pre-Windows Login: This action will launch a wizard which will do the following:
System Password: Set up a System Password (also called a pre-Windows password) for
pre-Windows access. This password is also used as a backup in cases in which a user has additional authentication factors (e.g., to gain access to the system if there is an issue with the fingerprint sensor).
Change Pre-Windows Login: If pre-Windows login has already been enabled , the user has the ability to change the password. In order to change the password, user must first enter the current password for verification purposes.
Disable Pre-Windows Login You can also disable pre-Windows login from this window; to do this you will need to enter your current pre-Windows (System) password, verify that the password is correct, then click the Disable button. Note that when you disable pre-Windows login, any enrolled fingerprints or smartcards remain enrolled.
Managing User Fingerprints
Users can register fingerprints which can be used to authenticate to the system either pre­Windows or for Windows login. In the Fingerprint tab, images of hands display which fingers have been enrolled, if any. Clicking on a finger in the image launches the Fingerprint Enrollment wizard, which guides you through the enrollment process. "Enrolling" means saving a fingerprint to be used for login. You must have a valid fingerprint reader properly installed and configured in order to enroll fingerprints.
NOTE: Not all fingerprint readers can be used for pre-Windows login. An error message will
display if you attempt to enroll for pre-Windows with an incompatible reader. To find out if the device is compatible, contact your system administrator or go to support.dell.com for a list of supported fingerprint readers.
When enrolling fingerprints, you will be prompted to enter your Windows password to verify your identity. If your policy requires it, you will be prompted to enter your Pre-Windows (System) password as well. The Pre-Windows password can be used to gain access to the system if there is an issue with the fingerprint reader.
NOTES:
It is recommended that you enroll at least two fingerprints during the enrollment process.  You must ensure that fingerprints are enrolled before you can enable fingerprint
authentication capabilities.
If you change fingerprint readers on a system, you must re-enroll fingerprints with the new
reader. Switching back and forth between two different fingerprint readers is not recommended.
If you see repeated "sensor lost focus" messages when enrolling fingerprints, this may
mean that the computer is not recognizing the fingerprint reader. If the fingerprint reader is external, disconnecting and reconnecting the fingerprint reader often resolves this issue.
Deleting Enrolled Fingerprints The current user can remove an enrolled fingerprint by clicking on (to de-select) the enrolled finger in the Fingerprint Enrollment wizard.
An administrator can only remove stored fingerprints for another user by using the Reset System option, which will remove ALL fingerprints for all users on the system.
NOTE: If you get any errors during the fingerprint enrollment process, you can refer to
support.dell.com for additional details.
Enrolling Smartcards
Dell Data Protection | Access gives you the option of using a traditional (contacted) or
contactless smartcard for logging into your Windows account or for authentication at pre­Windows. In the Smartcard tab, click the Enroll a smartcard or contactless smartcard to use for login link to launch the Smartcard Enrollment wizard, which guides you through the enrollment process. "Enrolling" means setting up your smartcard for use in login. Once you have enrolled a smartcard, you can enroll another card using the Enroll another smartcard or contactless smartcard to use for login link.
You must have a valid smartcard authentication device properly installed and configured in order to perform enrollment.
NOTE: To find out if a specific device is compatible, contact your system administrator or go to
support.dell.com and search for 'smartcard readers'.
Contactless smartcards supported for Windows and pre-Windows enrollment:
HID Mifare  HID Crescendo C700, C200  HID IClass – 2080, 200X, 210X, 201X, 211X, 202X, 212X, 203X, 213X, 204X, 214X,
205X, 206X series cards.
Contacted smartcards supported for pre-Windows enrollment:
CAC and PIV (US Federal Government Cards)
Enrollment When enrolling a smartcard you will be prompted to enter your Windows password to verify your identity. If your policy requires it, you will be prompted to enter your pre-Windows (System) password as well. The pre-Windows password can be used to gain access to the system if there is an issue with the smartcard reader.
During enrollment, you will be prompted for the smartcard PIN, if one has been set. If your policy requires a PIN and one has not been set, you will be prompted to create one.
NOTES:
Once a user is enrolled for smartcard use in pre-Windows, he/she can be removed with
Reset System.
Reset System is the only way to reset a smartcard; the smartcard cannot be used for
authentication at Windows login or for pre-Windows until it is re-enrolled.
NOTE: For TPM certificate authentication, administrators can enroll TPM certificates through the
Microsoft Windows smartcard enrollment process. Administrators must select "Wave TCG­Enabled CSP" as the Cryptographic Service Provider in place of a Smartcard CSP for compatibility with this application. In addition, Dell Secure login must be enabled with the appropriate Authentication Type Policy for the client.
NOTE: If you get an error that states that the Smartcard Service is not running, you can start /
restart this service by doing the following:
Navigate to the Administrative Tools window from the Control Panel, select Service, then
right-click on Smartcard and select Start or Restart.
Detailed information on the specific error message for Dell Data Protection | Access
(DDP|A) can be found by searching for “DDPA Error Codes” at: http://support.dell.com.
Loading...
+ 17 hidden pages
Buy Points How it Works FAQ Contact Us Questions and Suggestions Privacy Policy Cookie Policy Terms of Use