Dell Encryption Enterprise Advanced (Dell Encryption) includes a collection of applications that protect devices from data security risks by enforcing access control policies, authentication, and encryption of sensitive data. The solution requires the installation of the Dell Encryption Client on the organization's devices.
You can activate an Application Persistence policy to collect information about the functional status of Dell Encryption Clients installed on your Windows devices and view the results in reports. You can also configure the policy to reinstall the client.
Application Persistence policies for Dell Encryption are supported on devices running a supported version of the Windows operating system and the following version of the Dell Encryption Client:
Report higher versions as Compliant is not available.
You can configure an Application Persistence policy for Dell Encryption to enable the RAR component to attempt to reinstall the Dell Encryption Client if it's not functioning or missing.
NOTE The Report and repair option isn't supported. Depending on the Absolute product licenses associated with your account, the Report, repair, and reinstall option may not be available.
The RAR component of the Absolute agent can respond to the following issues:
The expected version of the Dell Encryption Client isn't installed
If the Report, repair, and reinstall option is selected in the Application Persistence policy, the RAR component downloads and installs the configured version of the client.
NOTE Downgrades are not supported. If the version installed on a device is higher than the expected version, no action is taken.
NOTE If the client is already installed on the device, the Absolute agent must uninstall the client before it installs the correct version. A device restart is required after the client is uninstalled and again after the new version is installed. The Absolute agent does not force the device to restart, so a status of Not Compliant will continue to show in the Application Persistence reports until the device user performs these actions. You can review the report's Status Details to determine if a restart is required.
One of the following device drivers isn't running, or it isn't installed:
One of the following services isn't running, or it isn't installed:
If you want the Absolute agent to reinstall the Dell Encryption Client if it is non-functional or missing, you need to make its installer available for download. The Dell Encryption Client installer is included in the Dell Endpoint Security Suite Enterprise master installer. To make the installer available, you need to extract it from the master installer and store it on a web server. You can then generate a SHA-256 hash for the installer file.
To prepare the installer:
- Copy the Dell Endpoint Security Suite Enterprise master installer (DDSSuite.exe) from the installation media to your computer.
- Extract the Dell Encryption Client installer from the master installer by doing the following:
- Open a Command prompt and navigate to the location of the DDSSuite.exe file.
- Enter DDSSuite.exe /z"\"EXTRACT_INSTALLERS=<destination folder>"", where <destination folder> is the location where you want to store the extracted installer (for example: C:\DellEncryption_installer\).
- Press Enter.
- If User Account Control (UAC) is enabled, click Yes to open the InstallShield Wizard and begin extracting the master installer.
- When the installer is extracted, click Finish to close the InstallShield Wizard.
- Navigate to the destination folder and open the Encryption folder. The folder contains 32-bit and 64-bit installers.
- Copy the contents of the Encryption folder to the web server where you want to host the installers.
- Use a hash generator tool of your choice to generate a SHA-256 hash for each installer file. For example, you can generate a hash using the CertUtil.exe command-line utility that is included with most Windows operating systems.
NOTE Both HTTP and HTTPS protocols are supported. If necessary, you can restrict access to the installers by enabling HTTP basic authentication on the web server.
Before you activate an Application Persistence policy you need to configure the policy. If you selected the Report, repair, and reinstall option, use the installers and SHA-256 Hash keys from Preparing the Dell installers in Configuring Application Persistence policies and configure these additional settings.
To configure the Dell Encryption specific settings:
- Under Dell Encryption Server Hostname, enter the fully qualified hostname of the Dell Server used for activation (for example, myserver.example.com).
- Under Device Server URL, enter the URL of the Dell server used for activation. Typically the URL includes the Dell server hostname, the port, and /xapi/ (for example, https://myserver.example.com:8443/xapi/).
- Under Policy Proxy Server Hostname, enter the fully qualified hostname of the default proxy server used for policies (for example, proxyserver.example.com).
- Under Managed Domain, enter the name of the Windows domain that the devices in the policy group belong to.
- Under Encryption External Media, do one of the following:
- To install the full version of the Dell Encryption Client, leave the check box unselected.
- To install the Encryption External Media version of the Dell Encryption Client, which enables encryption of removable media only, select the check box.
Under Additional Installer Commands, enter the applicable command line parameters to configure any settings not covered by the policy configurations. Typically, you'll want to enter the same parameters that were entered when the Dell Encryption Client was initially installed on the devices.
For more information about the supported syntax for these parameters, refer to Dell Encryption Client documentation.